Professional Documents
Culture Documents
d 2 ist
ISSWorld Europe
nd er 1
® FR
EE
ISS World Europe is the world’s largest gathering ISS WORLD EUROPE 2022 14:15-15:05
of Regional Law Enforcement, Intelligence and Tor, onion routers, Deepnet, and Darknet:
Homeland Security Analysts, Telecoms as well as PROGRAM AGENDA
Training Seminars Led by Law A Deep Dive for Criminal Investigators
Financial Crime Investigators responsible for Cyber
Crime Investigation, Electronic Surveillance and Enforcement Officers and Ph.D., SEMINAR #2
Intelligence Gathering. Computer Scientists
ISS World Programs present the methodologies 20 classroom training hours, presented by Law 08:30-15:05
and tools for Law Enforcement, Public Safety, Enforcement Officers and Ph.D. Scientists Practitioners Guide to Internet
Government and Private Sector Intelligence
• Charles Cohen, Vice President at NW3C, the Investigations
Communities in the fight against drug trafficking,
National White Collar Crime Center, Professor in • Presented by: Mark Bentley, Communications Data
cyber money laundering, human trafficking,
Practice Criminal Justice, Indiana University and Expert, National Cyber Crime Law Enforcement,
terrorism and other criminal activities conducted
Retired Captain, Indiana State Police, USA UK Police
over today’s telecommunications network, the
(6 classroom hours) The aim of this 1-day seminar is to take the attendees
Internet and Social Media.
• Charles Cohen, Vice President at NW3C, the from the basics of understanding the Internet, how
National White Collar Crime Center, Professor in to find data, through to a full understanding of
Track 1
Practice Criminal Justice, Indiana University and best practice of an Internet investigator, building
Lawful Interception and Criminal Retired Captain, Indiana State Police their OSINT toolbox, and having awareness and
Investigation Training (6 classroom hours) knowledge of all the tools available to achieve this. It
• Mark Bentley, Communications Data Expert, is aimed primarily at the investigator, delivered from
Track 2 National Cyber Crime Law Enforcement, UK Police the perspective of detective, to empower them to
(7 classroom hours) have the best methodology and tradecraft to profile
LEA, Defense and Intelligence Analyst and catch suspects.
Product Demonstrations • Jerry Lucas (Ph.D., Physics), President,
TeleStrategies
(2 classroom hours) This is exclusively Law Enforcement only, as Practical
• Matthew Lucas (Ph.D., Computer Science), VP, examples, covert and investigative methodology and
Track 3
TeleStrategies (3 classroom hours) tradecraft will be given throughout the seminar.
Social Network Monitoring, Artificial
• Vladimir Vesely (Ph.D., Computer Science) 08:30-09:20
Intelligence and Analytics Product
Researcher, Brno University of Technology
Training The Internet, and how suspects leave a
(2 classroom hours)
Digital Footprint. How the system works
Track 4
Tuesday, 14 June 2022 for us, as investigators
Threat Intelligence Gathering and Cyber 09:25-10:15
Security Product Training SEMINAR #1 Recognizing Traffic Data and digital
Track 5 08:30-15:05 profiling via social networks and
Online Social Media and Internet devices - digital shadows
Investigating DarkWeb, Bitcoin, Altcoin
Investigations 10:35-11:25
and Blockchain Transaction
• Presented by: Charles Cohen, Vice President at WIFI, geolocation, and Mobile Data
Track 6 NW3C, the National White Collar Crime Center,
Professor in Practice Criminal Justice, Indiana
traces and tracking
Mobile Signal Intercept Training and University and Retired Captain, Indiana State Police 11:30-12:20
Product Demonstrations Awareness of Emerging Technologies,
08:30-09:20
Track 7 Cellular Handset Geolocation: Masking Tech and Tools, TOR and proxies
Electronic Surveillance Training and Investigative Opportunities and 13:20-14:10
Product Demonstrations Personal Security Risks Advanced Techniques in Tracing
09:25-10:15 Suspects, and lateral problem solving
Track 8
Collecting Evidence from Online Social 14:15-15:05
5G Lawful Intercept, Tracking and Media: Building a Cyber-OSINT Toolbox Open Source Tools, resources and
Forensics Product Training (Part 1) techniques - A walk through my free law
Plus Special Training Seminars lead by Law 10:35-11:25 enforcement open source tools site
Enforcement Officers and Ph.D. Scientists Collecting Evidence from Online Social
Media: Building a Cyber-OSINT Toolbox
SEMINAR #3
(Part 2) 08:30-09:20
ISS World Europe Understanding Mobile 2G, 3G, 4G & 5G
11:30-12:20
Exhibits Schedule NSA Infrastructure and Law Intercept
Proxies, VPNs, and Dark Web: Identity
for Technical Investigators
Wednesday, 15 June 2022 Concealment and Location Obfuscation
• Presented by: Dr. Jerry Lucas, President,
10:00 - 18:15 13:20-14:10 TeleStrategies
Thursday, 16 June 2022 Tor, onion routers, Deepnet, and This session addresses the infrastructure evolution of
Darknet: An Investigator’s Perspective 2G to 3G to 4G to 5G NSA and the impact on lawful
10:00 - 13:00 interception.
SEMINAR #4 Track 1
The presentation introduces methods addressing
both of these phenomena – intercepting TLS/SSL
09:25-10:15 Lawful Interception and Criminal connections with the help of man-in-the-middle
Understanding 5G Stand Alone NFV, Investigation Training attack employing proxy and automatically creating
snapshots of problematic web pages. Speakers
Edge Computing and Network Slicing This track is for Telecom Operators and Law outline necessary theory (including news about
• Presented by: Matthew Lucas (Ph.D, Computer Enforcement/Intelligence/Defense Analysts who TLS 1.3, HSTS, HTTP3.0), well-known attacks (e.g.,
Science), VP, TeleStrategies are responsible for specifying or developing lawful renegotiation, downgrade, cipherspec change,
Cellular market analysts collectively have identified intercept network infrastructure. and others), and industry-standard tools for traffic
5G services deployed in over 400 cities spread analysis (such as Wireshark, Fiddler proxy, SSL-Split)
over 30 or so countries. The one common feature Tuesday, 14 June 2022 and decoding (e.g., Selenium, Scrapy). The session
of all these operations is that they are providing 5G will include a live demo of MitM attack on HTTPS
services with a 4G/5G hybrid network infrastructures 15:25-16:05 SESSION B connection enhanced with covert extraction of form
or so called non-Stand Alone (NSA) architecture. Accelerating investigation workflows data, which would be later used to periodically web
This session addresses the transition to 5G stand scrape and archive protected content.
with specially designed IT-forensic
alone. (Full description below Track 9)
laboratories • Vladimir Vesely (Ph.D., Computer Science) and
• Presented by mh Service GmbH Jan Pluskal, Researchers, Brno University of
SEMINAR #5 Technology
10:35-11:25 Wednesday, 15 June 2022 Track 2
Understanding Advanced Techniques
09:00-10:00 SESSION A
to Defeat (or Work Around) Encrypted LEA, Defense and Intelligence
Lawful Interception and Communication Analyst Product Demonstrations
Third Party Services, Bitcoin Anonymity,
Data, Current & Future Challenges:
TOR/HS and iPhone Encryption This track is only open to Law Enforcement, Public
Mobile, Cyber Security, Virtualization Safety and Government Intelligence Community
• Presented by: Matthew Lucas (Ph.D, Computer
Science), VP, TeleStrategies
and AI - An industry view Attendees.
• Alex Leadbeater, 3GPP SA3-LI and ETSI TC Cyber
You can’t defeat today’s encryption (at least not
Chairman and Head of Global Obligations Future
that we know of) but law enforcement and the Tuesday, 14 June 2022
and Standards, BT Security
government intelligence community can “Work
around encryption” for a price. Once you identify 08:30-09:20 SESSION B
15:00-15:40
a target using commercially available encryption Intercepting and Collecting Web
Flow aware scalability across servers
products or services (and with enough resources Evidence in the Times of TLS1.3 and
or money) government can defeat the target near • Presented by Napatech
HTTP3.0
100% of the time.
The end-to-end HTTPS encryption and the volatile
Thursday, 16 June 2022
nature of web content make any interception and
SEMINAR #6 8:30-9:10 collection of data on the Internet a challenge.
Password Cracking in Practice The presentation introduces methods addressing
11:30-12:20
both of these phenomena – intercepting TLS/SSL
Locating and Tracking Devices by MAC As more and more traffic and data on the Internet
connections with the help of man-in-the-middle
Addresses and App-Based SDKs plus are being protected end-to-end, decrypting
attack employing proxy and automatically creating
information becomes more critical than ever
Privacy Measures by Apple & Google before. The presentation outlines password-
snapshots of problematic web pages. Speakers
outline necessary theory (including news about
• Presented by: Matthew Lucas (Ph.D, Computer cracking use-cases, employed formats, current
TLS 1.3, HSTS, HTTP3.0), well-known attacks (e.g.,
Science), VP, TeleStrategies GPU/FPGA performance limits, and existing (non-)
renegotiation, downgrade, cipherspec change,
commercial cracking tools. Speaker will show how
and others), and industry-standard tools for traffic
Thursday, 16 June 2022 to: a) automatically extract hashes from encrypted
analysis (such as Wireshark, Fiddler proxy, SSL-Split)
documents; b) prepare and evaluate password
and decoding (e.g., Selenium, Scrapy). The session
SEMINAR #7 keyspace (e.g., generate passwords using Markov
will include a live demo of MitM attack on HTTPS
chains / rule-based grammars and handling of
connection enhanced with covert extraction of form
13:00-14:00 passwords containing national characters); c)
data, which would be later used to periodically web
Top 20 Open Source Tools (OSINT) orchestrate various cracking strategies (e.g., a
scrape and archive protected content.
Used in Cybercrime Investigations combination of dictionaries). Participants will be
provided with tips and tricks on how to use Hashcat • Vladimir Vesely (Ph.D., Computer Science) and
• Presented by: Mark Bentley, Communications more effectively and how to distribute password Jan Pluskal, Researchers, Brno University of
Data Expert, National Cyber Crime Law cracking task on their infrastructure. Technology
Enforcement, UK Police
• Vladimir Vesely (Ph.D., Computer Science) and Jan 09:25-10:15 SESSION A
Pluskal, Researchers, Brno University of Technology Carrier in Carrier Analysis: Determine
Wednesday, 15 June 2022
09:15-10:00 the impact of Carrier in Carrier
8:15-8:30
Cyber Threat Intelligence in Context of technology on your satellite monitoring
Welcoming Remarks
Counterterrorism capabilities
• Tatiana Lucas, ISS World Program Director,
TeleStrategies • Presented by Resecurity Presenting the challenges posed by Carrier in
Carrier technologies and VASTech’s approach to
8:30-9:00 11:45-12:30 the analysis of Carrier in Carrier signals and the
Top Ten Internet Challenges Facing Intercepting and Collecting Web separation of Symmetrical and Asymmetrical Carrier
Law Enforcement and the Intelligence Evidence in the Times of TLS1.3 and in Carrier Signals.
Lead Sponsor