AGENDA
ISS World Europe is the world's largest gathering of Regional Law Enforcement, Intelligence and Homeland Security Analysts, Telecoms as well as Financial Crime Investigators responsible for Cyber Crime Investigation, Electronic Surveillance and Intelligence Gathering.
ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety, Government and Private Sector Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network, the Internet and Social Media.
Track 1: Lawful Interception and Criminal Investigation Training
Track 2: LEA, Defense and Intelligence Analyst Product Demonstrations
Track 3: Social Network Monitoring, Artificial Intelligence and Analytics Product Training
Track 4: Threat Intelligence Gathering and Cyber Security Product Training
Track 5: Investigating DarkWeb, Bitcoin, Altcoin and Blockchain Transaction
Track 6: Mobile Signal Intercept Training and Product Demonstrations
Track 7: Electronic Surveillance Training and Product Demonstrations
Track 8: 5G Lawful Intercept, Tracking and Forensics Product Training
Plus Special Training Seminars lead by Law Enforcement Officers and Ph.D. Scientists
ISS World Europe Agenda - 6-8 June 2023
Training Seminars Led by Law Enforcement Officers and Ph.D., Computer Scientists
20 classroom training hours, presented by Law Enforcement Officers and Ph.D. Scientists
Charles Cohen, Vice President at NW3C, the National White Collar Crime Center, Professor in Practice Criminal Justice, Indiana University and Retired Captain, Indiana State Police
(6 classroom hours)Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
(7 classroom hours)Jerry Lucas (Ph.D., Physics), President, TeleStrategies
(1 classroom hours)Matthew Lucas (Ph.D., Computer Science), VP, TeleStrategies
(3 classroom hours)Vladimir Vesely (Ph.D., Computer Science) Researcher, Brno University of Technology
(3 classroom hours)
Tuesday, 6 June 2023
Seminar #1
08:30-15:05Online Social Media and Internet Investigations
Presented by:Charles Cohen, Vice President at NW3C, the National White Collar Crime Center, Professor in Practice Criminal Justice, Indiana University and Retired Captain, Indiana State Police08:30-09:15
Proxies and VPNs: Identity Concealment and Location Obfuscation
09:30-10:15
Tor, onion routers, Deepnet, and Darknet: An Investigator's Perspective
10:30-11:15
Tor, onion routers, Deepnet, and Darknet: A Deep Dive for Criminal Investigators
11:30-12:15
Cellular Handset Geolocation: Investigative Opportunities and Personal Security Risks
13:15-14:00
Ultra-Wideband Geolocation and Cyber OSINT
14:15-15:00
Collecting Evidence from Online Social Media: Building a Cyber-OSINT ToolboxSeminar #2
08:30-15:05(THIS SEMINAR IS ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)
Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK PoliceThe aim of this 1-day seminar is to take the attendees from the basics of understanding the Internet,
how to find data, through to a full understanding of best practice of an Internet investigator, building their OSINT toolbox, and having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.
This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.08:30-09:20
The Internet, and how suspects leave a Digital Footprint. How the system works for us, as investigators09:25-10:15
Recognizing Traffic Data and digital profiling via social networks and devices - digital shadows
10:35-11:25
WIFI, geolocation, and Mobile Data traces and tracking11:30-12:20
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxies13:20-14:10
Advanced Techniques in Tracing Suspects, and lateral problem solving14:15-15:05
Open Source Tools, PART 1. Resources, tradecraft and techniques - highlighting the best free tools and resourcesSeminar #3
08:30-09:20Understanding Mobile 2G, 3G, 4G & 5G NSA Infrastructure and Law Intercept for Technical Investigators
Presented by: Dr. Jerry Lucas, President, TeleStrategiesThis session addresses the infrastructure evolution of 2G to 3G to 4G to 5G NSA and the impact on lawful interception.
Seminar #4
09:25-10:15Understanding 5G Stand Alone NFV, Edge Computing and Network Slicing
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesCellular market analysts collectively have identified 5G services deployed in over 400 cities spread over 30 or so countries. The one common feature of all these operations is that they are providing 5G services with a 4G/5G hybrid network infrastructures or so called non-Stand Alone (NSA) architecture. This session addresses the transition to 5G stand alone. (Full description below Track 9)
Seminar #5
10:35-11:25Understanding Advanced Techniques to Defeat (or Work Around) Encrypted Third Party Services, Bitcoin Anonymity, TOR/HS and iPhone Encryption
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesYou can’t defeat today’s encryption (at least not that we know of) but law enforcement and the government intelligence community can “Work around encryption” for a price. Once you identify a target using commercially available encryption products or services (and with enough resources or money) government can defeat the target near 100% of the time.
Seminar #6
11:30-12:20Locating and Tracking Devices by MAC Addresses and App-Based SDKs plus Privacy Measures by Apple & Google
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesThursday, 8 June 2023
Seminar #7
13:00-14:00(THIS SEMINAR IS ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)
Open Source Tools, PART 2. Top 20 FREE Open Source Tools (OSINT) Used in Cybercrime Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK PolicePre-Conference Sessions Description At The End of Agenda PostinG
Wednesday, 7 June 2023
Welcoming Remarks
8:15-8:30 Tatiana Lucas, ISS World Program Director, TeleStrategies
8:30-9:00
Top Ten Internet Challenges Facing Law Enforcement and the Intelligence Community and Who at ISS World Europe has Solutions
Dr. Jerry Lucas, President, TeleStrategies
ISS World Europe Exhibit Hours:
Wednesday, 7 June 2023
10:00-18:15
Thursday, 8 June 2023
10:00 -13:00
Track 1: Lawful Interception and Criminal Investigation Training
This track is for Telecom Operators and Law Enforcement/Intelligence/Defense Analysts who are responsible for specifying or developing lawful intercept network infrastructure.
Tuesday, 6 June 2023
15:25-16:05 Session A
Accelerating investigation workflows with specially designed IT-forensic laboratories
incl. Cyfluene, fake news and campaign detection
Presented by mh-service GmbH15:25-16:05 Session B
Simplifying lawful requests: how CSPs can automate, secure and speed their responses to criminal investigations
Presented by Subtonomy & Telia Norway16:10-17:00
ETSI/3GPP LI/LD Standards Update
Martin Kissel, ETSI TC LI Chairman and Coordinator Lawful Interception, Telefónica Germany
Carmine Rizzo, ETSI TC LI Technical Officer and 3GPP SA3-LI Secretary, ETSI
Wednesday, 7 June 2023
13:45-14:30
Location investigations: beyond compliance using mass location techniques
Presented by Intersec15:00-15:40 Session B
Interception Challenges on VoLTE Network for LEA's
Presented by InterProbe
Thursday, 8 June 2023
08:30-09:10 Session A
Mastering the password cracking
Users need to provide passwords when they are logging into the computer, starting their smartphone, accessing their favourite web service, opening protected files/disks, connecting to a network or pairing their wearable. Encryption is an inherent trait of digital presence, whether users realize it or not. We will speak about different approaches to password cracking, including dictionary, rule-based, brute-force, hybrid and association attacks. We will show benchmarks of how fast high-end GPU cards can recover passwords for various formats (e.g., Windows credentials, WPA2 handshakes, ZIP and RAR files, LUKS partitions, Android PINs, and iPhone Backups). We will answer what length or complexity of the password is enough to protect your data. Nevertheless, better than guessing the password is knowing the password! We will conclude our talk by demonstrating the applicability of personal information leaks with usernames, emails, phone numbers and passwords!
Vladimir Vesely (Ph.D., Computer Science) and Jan Pluskal, Researchers, Brno University of Technology08:30-09:10 Session B
The role of all-optical switching in cyber monitoring
Presented by Huber+Suhner11:00-11:40 Session B
Tremendous impact of 3Vs on enhanced intelligence gathering and data insights
Presented by InterProbe11:45-12:30 Session A
Understanding the Implications of Online Social Media and OSINT During Critical Incidents
Charles Cohen, Vice President at NW3C, the National White Collar Crime Center, Professor in Practice Criminal Justice, Indiana University and Retired Captain, Indiana State Police11:45-12:30 Session B
Trending Topics in Cryptocurrency Forensics
Bitcoin, Ethereum and other cryptocurrencies are becoming mainstream for financial interactions and standard tools when conducting cybercrime such as scams, frauds, ransomware, darknet markets, sextortion, etc. LEAs also adapted to a new situation, and many investigators are already familiar with cryptocurrency basics and how to trace transactions on publicly available blockchain explorers. This session aims to extend the knowledge of participants about more advanced topics such as: a) address clustering techniques and their applicability to various cryptocurrencies; b) monitoring of cryptocurrency networks and their peers with the help of network intelligence; c) geolocating cryptocurrency transaction with IP address or originator; d) overcoming obfuscation of transactions entering and leaving mixers; e) correlating activities on darkweb with blockchain events. Each subtopic will be thoroughly explained, including currently existing methods and tools for addressing associated challenges.
Vladimir Vesely (Ph.D., Computer Science) and Jan Pluskal, Researchers, Brno University of Technology
Track 2: LEA, Defense and Intelligence Analyst Product Demonstrations
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.
Tuesday, 6 June 2023
08:30-9:20
Beyond Autonomous Cyber Intelligence : Leveraging Adequate Darknet Collection and Processing to Deliver Differentiating Value in an Integrated Approach to Intelligence.
Presented by Corexalys09:25-10:15 Session A
Cyclops Analysis: Determine the impact of Carrier in Carrier technology on your satellite monitoring capabilities.
Presented by VASTech
10:35-11:25
Matison next generation Mediation system
Presented by Matison11:30-12:20
Forensic analysis of smartwatches, mobile phones and clouds
Presented by Compelson13:20-14:10 Session A
Exploiting Latest Generation Devices
Live Demonstration of RCS innovative cyber tool for target remote control.
Paolo Fulciniti, Pre Sales Engineer, RCS S.p.A.13:20-14:10 Session B
FUSION – The single investigation platform
Presented by ATIS14:15-15:05 Session a
Modern Advancements In Live Collection And Analysis
Presented by PenLink14:15-15:05 Session B
Revolution in Audio Investigations
At this session, you will discover an extremely efficient way to investigate audio recordings with Phonexia Orbis Investigator. Get ready to see the world’s most advanced voice biometrics in action!
Presented by Phonexia16:10-17:00 Session A
Drowning in audio data ? Speech technologies to the rescue.
Understand how to exploit our leading-edge language identification, speech transcription and keyword spotting solutions to ease your OSINT and COMINT activities.
Jodie Gauvain, Director, Vocapia Research
16:10-17:00 Session C
Generating CDRs for WhatsApp, Telegram, Viber, Signal, and other Encrypted VoIP Applications
Presented by ClearTrail
Wednesday, 7 June 2023
09:10-10:00 Session A
Special IT-forensic workflow including tactical and covert rapid on-scene triage and acquisition
Presented by mh-service GmbH and Detego Global
09:10-10:00 Session B
NSO: The unencrypted story
Presented by NSO13:00-13:40 Session A
Intelligence IoT: Networked Tactical Intelligence
Presented by Ateros13:00-13:40 Session B
The investigator toolbox: from Electronic Surveillance to Cyber Intelligence
Specialized digital tools to get the task done
Presented by AREA13:00-13:40 Session C
ORCA - rule the ocean of metadata
Presenting VASTech’s solution for fusing telecommunications, IP, and location data from fibre cables, mobile networks, and satellite signals.
Using metadata to answer the important questions of Who, What, Where, and When?
Presented by VASTech13:45-14:30 Session A
Future of Traffic Summarization for LI: Correlating Carrier-Grade NAT (CGNAT) at Carrier Scale and Speed
Presented by Packet Forensics13:45-14:30 Session B
Radio forensics - what is that, and how can it help in your investigation?
Rafal Wolczyk, Vespereye13:45-14:30 Session C
Fighting Crime with Cutting-Edge Speech Technologies
In this session, you will discover the latest capabilities of voice biometrics and speech recognition and how these technologies can help law enforcement agencies fight crime efficiently.
Presented by Phonexia15:00-15:45 Session A
Advancing Data Inception Solutions for Narrow Bandwidth and IoT Devices
Lawful Interception solutions need to take into account the unique data exchange attributes associated with IoT devices. As these become more and more prevalent, a real-time and mediation solution can help intelligence agencies visualize additional information about a suspect of interest.
Presented by SS8 Networks15:00-15:40 Session B
Encryption vs. You: 3 Ways to Combat Threats at a Nationwide Scale
Presented by ClearTrail15:00-15:40 Session C
Every Second Matters: a race against the clock using open, deep, and dark web data to expose terror networks behind recent terror attack in Europe
Learn how AI technology empowers law enforcement & intelligence agencies with investigative insights in near real-time! We will present a real-life case showing how our AI-based platforms can be used to harness open-source data and accelerate investigations by revealing the terrorist’s networks.
Presented by Voyager Labs15:45-16:25 Session A
Every piece of data tells a story – combine and analyze data from any source in your digital investigation.
Mark Uldahl, CTO, XCI A/S15:45-16:25 Session B
Fast visualization, analysis and fusion of large data sets from different sources
Presented by ATIS15:45-16:25 Session D
Smartphones and PCs interception
Enable LEA and Intelligent Services the anonymous interception and the remote control of multiple devices
Presented by MOLLITIAM CYBERINTELLIGENCE16:30-17:15 Session A
Effective photo and video investigations: from CCTV enhancement and analysis to deepfake detection in OSINT media
Presented by Amped Software
16:30-17:15 Session B
Next Generation Data Fusion Monitoring Center: new ways of gathering intelligence.
Evolved from a legacy LI Monitoring Center, next generation systems must provide investigators and analysts with powerful analytical tools, able to bring intelligence insights out of the data lake. Moving from device-centric to data-centric approach.
Gian Marco Pazzola, Senior Pre-Sales Engineer, RCS S.p.A.16:30-17:15 Session C
How Lawful Interception benefits from Traffic Filtering.
High bandwidth networks like fiber and eMBB (LTE / 5G) put new requirements to a Lawful Interception solution. With high throughput data streams, the costs of processing this data increases. However, not all data is relevant for an investigation, e.g., Netflix and application and OS updates carry no user data. Within this session we will discuss how Lawful Interception benefits from Traffic Filtering capabilities.
Presented by Group 200016:30-17:15 Session D
Linking and analyzing data with different classifications or sensitivity across intelligence fields on the TOVEK platform
A live demonstration of the versatility of TOVEK in the analysis of data from various sources and systems enabling the cooperation of various police or intelligence departments such as OSINT, COMINT, FININT, forensics, etc.
Presented by Tovek16:30-17:15 Session E
A Deep Dive in to Mobile Exploitation - A Full Chain overview
Presented by SecFenceThursday, 8 June 2023
08:30-09:10 Session A
A light in the darkness of Encrypted Communications
Presented by AREA
08:30-09:10 Session B
Operations Security (OpSec) in Offensive Mobile & PC operations (ft. How to make your Zero-Days last longer)
Presented by SecFence09:15-10:00
Grayshift's best practice in mobile forensics
Presented by Grayshift11:00-11:40 Session A
Supercharged IPDR extraction and analysis - Advanced Internet Activity Analytics
John Senior, CEO, Trovicor Intelligence11:00-11:40 Session B
Nirvana for Complex Problems faced by Defence & Intelligence Communities:
Complex problems needs complex engineering for simple outcomes. Get acknowledged to rapidly Identify cables(fibres) of interest. Capturing, Managing, and Extracting Intelligence from Gigabit Speed Networks. Apply Cyber Threat Hunting Techniques to track nation State actors. Welcome!
Presented by VEHERE11:00-11:40 Session C
Unraveling drug trafficking operations with investigative analytic
Presented by Cognyte11:45-12:30 Session A
Bringing clarity to complex missions - A single-screen investigation tool for real-time results.
Presented by TRG11:45-12:30 Session B
Fibre Signal Analysis: What intelligence value does a fibre link contain?
Presented by VASTech
Track 3: Social Network Monitoring, Artificial Intelligence and Analytics Product Training
Sessions in this track are only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees, unless marked otherwise.
Tuesday, 6 June 2023
08:30-09:20 Session A
Massive Social Media data collection and analysis for Counter-Terrorism Intelligence Activities
Presented by IPS08:30-09:20 Session C
Breaking Data Silos. Prevent Crime. Enhancing collaboration with SCOPE Mass-Data-Analysis.
Presented by INNOSYSTEC09:25-10:15 Session A
WhatsApp, Telegram, Facebook...how IPS helps you to locate most wanted targets with LI
Presented by IPS09:25-10:15 Session B
Leveraging open-source data to predict and prevent future attacks: combating threats with advanced AI-based technology
Investigators have access to enormous amounts of publicly available unstructured data that could hold the key to solving a case, but while this data is accessible to all, it is not understandable by all. Join us to learn how AI-based technology can be used in a real-life case to Identify early warning signs of radicalization to assist in predicting future attacks.
Presented by Voyager Labs
10:35-11:25 Session C
ARGONOS - the new Data Operating System for intelligence agencies able to extract value from huge volumes of heterogeneous data and to solve complex security issues
Renaud Roques and Arnaud Besnier, Deveryware by Flandrin Techonologies11:30-12:20 Session A
Videoma Intelion: massive and automatic management and analysis of video and audio in police operations and intelligence investigations.
Videoma Intelion is the new suite of security products presented by ISID at ISS. Videoma is a technological tool of reference in the field of security for multimedia content management, which expands its capabilities of automatic analysis of video, image and audio, as well as the automation of the processes of investigators and analysts. We have solutions adapted to any of the usual sources of video, image and audio, from CCTV, communication interceptions, social networks, open sources, TV or radio.
ISID provides the most advanced technologies for automatic transcription of voice to text, facial or voice biometrics, license plate reading, among others, which allow the automatic processing of large amounts of video or audio without the need for manual review, which saves a great saving of effort and time.
Presented by ISID
13:20-14:10 Session B
Future of Mass Data Visualisation for fast and precise actionable intelligence.
Presented by Innosystec14:15-14:40 Session A
No Data Scientist? No Problem! Intuitive AI for Social Media Intelligence
Presented by Fivecast14:15-14:40 Session B
Automatic Exploitation of Social Network, Deep and Dark Web to complement traditional Lawful Interception Infrastructure for Target Profiling.
Presented by IPS14:40-15:05 Session B
Cyber Threat Intelligence to accelerate online investigations
Presented by IPS15:25-16:05 Session A
WEBINT - A borderless solution for borderless crimes
Presented by Cognyte15:25-16:05 Session B
AI-enabled Government Intelligence for multilingual content using Language Weaver Machine Translation
Claudiu Stiube, Senior Principal Solutions Consultant, RWS
15:25-16:05 Session C
Graphs in Criminal Intelligence
Presented by Graphaware15:25-16:05 Session D
The use of Euler Big Data Technology & Graph database for Cyber and Social Media Investigations
Presented by Euler Technology Solutions16:10-17:00 Session A
Securing Borders with Big Data Fusion and Analytics
Presented by Cognyte16:00-17:00 Session B
LEVARAGING THE BIG DATA POWERHOUSE TO ADDRESS THE FINANCIAL CRIME OF ANTI MONEY LAUNDERING (AML)
Using a real case we will demonstrate how a BIG DATA PLATORM can enhance analysts/ investigators ability for early detection, prevention and resolution of anti-money laundering crimes , fraud etc. We will show how big data platforms can do more than just follow the money. It can predict where it will go, making analysts and investigators faster and more effective in addressing what is and will become the greatest threat to economic stability, sustainability and growth in the 21stcentury.
Omri Raiter, RAKIA Group16:10-17:00 Session C
Target-Centric Analysis with ShadowDragon OSINT Tools
Presented by Shadow Dragon
Wednesday, 7 June 2023
9:10-10:00 Session A
Location & Open Source Intelligence: Real Life Case Studies & Live Demonstration
Presented by Cobwebs09:10-10:00 Session B
How to increase operational efficiency during criminal investigation? -- A deep dive into Intelligence Analysis Management technologies.
Presented by OPPSCIENCE13:00-13:40 Session A
From IOC to threat actors hunting
Presented by Cobwebs13:00-13:40 Session C
Massive Distributed Active WEBINT to counter influence operations
Bad actors often use accounts on different platforms for social engineering and other malicious purposes. In this talk we explain best practices for countering influence operations using Massive Distributed Active WEBINT.
Presented by S2T Unlocking Cyberspace13:45-14:30 Session A
AI-powered Language Technology Solution to handle Multi-language OSINT & COMINT
Emmanuel Tonnelier, Director, Defence and Intelligence Solutions, SYSTRAN13:45-14:30 Session B
Automation meets Intelligence – Our view of AI-powered Analytics.
Presented by Innosystec15:00-15:45 Session A
Analyzing Social Networks
Presented by MKCVI15:00-15:45 Session B
trovicor: New perspectives for Strategic Investigation – Latest Innovations!
Renita John, CPO, Trovicor Intelligence15:45-16:25 Session A
Using OSINT with visual link analysis to enhance your investigations
Presented by Maltego15:45-16:25 Session B
Translate alternative socials into actionable data
Presented by Web-IQ16:30-17:15 Session A
Using OSINT in offensive operations’
Sylvain HAJRI, Epieos
Thursday, 8 June 2023
08:30-9:10 Session B
Transforming OSINT, Cyber and POI investigations with the power of Maltego
Presented by Maltego08:30-9:10 Session C
Anonymity vs. You
Smart Methods to Identify Virality, Bots & Personally Identifiable Information
Presented by ClearTrail09:15-10:00 Session A
Break the silos: plan and execute a pluridisciplinary intelligence operation on theatre with Paliscope multi-source platform
Presented by Paliscope AB09:15-10:00 Session B
Countering Illegal Trade on Darknet Marketplaces
Social Links will be outlining the black market landscape as it exists on the Dark Web and putting forward a range of methods to counteract illegal trade. Through advanced data extraction and analysis, we’ll show how investigators can break through the perceived anonymity of the Dark Web and crypto transactions to identify criminal actors.
Presented by Social Links
09:15-10:00 Session C
How to accelerate avatar-based social network intelligence gathering while staying secure?
Presented by Corexalys11:00-11:40 Session A
AI & geolocation for homeland security
Presented by Intersec11:00-11:40 Session B
Finding the Needle in the Haystack - The Application of AI and Machine Learning in Intelligence Investigations
Presented by Fivecast11:00-11:40 Session C
BIG DATA PLATFORM – A comprehensive, practical guide to getting the most out of your DATA
A practical and comprehensive guide on the ins and outs of big data platforms and how they have been used to address key problems/challenges in law enforcement agencies . Through a specific use case we will highlight the highest value insight that everyone should have with regards these matters. Some of the elements covered include defining needs, devising algorithms using a no-code rule engine, how to link databases , report generator and much more.
Omri Raiter, RAKIA Group11:45-12:30
Open Source Tools, PART 2. Top 20 FREE Open Source Tools (OSINT) Used in Cybercrime Investigations
Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
Track 4: Threat Intelligence Gathering and Cyber Security Product Training
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees
Tuesday, 6 June 2023
08:30-09:20
Stuck with traditional IP Traffic Analysis?
Traverse the time vortex to view Gartner’s new-age Network Detection and Response Techniques. Tried the emerging AI-based Network Detection and Response (NDR) to combat national threats yet? – Tech-powered for Défense and Intelligence Communities. See you at our seminar and booth.
Presented by VEHERE09:25-10:15
Demo: Extending Suricata Visibility with Next-Generation DPI-Based Cyber Sensors
In this live demonstration, discover a new generation of DPI-based cyber sensors that leverage years of experience in cyber defense environments to extend the threat detection capabilities of Suricata and raise the performance of government-run Security Operations Centers (SOCs).
Nicolas Duteil, Senior Technical Account Manager, Qosmos DPI & Traffic Intelligence, Enea
10:35-11:25 Session B
Your attack surface from the eyes of attackers - watch KELA's cybercrime intelligence platform in action - a live demo
David Carmiel, CEO, KELA
11:30-12:20 Session B
Improving mission success with the IntelligenceReveal portfolio for communications intelligence and multi-source analysis.
Jez Nelmes, Product Manager, BAE Systems Digital Intelligence14:15-15:05
When Spyware Turns Phones Into Weapons: Addressing Mobile Devices Software and Hardware Vulnerabilities to Save Your Organization
Presented by Feedback Italia15:25-16:05
Case Study: Deanonymizing Suspects in Online Investigations
OSINT software developers Social Links will present an investigation in its entirety. Find out how an expansive enquiry was elaborated from minimal starting data, allowing analysts to establish the real-world identities of the suspects and their connections to illicit activities.
Presented by Social Links16:10-17:00
Complex OSINT and CSINT in two unique solutions
How to collect high-value intelligence by accesing public and private data
Presented by MOLLITIAM CYBERINTELLIGENCE
Wednesday, 7 June 2023
09:10-10:00 Session A
Construct, Visualize and Analyze Digital Trails through Big Data
The intelligence processes of our time depend more heavily on the collection and analysis of enormous amounts of structured and unstructured digital data. TA9 IntSight, our investigative analytics platform, can maximize the use of this data from databases, sensors, and many other systems to turn digital trails and interactions into actionable intelligence.
Presented by Rayzone Group09:10-10:00 Session B
Overview of the current global cyber threat landscape
Matt Willsher, Government Presale Specialist, BAE Systems Digital Intelligence13:00-13:40 Session A
Lifting the fog and Friction of Military operations: Why Secure Communication Matter
This presentation discusses the importance of network centric operation for national security and defense, and proposes a vision and strategy for implementation of secure communications. We provide an inside look on how to architect Scalable Security solutions to meet the diverse and stringent needs of national security and defense.
Presented by Asperiq13:00-13:40 Session B
Cybersecurity Reinvented: Navigating the Landscape of Secure Communication in the Age of Threats, Hardware Vulnerabilities, and Post-Quantum Computing
Presented by Feedback Italia13:00-13:40 Session C
Starting an investigation at an area of interest and revealing suspects in real-time
Presented by TRG13:45-14:30
Cryptanalysis: Size Matters
Presented by SciEngines15:00-15:40
Enabling Network-centric operations: Vision and Strategy for Secure Communications
This presentation proposes a vision and strategy for implementation of secure communications, and how Scalable Security solutions provide a framework to satisfy diverse needs of government agencies for their national security.
Presented by Asperiq15:45-16:25
COUNTER ΙLEGAL ACTIVITY– From a mere hint to real threat mitigation!
A step-by-step guide to harnessing OSINT and fusion technology to effectively support the entire process of identification and mitigation of nation illegal threats. We will include the entire OSINT & WEBINT collection capabilities from all aspects , target , mass collection ,darknet , avatar design and management , fake accounts identification and mitigation and no code crawlers
Omri Raiter, RAKIA GroupThursday, 8 June 2023
8:30-9:10
Keep your Information Safe! New Trends and Developments in Information Protection
Presented by EO SECURITY s.r.o.9:15-10:00 Session A
Securing Government Infrastructure in 2023: Insights from Dark Web Intelligence on Emerging Cyber Threats
Presented by Webz.io9:15-10:00 Session B
The Human Factor in Cybersecurity
Effective cybersecurity requires protecting every aspect of an organization, including their employees and assets against cyber threats. RayzSecurity, Rayzone Group’s cybersecurity division, developed a comprehensive approach to cybersecurity which reinforces technological protection mechanisms while addressing the importance of strategic employee awareness campaigns.
Presented by Rayzone Group11:00-11:40 Session B
Cyber Resilience System for DoS
How to reduce the vulnerability and neutralize threats for public and critical infrastructures
Presented by MOLLITIAM CYBERINTELLIGENCE11:45-12:30 Session A
Detect the unknowns inside millions of cyber events and operationalize adapted strategies to strike back.
The world is becoming more and more "software defined", adding every time additional complexity and reducing the overall reliability and increasing the possibilities for an adversary orchestrated attack campaign that use unknown kill-chains able to leverage on the gathered intelligence and on a long time preparation. Holistic detection and situational based automated response are the key, but how to comply with a big-data real-time requirement? Using an innovative detection and response approach driven by threat intelligence we’ll present our RTA solution, a field-proven platform for military and critical infrastructure.
Andrea Pompili, Chief Scientist Officer at CY4GATE S.p.A.11:45-12:30 Session B
Maximize Geolocation Intelligence to Investigate the Past & Prevent Future Crimes
The usage of geolocation intelligence solutions alone, may not be sufficient enough to understand the history of a target’s behavior and intent. Our unique ADINT solution, Echo, utilizes innovative capabilities to investigate historical events based on behavioral patterns, and can assist in conceptualizing the past to prepare efficiently for future challenges.
Presented by Rayzone Group11:45-12:30 Session C
Optimizing your security and monitoring tools layer
Presented by CGS
Track 5: Investigating DarkWeb, Bitcoin, Altcoin and Blockchain Transaction
This track is for law enforcement and private enterprise investigators who have to monitor and investigate the DarkNet along with Bitcoin transactions associated with criminal activities
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.
Tuesday, 6 June 2023
8:30-9:20
Shedding light on the Info-stealer Eco System
In this session, we describe the eco-system of the info-stealer. Numerous IABs (Initial Access Brokers) and marketplaces are active on Darkweb and Deepweb. Recently, criminals have been continuously moving to other platforms such as Telegram and Discord. We will elucidate how they are selling and buying the leaked data. Furthermore, we show how adversaries can breach this data by analyzing malware and their TTPs (Tactics, Techniques, and Procedures).
In addition, we examine cryptocurrency flow to track criminals’ cash to launder its origin.
Presented by S2W13:20-14:10
Live Demonstration of DarkOwl Vision: Darknet Intelligence Discovery and Collection
David Alley, CEO, DarkOWL FZE15:25-16:05
Cryptanalysis: Size Matters
Presented by SciEnginesWednesday, 7 June 2023
13:45-14:30
De-anonymizing cryptocurrency transactions to fight crime and terror
Presented by Cognyte15:00-15:40
Countering proliferation by analyzing blockchains: a Lazarus Group case study
- Lazarus Group first gained notoriety from its Sony Pictures and WannaCry cyberattacks, but it has since concentrated its efforts on cryptocurrency —a strategy that has proven immensely profitable. Since 2018, the group has stolen and laundered massive sums of virtual currencies every year.
- According to the UN Security Council, the revenue generated from these hacks goes to support North Korea’s WMD and ballistic missile programs.
- This session empowers national security professionals with the know-how to recognize, mitigate or deal with this type of threat, in order to ultimately hold bad actors accountable for their crimes.
Presented by Chainalysis
Thursday, 8 June 2023
9:15-10:00
Thou shalt wirelessly intercept your neighbor: Leveraging WiFi and Bluetooth in operative
In this talk, we shall discuss various security mechanisms used in WiFi and Bluetooth networks and how to abuse them to obtain mission-critical intel. Apart from explaining all principles, we will demonstrate them (hopefully live) on our tactical device! Starting with an access point and client scans, we will continue with client targetted jamming and total Denial-of-Service of the whole network that may even result in authentication handshake capture. This handshake contains information to recover the WiFi password to access the targeted network. Once inside the network, we will show essential hacking tools to conduct IP-level reconnaissance. But we will not limit ourselves to WiFi and demonstrate how Bluetooth can be leveraged to notify you about a person's presence or exploit various IoT devices.
Vladimir Vesely (Ph.D., Computer Science) and Jan Pluskal, Researchers, Brno University of Technology
Track 6: Mobile Signal Intercept Product Training and Demonstrations
This track is for Law Enforcement, Interior Security and the Government Intelligence Community who must work with cellular and mobile satellite operators regarding mobile location, electronic surveillance and RF intercept.
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.
Tuesday, 6 June 2023
8:30-9:20 Session B
Understanding Mobile 2G, 3G, 4G and 5G NSA Infrastructure, Intercept and Cryptography
Dr. Jerry Lucas, President, TeleStrategies9:25-10:15
Detect & Prevent Communication Interception Systems in Real-Time
RF environments are becoming increasingly more complex and challenging to protect. Modern-day threats place the confidentiality, integrity, and availability of important data at risk. ArrowCell, Rayzone Group’s detector, preventor, and locator of suspicious RF activity, allows users to monitor and protect their cellular network, offering ongoing protection of the RF environment.
Presented by Rayzone Group10:35-11:25
VSAT Networks: Tactical and Strategic Threat Detection and Geolocation
Presented by Kratos11:30-12:20
Advanced Satellite Intelligence in tactical and strategic scenarios
Presented by Rohde Schwarz14:15-15:05
A Revolutionary AI Based network independent 5G SA cellular locator
Presented by Septier15:25-16:05
Why secure hardware alone is just not enough: Bittium Tough Mobile 2
The modern smartphone environment offers users new options for secure data storage and end-to-end encrypted communication but simultaneously enables new approaches to interception, geolocation, profiling and other means of identifying and extracting information from mobile devices and their users.
In this session, Bittium Security Solutions expert Anton Gyllenberg will discuss security risks and attack opportunities that new smartphones and apps present, as well as the mitigations and defenses that are used to counter them. Also presented are real-life examples from developing the secure Android Bittium Tough Mobile 2 smartphone, and while consulting for the army and peace keeping missions.
Presented by Bittium16:10-17:00
Mobile tracking with a narcotic investigation
Presented by Intersec
Wednesday, 7 June 2023
9:10-9:30
Cutting through satellite traffic noise to discover actionable insights
Presented by Cognyte9:30-10:00
Tactical intelligence solutions for evolving technologies and threats
Presented by Cognyte15:00-15:40
Stay ahead of the multi-band wireless curve for vehicular, portable, and airborne investigations
Presented by Octasic
15:45-16:25
A Revolutionary AI Based network independent 5G SA cellular locator
Presented by Septier
Track 7: Electronic Surveillance Training and Product Demonstrations
This track is for law enforcement investigators and the government intelligence community who are responsible for deploying video, audio and GPS surveillance products and only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.
Tuesday, 6 June 2023
13:20-14:10
Streaming Visual Intelligence from IoT
NightHawk, a cyber intelligence platform delivering E2E intelligence gathering and covert operations unique capabilities. The NightHawk can be operated remotely or by proximity to the targeted device. The session will enable law enforcement and intelligence agencies a glimpse into how to gather unique intelligence, analyze, track targets and events worldwide in the NightHawk platform.
Presented by Interionet16:10-17:00
Update on 5G NR Mobile Radio Analysis – Network Survey and SUPI Catchers
Presented by Rohde Schwarz
Wednesday, 7 June 2023
13:45-14:30 Session A
Introduction to the new Line Arrays and how to use Multiple Arrays in complex and challenging acoustic environments.
Vibeke Jahr, COO and Founder, Squarehead Technology15:45-16:25 Session A
CEMA: Electronic Warfare meets the Cyber Domain to support Offensive Cyber Operations.
Andrea Pompili, Chief Scientist Officer at CY4GATE S.p.A.15:45-16:25 Session B
Compact, yet mighty.
Flexible and intelligent, tactical electronic surveillance fully scalable enabling platform LEMF with synchronized multimedia on a single panel.
Presented by AREA16:30-17:15
Border Security and Force Protection Analytics using Passive RF - Update
Presented by Packet ForensicsThursday, 8 June 2023
08:30-09:10
Introducing PRISM - Next-gen 5G passive remote geolocation
Presented by TRG
Track 8: 5G Lawful Interception Product Training
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.
Tuesday, 6 June 2023
9:25-10:15
Understanding 5G Stand Alone NFV, Edge Computing and Network Slicing
Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategies
10:35-11:25
Survival of IMSI-catchers in 5G Networks
Presented by Utimaco11:30-12:30
IMSI-CATCHER IN 5G (SUPI-CATCHER) Challenges - Solutions - Proof of Concept and Best Practice (60Min)
Presented by ZITiS13:20-14:10
Conquer 5G SA and 3D geolocation challenges for continued mission success
Presented by Octasic14:15-15:05
Transforming security intelligence with high accuracy 5G location
Accurate location intelligence is key to law enforcement and intelligence agencies. However, they are usually only provided with mobile phone records with the cell tower location that gives a rough area covered by that mobile cell. This can equate to a location range of 300 to 500 meters even in dense urban areas, meaning several blocks from the suspect. In rural areas, the location range can be tens of kilometres wide. In this presentation, SS8 will review the impact of 5G on location accuracy and lawful intercept
Presented by SS815:25-16:05
Keep using your IMSI Catchers and Direction Finders in the 5G SA Era
With the introduction of 5G SA, the 3GPP decided to improve subscribers’ privacy by designing an encrypted protocol architecture that protects against the use of IMSI catchers. These design choices resulted in the need for a “future proof” and solid solution in order for law enforcement to correlate temporary identifiers collected over the air interface and match them to permanent identifiers and to track suspects using their direction-finding tools and capabilities.
Presented by Group 2000
Wednesday, 7 June 2023
16:30-17:15
5G ID Resolution
Presented by EXFOThursday, 8 June 2023
09:15-10:00
Lawful Interception of IMS/VoLTE Roaming (S8HR)
Presented by Utimaco11:45-12:30
Conquer 5G SA and 3D geolocation challenges for continued mission success
Presented by Octasic
Training Seminars Led by Law Enforcment Officers and Ph.D Computer Scientists
Tuesday, 6 June 2023
Seminar #1
08:30-15:05Online Social Media and Internet Investigations
Presented by:Charles Cohen, Vice President at NW3C, the National White Collar Crime Center, Professor in Practice Criminal Justice, Indiana University and Retired Captain, Indiana State Police08:30-09:15
Proxies and VPNs: Identity Concealment and Location Obfuscation
09:30-10:15
Tor, onion routers, Deepnet, and Darknet: An Investigator's Perspective
10:30-11:15
Tor, onion routers, Deepnet, and Darknet: A Deep Dive for Criminal Investigators
11:30-12:15
Cellular Handset Geolocation: Investigative Opportunities and Personal Security Risks
13:15-14:00
Ultra-Wideband Geolocation and Cyber OSINT
14:15-15:00
Collecting Evidence from Online Social Media: Building a Cyber-OSINT ToolboxSeminar #2
08:30-15:05(THIS SEMINAR IS ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)
Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK PoliceThe aim of this 1-day seminar is to take the attendees from the basics of understanding the Internet,
how to find data, through to a full understanding of best practice of an Internet investigator, building their OSINT toolbox, and having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.
This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.08:30-09:20
The Internet, and how suspects leave a Digital Footprint. How the system works for us, as investigatorsHow it works. Why it works. How it works for us .How data traffic leaves a trace ; What the internet is; what is an IP and how is it significant to trace a person. IPv4 and IPv6 – understanding the changes- the benefits and pitfalls for the investigator. The internet has millions of copies of data on it - why, and where can we find this. Tracking and evaluating data. MAC adders tracking.
09:25-10:15
Recognizing Traffic Data and digital profiling via social networks and devices - digital shadowsWhat data is available. How to harvest and analyze it. Best practice to identify suspects and build profiles. Good practice, virtual data 'housekeeping' and tradecraft .Data collection and interrogation, significance and value. IP usage, exploitation and dynamics; IP plotting and analysis how to look for suspect mistakes and exploit them ( where they show their id). Dynamic approaches to identifying suspects through internet profiles. What investigators get from tech and service providers, and how to analyze it. Investigator capabilities and opportunities.
10:35-11:25
WIFI, geolocation, and Mobile Data traces and trackingA detectives look at Wi-Fi, attribution, cell site data, GPRS location services and technology. How an investigator can track devices, attribute suspects locations, devices and movement. Unique communication identifiers. Dynamic live time tracing. Geo location services and uses. Online Surveillance and tracking movement and speed.
11:30-12:20
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxiesHow suspects are using emerging and new technologies.
An introduction to where technology is going, and how Law enforcement can use this to our advantages. dynamic and pro-active problem solving. Darknet, (Deep web) , TOR and IRC use. VOIP, Skype and FaceTime exploits. Advanced data sniffing and profile building. TOR systems, applications and ways to coax offenders out of the system.13:20-14:10
Advanced Techniques in Tracing Suspects, and lateral problem solvingUsing innovative and dynamic methods to trace offenders. Tricks used by suspects and how to combat them- Play them at their own game?. Covert internet investigations. Proxy servers and hiding. Managing collateral intrusion. Reverse and social engineering. Thinking outside the box. Lateral thinking. Possible missed opportunities. Profile building and manhunts through device footprints, speed and movement.
14:15-15:05
Open Source Tools, PART 1. Resources, tradecraft and techniques - highlighting the best free tools and resources"Just google it" doesn't work anymore. A look at good tradecraft, practice and methodology in profiling, tracking and tracing digital footprints and shadows on the internet, by means of best available tools. A look at a selection of 200+ tools available on Mark's open source law enforcement tools website, that search engines can’t see, with login and password provided during the session. Do's and do nots. Best tools for best results. When was the last time you 'googled' something in an investigation, and it returned 5 results, all specifically relating to your suspect? This session will teach you how. PART 2 on the final day with free tools to download and keep
Seminar #3
08:30-09:20Understanding Mobile 2G, 3G, 4G & 5G NSA Infrastructure and Law Intercept for Technical Investigators
Presented by: Dr. Jerry Lucas, President, TeleStrategiesThis session addresses the infrastructure evolution of 2G to 3G to 4G to 5G NSA and the impact on lawful interception. Specifically;
Network Architecture Evolution from 2G to 3G, 3G to 4G, 4G to 5G regarding radio technology (TDMA, CDMA, OFDM and MIMO), network core from CSFB to VoLTE and SS7 to Diameter.
Encryption, Target Identification and Location: SIM and eSIM cards, IMSI and Target ID, encryption algorithms (A3, A5, A8 and Ki) and basically how user authentication and traffic encryption is accomplished.
Target Location Tracking with CDR analysis, MAC address farming, MITM attacks, SS7 access, IMSI catchers and IT intrusion.
4G to 5G Transition Specifics Understanding 5G Non Stand Alone (NSA) vs. SA 5G, the IMSI catcher issue (myth vs. realities), 5G Cryptography (ECC, SUPI, SUCI), 5G target location enhancement and LTE/NR Internetworking and Co-existance.
5G Spectrum What can 5G deliver with mid vs. high frequency spectrum and what new spectrum bands are soon to be auctioned off
SA 5G Infrastructure Features: NFV, SDN, Edge/Cloud Computing and Network Slicing
Seminar #4
09:25-10:15Understanding 5G Stand Alone NFV, Edge Computing and Network Slicing
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesCellular market analysts collectively have identified 5G services deployed in over 400 cities spread over 30 or so countries. The one common feature of all these operations is that they are providing 5G services with a 4G/5G hybrid network infrastructures or so called non-Stand Alone (NSA) architecture. This session addresses the trasition to 5G standalone.
In reality lawful interception of non-standalone is not any different from 4G interception regarding new LI feature additions. The next LI challenge will be for 5G SA. This webinar addresses the technical challenges facing law enforcement, 5G operators and ISS vendors. Specifically the four transitions are:
- 5G Network Challenges Identifiers: How are law enforcement going to grab 1gbps traffic streams; backhaul to monitoring centers and filter non-important traffic of interest.
- 5G Edge Cloud Computing: How do you intercept on a 5G operators IT systems, deal with proprietary system protocols, e2e encryption and localized content
- 5G Virtual Network Core: How complicated will this be regarding LI, VoIP on virtual devices and what LI barriers has the IETF created
- 5G Network Slicing: Is this 5G feature restricted to private enterprises or will 5G MVNO’s provide public mobile wireless services, How will law enforcement interconnect with 5G OSS provisioning systems and what is the LI point of interconnection?
Seminar #5
10:35-11:25Understanding Advanced Techniques to Defeat (or Work Around) Encrypted Third Party Services, Bitcoin Anonymity, TOR/HS and iPhone Encryption
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesYou can’t defeat today’s encryption (at least not that we know of) but law enforcement and the government intelligence community can “Work around encryption” for a price. Once you identify a target using commercially available encryption products or services (and with enough resources or money) government can defeat the target near 100% of the time.
This session:
- Analyses the top third party encrypted serves (Telegram, Silent Circle, WhatsApp, Skype, Viber,TOR, TOR/HS); the cryptography deployed; why criminals and terrorists choose one over the other; and related LI challenges.
- Presents the common techniques for defeating the encryption deployed in these services, and their success/weakness, including:
- Man in the Middle Attacks
- IT Intrusion (Installing Malware)
- Exploiting bugs in SSL/TLS
- Connecting the “metadata” dots between known targets and communication patterns
- Case studies working around third party encryption case studies, e.g. how was it done!
- TOR / DarkNets (TOR/HS)
- Bitcoin Traceback
- Mobile phone/encryption cracking
- Future Directions in cryptography presenting new challenges for law enforcement and the government intelligence community.
Seminar #6
11:30-12:20Locating and Tracking Devices by MAC Addresses and App-Based SDKs plus Privacy Measures by Apple & Google
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesThursday, 8 June 2023
Seminar #7
13:00-14:00(THIS SESSION IS ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)
Open Source Tools, Part 2. Top 20 FREE Open Source Tools (OSINT) Used in Cybercrime Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK PoliceA must see presentation of the best and most dynamic tools available to the investigator- and they’re all free. A download link will be provided during this session with 100 tools to take away