Security B-Sides London 2017
7th of June 2017 at the ILEC Conference Centre 47 Lillie Road, London, SW6 1UD

Welcome to our schedule for the day! For more details on the talks, workshops, please visit our website.
Back To Schedule
Wednesday, June 7 • 15:25 - 16:10
Enemies of the West

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
On November 24, 2014, "Guardians of Peace" (GOP) released confidential data from the film studio Sony Pictures.

North Korea were blamed, my talk will very briefly look at what happened, (the openings section, what happened will be very brief because it's quite common knowledge that they got hacked) the talk will then quickly move on into technically how it was achieved, this is not so commonly known, especially showing demos of how each stage could have been achieved.

The demo and how it was achieved is what I personally found interesting during researching this. What concludes is how closely the attack mirrored a typical external social engineering / internal penetration test.

The talk will not in any way disrespect any parties but it will remove the hype, revealing what in reality was a crude and simple attack that could have easily been performed by a single person and not what people would expect from a nation state attack.

The talk will be backed up with stats, and examples from personal experiences from external/internal social engineering, infrastructure and application testing.

It will include demos, showing how an attack achieved by the GOP would be simple to replicate due to commonly overlooked security hardening measures.

During the talk there will also be a section on what can go wrong, before and after gaining access to an internal network, and then how to get round this, and how to protect.

Then if time permitting the talk will then conclude by revealing an alarming way to achieve such an attack that has not been considered or discussed before.

Areas that will be covered are:

Offensive and Defensive Technologies and Techniques.
Owning the Enterprise, Infrastructure, external and internals.

1. What was achieved by GOP.
2. Remote social engineering.
3. Lateral movement processes.
4. How to get round defenses.
5. Why such attacks work.
6. Misconfigurations.
7. Anything that comes up during questions.


Neil Lines

I regularly talks at Uni’s and other opportunities. A lover of sharing, teaching, talking, confident, but not arrogant. I'm a Crest Registered Penetration Tester. Working for Nettitude as a Security Consultant performing penetration testing. I have been working in security for over... Read More →

Wednesday June 7, 2017 15:25 - 16:10 BST
Track 1