Michal Soltysik
Michał Sołtysik is a Cybersecurity Consultant and Deep Packet Inspection Analyst specializing in network edge profiling and 0-day attacks (one of the most difficult to detect).
With a focus on IT, OT, and IoT areas, he has identified so far 254 protocols used for cyberattacks.
Michał is also a skilled Digital and Network Forensics Examiner, a CyberWarfare Organizer, and a SOC Trainer, enhancing his cybersecurity roles with a broad range of expert knowledge.
More information available at https://michalsoltysik.com/
Sessions
In September 2018, the Internet Crime Complaint Center (IC3), in collaboration with the Department of Homeland Security and the Federal Bureau of Investigation, warned of attackers exploiting legitimate tools like Remote Desktop Protocol (RDP) for malicious purposes. This presentation explores a recently discovered large-scale RDP Tunneling Attack that weaponized the mstshash cookie, a session management mechanism within RDP. The most intriguing aspect of this attack was the attacker's diverse use of protocols, including TCP, TLS, SSL, MEMCACHE, Socks, WOW, WOWW, MySQL, X11, MQTT, LISP, VICP, RSL, KDSP, ICAP, BitTorrent, CVSPSERVER, NDPS, PTP/IP, TPM, kNet, ECMP, and FF. This talk utilizes deep packet inspection (DPI) analysis to dissect this attack, revealing why seemingly unrelated protocols were chosen and emphasizing the attacker's strategy to bypass traditional security measures.