Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Security B-Sides London 2015

3rd of June 2015
ILEC Conference Centre 47 Lillie Road, London, SW6 1UD
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Wednesday, June 3
 

9:00am

Introduction
Core Volunteers
LM

Lawrence Munro

SpiderLabs
IT Security.
avatar for Paul Batson

Paul Batson

Security Operations, @lazysecurity
Have played red team in my spare time since watching Hackers & Phreakers in '94.   After 10+ years in networking now working as a senior tech lead in a blue team and spend a lot of time talking netflow, packets and protocols. That and trying to find new ways of detecting bad stuff ;) | | Public Key: https://keybase.io/lazysecurity/key.asc
avatar for Thomas Fischeer

Thomas Fischeer

Global Security Advocate & Principal Threat Researcher, Digital Guardian
With over 25+ years experience, Thomas has a unique view on security in the enterprise with experience in multi domains from policy and risk management,  secure development and incident response and forensics. Thomas has held roles varying from security architect in large fortune 500 company to consultant for both industry vendors and consulting organisations. Thomas currently plays a lead role in advising customers while investigating... Read More →


Wednesday June 3, 2015 9:00am - 9:10am
a. Track 1

9:00am

Introduction
Core Volunteers
LM

Lawrence Munro

SpiderLabs
IT Security.
avatar for Paul Batson

Paul Batson

Security Operations, @lazysecurity
Have played red team in my spare time since watching Hackers & Phreakers in '94.   After 10+ years in networking now working as a senior tech lead in a blue team and spend a lot of time talking netflow, packets and protocols. That and trying to find new ways of detecting bad stuff ;) | | Public Key: https://keybase.io/lazysecurity/key.asc
avatar for Thomas Fischeer

Thomas Fischeer

Global Security Advocate & Principal Threat Researcher, Digital Guardian
With over 25+ years experience, Thomas has a unique view on security in the enterprise with experience in multi domains from policy and risk management,  secure development and incident response and forensics. Thomas has held roles varying from security architect in large fortune 500 company to consultant for both industry vendors and consulting organisations. Thomas currently plays a lead role in advising customers while investigating... Read More →


Wednesday June 3, 2015 9:00am - 9:10am
b. Track 2

9:10am

How Google turned me into my mother: the proxy paradox in security
Security has been trying to catch up with technology all this time, but the gap may well be increasing, particularly with the growth of consumer devices and the Internet of Things. The reason has to do with delegation and proxy activities online. Current IAM models are no match for the real world of legal, fiduciary and minor representation. In this keynote, we’ll talk about what needs to change so that both security and privacy are truly available to all members of society.

Speakers
avatar for Wendy Nather

Wendy Nather

Research Director, Enterprise Security Practice, 451 Research
Wendy Nather is Research Director, Security, within 451 Research's Enterprise Security Program, providing analysis on the current state of security from the perspective of a veteran CISO. Wendy's primary areas of coverage are on application security and security services. Wendy joined 451 Research after five years building and managing all aspects of the IT security program at the Texas Education Agency, which serves 4.6 million Texas students... Read More →


Wednesday June 3, 2015 9:10am - 10:00am
b. Track 2

9:10am

How Google turned me into my mother: the proxy paradox in security
Security has been trying to catch up with technology all this time, but the gap may well be increasing, particularly with the growth of consumer devices and the Internet of Things. The reason has to do with delegation and proxy activities online. Current IAM models are no match for the real world of legal, fiduciary and minor representation. In this keynote, we’ll talk about what needs to change so that both security and privacy are truly available to all members of society.

Speakers
avatar for Wendy Nather

Wendy Nather

Research Director, Enterprise Security Practice, 451 Research
Wendy Nather is Research Director, Security, within 451 Research's Enterprise Security Program, providing analysis on the current state of security from the perspective of a veteran CISO. Wendy's primary areas of coverage are on application security and security services. Wendy joined 451 Research after five years building and managing all aspects of the IT security program at the Texas Education Agency, which serves 4.6 million Texas students... Read More →


Wednesday June 3, 2015 9:10am - 10:00am
a. Track 1

10:00am

DarkComet From Defense To Offense - Identify your Attacker
DarkComet is A Remote Access Trojan that has been around for a while. It has been used by script kiddies and nation states alike. It is no longer in active development and It is well documented and understood. So why would you be interested in me talking to you about this bit of malware?

Because it has an vulnerability and a public exploit that can tell you a lot about the attackers campaign. How many machines has he infected, where are the infected hosts, what information has he stolen from these machines?

Taking the exploit one step further and adding a little imagination and forensics knowledge we can start to identify the attacker himself. Identifying the IP and domain is easy and will give you some info. But what if you could get his daily email address, Facebook details, favourite coffee shop, local library, copy of his CV and if you are really lucky a txt file containing all the credentials for his remote exploit sites and FTP dumps.

This presentation is not going to look at the deep technical aspects of the exploit instead it will start with the defensive posture against dark comet and extract some key information from an attack against you. Finishing with a case study showing what information can be extracted from the attacker.

Speakers
avatar for Kevin Breen

Kevin Breen

MalwareAnalyst, Independant researcher
Kevin is a Malware and Forensic Analyst working for a large UK CERT. He is interested in all things cyber security and occasionally blogs about such things. | Outside of work he is a geek and is keen to contribute to the open source community where he is able. He is also very lucky he has a wife that lets him run his lab at home. | Read https://techanarchy.net, tweet @kevthehermit and fork https://github.com/kevthehermit


Wednesday June 3, 2015 10:00am - 10:45am
a. Track 1

10:00am

How I Rob Banks
An updated version of the very popular talk that has never been recorded!

Let me take you on a roller coaster ride that highlights all the security issues that I come across day to day as I run around and break into banks and other "interesting" secure sites.

We shall cover everything from pigeons in bank accounts through to stealing vast ammounts of classified materials, how I bypass locks and circumvent security, jumping fences and pretending im James Bond.

This talk is meant to combine light-hearted comments and demonstrations and photos, warning will contain swearing and will NOT be recorded

Speakers
FC

Freaky Clown

Seasoned Pentester and Hacker (Ed: he's apparently a man of few words..oh and he's modelled for Linux Format!)


Wednesday June 3, 2015 10:00am - 10:45am
b. Track 2

10:00am

T2W1-(Practical) Android Malware Analysis
Limited Capacity full

This hands-on workshop will give you the basics to reverse Android malwares that you might spot in the wild.

We'll start by a quick introduction about the DEX format, Dalvik and Smali assembly.
Afterwards, we will focus on Static (dex2jar, baksmali, androguard, jd-gui/jadx, ..) and Dynamic (DroidBox, Cydia Substrate) analysis.

The next step will be to know where to retrieve fresh samples to work on, but also getting involved in such community .

To conclude, we prepared a small Capture-The-Flag with specially crafted APKs to play with and gain access to the C2C panel. Get ready!

Speakers
PA

Paul Amar

SensePost
Paul is a Security Analyst @SensePost, interested in Web (in)security, malware Analysism software development and hipster stuff.


Wednesday June 3, 2015 10:00am - 12:00pm
Workshop Track - Greenwich Park

10:00am

T3W1-Return-Oriented Programming Primer
Limited Capacity filling up

I've been involved in the VulnHub CTF team for quite a while and got acquainted with return-oriented programming (ROP) via CTF challenges. For the CTF team, I delivered a ROP primer, which was well received. Furthermore, I participated in a workshop at BSides London last year and I really enjoyed it. I would love to combine these two experiences in a ROP workshop! In this workshop, I would like to discuss return-oriented programming on 32-bit Linux and how to code exploits using this technique. After a short presentation and an example, the workshop will focus on writing a ROP exploit from scratch. I would like to do this as interactively as possible, so I've prepared a virtual machine with three binaries to be exploited using ROP. Participants are therefore urged to bring a laptop :)

Speakers
avatar for Bas van den Berg

Bas van den Berg

Bas is a PhD student in chemistry, yet has been interested in everything connected to computers from an early age. Bas started getting into InfoSec around 2011 with Over the Wire, then VulnHub came along and ever since he’s been completely hooked!


Wednesday June 3, 2015 10:00am - 12:00pm
Workshop Track - Hyde Park

10:00am

T1W1-Breaking In to Pentesting: Student Edition
Limited Capacity seats available

Are you a student looking to take the leap to becoming a penetration tester? Perhaps you're a fourth year who's looking at what to do next, or maybe you're a third year who's thinking about what to do for their final project. Well I've got good news, you're probably going to get a job. The cyber security gravy train has rolled into town and everyone's getting a ticket.

But will you get a good job? One that's right for you?

Should you go to the same place your friends who graduated last year went to? Is what's right for them right for you?

Who should you speak to? How should you approach them about work?

This workshop is aimed at penultimate and final year students, specifically at helping them take that first step into the pentesting industry. If you want to get into pentesting when you finish Uni, this workshop is for you. If you want to get into a technical non-pentesting role, then the things taught in this workshop will still apply to you.

What's taught in this workshop? This:
* How to make yourself visible to employers, the right way
* How to research potential employers and find a good match
* How to differentiate peer pressure from an informed judgement about what's right for you

Bonus round for 3rd years:
* How to find out what you really want to do
* How to use your university experience to build a career before you graduate

Bonus round for graduates:
* How to manage your finances for your first proper job

I can't promise to get you a job, let alone the job you actually want but we can work through the above and if at least one of us is paying attention then you'll probably come out of this with an idea of how to get better prepared for your career ahead. Very few people plan for their career, but by doing it from the start you'll be in control of your career, rather than the other way around.



Speakers
SL

Steve Lord

Raw Hex
Steve's seen a lot of people come and go through his little niche in the industry, and has sat on almost all sides of the recruiting table at some point. Consequently, his experiences at that table led him to develop a 30 day online email course (available free at https://rawhex.com/hack-your-career/) on applying hacking principles to your career. | | Steve is a career penetration tester with over 15 years of experience. He also founded... Read More →


Wednesday June 3, 2015 10:00am - 12:00pm
Workshop Track - Regents Park

10:00am

talks will be populated on the day and listed here

The “Lightning Track” (“Unconference Track”) will once again make its appearance. So if you want to share your ideas or just come and listen to some alternative presentations then this is the place to be.  Sometimes these can just be ideas or part-completed research where speakers are looking for feedback, so expect fresh content and rough edges.

For those that haven’t experienced it, a Lightning Talk is a short talk not longer than about 20 minutes about any security related or industry relevant topic. This could be projects, personal interests, hacks, ideas or opinion pieces. There are no limitations on the subject matter or content. If anyone wishes to do an “underground talk” as part of this track then Chatham House Rules will be in place and no filming or recording will be allowed.

Keep an eye out for our volunteers who will rope you into doing a Lightning Talk and even wrangle a crowd for you!

Wednesday June 3, 2015 10:00am - 5:30pm
Lightning Track

10:15am

Blue Teamers: The Cinderella of Cyber?
Looking at the role of the SOC/Blue team in the current cybersecurity environment, particularly in light of how it is a less "sexy" role when compared to pentesting. The talk aims to look at the skills gained when working in cyber defence, how they feed into pretty much every other cyber discipline's career path, including how they can make you a better pentester!

Moderators
Speakers

Wednesday June 3, 2015 10:15am - 10:30am
Rookie Track

10:30am

Digital Forensics Investigations in the Cloud Environment
This presentation will give an overview of the digital forensic issues and challenges existing in the cloud enviornment. It will specifically focus on what services major cloud providers are providing to overcome some of the challenges identified by NIST. 

Moderators
avatar for Wendy Nather

Wendy Nather

Research Director, Enterprise Security Practice, 451 Research
Wendy Nather is Research Director, Security, within 451 Research's Enterprise Security Program, providing analysis on the current state of security from the perspective of a veteran CISO. Wendy's primary areas of coverage are on application security and security services. Wendy joined 451 Research after five years building and managing all aspects of the IT security program at the Texas Education Agency, which serves 4.6 million Texas students... Read More →

Speakers

Wednesday June 3, 2015 10:30am - 10:45am
Rookie Track

10:45am

Break
Wednesday June 3, 2015 10:45am - 11:00am
a. Track 1

10:45am

Break
Wednesday June 3, 2015 10:45am - 11:00am
b. Track 2

11:00am

Monstrous Appetites: Where Our Security Eyes are Bigger than Our Stomachs
Stress, comfort, misunderstanding, motivation, money - Reasons why you over consume and miss the target. An alternative look at how security 'want's' outstrip security 'needs' and how that mismatch can be addressed.

Moderators
Speakers

Wednesday June 3, 2015 11:00am - 11:15am
Rookie Track

11:00am

Why bother assessing popular software?
Many popular software packages have gone through many iterations of white and black box testing raising the bar for attackers. Overtime the security controls become more effective, however these software packages have large evolving attack surfaces.

In this talk we discuss a case study which includes how we approached assessing Adobe Reader, how we made progress and why it is worth investing the time and effort on targets such as this. We discuss fuzzing, the sandbox and delve into the Javascript API. A refreshing look into how we can make a difference by looking at complex targets.

Speakers
JL

James Loureiro

James Loureiro is a security consultant at MWR InfoSecurity. James conducts research into a number of different technologies for clients and independently and has experience in vulnerability research, reverse engineering and embedded systems. James also conducts computer security research and assesses Industrial Control Systems (ICS). | | James has worked in computer security since 2011
DM

David Middlehurst

David Middlehurst is a Principal Security Consultant at MWR InfoSecurity where he conducts security assurance projects for clients spanning a range of sectors. He has worked in computer security since 2009 and has experience across a variety of technologies. His specialisms include application security, development of security testing tools and carrying out simulated attacks. | | He also enjoys carrying out computer security research. Last... Read More →


Wednesday June 3, 2015 11:00am - 11:45am
a. Track 1

11:00am

Virtual Terminals, POS Security and becoming a billionaire overnight!
Very few people use cash nowadays, as most use a debit or a credit card for their everyday needs. These transactions are performed through a Point-of-Sale (POS) device or through a Virtual Terminal. All the certified POS devices and Virtual Terminal applications, make use of strong encryption and secure communication channels in order to connect to the authorisation servers, and complete the transactions. Equally, in 2014 we saw the evolution of POS-affecting malware, where some large/global organizations like Target, Home Depot, and UPS were targeted by the BlackPOS, FrameworkPOS, and Backoff respectively, ending up in millions of card details being stolen, and millions of customers being affected from identity theft and financial fraud.
Following on the above, during this presentation, a number of features (provided in POS devices as standard functionality) and the ability to misuse them during a transaction will be demonstrated. But the main focus will be on a Threat Modelling engagement, undertaken against Virtual Terminals. More specifically, I will demonstrate the major difference between last year's POS malware targeting Card Holder Data (CHD) and a different approach, which targets the actual money directly. In other words, I will show you how I could have ended up with billions in my account, without having to steal a single card number. Dr. Grigorios Fragkos, follow: @drgfragkos

Speakers
avatar for Grigorios Fragkos

Grigorios Fragkos

Dr. Grigorios Fragkos is Senior Information Security Consultant at Sysnet Global Solutions. Additionally Grigorios leads the SysnetLabs team which is the advanced security services and research team in Sysnet, specialising in penetration testing and security research. He has a number of publications in the area of Computer Security and Computer Forensics with active research in CyberSecurity and CyberDefence. His R&D background in Information... Read More →


Wednesday June 3, 2015 11:00am - 11:45am
b. Track 2

11:15am

Reversing for Fun: How to Pick a Victim
More and more devices once considered boring now bear marketing boasts that are music to the ears of mischief-makers: "WiFi to connect to your home!", "Powerful system on a chip!", "USB ports for easy maintenance". You'd think picking one device from the smörgåsbord of targets would be easy, but it can be more challenging than it sounds. Especially for those new to reversing looking to get some practice. 

This talk explores the options when there's no concrete goal and no paycheck at the end of it. What things to look for in a victim? How to plan the early stages of a reversing attempt? And most importantly, how to balance the risk of wasting days on an impenetratable device versus discovering something really cool? 

Moderators
Speakers

Wednesday June 3, 2015 11:15am - 11:30am
Rookie Track

11:45am

Emulating the Unknown
You have a binary dump from the ROM of a device you need to understand. There is a flag/some flags hidden in the device. The microcontroller is new, but you have (some bits of) a datasheet. You can't debug, you no longer have the hardware. You can't just break the encryption, that's not the point of the exercise. Emulate the controller in Python. 

Moderators
AK

Alan King

Security Concepts
Married with Children!!

Speakers

Wednesday June 3, 2015 11:45am - 12:00pm
Rookie Track

11:45am

Proprietary network protocols - risky business on the wire.
When speed and latency counts, there is no place for standard HTTP/SSL stack and a wise head comes up with a proprietary network protocol. How to deal with embedded software or thick clients using protocols with no documentation at all? Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. However, when you dive inside this traffic and reverse-engineer the communication inside, you are there. Welcome to the world full of own cryptography, revertible hash algorithms and no access control at all.
We would like to present our approach and a short guideline how to reverse engineer proprietary protocols. To demonstrate, we will show you few case-studies, which in our opinion are a quintessence of ""security by obscurity"" - the most interesting examples from real-life financial industry software, which is a particularly risky business regarding security.

Speakers
JK

Jakub Kaluzny

Jakub is a Senior IT Security Consultant at SecuRing and performs penetration tests of high-risk applications, systems and devices. He was a speaker at many internetional conferences: OWASP AppSec EU, PHdays, CONFidence, HackInTheBox AMS, BlackHat Asia as well at local security events. Previously working for European Space Agency and internet payments intermediary. Apart from testing applications, he digs into proprietary network protocols... Read More →


Wednesday June 3, 2015 11:45am - 12:30pm
a. Track 1

11:45am

OpSec vs Attribution - the Hollywood view
Many of the nation state approaches to cyber security require accurate attribution, however this has proved elusive as the majority of indicators are under the control of the attacker and their OpSec. As a regular contributor to BSides, Stephen will once again bring his irreverent (irrelevant?) style to review the lessons that Hollywood provides in TV and Movies both of OpSec and Attribution and will discuss how these portrayals are affecting attacker, defender and political approaches to these problems. (Popcorn will be provided) 

Speakers
SB

Stephen Bonner

Stephen Bonner is a Partner in the Information Protection team at KPMG where he leads a team focused on Financial Services. Before KPMG he was Group Head of Information Risk Management at Barclays. He was inducted into the InfoSec “Hall of Fame” in 2010 and was number 1 on the SC/ISC2 ‘Most Influential 2010’ list. He ran the London Marathon in 2011, raising over £15k for Whitehat/Childline and led a Kilimanjaro climb for Shelter in... Read More →


Wednesday June 3, 2015 11:45am - 12:30pm
b. Track 2

12:00pm

A Look at the Real Social Engineers
This short talk will look directly into real life social engineers, giving an insight into the motives and ambitions these people hold. 

Richard has real life experience and knowledge from previous life experience and will help, with the help his company (TheAntiSocialEngineer.com) combat the risks that are facing your organisation.  

Moderators
JB

Jessica Barker

Dr Jessica Barker is an independent cyber security consultant, focusing on how individuals, institutions and societies interact with technology and the impact of our changing relationship with networked information. Jessica's expertise is in the 'human' side of cyber security, and her particular specialisms cover governance, strategy and policy, compliance and learning and development. Running her own company, which advises organisations how they... Read More →

Speakers

Wednesday June 3, 2015 12:00pm - 12:15pm
Rookie Track

12:15pm

Standardisation in Penetration Testing and Vulnerability Assessment: Market Analysis and Recommendations
Lancaster University and the British Standards Institutions (BSI) have undertaken market research of the penetration testing industry to determine the requirement for furture standardisation. This involved interviews with 54 stakeholders, from penetration testing providers, clients, and industry bodies (including CESG, BSI, BIS, Tigerscheme, IASME and QG). Recommendations for standardisation, best practices, and opportunities for improvement will be discussed. 

Moderators
Speakers

Wednesday June 3, 2015 12:15pm - 12:30pm
Rookie Track

12:30pm

Lunch
Wednesday June 3, 2015 12:30pm - 1:30pm
b. Track 2

12:30pm

Lunch
Wednesday June 3, 2015 12:30pm - 1:30pm
a. Track 1

12:30pm

T2W2-Diving into Nessus reports for business level information
Limited Capacity full

Nessus is part of almost every penetration testers toolkit but how can you abstract the information enough to make the technical detail interesting to the business? Gavin Millard, EMEA Technical Director of Tenable Network Security, will walk through how a 400 page technical document can be broken down to something consumable by the Board and CxO's that are now demanding visibility into the effectiveness of security.

Speakers
GM

Gavin Millard

Technical Director, EMEA, Tenable Network Security
Gavin says: “15 years ago, when I could make decisions on how to do my hair in the morning, I was told by my employer that I could put in a leased line for Internet access as long as it was "secure". After playing with firewalls, IDS, content filtering and anti virus, I realised securing stuff was a hell of a lot more interesting than dealing with support tickets from people who had no business touching a keyboard.” | | He quickly... Read More →


Wednesday June 3, 2015 12:30pm - 1:30pm
Workshop Track - Greenwich Park

12:30pm

T3W2-Dradis Framework 3.0 - We are back!
Limited Capacity seats available

After a three years of hiatus and six months in the making, there is a new version of Dradis packed with new features and power:

* We've got a new look and feel
* We've introduced the concept of Issues and Evidence (instead of having just notes), for cleaner organisation and reporting
* The code is cleaner, more modular and easier to maintain.
* We have extracted each of our tool connectors into their own repositories.
* We've improved the installation process: download one file and run. As good as it sounds.

In this workshop we'll cover the new stuff we've introduced including interface walkthrough, new plugins, extensibility and creating your own plugins. Getting Dradis up and running in your laptop, day-to-day use, etc.

All hands on, bring your laptop and exit the workshop with Dradis installed and configured, and armed with knowledge of how to extend it and make the most out of the new features.


Note to organisers: we've run a 1h workshop in the past, which is typically well attended, but doesn't leave much room for people to get the stuff done in their laptops and cover all the *theory*, so this year I'd like to request a 2h slot to make sure we can get down to the specifics for all attendees.

Speakers
avatar for Daniel Martin

Daniel Martin

Founder, Security Roots Ltd.
Daniel has been in the industry for the last twelve years. He created and open-sourced Dradis in 2007 and has been working on it every day since. | | His focus used to be application security, these days he's busy taking care of Security Roots operations. Daniel is passionate about open source and the Ruby programming language. He has presented at DC4420 and DEFCON and has been a webapp security trainer at BlackHat.


Wednesday June 3, 2015 12:30pm - 3:00pm
Workshop Track - Regents Park

12:30pm

T1W2-Pen Tester Interview Simulation
Limited Capacity filling up

This is to give students (and anyone else that wants to really) a chance to experience (in part) an interview for a junior penetration testing position, 20-30 minute slots per person, having a grilling on technical questions and soft skills with a little bit of a practical element in there if there is time too.

Speakers
avatar for Ben Dewar-Powell

Ben Dewar-Powell

Digital Assurance
Penetration Tester/Security Consultant/Data Loss Preventer/Tea Drinker/Taff CTO @ @da_security


Wednesday June 3, 2015 12:30pm - 3:00pm
Workshop Track - Hyde Park

1:30pm

Powershell for Log Analysis and Data Crunching
You're stuck on a basic Windows estate, you can't pull the data out, there's no SIEM, and you have 20GB of logs you've been tasked to turn into actionable intelligence. Powershell brings not just in-built tools for querying Windows event logs, but also extremely powerful text processing tools. This talk will give you a quick overview of these features and its notable quirks, allowing you to pull off tricks that are often thought to be only for *NIX enviornments.

Moderators
Speakers
avatar for Michelle D'israeli

Michelle D'israeli

Security Operations Analyst, Babcock MSS
Talk to me about all things security operations, powershell, and game design :) | | Find me on Twitter - @mdisraeli


Wednesday June 3, 2015 1:30pm - 1:45pm
Rookie Track

1:30pm

Surprise Workshoppe
Limited Capacity seats available

Workshop on building a directed WiFi sniper tool. We will pass by into detail on issues with frameworks, how we managed to get around them were resolved and what possible future plans we could try to pull off with them.

Wednesday June 3, 2015 1:30pm - 2:00pm
Workshop Track - Greenwich Park

1:30pm

Elliptic Curve Cryptography for those who are afraid of maths
Elliptic Curve Cryptography (ECC) is hot. Far better scalable than traditional encryption, more and more data and networks are being protected using ECC. Not many people know the gory details of ECC though, which given its increasing prevalence is a very bad thing. In this presentation I will turn all members of the audience into ECC experts who will be able to implement the relevant algorithms and also audit existing implementations to find weaknesses or backdoors.

Actually, I won't.

To fully understand ECC to a point where you could use it in practice, you would need to spend years inside university lecture rooms to study number theory, geometry and software engineering. And then you can probably still be fooled by a backdoored implementation.

What I will do, however, is explain the basics of ECC. I'll skip over the gory maths (it will help if you can add up, but that's about the extent of it) and explain how this funny thing referred to as "point addition on curves" can be used to exchange a secret code between two entities over a public connection.

I will also explain how the infamous backdoor in Dual_EC_DRGB (a random number generator that uses the same kind of maths) worked.

At the end of the presentation, you'll still not be able to find such backdoors yourselves and you probably realise you never will. But you will be able to understand articles about ECC a little better. And, hopefully, you will be convinced it is important that we educate more people to become ECC-experts.

Speakers
MG

Martijn Grooten

Martijn Grooten once dreamed of a career in algebraic geometry, a beautiful area of mathematics, yet also one that has little practical relevance. Or so he thought. After rebooting his career to become a security professional (he ran spam filter tests for Virus Bulletin; he still does so, but his business card now says "Editor") he discovered that some of those curves he used to come across do actually have a lot of practical relevance. He has... Read More →


Wednesday June 3, 2015 1:30pm - 2:15pm
a. Track 1

1:30pm

My love-hate affair with Security Operations
I started my career in security operations. It was great - the world was at my fingertips with full admin rights across every single windows NT domain, RACF instance, Tandem, Unix and SQL box… it didn't matter that I never always fully knew what I was doing. The rush of making changes to the firewall in production in order to resolve a P1 incident was unmatched. I was like Eliot Ness, I was untouchable!

That was, until the business became overly reliant on its IT systems and any minor outage caused by me or my colleagues would escalate into a colossal f-up. We were unprepared, unplanned and caught with our pants down.

Many years after my SecOps days and much therapy later I'm coming clean about my love-hate affair with secops. The shady dealings, the password-resets for favours and how I escaped the life of lies. 

This talk may include bad language, and recollections of violence - attendee discretion is advised!

Speakers
JM

Javvad Malik

Javvad Malik - the dude, playing the security dude, disguised as another security dude is a London-based IT security professional with a 15 year career working for some of the largest companies across the financial and energy sectors. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective... Read More →


Wednesday June 3, 2015 1:30pm - 2:15pm
b. Track 2

2:00pm

T2W3-Maltego Magic - Creating transforms & other stuff
Limited Capacity full

In this workshop I will teach people how to write their own Maltego transforms. Using simple to use examples (and pictures, everyone likes pictures) I will lead the participants through the process of creating local and remote transforms using just a pen and paper (ok a laptop is needed as well).

A basic knowledge of Maltego & Python is needed but the workshop will be aimed so that anyone can benefit from the magic that is Maltego even if they haven't coded anything before.

The workshop will also cover Maltego Machines and we will touch on the Canari Framework which is an awesome way to create local (and remote) Maltego transforms.

Speakers
avatar for Adam Maxwell

Adam Maxwell

Cyber Security Manager, BGL Group
Adam is a self confessed pcap, packet, python & Maltego addict. He spends most of his spare time writing Maltego transforms for fun (“yes yes I know I need a life”).


Wednesday June 3, 2015 2:00pm - 4:00pm
Workshop Track - Greenwich Park
  • Workshop requirements Laptop (Mac OSX, Windows or Linux) Python installation (2.7 or above, not version 3 though) The Python Requests library (pip install requests) Maltego (CE edition is ok) A text editor that's Python friendly or an Python IDE (Sublime Text, PyCharm etc) Your imagination (borrow someone else's if necessary) .
  • Tags Audience: Any Geek, Audience: Pentesters, Audience: Techies, Difficulty Level 2, Hackers

2:15pm

Android App Inspection and Code Injection
Quick run through of extracting and decompiling an APK to inspect its working parts and inject code for the purposes of making the app more secure. 

Moderators
avatar for Fabio Cerullo

Fabio Cerullo

Cycubix
"Stay hungry, stay foolish" by Steve Jobs, CEO of Apple Computer and of Pixar Animation Studios

Speakers
avatar for Elliot Stirling

Elliot Stirling

Developer, XReach LTD


Wednesday June 3, 2015 2:15pm - 2:30pm
Rookie Track

2:15pm

Crash all the Flying Things! - exploiting and defending aircraft collision avoidance
The engineering industry has been traditionally slow to adopt security, with the woeful state of ICS/SCADA systems as a prime example. This talk will discuss glaring holes in the Automated Dependant Surveillance - Broadcast system on aircraft, and how these can be used to cause aerial mayhem. Mitigations and defenses will also be discussed. 

Speakers
JG

Joe Greenwood

Royal Navy Sponsored Undergraduate, reading Aerospace engineering at the University of Bristol before serving as a Pilot. Also security consultant and researcher, with a focus on Red Team operations.


Wednesday June 3, 2015 2:15pm - 3:00pm
a. Track 1

2:15pm

E-banking transaction authorization – possible vulnerabilities, security verification and best practices for implementation
During 10+ years of my professional experience as application security expert I had a chance to verify many internet banking solutions. Most of the modern internet or mobile banking applications in Poland use some sort of second factor, such as TAN lists, SMS codes, time-based OTP tokens, challenge-response solutions, smart-cards, mobile tokens, unconnected card readers, etc. to let user verify banking operations and to protect against MitM or malware attacks.
As a result of security tests in pre-production, it turned out that is not very rare, for tested systems to have security flaws regarding implementation of those transaction authorizations mechanisms, especially in the business logic layer, that (if not detected and corrected) could allow attacker to bypass or weaken those safeguards. Vulnerabilities could be caused (as usual) by wrong decisions during planning phase or poor implementation,

During this presentation I would like to throw light on transaction authorization mechanisms security. The agenda will include:
- Discussion and some examples of possible vulnerabilities in a process of authorization of e-banking transactions (including incorrect assumptions and incorrect implementation), that could allow to bypass those security mechanisms.
- Discussion about resistance of selected transaction authorization mechanisms to common banking malware attacks.
- Suggested best practices regarding implementation of transaction authorization.

Speakers
WD

Wojciech Dworakowski

Wojtek is IT security consultant with over 10 years of experience in the field. He is a business partner in SecuRing, a company dealing with application security testing and advisory. He gained his experience leading multiple penetration tests and security assessments of critical systems such as internet banking, mobile banking and electronic payments. Member of Crisis Management Board during national elections in Poland (2006-2008). Over last... Read More →


Wednesday June 3, 2015 2:15pm - 3:00pm
b. Track 2

2:30pm

Hack the Hash
Crypto hash functions look magical but are in fact built of the simplest operations. Their reputation as black boxes which can uniquely fingerprint arbitrary amounts of data can led to their misuse. Add to this the fact that several once secure hash functions have been fundamentally broken and this can leave applications open to attack. In this talk we will look at the internals of some common hash functions and what that means for their use. 


Wednesday June 3, 2015 2:30pm - 2:45pm
Rookie Track

3:00pm

Break
Wednesday June 3, 2015 3:00pm - 3:15pm
b. Track 2

3:00pm

Break
Wednesday June 3, 2015 3:00pm - 3:15pm
a. Track 1

3:15pm

Encouraging Ethical Disclosure & Reporting
Responsible, open and ethical disclosure leads to more secure services and applications for everyone. Failure to support, respect, and encourage security researchers creates distrust and helps to fuel the market for the sale of vulnerabilities to unethical, though not always criminals, interests. 

Moderators
DH

Dave Hartley

Consultant, MWR

Speakers

Wednesday June 3, 2015 3:15pm - 3:30pm
Rookie Track

3:15pm

Introducing wifiphisher, a tool for automated WiFi phishing attacks
WiFi networks are commonly plagued by two serious issues: i) management frames can be easily forged and ii) wireless devices tend to automatically connect to the Access Point with the best signal. The Evil Twin and Karma attacks exploit the above issues, allowing attackers to perform man-in-the-middle and phishing attacks.

This presentation will introduce wifiphisher (https://github.com/sophron/wifiphisher), an open-source tool that automates the process of launching WiFi phishing attacks. Wifiphisher comes with a set of community-built templates for different phishing scenarios.

The presentation will explain in detail how WiFi phishing attacks work. It will also explain the reasons behind the success rate of these attacks, showing how different Operating Systems (and users in different environments) react during these attacks. Finally, countermeasures will be discussed that could limit the exposure to such attacks for individuals and organizations.

Speakers
GC

George Chatzisofroniou

George Chatzisofroniou (@_sophron) is a security engineer at CENSUS S.A. His research interests include cryptography, WiFi hacking, web security and network security. He is the lead developer of wifiphisher, an open-source phishing tool that recently caught the attention of the wireless hacking community.


Wednesday June 3, 2015 3:15pm - 4:00pm
a. Track 1

3:15pm

Some hypotheses on well-being, burnout and stress related illnesses in the Cyber Security industry
This short talk will introduce the hypotheses behind a future study aiming to examine whether technical Cyber Security practitioners self-report lower levels of well-being and greater levels of depression/stress symptoms than their non-technical peers and general society; if so, what might be contributing factors and what are the broader implications for the profession and organizational/national security?

 

The talk will outline the rationale behind investigating factors such as Autism Spectrum Quotient, Personality and Attachment Styles in relation to well-being and stress related illnesses.

 

A shortage of skilled Cyber Security professionals has been identified as a key barrier to the growth of the security sector and the ability for nations and organizations to respond to cyber threats. Understanding well-being and depression/stress symptoms in relation to the Cyber Security sector is an important area and relatively unexplored area of study, as many of the personality traits that characterize a good Cyber Security practitioner may also predispose them to depression or stress symptoms.



Speakers
CS

Chris Sumner & Jack Daniel

Chris is a security data guy at Hewlett-Packard, where he's been employed for over 20 years; albeit some of those years were with DEC and Compaq. For the past 14 years he has performed a variety of security roles, including worldwide Security Manager for HP's Imaging and Printing division. | | Outside work he co-founded the not-for-profit Online Privacy Foundation who contribute to the emerging discipline of behavioral residue research within... Read More →


Wednesday June 3, 2015 3:15pm - 4:00pm
b. Track 2

3:30pm

ARMed ROPpery
ARM CPUs are everywhere now but a lot of people's knowledge around asm and exploitation is very x86(_64) centric. This would be a short talk focusing on how some of the features of the ARM architecture mean that ROP will need to be used more frequently and the mechanics of using it on the platform. 

Speakers

Wednesday June 3, 2015 3:30pm - 3:45pm
Rookie Track

3:30pm

T3W3-Windows Privilege Escalation
Limited Capacity full

The Windows Privilege Escalation workshop aims to provide attendees with a solid understanding of the various steps required to go from low level privileges to SYSTEM level privileges. Automated tools, such as meterpreter's ""getsystem"", have their place in this process however reliance on automation breeds weakness. Contrary to common perception Windows boxes can be really well locked down if they are configured with care. As such the attacker will need to dig deep in order to elevate privileges.

The workshop will be divided into the following sections: Enumeration of the target machine (who uses it and what does it do), identification of common and uncommon configuration weaknesses (patch level, automated installs and configuration weaknesses) and permission analysis (scheduled tasks, services and file/folder access). Each section will be followed by real-world practical examples that attendees can get their hands dirty with in order to solidify the theory. This workshop aims to provide hands-on knowledge which can be directly applied in the field.

Speakers
RB

Ruben Boonen

Context Information Security
Ruben (sometimes known as b33f - @FuzzySec) has been working in InfoSec since 2012, one year as part of the Offensive Security team, assisting students from around the world as they worked through Offsec's various certifications and two years as a security consultant. He has a well rounded skill set, having taken on many web application, infrastructure and bespoke engagements. He has however developed a special interest for Windows... Read More →
FM

Francesco Mifsud

Francesco Mifsud (@GradiusX). Is quite new to the InfoSec Industry but he spent a fair share of sleepless nights staring at debuggers and ASM during my undergrad and post-grad. He has been working at Context Information Security for the past 6 months as a security consultant; taking on web application, infrastructure and any other engagement they throw at him! During his research on exploit-development he realized that a lot of material is... Read More →


Wednesday June 3, 2015 3:30pm - 5:30pm
Workshop Track - Regents Park
  • Workshop requirements There are no special requirements to attend the workshop, everyone is welcome and can benefit for the theoretical parts of each section. However, to participate in the hands-on sections, attendees will need to bring the following: - A laptop with 500MB RAM (1GB recommended) which can be dedicated to a VM. - VMWare player, which can be downloaded for free.
  • Tags Any Geek, Audience: Pentesters, Audience: Techies, Difficulty Level 3, Geek Fun track

3:30pm

T1W3-The Writey Writer's Guide to Writing Writerly
Limited Capacity seats available

This workshop is based around 10 years of professional blogging / malware research and is designed to give budding writers a leg-up in the world of corporate writing, where everything is one sentence away from potential embarrassment, death threats or a liberal helping of cease and desist letters. If you've been asked to blog but have no idea where to start (or are simply looking for a refresher), this workshop will cover: legal pitfalls, content volume, working with journalists / PR, techniques for radio / TV / newspapers, blog structure, minimising risk (to yourself and others) and more. There will be interactive demos related to some of the aforementioned subject matter, and debate / questions / participation is welcome.

Speakers
CB

Chris Boyd

Malwarebytes
Chris is a multiple recipient of the Microsoft MVP in Consumer Security & former Director of Research for FaceTime Security Labs. He has presented at RSA, Rootcon and SecTor, and have been thanked by Google for his contributions to responsible disclosure in their Hall of Fame. Chris has been credited with finding the first rootkit in an IM hijack, the first rogue web browser installing without consent and the first DIY Twitter Botnet kit... Read More →


Wednesday June 3, 2015 3:30pm - 5:30pm
Workshop Track - Hyde Park
  • Workshop requirements Laptop preferable, pen and paper supplied if needed. No particular software on the laptop beyond some form of word processor. You may have to talk a bit if taking part in some of the exercises so bring water (or it'll be supplied). You may be recorded (voice and / or camera) if taking part in one of the exercises. Bring your best Blue Steel!
  • Tags Audience: Any Geek, Career Path, Difficulty Level 1, Hackers, Management, Pentesters

4:00pm

DLL Hijacking: The Eighth Circle of DLL Hell
DLLs have been the spine of the Windows architecture since the early 90s, so it's no surprise that a number of security issues involving them have sprouted ever since. DLL Hijacking, or Preloading, is a particularly severe and long-lived one. 

This talk will explain the mechanics behind the attack, examples of its use in the wild, and some current countermeasures and their limitations.  

Moderators
avatar for Ollie Whitehouse

Ollie Whitehouse

Associate Director
Ollie is a middle manager, did some stuff he thought was cool back in the day and generally maintains an unhealthy compulsion for what is now known as cyber security. Having worked for consultancies, a security product firm and a major mobile device OEM he has stories to tell for any occasion (where any is security related).

Speakers

Wednesday June 3, 2015 4:00pm - 4:15pm
Rookie Track

4:00pm

Power to the People: bringing infosec to the masses
To truly make a difference in infosec, our industry needs to better understand the people using technology and systems: what they're worried about and scared of, and what motivates their behaviours. Combining primary research which explores how the average user feels about cyber security and how this drives their behaviour, with sociological and psychological theory, this talk addresses the most crucial, and weakest, link in infosec: the human factor. This analysis allows us to better understand why behaviours aren't improving, despite far greater media reporting, and general awareness, of online threats. The talk outlines what we can do to engage with users in a more effective and positive way to change behaviours for the better.  

Speakers
JB

Jessica Barker

Dr Jessica Barker is an independent cyber security consultant, focusing on how individuals, institutions and societies interact with technology and the impact of our changing relationship with networked information. Jessica's expertise is in the 'human' side of cyber security, and her particular specialisms cover governance, strategy and policy, compliance and learning and development. Running her own company, which advises organisations how they... Read More →


Wednesday June 3, 2015 4:00pm - 4:45pm
a. Track 1

4:00pm

Updating the Future
Software updates are a nightmare. For users, for manufacturers and also for the hacking community. That zero day that gets binned after months of effort can really be upsetting. Or something.

Mobile phone software updates are difficult. Deploying to millions of users on fragmented platforms across networks that can be very limited is just plain hard. Put mobile network operators and a bunch of other stakeholders in the mix and it gets even worse. So how can we make it better? Do we have to submit to a vertical supply chain dominated by one vendor and their whims? Are users being deliberately sacrificed because end-of-lifing a product or platform is cheap? What about the device? Can we or should we even trust it? What is an acceptable time to fix?

The mobile industry is working on this, but it isn't easy. This talk discusses the many challenges and what solutions are being proposed. It also takes a look at what requirements are necessary for updating constrained devices in both the Internet of Things and Automotive.

Speakers
DR

David Rogers

David is a mobile phone security expert who runs Copper Horse Solutions Ltd, a software and security company currently focusing on IoT security research and products, based in Windsor, UK. He also chairs the Device Security Group at the GSM Association and teaches the Mobile Systems Security course at the University of Oxford. He has worked in the mobile industry for over 16 years in security and engineering roles. Prior to this he worked in... Read More →


Wednesday June 3, 2015 4:00pm - 4:45pm
b. Track 2

4:30pm

T2W4-Myths about the HTTPS Lock - Building & Breaking PKI masterclass
We've been taught that if we see that secure-lock icon while web-browsing then our connection is secure. Is that really true? This masterclass will go through the dirty details of HTTPS operations. Successful attacks on CAs PKI systems and recommendations for secure use of Digital Certificates will be discussed. Open-source cryptography APIs and open-source enterprise class implementation of a PKI system will be demonstrated while discussing the complexity of implementing such a system. My own experience with large-scale PKI systems will be shared and discussed as well

Speakers
avatar for Yousif Hussin

Yousif Hussin

Yousif Hussin is a senior PKI and Information Security Specialist, and has been a professional in the IT-Security field for over 7 years. He’s been part of national level projects in Information Security, secure data communication and secure large-scale VOIP Telephony Systems, Network Penetration Testing. His experience includes implementation of Cryptographic systems for electronic services, high-grade encryption technologies, Digital... Read More →


Wednesday June 3, 2015 4:30pm - 5:30pm
Workshop Track - Greenwich Park

4:45pm

Intelligence led Penetration Testing
As cyber-attacks become have become sophisticated and prevalent, it is key that penetration testing evolves accordingly to continue to add value to the organisations that use it as a key security control. Utilising threat intelligence and OSINT as the scoping tools to make a penetration test bespoke, relevant and realistic to our clients is something that BAE Systems is currently focussing on. Part of our approach involves collecting, repurposing and mimicking real attack toolkits and techniques that are attributed to threat actors that we have collected through our Threat intelligence and incident response work.
The focus of this presentation is how to use both general threat intelligence and recovered attack toolkits to define and deliver this type of highly focussed testing. It will use references to examples of tool repositories we have access to, malware we have reverse engineered and tools we have written to replicate real attacks.
The audience should leave the presentation with an understanding of the process of turning a threat intelligence report into a set of actionable tests, that emulate the behaviour of distinct attack groups and tools and how they might apply this to future STAR and intelligence led penetration testing assignments.

Speakers
CB

Cam Buchanan

Cam Buchanan is the current Head of Penetration Testing at BAE Systems. His third book “Python Web Penetration Testing Cookbook”, written with a number of other industry professionals, is publishing soon . His experience stretches across all sectors and he specialises in the scoping and delivery of Mobile, Red Team and Web Application penetration tests


Wednesday June 3, 2015 4:45pm - 5:30pm
a. Track 1

4:45pm

Threat Intelligence a new approach for cyber security
An increasing number of organisations and individuals fall victim to cyber attacks, despite having set defence mechanisms. Most victims implement a rather traditional perimeter-based approach to cyber security, defending against known attacks with solutions like anti-virus and firewalls, increasingly ineffective against targeted attacks by persistent adversaries. The growing number of successful cyber attacks being launched every year is a clear indication that this model is not working effectively, and is not sustainable.

Forward-looking organisations are adopting a new model, informed by threat intelligence and more inclusive of the complete chain of operations necessary to launch, and defend against, a cyber attack.

Speakers
AS

Alonso Silva

Alonso is a senior IT/Telecoms Engineer with more than 10 years’ experience in cyber security, infrastructure and training, gained from working with multinationals in Brazil’s IT/Telecoms and FMCG industries. | | Alonso is responsible for aligning Tempest UK’s technical operations with the technical team in Brazil. He is responsible for ensuring that Tempest’s standards of operation and methodology are maintained as the company expands... Read More →


Wednesday June 3, 2015 4:45pm - 5:30pm
b. Track 2

5:45pm

Closing Remarks
Core Volunteers
LM

Lawrence Munro

SpiderLabs
IT Security.
avatar for Paul Batson

Paul Batson

Security Operations, @lazysecurity
Have played red team in my spare time since watching Hackers & Phreakers in '94.   After 10+ years in networking now working as a senior tech lead in a blue team and spend a lot of time talking netflow, packets and protocols. That and trying to find new ways of detecting bad stuff ;) | | Public Key: https://keybase.io/lazysecurity/key.asc
avatar for Thomas Fischeer

Thomas Fischeer

Global Security Advocate & Principal Threat Researcher, Digital Guardian
With over 25+ years experience, Thomas has a unique view on security in the enterprise with experience in multi domains from policy and risk management,  secure development and incident response and forensics. Thomas has held roles varying from security architect in large fortune 500 company to consultant for both industry vendors and consulting organisations. Thomas currently plays a lead role in advising customers while investigating... Read More →


Wednesday June 3, 2015 5:45pm - 6:00pm
a. Track 1

5:45pm

Closing Remarks
Core Volunteers
LM

Lawrence Munro

SpiderLabs
IT Security.
avatar for Paul Batson

Paul Batson

Security Operations, @lazysecurity
Have played red team in my spare time since watching Hackers & Phreakers in '94.   After 10+ years in networking now working as a senior tech lead in a blue team and spend a lot of time talking netflow, packets and protocols. That and trying to find new ways of detecting bad stuff ;) | | Public Key: https://keybase.io/lazysecurity/key.asc
avatar for Thomas Fischeer

Thomas Fischeer

Global Security Advocate & Principal Threat Researcher, Digital Guardian
With over 25+ years experience, Thomas has a unique view on security in the enterprise with experience in multi domains from policy and risk management,  secure development and incident response and forensics. Thomas has held roles varying from security architect in large fortune 500 company to consultant for both industry vendors and consulting organisations. Thomas currently plays a lead role in advising customers while investigating... Read More →


Wednesday June 3, 2015 5:45pm - 6:00pm
b. Track 2