We have a variety of “Open Port” events during which renowned cybersecurity experts
will come to ETH to discuss their field’s current state with a small group of students.
In cybersecurity, an “Open Port” is an integral part of internet communication. Similarly, our Open Port events are there to communicate, connect and learn from each other. These events are an excellent opportunity for ETH students to gain an insight into the industry and public services. Additionally, in good ETH fashion, there will be an apero after most of our events. In particular circumstances, Open Ports are held virtually in highly interactive settings to the delight of speakers and students alike.
Are you curious about how an advanced persistence threat (APT) operates during an ongoing attack? Let's find out with a Red Team member of InfoGuard AG!
The talk will take you through the typical stages of an attack, its intermediate goals, and the possible procedures on how to achieve those. It will give you not only a high-level overview of the attack, but also some detailed technical insights into certain techniques and vulnerabilities used throughout the attack. One possible example is the weaponization of a Word Document and how to analyze it in depth.
How can a Swiss non-profit help companies and researchers worldwide fight malware? Roman Hüssy from abuse.ch explined how the data trove is created, maintained and used.
Roman presented how he designed and set up a platform that allows security researchers to share malware samples, indicators of compromise, botnet addresses, and more. He also gave an overview of the malware threat landscape in the last decade, and the unique challenges posed by recent attacks.
Have you ever wondered how security analysts and penetration testers search for vulnerabilities in real-world systems? In this talk, Claudio Anliker explained what penetration testing, red teaming, and ethical hacking are about.
Sharing some of his own experiences, he
provided a glimpse into
the everyday work in the IT security industry. He showed how you learn the tricks of the
it needs to conduct meaningful security assessments, and why penetration testing can be an
incredibly interesting profession.
Before joining ETH as a PhD student, Claudio Anliker studied Computer Science at the University of Zurich and worked about four years as a penetration tester at a Swiss cyber security company. During this time, he carried out security assessments of all kinds, provided trainings for clients and co-workers, and lead a penetration testing team during his last year.
How do banks secure their cloud infrastructure? Mark Beerends, consultant at Prusec, shed light on this for us!
Cloud services are getting increasingly
popular in the industry, but banks tend to be conservative when using them. In this
session, we explored how banks shape and secure their cloud infrastructures and how they
their compliance and regulatory requirements.
About our speaker: Mark Beerends is a passionate cybersecurity expert with over a decade of experience in the field of security operations and management. He has an extended track record in the financial industry as head of Security Operations Centers and Head of various IT departments. He founded his own consultancy company Prusec in 2014.
How are blockchains running smart contracts and managing many billions being attacked and defended?
On the 31st of March, Matthias Egli showed us the challenges of designing smart contracts, analyzing their vulnerabilities, and get hands-on experience in a real-world scenario. Matthias was the COO of ChainSecurity, an ETH spin-off that has helped secure more than 1 billion USD transiting through smart contracts. After a quick technical introduction on how to interact with a real-world blockchain, Matthias presented the participants with an actual smart contract. He challenged everyone to exploit its re-entrancy vulnerability. What followed was an intensive hands-on session during which everyone tried to multiply their wealth. Following this active part, Matthias went over more intricate attack patterns like flash-loans. The event concluded with a quick Q&A session about real-world applications of blockchains and newly trending topics such as NFTs.
Josh Aas, Executive Director of Let's Encrypt, joined us for a session on internet security, sharing his insights and experiences of creating a nonprofit organization with the vision to make a secure internet attainable for everybody.
In just five years, Let's Encrypt helped increase the share of HTTPS requests from less than 39% to over 85%. In his interview, Josh explained both the technical specifics of a Certificate Authority as well as the moral dilemmas that can arise. He shared with us how once while coping with bugs that could potentially cause security breaches, he had to at the same time weigh the consequences of revoking 3 million certificates and potentially cause the shut-down of several domains. We also learned about crucial choices Let's Encrypt had to take to achieve a solution that would change millions of websites' behavior within a limited time frame. According to Josh, success depends not necessarily on finding a new solution but using existing approaches to make them easily usable and accessible. Many of us left his evening genuinely inspired and felt that every one of us can change the internet for the better - you just have to set your mind to it.
How is cyber policy made by governments? And where is European Union cyber policy headed?
On the 24th of February, ETH students gained unique
insights on this topic from Dr. Igor Nai Fovino. As deputy Unit Head of the European
Joint Research Centre, he has acquired over 13 years of experience at the European
talked to ETH students about his research covering IoT, blockchain, risk assessment,
many more areas. One current topic of his research he discussed was whether it would be
use blockchain technology to aid in the logistics of Covid vaccinations (yes!).
During the talk, Igor shared with students that the EU was working towards improving data protection as a human right – not simply as a set of rules with paperwork. Furthermore, an understanding of data protection and how it must be regulated is still developing, and will continue to develop further. As such, policymaking processes are a process of continuous negotiations. How has COVID affected cyber security in Europe? For one, healthcare and critical infrastructure sectors experienced increased attacks. Additionally, COVID has pushed Europe faster towards digitalization, and cybersecurity has now become more relevant in the EU Commission’ priorities.
The take-away from the talk was that cybersecurity is currently undergoing a paradigm shift. The ‘old’ firewalling approach does not work anymore because digitalization implies that it is not possible to close all the system’s doors. For example, the energy grid before the 90s was considered to be secure simply because it was a closed world. With the roll out of smart grids and other initiatives, it is not possible anymore to close the doors, because suppliers need continuous data floors for decision softwares. In order to do that, all devices need to be connected, and for this reason the grid is vulnerable.
With Luca Gambazzi, Senior Scientific Project Manager at armasuisse Science and Technology and at the Cyber-Defence Campus
Luca Gambazzi gave an introduction on how to conduct a risk-based security analysis by working on realistic examples, as well as learning about the duties of armasuisse S+T and the opportunities it offers for students.
With Dr. Adrian Marti, Head of Cyber Security & Privacy, Partner AWK Group AG, and Werner Meier, Chief of Staff Crisis Organisation, Alpiq Group
Students learned firsthand how the crisis organization of an international energy supply company is structured and how it works. Together with our speakers, we went through the steps to cope with such a scenario.
With Miguel Gomez, Senior Researcher with the Centre for Security Studies at ETH, and Dr. Kari Kostiainen, Senior Scientist at ETH and Director of the Zurich Information Security Center (ZISC)
Pitfalls, New Cyber Solutions - What is the Role of a Cyber Researcher and what does it take to be one? The speakers shared their insights as researchers, their career path and their current research topics. Their presentations were followed with ample time for questions and exchange in smaller groups.
In small teams, participants were confronted with small, realistic scenarios of a cyber incident; they had to devise an action plan under time pressure, involving the relevant stakeholders and assessing the risks and opportunities associated with each action.
This event gave a chance to everyone to get to know the team behind our events, engage with us, and find out how everyone can help and join us to foster cyber enthusiasm at ETH.
With Reto Ischi, Team Lead Product Development WAF at Ergon
Reto explained the continuous arms race between hackers and security vendors in the field of web application security. Some suppliers promise that machine learning is the next Swiss Army Knife to defend against web security threats; as a Swiss vendor of the web application firewall Airlock, Reto Ischi and his team analyzed machine learning-based techniques to detect web attacks. He shared with us his ideas, experience and results of their proof of concept with productive web traffic. After the talk, the students had the opportunity to exchange with the speaker and two other Ergon engineers about their job and career at a Swiss software security company.
With Michael Bem, Executive Director at the Chief Information Security Office of UBS
Michael led a workshop exercising cyber crisis response at a fictitious entity. The students, split up in small teams, were confronted with a fictitious scenario of a cyber crisis, and were tasked to respond to the crisis. After a lively exchange between the teams and Michael Bem, the scenario was extended and worsened, and the students had to react to the incident in light of the new data and risks. After the workshop, Michael Bem shared his advice on how to efficiently tackle this kind of crisis, especially in a business context, and gave insight into relevant tools, techniques and processes. The students then had the opportunity to network and engage with Michael Bem about his work and career at UBS.
With Ralf Weissbeck, group CIO at the Adecco Group
Or, what does it mean if NotPetya shuts down your company for several days? Why could this untargeted attack create so much harm in major companies? How does one react to ransom demands? These and many other questions were answered by Ralf Weissbeck, now the group CIO of the Adecco group but then part of the cybersecurity team at Maersk. He recalled how within a few hours, an at first singular event spread company wide and only by chance spared one entity which proved pivotal to deal with the crisis. Students heard first hand how important it is to invest in cybersecurity, the pitfalls of flat networks and the necessity to have a streamlined crisis management that is ready to act. He shared anecdotes of missed concerts and family times as the crisis demanded unbelievable working hours and sleeping arrangements, with whole company floors being converted to make-shift crisis lodgings. The event was concluded by a memorable apero at the terrace of the Dozenten-Foyer where students had the chance to ask both him and Federico Blasiotti further questions.
With Korpskommandant Aldo C. Schellenberg, Deputy Head of the Swiss Army
We wanted to know more about the role of Switzerland in the world of Cyber and were proud of having Korpskommandant Aldo C. Schellenberg to talk with us about the state of cyber security in the Swiss military. From stories about actual penetration testing and cyber attacks on an international level to the newly established cyber unit of the Swiss military, Korpskommandant Schellenberg shared his insights with us!
With Dr. Thyla van der Merwe, Cryptography Engineering Manager at Mozilla
We invited Thyla to talk with us about the daily challenges in cybersecurity. Being part of the development of Mozilla’s next generation of safe browsers, she shared with us what it means to apply cryptographic theory in practice.
Do you have valuable insights in current cybersecurity topics and want to share them with a
small group of students? We are always looking for cybersecurity experts who will take
a speaker’s role at our events. As a speaker you will benefit from an interested and
Get in touch with us! Thore Göbel and Marina Ivanovic will be delighted to discuss with you how to bring your cyber experience to ETH.