Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Security B-Sides London 2017
7th of June 2017 at the ILEC Conference Centre 47 Lillie Road, London, SW6 1UD

Welcome to our schedule for the day! For more details on the talks, workshops, please visit our website.
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Wednesday, June 7
 

08:45

Opening Remarks
Volunteers
avatar for Thomas Fischer

Thomas Fischer

Global Security Advocate & Principal Threat Researcher, Digital Guardian
With over 25+ years experience, Thomas has a unique view on security in the enterprise with experience in multi domains from policy and risk management,  secure development and incident response and forensics. Thomas has held roles varying from security architect in large fortu... Read More →

Wednesday June 7, 2017 08:45 - 09:00
Track 1

08:45

Opening Remarks
Volunteers
avatar for Thomas Fischer

Thomas Fischer

Global Security Advocate & Principal Threat Researcher, Digital Guardian
With over 25+ years experience, Thomas has a unique view on security in the enterprise with experience in multi domains from policy and risk management,  secure development and incident response and forensics. Thomas has held roles varying from security architect in large fortu... Read More →

Wednesday June 7, 2017 08:45 - 09:00
Track 2

09:00

[Keynote] Freaky Leaks from a Chic Geek

Subtitle: I should buy a boat

Leakware, leaked data bases and leaky applications. Leaks are all around us and here to stay it seems. Almost every day, a new story about a data breach from the comical to the scary. Worse, a new exploited vulnerability leaking or locking data. Many protocols are in widespread use, if they are vulnerable and can share data or information inadvertently. Larger numbers of systems, businesses, infrastructure and people are at risk. When a risk is identified, how can threat intelligence be shared? In the land of NDAs, different laws, jurisdictions and regulations. What is good intel or sharable information and to who? 

 

If your organisation's security posture is reactive not proactive, chances are easy to pwn systems can be exposed without visibility. Avoid making it easy to perform mass exploitation. Utilizing the new OWASP Top Ten 2017 and the information gathering checklist. You’ll learn how to discover leaky and vulnerable assets, websites, protocols.  The presentation uses sanitized real life data. All information gathered passively. Examples are an unnamed big bank, major IT vendors, multimedia platform, powerplant and other fun..for attackers. A brief update on the leak underground economy and how valuable data can be. How much is that leaky data worth? The good, bad and ugly of sharing. Protection strategies, sharing options and takeaways to justify testing time, budget and sharing options.


Speakers
CK

Chris Kubecka

Chris Kubecka, Security Researcher and CEO of HypaSec. Establishing several security groups for Saudi Aramco’s affiliates after the Shamoon attacks and held positions as Group Leader for Aramco Overseas, Netherlands. Implementing and leading the Security Operations Centre, Network Operation Centre, Joint International Intelligence Group... Read More →


Wednesday June 7, 2017 09:00 - 10:00
Track 1

09:00

[Keynote] Freaky Leaks from a Chic Geek

Subtitle: I should buy a boat

Leakware, leaked data bases and leaky applications. Leaks are all around us and here to stay it seems. Almost every day, a new story about a data breach from the comical to the scary. Worse, a new exploited vulnerability leaking or locking data. Many protocols are in widespread use, if they are vulnerable and can share data or information inadvertently. Larger numbers of systems, businesses, infrastructure and people are at risk. When a risk is identified, how can threat intelligence be shared? In the land of NDAs, different laws, jurisdictions and regulations. What is good intel or sharable information and to who? 

 

If your organisation's security posture is reactive not proactive, chances are easy to pwn systems can be exposed without visibility. Avoid making it easy to perform mass exploitation. Utilizing the new OWASP Top Ten 2017 and the information gathering checklist. You’ll learn how to discover leaky and vulnerable assets, websites, protocols.  The presentation uses sanitized real life data. All information gathered passively. Examples are an unnamed big bank, major IT vendors, multimedia platform, powerplant and other fun..for attackers. A brief update on the leak underground economy and how valuable data can be. How much is that leaky data worth? The good, bad and ugly of sharing. Protection strategies, sharing options and takeaways to justify testing time, budget and sharing options.


Speakers
CK

Chris Kubecka

Chris Kubecka, Security Researcher and CEO of HypaSec. Establishing several security groups for Saudi Aramco’s affiliates after the Shamoon attacks and held positions as Group Leader for Aramco Overseas, Netherlands. Implementing and leading the Security Operations Centre, Network Operation Centre, Joint International Intelligence Group... Read More →


Wednesday June 7, 2017 09:00 - 10:00
Track 2

10:00

Introduction and Kick Off
Moderators
Wednesday June 7, 2017 10:00 - 10:05
Lightning Track

10:00

Introducing Pi-Key: Hacking just like the Movies
Have you ever watched a film where the actor attaches a 'hacking device' to something, and after a few seconds (and some flashing lights) the thing magically unlocks? Did you think to yourself 'that's totally unrealistic!'?

Well now it's real life! Building on the previous credential stealing attack by Mubix, Trevor and Jon have created 'Pi-Key', a £20 device built on the Raspberry Pi Zero which steals credentials from Windows machines, cracks them and then unlocks the machine, all in under 60 seconds*.

This talk explains the tool we've built and how it works, why we chose the final components we did and finally the success rate we've had. All instructions and code will be available after the talk so you can build your own!

Speakers
JA

Jon Aubrey

Trevor Shingles and Jon Aubrey have spent many years working in and around the multiple facets of IT, before eventually finding their way into Penetration Testing. | | When not Pen Testing, they spend their time trying to explain to their children that not all hackers are bad g... Read More →
TS

Trevor Shingles

Trevor Shingles and Jon Aubrey have spent many years working in and around the multiple facets of IT, before eventually finding their way into Penetration Testing. | | When not Pen Testing, they spend their time trying to explain to their children that not all hackers are bad g... Read More →


Wednesday June 7, 2017 10:00 - 10:45
Track 1

10:00

Connecting the dots!
We've seen in 2016 the datapocalypse of 3rd party data breaches, with conservative estimates reaching around 1.5-3 billion peoples information being leaked or dumped on the Internet. Yet these numbers somehow mask the very real impact of these breaches. Many companies and organisations after been exposed have been exposed, without ever really noticing. In 2016, 100% of the FTSE 100 has their email domain in 3rd party data-breaches.

This talk does look at what has happened, but more importantly it looks as the journey I took to build a data-dump search-engine. Like many things in life, it's easier said than done.

Why should you be concerned? Because this is passive OSNIT, than can reveal so much about a company/organisation without an attacker ever touching Google or their site. What is your current exposure to dumps and leaks online?


Speakers
AF

Arron Finnon

Arron ""finux"" Finnon has been involved in security research and consultation for a over 12 years. Arron has discussed a wide range of security related topics at a number of high profiled international Security/Hacking conferences, as well as producing over 100 security related... Read More →


Wednesday June 7, 2017 10:00 - 10:45
Track 2

10:00

Session 1 Dynamic Stink Lie Berry's with John Carroll @n0x00
Want to know how to identify DLL pre-loading attacks but feel like you aren't geeky enough ? we will do this with very simple techniques your granny and grandpa could do. investigate installation processes and file handling behaviour, then exploit opportunities with metasploit. 

 L2 Techies, Pentesters, hackers,  Any Geek

Requirements: A Windows environment with procmon, a Linux environment with metasploit (virtualbox/vmware, however you cut it)

Speakers
avatar for John Carroll

John Carroll

Ninja Derp, The Gentleman Hackers Club
gobshite



Wednesday June 7, 2017 10:00 - 11:00
Workshop2

10:00

Session 1 Web Hacking 101 with Porthunter @porthunter
We will cover all the basics to give you a good head start into the world of web application security.
Aimed at people new to offensive security and software developers who wish to audit their own apps and write more secure code. Learn how to find, exploit and defend against the most common types of web app vulnerabilities. Session includes Command Injection, Malicious File Upload (Web Shells), RCE, XSS, SQLi, LFI, RFI, CSRF and more.

L1 Any Geek

Requirements: Laptop with Kali Linux installed (VM is best).

Speakers
P

Porthunter

Pentester, researcher, bugbounty hunter, CTF player with team Xil.se and founder of Smash The Stack security events.


Wednesday June 7, 2017 10:00 - 12:15
Workshop1

10:00

Session 1 Saving time and effort with security tools and solutions on the BSDs with Sevan Janiyan @sevanjaniyan
An quick introductory tour of some of the features in the BSD family of UNIX variants which can save a considerable about of time and and effort to setup or implement otherwise.
We'll cover how to setup a HA IPsec gateway with sasyncd on OpenBSD
Process isolation with jails on FreeBSD
File tamper detection / prevention with veriexec on NetBSD
OS Fingerprint detection and filtering with PF on OpenBSD

L3  Techies, Management, Pentesters, hackers, ..., Any Geek

Requirements: A laptop with a hypervisor installed (virtualbox/qemu/vmware) .iso files of the latest releases of NetBSD, FreeBSD and OpenBSD NetBSD http://cdn.netbsd.org/pub/NetBSD/NetBSD-7.1/images/NetBSD-7.1-amd64.iso FreeBSD http://ftp.uk.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/11.0/FreeBSD-11.0-RELEASE-amd64-disc1.iso OpenBSD https://ftp.fr.openbsd.org/pub/OpenBSD/6.1/amd64/install61.iso

Speakers
avatar for Sevan Janiyan

Sevan Janiyan

Sevan Janiyan is a consulting sysadmin from South East England who has an interest in different operating systems & computers. He is a member of the NetBSD foundation and the FreeBSD project working primarily on the cross-platform packaging system pkgsrc where he maintains builds across several operating systems with differing CPU architectures, he isa member of the pkgsrc-security team... Read More →



Wednesday June 7, 2017 10:00 - 12:15
Workshop3

10:00

CV Clinic and Roundtables
This session will be focused on various topics on how to improve your visibility when going for jobs. We have pulled together recruiters, hiring managers and professionals to help you better your chances at getting that job.
The session will have presentations mixed with roundtables/workshops. The discussions will be focused on:
  • How to work with recruiters
  • How to move into a different job area (your transferable skill set) and CV Writing
  • How to stand out and get noticed beyond your CV
Bring your CVs and questions!

Wednesday June 7, 2017 10:00 - 13:00
Lightning Track

10:05

Targeted CV writing when entering or changing fields

Getting the first Job in a new field can be hard, particularly if there is a "you need experience to get experience" trap. When you're new to a field or industry, it is also easy to not understand the core things an employer is looking for. However, you can massively increase your chances of an interview by studying your target and modifying your approach to fit them. 

This talk will describe how to work out what an employer is looking for and how to make it easy for them to find that in your CV. It will also cover how to position yourself and stand out where there are increasing numbers of people wanting to enter cyber security. Case studies will be taken from infosec/cyber security but the methodology applies to all fields.


Moderators
Wednesday June 7, 2017 10:05 - 10:25
Lightning Track

10:20

10:25

'How the f**k do I get in? One woman's struggle to break into cyber security!'
Speakers
avatar for Colette Weston

Colette Weston

Digital Project Manager, DXC
Digital Project Manager, lurking on the internet since the early days. | Objective and dispassionate, I like data because it is value free. | Constantly intrigued by the unique qualities of people, I observe people’s style and motivation, how each person thinks and how th... Read More →



Wednesday June 7, 2017 10:25 - 10:40
Rookie Track

10:45

Profiling Malicious Actors (Working Title)
Speakers
avatar for James Stevenson

James Stevenson

Student at the University Of Southwales. Spent the last year researching the ins and outs of offender profiling... And procrastinating.



Wednesday June 7, 2017 10:45 - 11:00
Rookie Track

10:45

BREAK
Wednesday June 7, 2017 10:45 - 11:15
Track 1

10:45

BREAK
Wednesday June 7, 2017 10:45 - 11:15
Track 2

11:05

Awareness about behavior online, how to build it
Speakers
avatar for Jelena Milosevic

Jelena Milosevic

Pediatric ICU Nurse and Independent security researcher
My name is Jelena Milosevic, an extremely curious nurse, finding correlations between the subjects that most people doesn't see. | My goal is to create awareness so that we can build an environment in which health care workers can help the patient not only to regain their healt... Read More →


Wednesday June 7, 2017 11:05 - 11:20
Rookie Track

11:15

Working with a recruiter: Mythbuster. What a ‘good’ recruiter does
How to engage and work with a recruiter. Why use a recruiter? CERIS. Trust goes both ways.

Speakers
JS

James Spear

InfoSec Sales Team Manager, Computer Futures


Wednesday June 7, 2017 11:15 - 11:35
Lightning Track

11:15

WiFi-based IMSI Catcher
We present a new WiFi-based IMSI catcher which operates by exploiting flaws in the way authentication protocols have been deployed in most of the world's smartphones. Being WiFi-based means that the attacks have the potential to be much easier to take advantage than traditional 2-4G based IMSI catchers.

We explain how users may be tracked when using smartphones and tablets including those running iOS , Android and other mobile OSs. This tracking can be performed silently and automatically without any interaction from the tracked user. We have developed a proof of concept system that demonstrates our IMSI catcher employing passive and active techniques.

Finally, we present guidelines for vendors, cellular network operators, and users to mitigate the privacy issues that arise.

Speakers
PO

Piers O'Hanlon

I'm interested in the privacy and security afforded by protocols deployed in Internet, mobile, and things. I have worked on networked multimedia transport over IPv4 and IPv6, large-scale conferencing applications, grid systems, and congestion control. I have also authored a numbe... Read More →


Wednesday June 7, 2017 11:15 - 12:05
Track 1

11:15

[NOT FILMED] How storytelling made me a better infosec professional
Lights, camera, action… just three words can conjure up images, build anticipation, and set the scene.

But what do the words information security, IT security, hacking, or <cough> cyber security </cough> conjure up in the mind of the masses? Why do people think of hoodie-wearing, basement dwelling geeks? Why do charlatans or ill-informed marketers seem to get quoted by the media instead of those who really know their stuff?

You’re security pros’ the guys doing the work, the ones who understand the risks, and the impact of exploits. Yet that’s not the narrative that echoes.

It’s the narrative of marketing departments, clueless armchair academics, ill-informed journalists, or worse still, conferences organised by professional conference organisers, or charlatans looking to make money by milking the security industry.

Come with me on a journey of self-discovery where it’s possible to rise above the noise. I’ll be sharing tips on what worked for me, and how you can apply it to your daily work.

It’s time to take back control of the narrative. If I can do it, you can, and find immense wealth, good fortune, peer admiration, and career growth.*

*possibly

Speakers
JM

Javvad Malik

Javvad Malik is a security advocate at Alien Vault, a blogger and a co-founder of Security B-Sides London. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including... Read More →


Wednesday June 7, 2017 11:15 - 12:05
Track 2

11:15

Session 2 Red Teaming with PoshC2 with Ben Turner & Phil Lynch ( @benpturner & @plynch98 )
This workshop is aimed to help people get setup and start attacking client devices (using a mixture of Empire & PoshC2) ready for their next red teaming engagement or social engineering test. These tools are not only written for red teamer’s but can be used in almost all forms of internal penetration testing too. The key areas that we will focus on are as follows:

- C2 Installation
- Gaining an Initial Foothold
- Persistence and Situational Awareness
- Privilege Escalation Techniques
- Lateral Movement
- Acting on Objectives and Data Exfiltration

 L3  Techies

Requirements: The only thing you are required to bring is an up-to-date version of Windows 10 or Windows 7 to run the lab from. Nettitude will have the lab environment setup via WiFi. It is worth noting you don’t have to be a PowerShell wizard to benefit from this workshop as its very leading. Hopefully PoshC2 is written in such a way to help people who are new to PowerShell and red teaming but also strongly benefits the advanced red teamer with lateral movement capabilities and fully proxy aware payloads.

Speakers
BT

Ben Turner

Ben Turner (@benpturner) is a principal security consultant at Nettitude. He specialises in conducting Red Teaming, STAR and CBEST focussed penetration tests to a multitude of clients around the world. Ben is both a CREST team leader and attack specialist (CCSAS) and has a keen f... Read More →


Wednesday June 7, 2017 11:15 - 13:30
Workshop2

11:25

Think about the box
Speakers
SH

Stefan Hager

Pentester, researcher, bugbounty hunter, CTF player with team Xil.se and founder of Smash The Stack security events.


Wednesday June 7, 2017 11:25 - 11:40
Rookie Track

11:35

Breakout - Interview techniques {Working title}
What makes a good interview? Interviews, different types and prep.

Wednesday June 7, 2017 11:35 - 12:05
Lightning Track

11:45

BREAK
Wednesday June 7, 2017 11:45 - 12:00
Rookie Track

12:05

Security Monitoring: Avoiding 'Oh Sh*t' Moments
Speakers
avatar for Pete Bryan

Pete Bryan

Senior Security Architect, Babcock MSS
I have spent my entire career working in and around SOCs, whether that be working as a security analyst in a established SOCs, building and developing new SOCs, or working with others to help them develop and improve their capability. I am passionate about sharing useful, practic... Read More →


Wednesday June 7, 2017 12:05 - 12:20
Rookie Track

12:10

Needle in a haystack: Tips and tricks to get you noticed by us.
Ever wanted to work at a vendor? Seen that awesome security job? We’ll tell you what we look for, from initial recruitment contact through to the hiring manager. We’re looking for that perfect candidate, that could be you, help us find you. You could be our needle in a haystack. We’ll give you tips and tricks to stand out from the crowd, market yourself; be our needle!


Wednesday June 7, 2017 12:10 - 12:30
Lightning Track

12:10

Secure Communications
When users and clients ask for 'secure communications' they often get excited about shinny new equipment that makes them feel like spies but how do we keep them excited about cyber security and secure communications? In this talk I will walk you through looking at how to build a secure culture, things to consider when implementing secure communications, and finally stories of when others have failed and the consequences of this.

Speakers
ZR

Zoë Rose

Zoë Rose is a Cisco Champion and Cyber Security Analyst at Schillings. Zoë helps clients secure their network infrastructure from data loss and cyber-attack. In addition to specialising in network security and secure communications, Zoë also supports ethical hacking and incide... Read More →


Wednesday June 7, 2017 12:10 - 13:00
Track 1

12:10

Sharing is not caring: Proliferation of GitHub code in real attacks
What happens when attackers deploy open-source malware
Looking at open command and control servers to find attackers toolkits
The problems when Red Teams copy attackers malware
And the opportunities this all gives to defenders

Speakers
CD

Christopher Doman

Chris Doman works on the threat intelligence platform OTX. He's the founder of the research site ThreatCrowd, and previously worked in incident response and forensics.


Wednesday June 7, 2017 12:10 - 13:00
Track 2

12:25

Droid Reversal for 'Civilians'
Speakers

Wednesday June 7, 2017 12:25 - 12:40
Rookie Track

12:30

Breakout - Ask the expert panel, open questions here
Speakers
JS

James Spear

InfoSec Sales Team Manager, Computer Futures


Wednesday June 7, 2017 12:30 - 13:00
Lightning Track

12:30

Session 2 Making Infosec YouTube Videos with Javvad Malik @J4vv4D and Leigh-Anne Galloway
If you've considered making YouTube videos to compliment your blogging, or just want to learn from all the mistakes I've made, then come along.

We'll touch on a bit of theory as to why video and what makes a good video.

Then move onto how to plan a video including considerations such as:
- Equipment
- Location
- Media management
- Workflow

How to brainstorm and script a video.
We'll examine different styles of video and how to shoot them. Practically experimenting with and finding a style that works best for you in the context of infosec.

Then we'll move onto post-production covering topics of
- Editing
- sound and colour
- Fixing mistakes in post
- changing the story

Ending with best tips on sharing and promoting your video, as well as handling and incorporating feedback.

L1 Any Geek

Requirements: Bring a camera capable of recording video. Any camera will suffice, but ideally not your phone, but a standalone camera. A simple point and shoot, all the way up to a DSLR.

Also bring a laptop onto which you can transfer recorded video. (please ensure there is some free space on the hard drive to import videos)

Finally, make sure you have a video editor installed on your laptop that can import video you record and work with. It doesn't need to be professional software, a free version such as iMovie or windows movie maker will suffice.

Optional:
Photo editing software like photoshop
A microphone - either a lapel or directional mic.
A camera light.

Speakers
LG

Leigh-Anne Galloway

Leigh-Anne Galloway is the Cyber-Security Resilience Lead for Positive Technologies, where she advises businesses and infrastructure providers on how best to use technology to their advantage to protect against modern day threats. Leigh-Anne has a wealth of experience in threat i... Read More →
avatar for javvad

javvad

Security Advocate, AlienVault
"Javvad Malik is a security advocate at Alien Vault, a blogger and a co-founder of Security B-Sides London. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including... Read More →


Wednesday June 7, 2017 12:30 - 15:00
Workshop1

12:30

Session 2 From zero to hero with Scott Helme @Scott_Helme
In this workshop each delegate will be assigned their own virtual server with a website that only works over HTTP. Your mission, should you choose to accept it, is to fully deploy HTTPS on this website and score an A+ on the SSL Labs test, the industry gold standard for web encryption. You will learn how to configure your server, obtain certificates from Let's Encrypt and deploy modern security features like CSP and HSTS. 

L3 Techies, Pentesters, hackers, Any Geek

Requirements: You will need a laptop with an SSH client. For Mac users you can use Terminal and Windows users will need to download Putty (free).

You will only need very basic knowledge of using the command line. Changing directories and editing a text file are all that will be required.

Speakers
avatar for Scott Helme

Scott Helme

Scott Helme is a security researcher, consultant and international speaker. He can often be found talking about web security and performance online and helping organisations better deploy both. Founder of report-uri.io, a free security reporting service, and securityheaders.io, a... Read More →


Wednesday June 7, 2017 12:30 - 15:00
Workshop3

12:45

IPv6 for Pentesters
Speakers

Wednesday June 7, 2017 12:45 - 13:00
Rookie Track

13:00

LUNCH
Wednesday June 7, 2017 13:00 - 14:30
Track 1

13:00

LUNCH
Wednesday June 7, 2017 13:00 - 14:30
Lightning Track

13:00

LUNCH
Wednesday June 7, 2017 13:00 - 14:30
Track 2

13:00

LUNCH
Wednesday June 7, 2017 13:00 - 14:40
Rookie Track

14:00

Session 3 Malware Funalysis: Networking (mostly) with PATH
Diving right into the traffic of some pretty hairy current malware, mostly focussing on recent ransomware used in popular exploit kit or email phishing campaigns. Pointing out small novelties that reaffirm the mantra to not make assumptions and review everything available. Pcaps and a small, completely free python tool or two authored by the presenter will be provided on the day. Some talk of automation but highlighting the crucial aspect of eyeballing traffic to spot the cool bits.

L3 Techies, Pentesters, hackers

Requirements: A laptop, Wireshark, python2.7 installed for the free tools but not required on the day necessarily.

Speakers
P

Path

Senior threat exploit researcher at a global security company; most days spent buried in new attacks, buried in malware or developing badly written automation to be lazier


Wednesday June 7, 2017 14:00 - 15:00
Workshop2

14:30

[NOT FILMED] Alexa's top 1M domains - the state of web insecurity 2017
1M top Alexa site, how secure are they? Join me as we explore my research into the state of web app insecurity, common issues that were found, disclosure experience and the methods used to test 1M sites plus the odd meme or two. I will also release some of the scripts built for the research, including an XSS spider to automatically crawl sites, find XSS entry points and detect vulnerabilities with no user interaction.

Speakers
P

Porthunter

Pentester, researcher, bugbounty hunter, CTF player with team Xil.se and founder of Smash The Stack security events.


Wednesday June 7, 2017 14:30 - 15:20
Track 1

14:30

Holy smokes, how to vape yourself to root
We all know that smoking is bad for your health, but what about your network?

I'll show you that an eCig isn't just a glorified smoke machine but an ARM powered covert exploit platform. You'll find out how to decrypt the firmware, write your own functionality and use this to pwn some systems. Pwning not your thing? How about turning an eCig into a covert storage device?

On the way we'll do a bit of reverse engineering, write a bit of embedded code, copy a lot more and show how you can do most of this on a shoe string budget.

Speakers
RB

Ross Bevington

Ross is a security researcher & C++ software developer who specialises in low level computer security and bespoke system development. | | He is an experienced reverse engineer and competes in the 0xbadf00d CTF team. He works as a consultant for a multinational defence contractor... Read More →


Wednesday June 7, 2017 14:30 - 15:20
Track 2

14:30

Lightning Track PUB!
Got a last minute presentation you want to test out? Got something to say? The lightning track is the place for you. There will be a sign up sheet...

This year the lightning track will have a pub format and a bar will be available!

Wednesday June 7, 2017 14:30 - 17:30
Lightning Track

14:45

15:05

The state of crypto APIs
Speakers
NS

Nick Smith

Technology Strategist, Thales E-Security
I'm a technology strategist in working for Thales E-Security looking at the future of the cyber landscape. I like all things software but dislike many security APIs due to their complexity and their inbuilt non-security features.


Wednesday June 7, 2017 15:05 - 15:20
Rookie Track

15:15

Session 3 Leveraging Global Datasets to Improve Your Cyber Investigations with Jeff Lenton @RiskIQ
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

While their cyber tactics may be continuously changing, bad actors can’t avoid interacting with core components of the internet. These interactions leave a trail that when connected through rigorous threat infrastructure analysis, can reveal the full scale of an attack and provide the information needed to determine the best response. The key to this analysis is access to a variety of global datasets and the ability to correlate and pivot between them in your investigation.

In this workshop, Jeff will look at a range of global datasets and how each can be used to shed additional light on your adversary’s infrastructure. In addition to the more traditional datasets; Passive DNS, Whois and Malware data, he will highlight several datasets unique to RiskIQ; Host Pairs, SSL Cert History and Trackers and show how they can be used to make connections when traditional datasets come up short.  Workshop attendees with use the community version of RiskIQ’s PassiveTotal to gain access to and pivot across these global datasets to investigate several real indicators. 
 L3 Techies, Pentesters, hackers, Any Geek
Requirements: Laptop required. All attendees will register in advanced for a PassiveTotal community edition account with a special promo code boosting their query limit. 

Speakers
JL

Jeff Lenton

Jeff Lenton, Senior SE and Researcher, RiskIQ. Jeff is a highly experienced technical consultant with over 15 years experience in a variety of senior pre and post sales positions in the IT Security sector, architecting and supporting a wide range of threat intelligence, threat pr... Read More →


Wednesday June 7, 2017 15:15 - 16:15
Workshop1

15:15

Session 4 Breaking Apps with Frida with Jahmel Harris @JayHarris_Sec
Frida is a magical piece of software that can inject JavaScript into running applications. This has made my life significantly easier when it comes to reverse engineering and modifying applications - especially on mobile devices where many security controls are embedded in the client. This workshop will go though the basics of Frida and though exercises and walkthroughs show how Frida can be used to rapidly reverse engineer applications to understand logic flow, dump secrets and bypass security controls.

L3 Techies, Pentesters, hackers, Any Geek

Requirements: Laptop running Windows & Linux (VMs are fine) with Frida installed. Rooted Android device for those interested in Android hacking. There will be time in the workshop to install/configure Frida.

Speakers
avatar for Jahmel Harris

Jahmel Harris

Jahmel is a security consultant with a background in software development and has spoken and given workshops on various topics including Android Wear, Software Defined Radio, binary exploitation and secure web development. Jahmel started Digital Interruption with the aim of bridg... Read More →



Wednesday June 7, 2017 15:15 - 17:30
Workshop2

15:15

Session 3 Introduction to Logical Windows Privilege Escalation with James Foreshaw @tiraniddo
More and more code running on Windows is done inside sandboxes or as non-administrators. This makes privilege escalation more important than ever. Memory corruptions are a common way of gaining higher privileges but Windows has been introducing more mitigations making exploitation harder. Logical vulnerabilities on the other hand are typically not affected by mitigations such as ASLR or DEP, but they’re generally more difficult to find. As an added complication they cannot be easily discovered through typical fuzzing approaches. This 2hr workshop will go through an introduction to finding and exploiting these logical privilege escalation vulnerabilities on Windows.

Some of the topics to be presented will be:

* Windows Internals as relevant to privilege escalation
* Types of sandboxes, restricted and low box tokens
* Under the hood
* Attack surface analysis:
* Probing the sandbox and the system
* COM services
* Exposed device drivers
* File and registry vulnerabilities
* How to find them and what to look for
* Exploitation
* Token vulnerabilities
* How to find them and what to look for
* Exploitation
* UAC and unusual unfixed vulnerabilities
* Working examples of based on previous vulnerabilities

L3 Any Geek

Requirements: Windows 10 32bit VM.

Speakers
avatar for James Foreshaw

James Foreshaw

James is a security researcher in Google’s Project Zero. He has been involved with computer hardware and software security for over 10 years looking at a range of different platforms and applications. With a great interest in logical vulnerabilities he’s been listed as the #1 res... Read More →



Wednesday June 7, 2017 15:15 - 17:30
Workshop3

15:25

Brazilian Bandits: Cybercrime in Brazil
Speakers
AJ

Annabel Jamieson

Leigh-Anne Galloway is the Cyber-Security Resilience Lead for Positive Technologies, where she advises businesses and infrastructure providers on how best to use technology to their advantage to protect against modern day threats. Leigh-Anne has a wealth of experience in threat i... Read More →


Wednesday June 7, 2017 15:25 - 15:40
Rookie Track

15:25

Enemies of the West
On November 24, 2014, "Guardians of Peace" (GOP) released confidential data from the film studio Sony Pictures.

North Korea were blamed, my talk will very briefly look at what happened, (the openings section, what happened will be very brief because it's quite common knowledge that they got hacked) the talk will then quickly move on into technically how it was achieved, this is not so commonly known, especially showing demos of how each stage could have been achieved.

The demo and how it was achieved is what I personally found interesting during researching this. What concludes is how closely the attack mirrored a typical external social engineering / internal penetration test.

The talk will not in any way disrespect any parties but it will remove the hype, revealing what in reality was a crude and simple attack that could have easily been performed by a single person and not what people would expect from a nation state attack.

The talk will be backed up with stats, and examples from personal experiences from external/internal social engineering, infrastructure and application testing.

It will include demos, showing how an attack achieved by the GOP would be simple to replicate due to commonly overlooked security hardening measures.

During the talk there will also be a section on what can go wrong, before and after gaining access to an internal network, and then how to get round this, and how to protect.

Then if time permitting the talk will then conclude by revealing an alarming way to achieve such an attack that has not been considered or discussed before.

Areas that will be covered are:

Offensive and Defensive Technologies and Techniques.
Owning the Enterprise, Infrastructure, external and internals.
Cybercrime.

1. What was achieved by GOP.
2. Remote social engineering.
3. Lateral movement processes.
4. How to get round defenses.
5. Why such attacks work.
6. Misconfigurations.
7. Anything that comes up during questions.

Speakers
NL

Neil Lines

I regularly talks at Uni’s and other opportunities. A lover of sharing, teaching, talking, confident, but not arrogant. | | I'm a Crest Registered Penetration Tester. Working for Nettitude as a Security Consultant performing penetration testing. I have been working in securit... Read More →


Wednesday June 7, 2017 15:25 - 16:10
Track 1

15:25

Hunt Or Be Hunted
Over the last few years threat hunting has risen from being a grassroots hands-on defensive technique to all-out hype as security vendors have jumped on the bandwagon. In this talk I wanted to strip away the marketing and talk about real-life threat hunting at scale and how it differs from traditional security monitoring. I'll cover the key datasets, different analytical approaches, cutting-edge TTPs and the people/skills needed to make it happen. I'll also share some real-world compromises that would have been missed by traditional detection but were found through hands-on threat hunting.

Speakers
A

Alex Davies

Alex Davies is a Senior Threat Hunter with the Countercept team at MWR. An attacker turned defender, Alex spends his days picking apart the entire kill chain and figuring out how to detect each and every step taken. He also has a passion for all things webapp and is a long term b... Read More →


Wednesday June 7, 2017 15:25 - 16:10
Track 2

15:45

Malware Analysis 101
Speakers
avatar for Andrew Costis

Andrew Costis

Threat Research and Incident Response Engineer, LogRhythm
Andrew Costis (better known as "AC") is a Threat Research and Incident Response Engineer in the Labs team at LogRhythm. AC assists LogRhythm's many customers in responding to threats, providing custom threat detection, as well as malware triage and incident response.



Wednesday June 7, 2017 15:45 - 16:00
Rookie Track

16:05

Ignorance is bliss - does privacy matter?
Speakers
AH

Andi Hudson

Scott Helme is a security researcher, consultant and international speaker. He can often be found talking about web security and performance online and helping organisations better deploy both. Founder of report-uri.io, a free security reporting service, and securityheaders.io, a... Read More →


Wednesday June 7, 2017 16:05 - 16:20
Rookie Track

16:10

BREAK
Wednesday June 7, 2017 16:10 - 16:45
Track 1

16:10

BREAK
Wednesday June 7, 2017 16:10 - 16:45
Track 2

16:25

Whodunnit: The art of attribution
Speakers
AT

Abel Toro

Sevan Janiyan is a consulting sysadmin from South East England who has an interest in different operating systems & computers. He is a member of the NetBSD foundation and the FreeBSD project working primarily on the cross-platform packaging system pkgsrc where he maintains builds... Read More →


Wednesday June 7, 2017 16:25 - 16:40
Rookie Track

16:45

16:45

A look at TR-06FAIL and other CPE Configuration Disasters
In late 2016 a TR-064 (LAN-side CPE management) misconfiguration in a wide range of CPE devices was disclosed that allowed for remote device takeover. Within days, botnets began exploiting a related command injection issue, leading to widespread internet outages for customers of certain ISP's in the UK and abroad.
This talk will explore the impacts of these issues, along with taking a look at some other, related vulnerabilities related to TR-069 (WAN-side CPE management) protocol implementations that could allow for remote takeover of routers en-masse.

Speakers
DM

Darren Martyn

Security researcher at Xiphos Research, who comes from a forensics/chemistry background, with interests in embedded device security and malware analysis.


Wednesday June 7, 2017 16:45 - 17:30
Track 1

16:45

Truly Anonymous Credentials Using Modern Cryptography
When using anonymous networks like Tor or I2P, one problem is always how to prevent spam/DoS attacks when you cannot distinguish one entity from another, and hence cannot limit them without either compromising their anonymity by requiring registration of some kind, or requiring captcha-like challenges which are time consuming to implement and usually only a temporary solution at best.

Here I introduce a new kind of authentication system based on homomorphic properties of elliptic curve cryptography and zero knowledge proofs called "Linkable Ring Signatures". It allows one to add their public key to a larger group of existing public keys, called a "ring", and sign using the entire "ring" of keys + private key in such a way that no one can tell which private key has signed the message, but can mathematically verify that it was one private key corresponding to one of the public keys in the ring. On top of that, it allows a verifier that only has access to the public keys in the ring to make sure that for any one [message, ring] pair, a private key has only signed it once - duplicate signatures for the same message are detectable.

This allows for limiting interactions from any party holding one of these access keys (to say, one message per minute per key), without the party losing any anonymity as their signature is indistinguishable from any other party in the ring.

Furthermore, because ring signatures use a cryptographic component called "zero knowledge proofs", signing reveals zero information about the private key - hence no matter how many signatures are generated, it is impossible to use them to try to forge messages or fingerprint/bruteforce the signer key. The proof of this will be shown in the talk.

In this talk I will walk through the cryptographic primitives that make this possible, and show a demo service on Tor/I2P that implements this scheme to make an anti-spam anonymous forum.

Speakers
MF

Matthew Di Ferrante

I'm a software engineer and cryptography researcher that works on distributed systems. I've long had an interest in security, since I was in my teens, and have tried to combine it with my passion for mathematics and software engineering. Along that vein, I'm a huge supporter of p... Read More →


Wednesday June 7, 2017 16:45 - 17:30
Track 2

17:05

The use of SMT solvers in IT security
Speakers
avatar for Thaís

Thaís

Thaís aka barbie recently wrote one a thesis about malware detection and analysis using constraint programming. “my crime is that of curiosity” fits. Programming went from “just a tool” to art for problem solving, taking her to the amazing world of malware. Outside of th... Read More →


Wednesday June 7, 2017 17:05 - 17:20
Rookie Track

17:25

Running Circles On Social Media - Intelligent OSINT
Speakers
J

Jack

Chris Kubecka, Security Researcher and CEO of HypaSec. Establishing several security groups for Saudi Aramco’s affiliates after the Shamoon attacks and held positions as Group Leader for Aramco Overseas, Netherlands. Implementing and leading the Security Operations Centre, Netw... Read More →


Wednesday June 7, 2017 17:25 - 17:40
Rookie Track

17:30

Closing Ceremony
Wrap-up of the day, prize giving and raffle draw.

Volunteers
avatar for Thomas Fischer

Thomas Fischer

Global Security Advocate & Principal Threat Researcher, Digital Guardian
With over 25+ years experience, Thomas has a unique view on security in the enterprise with experience in multi domains from policy and risk management,  secure development and incident response and forensics. Thomas has held roles varying from security architect in large fortu... Read More →

Wednesday June 7, 2017 17:30 - 18:00
Track 1

17:30

Closing Ceremony
Wrap-up of the day, prize giving and raffle draw.

Volunteers
avatar for Thomas Fischer

Thomas Fischer

Global Security Advocate & Principal Threat Researcher, Digital Guardian
With over 25+ years experience, Thomas has a unique view on security in the enterprise with experience in multi domains from policy and risk management,  secure development and incident response and forensics. Thomas has held roles varying from security architect in large fortu... Read More →

Wednesday June 7, 2017 17:30 - 18:00
Track 2