Security BSides London 2019: Full Schedule

Security BSides London, the UK’s biggest community-driven infosec conference is happy to announce its 8th iteration open to all regardless of background, skill level, income or job-title.

Doors to the main event open at 8.30am with talks starting at 9am on 5 June 2019
Workshops will be held on 4 June 2018 starting at 10am; Pre-registration is required

Please remember that Security BSides London has a strict code of conduct available here.

10:00 BST

Elastic Stack for Security Monitoring in a Nutshell

Elastic Stack is one of the most commonly used open source data analysis and management platform today. It quickly became popular among security professionals too and it is also the building block of many open source and commercial SIEM. Elastic Stack is designed for speed and ease of use; it indexes data as it is ingested (write once read many or ""WORM"" storage) and it is extremely scalable and powerful, making ad-hoc queries and real-time visualization very easy.

The components in the Elastic Stack are designed to be used together and releases are synchronized to simplify the installation and upgrade process. The stack consists of:
- Beats, which is the platform for single-purpose data shippers;
- Logstash, which is a server-side data processing pipeline that ingests data from multiple sources, transforms it, and then sends it to one or more outputs (""stash"");
- Elasticsearch, which is a distributed, RESTful search and analytics engine;
- Kibana, which lets users visualize data with charts, graphs, and dashboards.

During this two-hour workshop, we will see how to use Elastic Stack for security monitoring and cover the following topics:
- Beats (filebeat, winlogbeat, auditbeat, etc.)
- Logstash (input, filter, and output plugins)
- Elasticsearch (cluster, node, index, shard, mapping, search, aggregation, etc.)
- Kibana (index patterns, searches, visualizations, dashboards, etc.)
- Elastic Stack Alerting and Security (X-Pack, ElastAlert, Search Guard, ReadonlyREST, etc.)

What you need to bring:
- A laptop with at least 8 GB of RAM and 30-50 GB of free disk space;
- VMware Workstation, VMware Fusion or VMware Player installed.

Speakers

Eva Szilagyi

Eva is a managing partner and CEO of Alzette Information Security, a consulting company based in Luxembourg. She has more than eight years of professional experience in penetration testing, security source code review, vulnerability management, digital forensics, IT auditing, telecommunication... Read More →

David Szili

David is a managing partner and CTO of Alzette Information Security, a consulting company based in Luxembourg. David is also an instructor at SANS Institute, teaching FOR572: Advanced Network Forensics. He has more than eight years of professional experience in penetration testing... Read More →

Tuesday June 4, 2019 10:00 - 12:00 BST
Track 3 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 3, Workshop

10:00 BST

IPv6 workshop

This workshop will include an introduction to IPv6 technology, followed by current security assessment toolset that supports IPv6, enumeration and exploitation techniques, concluded with hands-on IPv6 hacking challenges on the workshop's lab VMs.

What you need to bring:
- A laptop with a Kali VM deployed with proxychains v4 (with IPv6 support) and socat,
- patience and perseverance to learn new skills :)

Speakers

Roxana Kovaci

Roxana Kovaci is a Security Consultant with over three years penetration testing experience in a wide range ofenvironments. She is currently working as Security Consultant in Nettitude, having worked prior as a PenetrationTester in Hewlett Packard Enterprise Security Service. Roxana... Read More →

Tuesday June 4, 2019 10:00 - 12:00 BST
Track 4 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 4, Workshop

10:00 BST

Catching that damned flag

Getting started with InfoSec can be tricky, especially (If like me) you find experiential learning (Learning though experience/hands-on-learning) to be the best way to really grasp concepts you read/are told about. Unfortunately no matter how you phrase "I was just trying to learn..." when you're caught using NASA systems as your testing ground, you're still going to get an unpleasant first hand experience of the US judicial system. Thankfully there are "playgrounds" out there where we can practice and learn, although at first they can seem a little intimidating. This workshop will centre around 2 "playgrounds", 'overthewire.org' and 'hackthebox.eu'. Starting off with some personally selected challenges from overthewire, we'll discuss the vulnerabilities along with some background and theory before solving the challenge as a group. With each challenge solved participants should gain the knowledge required to be able to take on the entry challenge to be able to sign up for hackthebox. Once each participant has successfully been able to register with hackthebox, we'll look at 1 or 2 of their 'retired' machines as a group, going from having nothing more than the IP of a machine, to then getting administrator level access on that machine. The workshop will finish with participants splitting into groups and attempting one of the 'active' machines on hackthebox.

What you need to bring:
- A laptop with administrator access, capable of running a Linux VM.

Speakers

Brett Mack

Brett is a DevOps engineer by profession but has always had a passion for InfoSec. He currently holds his OSCP and is working on further certification. This workshop mimics Brett's journey to receiving his OSCP, sharing valuable experience gathered on the way.

Tuesday June 4, 2019 10:00 - 14:00 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Workshop

10:00 BST

Detecting Evil with Network Traffic Analysis

What does badness look like on the wire? How can you recognize a DDoS versus nmap scan vs remote access vs data exfiltration? Understanding network protocols (yes, RFCs!) and being able to extract artifacts from network traffic is essential in many fields - incident response, forensics, security operations - the list goes on. Recognizing the hallmarks of various types of attacks is also key. In this workshop we will walk through custom packet captures to explore examples of various types of attacks.

This workshop is designed for a variety of experience levels. We will start with the basics of TCP/IP and review how network traffic flows, then ease into the analysis part. I encourage anyone with an interest to participate. For more advanced students there will be additional questions/challenges to keep you occupied.

What you need to bring:
- A box capable of running Wireshark, more materials will be provided closer to the event.

Speakers

Marcelle Lee

Marcelle is security practitioner but also an educator at heart, and delivers many talks and workshops. Marcelle's passion lies in several areas but network traffic analysis is at the top of the list. She has delivered traffic analysis workshops at Thotcon, SkyDogCon, BSidesCharm... Read More →

Tuesday June 4, 2019 10:00 - 14:00 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Workshop

12:15 BST

Linux threat hunting with OSQuery

In this workshop we’ll guide you through the basics of OSQuery and Linux threathunting. With interactive labs we’ll explore the capabilities provided by OSQuery to hunt for common techniques used by Linux Malware and threat actors. 

We’ll discuss the techniques used and then move to our Labs with real threat scenarios to gain practical experience driving OSQuery and finding some Linux based threats.

What you need to bring:
- Working knowledge of the Linux shell and basic SQL (no OSQuery experience required),
- a Laptop with a SSH client.

Speakers

Craig Jones

Senior Manager - Security Engineering, Sophos

Craig is Senior Manager of Security Engineering in Sophos, responsible for detection engineering, IR and security infrastructure.@albanwr

Stephen O’Leary

Senior Security Engineer, Sophos

Senior Information Security Engineer at Sophos working mostly with Splunk these days but spent over 5 years as a SQL Server DBA in a previous role at Sophos. His efforts focus on using data from various sources to assist in not only improving the detection capability, but also asset... Read More →

Dave Davison

Red Team Lead, Sophos

Tuesday June 4, 2019 12:15 - 16:15 BST
Track 3 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 3, Workshop

12:15 BST

Incremental Threat Modelling - how to fit threat modelling into a fast lifecycle

The earlier in the lifecycle you pay attention to security, the better are the outcomes. Threat modelling is one of the best techniques for improving the security of your software. It is a structured method for identifying weaknesses on design level. However, people who want to introduce it into their work on existing codebase often face time pressure and very rarely can a company afford “security push”, where all new development stops for a while in order to focus on security. Incremental threat modelling that concentrates on current additions and modifications can be time-boxed to fit the tightest of agile life-cycles and still deliver security benefits. Full disclosure is necessary at this point – threat modelling is not the same as adding tests to the ball of mud codebase and eventually getting decent test coverage. You will not be able to get away with doing just incremental modelling, without tackling the whole picture at some point. But the good news are you will approach this point with more mature skills from getting the practice, and you will get a better overall model with less time spent than if you tried to build it upfront. We will cover the technique of incremental threat modelling, and then the workshop will split into several teams, each one modelling an addition of a new feature to a realistic architecture. NB: At least one example will be about machine learning. The participants will learn how to find the threats relevant to the feature while keeping the activity focused (i.e. not trying to boil an ocean). This session targets mainly blue teamers, as well as software developers, qa engineers, and architects; but will be also beneficial for scrum masters and product owners.

Speakers

Nick Dunn

Nick Dunn is a security consultant and an occasional developer of hacking tools and scripts. After several years working as a secure software developer, he found out that breaking things could be more fun than building them and became a penetration tester, at which point he discovered... Read More →

Irene Michlin

Irene Michlin is a security consultant at IBM, where she leads Application Security practice in European centre of competency. Before going into application security consultancy, Irene worked as software engineer, architect, and technical lead at companies ranging from startups... Read More →

Tuesday June 4, 2019 12:15 - 16:15 BST
Track 4 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 4, Workshop

14:15 BST

Network Newb to Ninja

The purpose of this workshop is to provide the knowledge and skills to get over the initial learning hump to enable and encourage further learning about networking, including securing networks. These techniques can be used on home and production networks.
This workshop is aimed at SysAdmins, students and anyone interested in learning more about networking; after all, networks are the only element that is present in every IT environment globally, regardless of location, size, software used and industry.
In this workshop, attendees will learn:
1. How to create a free, vendor neutral, network lab environment without the need of any other hardware other then a laptop.
2. A working understanding of the OSI model, what each layer does and the considerations for design, security and monitoring should be taken for each of them.
3. Techniques and the theory behind network defences to reduce the effect of security events, increase their ability to detect issues and protect against common attack methods, such as reconnaissance and lateral movement.
4. A basic understanding to use tools such a Scapy to craft packets and Wireshark to be able to test their network security measures are effective.

What you need to bring:
A laptop running Windows and have admin rights, with at least 4Gb RAMM (ideally 8GB) and 25Gb of storage, a PDF reader application and a Spreadsheet application (just a reader will suffice) are also recommended.
The applications used in the workshop are:
VMware Workstation, GNS3, Wireshark, Kali Linux and Scapy

Speakers

Brian Whelton

DIrector, Whelton Network Solutions

Brian is a network guy with 20 years’ experience, and is the Director of Whelton Network Solutions, a consultancy primarily focused on networking, security audits and incident response.Outside of professional commitments he is a self-proclaimed certification junkie, InfoSec conference... Read More →

Tuesday June 4, 2019 14:15 - 18:15 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Workshop

14:15 BST

Fuzzing with AFL

This workshop will teach you how to discover vulnerabilities using modern fuzzing tools.

You will learn when fuzzing is appropriate, how to select and set up various types of target, and how to use American Fuzzy Lop (AFL) to find flaws in those targets. During the workshop you will rediscover real vulnerabilities in software like OpenSSL, ntp, and sendmail.

Aimed at developers and defenders who want to harden their C/C++ applications, as well as bug-hunting researchers and consultants.

What you need to bring:
- A laptop with a SSH client; you will need a basic level of proficiency with the Linux command line (working with files) and programming in C. You do not need to be an expert in either - AFL will do the hard work for you! No prior knowledge of fuzzing is required.
- If you want to run the exercises locally instead of using the provided cloud instances, you will need a Linux system with either Docker or AFL pre-installed.

Speakers

Michael Macnair

Michael is an application security engineer working to prevent security flaws from making it into products, and finding and fixing those that slip the net. After getting hooked on modern fuzzing tools for their amazing bug-finding capabilities, he developed a workshop to help others... Read More →

Tuesday June 4, 2019 14:15 - 18:15 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Workshop

08:50 BST

Welcome Address

Welcome address from the crew

Wednesday June 5, 2019 08:50 - 09:10 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

08:50 BST

Welcome Address

Welcome address from the crew

Wednesday June 5, 2019 08:50 - 09:10 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Speaker

08:50 BST

Welcome Address

Welcome address from the crew

Wednesday June 5, 2019 08:50 - 09:10 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Speaker

08:50 BST

Welcome Address

Welcome address from the crew

Wednesday June 5, 2019 08:50 - 09:10 BST
Track 3 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 3, Speaker

09:15 BST

Cyber systems of the powergrid. How does power get to your tea kettle from the power plant.

This talk will show the digital and analog systems of the power grid and follow the rail of electricity from its place of production all the way to your tea kettle. This talk is different in that there are no bullet points only photos.

Speakers

Bigezy

Bigezy is the POC for the defcon DC217 chapter. He won a black badge for wardriving in 2003 at Defcon and is a frequent speaker at conferences around the world including BSides Las Vegas 5 times. Bigezy currently spends his time studying ICS SCADA networks and drinking fine whisk... Read More →

Wednesday June 5, 2019 09:15 - 09:45 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Speaker

09:15 BST

You won't even know it's recording you!

At a time when user experience can make or break a business, app developers are turning more and more to third-party app analytics tools to help them get insight on how customers are interacting with their app. GlassBox, AppSee, Testfairy, and UXCam are a handful of popular analytics SDKs used by app developers to track in-app user behaviour, crashes, bugs, and other issues. The extent of the data collected by these Analytics and Attribution tools without it being clear in the privacy policy has raised several security and privacy concerns lately. Embedding ‘Session Replay’ technology to record the user’s screen received special attention from security researchers in the early 2019 as it can include privacy-sensitive data, such as login credentials, financial information or medical records. In this presentation we go over an in depth analysis of popular Apps we reversed, and show different methods they use to record user’s screen/session in both iOS and Android platforms. We further explain static and dynamic techniques to identify Session Replay capability in an App. We also discuss advanced techniques Apps implement to fingerprint mobile devices in the hardware, OS or Application level. Correlating this information with user’s identity, App developers or third-party analytics services can profile and attribute the user.

Speakers

Elaheh Samani

Senior Security Researcher, Symantec

Elaheh Samani is a senior security researcher at Symantec’s Modern OS Security (MOS). She’s actively researching emerging threats targeting mobile users. Previously, she worked at Google Chrome protection with the Tailored Reverse Engineer Expertise team who focused on the analysis... Read More →

Wednesday June 5, 2019 09:15 - 09:45 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Speaker

09:45 BST

The Imitation Game: emulating attackers

How do you realistically emulate attacker behaviour? Whether you are testing your own defences, want to improve them or are investigating new attacker techniques, generating realistic adversarial behaviour is hard. The MITRE corporation released CALDERA last year, a very powerful (but underrated) attacker emulation tool. It allows you to implement your own attacker techniques and model attacker groups based on techniques they use. Using a clever, built-in decision planner, it will chain selected attacker techniques in order to execute a realistic end-to-end attack path. This talk looks at how you can turn new attacker techniques into CALDERA actions, how to chain them together and what that looks like in a controlled environment. Using LOLBins, webshells and Powershell weirdness, we'll look at how to do emulation right

Speakers

Wietze Beukema

PwC

Wietze has been hacking around with computers for years, and has specialised in Cyber Security at university. Originally from the Netherlands, he currently works for PwC in London. Part of his role in the Endpoint Threat Detection team is attacker emulation.

Wednesday June 5, 2019 09:45 - 10:30 BST
Track 3 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 3, Speaker

09:45 BST

A safer way to pay - Comparing the security and integrity of 21st century payment systems

This talk will look at how to determine what security and privacy risks are worth accepting and the security benefits and downfalls of accepting and making payments using everything from PayPass/PayWave, EMV (Chip), Venmo, AliPay to ApplePay, Google Pay and PayPal. While the security and ease of use of payment tech has improved dramatically in the last 20 years, this talk won't explore every option. Specifically I will leave the costs and benefits of using cash and cryptocurrencies up to the viewers own imagination.

Speakers

Chester Wisniewski

Principal Research Scientist, Sophos

Chester Wisniewski has been involved in the information security space since the late 1980s. He is currently a Principal Research Scientist in the Office of the CTO. Chet divides his time between research, public speaking, writing and attempting to communicate the complexities of... Read More →

Wednesday June 5, 2019 09:45 - 10:45 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Speaker

09:45 BST

State sponsored stalking ?!

With the advent of social networks followed by Secure Instant Messaging (S’IM), privacy became more and more important for the public. To the point where S’IM became a problem for some states. For one side this lead to the block of Telegram in countries like Russia and Iran and Instagram in Iran. But also lead to the appearance of cloned Telegram and Instagram applications under the cover of enhanced features or censorship bypass. When the reality is that, although allowed access to the legitimate service, would also allow its operators complete access to the contacts and chats for its users. Some of these applications can even be found on the legitimate Google Play Store with thousands of downloads and on some cases I around 1 million of users using these applications. I will show a various of examples of such cloned applications and the different techniques used to report back. I will also show that the developers of such S’IM applications also bare some of the responsibility for these attacks, by lacking transparency and proper defaults on their applications. But also because some of their features are prone to be abused and still they decide not to do their due diligence on these matters. With my presentation I want the audience to understand that S’IM are being abused to spy on public, in scales that are beyond comprehension. The problem is not limited to rogue application stores or to state sponsored groups, it can be deployed by any malicious actor with the proper knowledge. Finally, these attacks are possible not only due to the lack of security awareness of the public in general, but also because S’IM developers are not doing their share to improve the security of their users.

Speakers

Paul Rascagneres

Cisco Talos

Paul is a security researcher within Talos, Cisco’s threat intelligence and research organization. As a researcher, he performs investigations to identify new threats and presents his findings as publications and at international security conferences throughout the world. He has... Read More →

Wednesday June 5, 2019 09:45 - 10:45 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Speaker

10:05 BST

Using Network Miner to Reconstruct Network Traffic

Knowing how to extract resources from a packet capture can be an invaluable foundation for understanding how data is transmitted over the internet, but extracting a large number of resources and recreating them manually is not feasible. The talk will demonstrate how to recreate a singular file from a packet capture and also how NetworkMiner will make light work of extracting resources in bulk.

Speakers

Matthew Short

Wednesday June 5, 2019 10:05 - 10:20 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

10:25 BST

Bots: can they really be managed?

There a hundreds of types of bots that generate traffic for any given site, so what are the challenges involved in identifying and managing them?

Speakers

Diana Alvarado

Wednesday June 5, 2019 10:25 - 10:40 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

10:45 BST

Break

Coffee Break

Speakers

N/A

Wednesday June 5, 2019 10:45 - 11:00 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Break, Coffee

10:45 BST

Break

Coffee Break

Speakers

N/A

Wednesday June 5, 2019 10:45 - 11:00 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Break, Coffee

10:45 BST

Break

Coffee Break

Speakers

N/A

Wednesday June 5, 2019 10:45 - 11:00 BST
Track 3 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Break, Coffee

10:45 BST

SOC it up! - Common Frustrations and Solutions in SOC teams today.

Common frustrations seen in SOC teams nowadays, how are these currently being solved, with a look at what works best going forward.

Speakers

Jymit Khondhu

Wednesday June 5, 2019 10:45 - 11:00 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

11:00 BST

Fixing the Internet's Auto-Immune Problem: Bilateral Safe Harbor for Good-Faith Hackers

Thousands of organizations have already adopted the idea of inviting good-faith hacking to hack into their systems via vulnerability disclosure, bug bounty and next-gen pen test programs. Even so, the risk of prosecution under anti-hacking laws still casts a cloud over the hackers who are trying to help, and many programs haven't removed this risk by including Safe Harbor language within their program policies. It's not intentional -- the simple truth is that the market has progressed so rapidly that most have implemented crowdsourced security programs without realizing this issue, nor do they know how to how to fix it. Bilateral Safe Harbor language enables program owners to not only provide a strong incentive for good-faith hackers in terms of explicit legal protection, but also to outline exactly what constitutes "good-faith" hacking for their organization, and leave legal protections against malicious hackers intact.

This talk provides an overview of Safe Harbor in the context of good-faith hacking and introduces a current effort to create a standardized, open-source, easily readable legal boilerplate for disclosure program owners all around the world to use.

What is Safe Harbor and key takeaways from CFAA/DMCA?
Why we need a open source vulnerability standardized disclosure
What is disclose.io?
How can companies participate?
How can security researchers participate?
How can legal community participate?

Speakers

Chloe Messdaghi

Security Researcher Advocate/PM, Bugcrowd

Security Researcher Advocate/PM @Bugcrowd, board member for 4 nonprofits, one of the WIST founders, mentors, speaker on diversity and inclusion in InfoSec, and Drop Labels founder.

Wednesday June 5, 2019 11:00 - 11:30 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Speaker

11:00 BST

Password Cracking; the First 500 Million

We present a new tool, hashcrack, to preprocess hash files and drive hashcat with sensible parameters, including support for automatic ntdsutil and responder DB extraction.

Examples of good and bad hashing methods are given, as well as advice on how to do strong password hashing, and prevent credential stuffing attacks.

We also do a walk through of cracking 500 million hashes from Troy Hunt/haveibeenpwned's NTLM password dump will be given, and a representative data set of mixed hashes (NTLM, sha256crypt, bcrypt, Drupal, Wordpress and others) will be provided for a CTF-type competition.

See https://github.com/nccgroup/hashcrack - the tool supports many common hash formats including Cisco, UNIX, and Windows types as well as standard MD5/SHA1,2,3 etc.

Speakers

Jamie Riden

NCC

Sometime developer, sysadmin, pen-tester, member of blue "team" and hacker. I have disclosed issues to IBM, SAP, D-link, Belkin, British Telecom among others and have an Erdős number of 4.

Wednesday June 5, 2019 11:00 - 11:30 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Speaker

11:00 BST

The little phone that could ch-ch-chroot.

Security testing or penetration testing has been a career path that many are beginning to take. Penetration testing is the umbrella term for many different types of engagements, ranging from web, infrastructure and social engineering. With the growing risk of sabotage and/or corporate espionage it has been seen that many organisations are beginning to develop a tactical capability. In doing so, the term ’Red Team’ has been coined to market such engagements. Red Teaming is the method of having almost free reign towards a target to stress test the full capability of the organisation. However, Red Teaming can be an expensive and resource intensive task. This talk discusses the cost and toolkit required to carry out Red Teaming. As well as the research and development towards making a covert disposable phone to help aide Red Teamer’s with the reconnaissance phase of a test without drawing attention to themselves within a day to day task.

Speakers

Mathew Evans

Mathew Evans also known as Munk is a researcher that works within the field of Forensics specifically in Hardware Security and Car Forensics. Munk is working towards his PhD within Computer Forensics from the University of South Wales.

Jack Whitter-Jones

PhD Student, University of South Wales

Jack is a PhD Student from the University of South Wales, focusing on Security Operations, Network Monitoring and teaching his wonderful students the art of PHP. Although his PhD takes up a significant amount of time, outside the realms of academia, Jacks research focuses on secure... Read More →

Wednesday June 5, 2019 11:00 - 11:30 BST
Track 3 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 3, Speaker

11:05 BST

Exploring Emotet, an Elaborate Everyday Enigma

The Emotet Trojan is the most widespread malware family in the wild. It has been, and is still, the most notorious and costly malware since its appearance more than five years ago. Emotet owes its reputation to its constant state of evolution and change. The malware's rapid advancement helps support its highly sophisticated operation. In this presentation, I'll walk attendees through my investigation of the Emotet family and reverse engineering of its components.

In this talk, I'll discuss the capabilities and features of Emotet: a detailed overview of its multilayered operation, starting with the spam lure, the malicious attachments (and their evolution); and the malware executable itself, from its highly sophisticated packer, to its C&C communications.

Emotet is well-known for its modular architecture, worm-like propagation, and highly skilled persistence techniques. The recent versions spread rapidly using multiple methods. Besides its capability to spread by brute forcing using its own password lists, it can harvest all the emails from victims, then spread through spam. Its diverse module list hides different malicious intentions, such as information stealing including credentials from browser or email client, spreading capabilities, or delivering other malware as well as ransomware or other banking Trojans.

Finally, I will dissect the background operation of the payload modules. I’ll also present statistics from Sophos about its global reach.

Speakers

Luca Nagy

Wednesday June 5, 2019 11:05 - 11:20 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

11:25 BST

Turning Your Weapons Against You.

My talk is about using security tools setup by an organisation against itself. Specifically vulnerability scanners and NAC solutions.

Generally organisations will scan host on a network without think about the consequences of doing this. Often security solutions will blindly attempt to authenticate to a host during the scanning process which can be abused by an attacker to capture credentials used by the the tool to authenticate to large number of host within the enterprise.

The talk will include information on general misconfigurations in these solutions and demos of how to exploit them. There will also be a remediation section at the end.

Speakers

Andrew Blane

Wednesday June 5, 2019 11:25 - 11:40 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

11:30 BST

Understanding Stress, Anxiety and Depression and How to Cope

Understanding the symptoms of stress, anxiety and depression and knowing the mechanics of our mind and brain can help us deal with difficult situations. Stress, anxiety and depression are on the rising in society, not only in adult population but in children and adolescents. Life in the modern world is fast and stressful. We feel the pressure to perform at work, in our private life, family life and finances and the quality of our lives decreases leaving us unfulfilled and anxious about our future. Our relationships with ourselves, the world and others are damaged by lack of time indefinite number of tasks and duties which need doing in a 24 hours period that is never enough thus stress leads to anxiety and depression.

Speakers

Olga Zilberberg

My name is Olga Zilberberg and I am a CBT and NLP Practitioner working in private practice in Berkshire and South Oxfordshire area. I am passionate about helping people understand mental health challenges and find ways to better their lives in an empowering and fulfilling manner... Read More →

Wednesday June 5, 2019 11:30 - 12:30 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Speaker

11:30 BST

When the Magic Wears Off: Flaws in ML for Security Evaluations (and What to Do about It)

Academic research on machine learning-based malware classification appears to leave very little room for improvement, boasting F1 performance figures of up to 0.99. Is the problem solved? In this talk, we argue that there is an endemic issue of inflated results due to two pervasive sources of experimental bias: spatial bias, caused by distributions of training and testing data not representative of a real-world deployment, and temporal bias, caused by incorrect splits of training and testing sets (e.g., in cross-validation) leading to impossible configurations. To overcome this issue, we propose a set of space and time constraints for experiment design. Furthermore, we introduce a new metric that summarizes the performance of a classifier over time, i.e., its expected robustness in a real-world setting. Finally, we present an algorithm to tune the performance of a given classifier. We have implemented our solutions in TESSERACT, an open source evaluation framework that allows a fair comparison of malware classifiers in a realistic setting. We used TESSERACT to evaluate two well-known malware classifiers from the literature on a dataset of 129K applications, demonstrating the distortion of results due to experimental bias and showcasing significant improvements from tuning.

Speakers

Lorenzo Cavallaro

King's College London

Lorenzo grew up on pizza, spaghetti, and Phrack, first. Underground and academic research interests followed shortly thereafter. He holds a PhD in Computer Science from the University of Milan (2008), held Post-Doctoral and Visiting Scholar positions at Vrije Universiteit Amsterdam... Read More →

Wednesday June 5, 2019 11:30 - 12:30 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Speaker

11:30 BST

Digital Intelligence Investigations

Cyber investigations are hard, and tying an online identity to someone in real life is tricky. Despite what others may have you believe, there is no "magic technique" or "secret method" that makes these investigations easy. It takes a lot of incredibly hard work, often a lot of time, and the realist is that most cases simply go unsolved. But - when you do solve one - it's incredible. My talk will walk you through two very different cyber investigations. One involved us attributing a mass-phishing campaign to what appeared to be a legitimate organisation in the Asia Pacific; the second recounts how we investigated whistle-blowing allegations that the General Manager of a Latin American manufacturing firm was collaborating with a local cartel. These investigations both posed unique challenges, and we had to implement different approach for collecting, interpreting, and assessing information. My talk will highlight some of the problems we identified during these investigations, outline how we solved them, and discuss the value of what we learned for next time.

Speakers

James

James comes from a varied background of artistic influence and technical expertise. As he completed his BA in English Literature and History, he used his spare time to become an avid programmer and web developer - skills that eventually pivoted into penetration testing, reverse engineering... Read More →

Wednesday June 5, 2019 11:30 - 12:30 BST
Track 3 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 3, Speaker

11:45 BST

Usernames, the missing piece - The OSINT Jigsaw Puzzle

There are often debates around usernames and how they should be assumed public knowledge, leading to issues surrounding the disclosure of usernames being classified as a low or information risk. What are the risks of exposing a username? Should username recycling like passwords be classed as a genuine risk?

This talk will walk through the risks associated to having a shared unique username across multiple services, the importance of usernames in OSINT.

Speakers

Simon Hall

Simon has been in the industry for over 10 years, previously working in networking and then as a penetration testing. He now works as Principal Security Engineer at Digital Shadows, focusing on anything related to offensive security such as internal red teaming, research, exploit... Read More →

Wednesday June 5, 2019 11:45 - 12:00 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

12:05 BST

Watching The Watchers, the Stalkerware Surveillance Ecosystem

While we focus on nation states' and corporation's role in steadily eroding our privacy and expanding omnipresent surveillance, an entire niche industry that caters to regular consumers who want similar spying capabilities has slipped largely under the radar.

This talk will present analysis of the stalkerware industry and it's products from a technical and non-technical standpoint, based on months of personal research

Speakers

Cian Heasley

Wednesday June 5, 2019 12:05 - 12:20 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

12:30 BST

Lunch

Speakers

N/A

Wednesday June 5, 2019 12:30 - 13:15 BST
Track 3 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Break, Lunch

12:30 BST

Lunch

Speakers

N/A

Wednesday June 5, 2019 12:30 - 13:20 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Break, Lunch

12:30 BST

Lunch

Speakers

N/A

Wednesday June 5, 2019 12:30 - 13:30 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Break, Lunch

12:30 BST

Lunch

Speakers

N/A

Wednesday June 5, 2019 12:30 - 13:30 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Break, Lunch

13:15 BST

Powershell is DEAD – Epic Learnings!

Powershell is Dead……mibs! It probably is if you want to limit your attack tooling, but trush be told its very environment specific......from running no Powershell using the System.Management.Automation.dll, loading .NET v2 binaries to disabling defensive capabilities like AMSI, there are many ways to pilfer and remain undetected in an environment based on the maturity of the defensive capability. Is powershell Dead? Absolutely maybe.....

The talk is designed to share information about the latest techniques (both defensive and offensive) that we have to face to emulate threat actors with various motivates and tactics. We will talk in depth about the current attack surface, technologies in play on Windows endpoints and some of the pitfalls of EDR products and how the offensive teams role is getting much harder. This will go into the depths of the ‘System.Management.Automation.dll’ including commonly used techniques such as ‘Add-Type’ and ‘Assembly.Load’ in the .NET world. We will also cover some tips relating to process injection methods and tooling which can help detect such activities on an endpoint.

The talk will also dive into some of the specific tooling involved including various alterations to PoshC2 and its C# implant, common opsec pitfalls we have been learnt along the way and how easy it can be to detect malicious actors depending on their capability. We will also look at what the world of Red Teaming will look like over the next 12-18 months and discuss the future of memory resident malware and the challenges facing both Red and Blue.

Speakers

Ben Turner

Managing Principal Consultant, Nettitude

Ben (@benpturner) & Doug (@b4ggio_su) are both Managing Principal and Principal Security Consultants at Nettitude and have worked solely on Red Teaming for over three years. Collectively they have led some of the largest and most sophisticated Red Teaming engagements for a multitude... Read More →

Wednesday June 5, 2019 13:15 - 14:00 BST
Track 3 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 3, Speaker

13:25 BST

Stalkerware in mobile devices

An overview of mobile stalkerware, specifically on the Android platform. I will discuss the marketing and legality of the software alongside providing an overview of its technical capeabilities.

Speakers

Jessica Amery

Wednesday June 5, 2019 13:25 - 13:40 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

13:30 BST

AWS vs Azure Security

All too often, an organisation’s choice of cloud provider is made at a senior management level, without considering security features of the different services. To help make an informed decision, we’ll attempt to answer this question at Security BSides:

• Who provides the best security features – AWS or Azure?

Drawing on experience of cloud migration projects in each environment, core AWS services and their Azure equivalents will be demonstrated, describing the security features in each case:

• AWS Identity and Access Management vs Azure Active Directory

• AWS S3 vs Azure Storage

• AWS Key Management Service vs Azure Key Vault

• AWS Security Groups vs Azure Network Security Groups

• AWS Security Hub vs Azure Security Center

Speakers

Paul Schwarzenberger

Cloud security architect and DevSecOps specialist, Celidor

Cloud security architect and DevSecOps specialist, using an agile DevSecOps approach to lead the implementation and migration of critical systems to public cloud. Speaker on Cloud Security and DevSecOps at conferences including Security BSides, DevSecCon and Enterprise Cloud Computing. Developer... Read More →

Wednesday June 5, 2019 13:30 - 14:00 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Speaker

13:30 BST

Build to hack, hack to build.

Containers,Cloud,DevOps and SDLC are all terms that are increasing in terms of usage in the InfoSec world. In this talk, we discuss how a container exploitation tool (BOtB) was developed to identify and autopwn common vulnerabilities in container technologies such as Docker and LXC and how this tool was used in a modern SDLC environment using common CI/CD technologies to identify, exploit and remediate container vulnerabilities before releases were made to production. In this talk we elaborate on how and why BOtB was built to be used by pentesters to exploit container vulnerabilities and how BOtB can be used by engineers to secure their container environments. The talk will also explain the technical details around the vulnerabilities that can be exploited by BOtB.

Speakers

Chris Le Roy

Heroku

Chris is a security researcher based in London. He has not had an unusual entrance to infosec coming from a Computer Science background which led him to dabble in software development for sometime. This resulted in Chris realising he is a terrible dev and prefers breaking things which... Read More →

Wednesday June 5, 2019 13:30 - 14:00 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Speaker

13:45 BST

My first program: a pentesting tool

In my talk I would like to introduce my first self-coded security tool. It’s a command line program that wraps around the Shodan API.

I started working in security industry in the summer of 2018. I had no technical background when I started and as you can imagine I’ve learned a lot since then, including some programming. At the end of 2018 I started to learn my first programming language: Python. After I learned some of the basics, I started to work on my first program that I can use for work. As my programming skills have evolved working on the program, the program itself has evolved as a result, gaining more and more functions and features.

I would like to introduce my program and some of the functions that I developed, while explaining the journey that I took.

Speakers

Nina Fasel

Wednesday June 5, 2019 13:45 - 14:00 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

14:00 BST

They are the Champions: how to build and maintain an effective cybersecurity champion programme within your organisation

In this presentation, we will look at how to maximise your security awareness programme and improve incident response by developing a security champions programme. A security champions programme is a network of people within an organisation who are not cybersecurity professionals but work as a security representative, functioning in much the same way as health and safety officers. This can be a great way of scaling up your awareness-raising, improving two-way communications between the infosec team and the rest of the organisation, enhancing security without needing a big budget and improving the likelihood of an employee reporting an incident. But, building and maintaining a champions programme from scratch can feel daunting. It's also very important to align a champions programme with your company culture, which means you need to understand your current culture, how long culture-change can take and what elements of culture will be impacted by a champions programme. That’s where we come in! In this talk, Kevin Millwood and Jessica Barker will use their real-world experience of champion programmes to outline:

· Why a champions programme can be such a good idea for cybersecurity
· Steps you can take to establish a champions programme from scratch
· Why cybersecurity culture matters, including defining what we mean by "cybersecurity culture"
· How you can get busy people to become security champions when it is not part of their day job (and they won’t get paid for it)
· Ways to monitor the effectiveness of your champions programme
· What some of the pitfalls of a champions programme are, and how to avoid them

If you’re interested in the human side of cybersecurity and you want to make people the strongest link in your security, this is the talk for you.

Speakers

Kevin Millwood

Cyber Risk Manager, Hargreaves Lansdown

Kevin Millwood has over 11 years of leadership and hands on experience across IT and Security across various sectors. Currently holding the post of Cyber Risk Manager for Hargreaves Lansdown, Kevin looks after a strong team security team, which includes around 80 Security Champions... Read More →

Jessica Barker

Co-Founder and co-CEO, Cygenta

Dr Jessica Barker is a leader in the human nature of cybersecurity. She has been named one of the top 20 most influential women in cyber security in the UK and in 2017 she was awarded as one of the UK’s Tech Women 50. She is Co-Founder and co-CEO of Cygenta, where she follows her... Read More →

Wednesday June 5, 2019 14:00 - 15:00 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Speaker

14:00 BST

We take your security seriously. Or do we?

In this talk, we discuss the lengths some organisations go to, in order to protect personal data, as opposed to those that say they do, once the personal data they were responsible for has been flooded onto the Web. It's a tale of breach after breach after breach, laced with some hope that certain firms are at least trying to do the right things. We all make mistakes, but we should at least give it our best shot at avoiding doing so. There'll be humour and music, as well as a very clear message that while many firms are doing the right things, there's a long way to go. The Beer Farmers will combine to deliver something hopefully entertaining, as well as current and educational.

Speakers

The Beer Farmers

Lying down somewhere., The Beer Farmers

The Beer Farmers is a parody infoSec rock band, formed by Mike Thompson, John Opdenakker, Ian Thornton-Trump, Sean Wright and Andy Gill. Our mission is to help the infoSec community take itself less seriously, bring some fun, while at the same time help focus on the important things... Read More →

Wednesday June 5, 2019 14:00 - 15:00 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Speaker

14:00 BST

ISIS Online: Junaid Hussain

This talk examines the online tactics of Junaid Hussain (Aka TriCk) as a hacktavist and later as a member of ISIS.

The talk will cover:
- Hussains hacking abilities
- The hacks he and his crew perpetrated
- How Hussain transferred his knowledge to propagandising for ISIS
- Hussains role in ISIS’ propaganda and recruitment efforts

The main aim of the talk is to discuss how Hussain utilised his hacking skills and their effectiveness in relation to ISIS’ objectives.

Speakers

Michael Jack

Former @AbertayHackers Vice Gaffer. Purveyor of macOS security & tequila. @0xmachos

Wednesday June 5, 2019 14:00 - 15:00 BST
Track 3 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 3, Speaker

14:05 BST

Working Title: Bug Bounties: More than Meets the Eye

Bug Bounties have this WD40 aura that they are **the** solution to an organisation's external security; however, there is a sweet science beyond publishing a scope. By the end of this talk (hopefully) you'll be able to answer: Do more eyes necessarily mean the better? What are the intricacies to project-specific and non-project-specific hunters? And most quizzically what does the city of St Petersburg have to do with Bug Bounties?

Speakers

Jamie O'Hare

Wednesday June 5, 2019 14:05 - 14:20 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

14:25 BST

Mission assurance in closed, proprietary Systems

Bespoke networks and bespoke systems, especially air-gaped systems, aren't subject to the same threat vectors as classic systems. I've come up with a way to conduct an assessment of the security of proprietary systems which aren't connected to the internet.

Speakers

Josh de Boer

Wednesday June 5, 2019 14:25 - 14:40 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

14:45 BST

Aletheia: GPU accelerated file carving

This talk will be a brief summary of my Dissertation regarding the use of General Purpose Graphical Processing Units (GPGPU) for file carving.

Current open source tools for file carving are disappointingly slow (Scientifically proven) and there is plenty of methods that can be used to improve it. I will ensure to introduce this topic in a manner that caters to all level of skill in the subject area; followed by a disucssion of the improvements that have simply not been applied to this neiche use case and my attempts to introduce them.

Speakers

Corey Forbes

Wednesday June 5, 2019 14:45 - 15:00 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

15:00 BST

Closed for Business: Taking Down Darknet Markets

Darknet markets come and go for various reasons. Over the last several years we've seen law enforcement take down several of the largest darknet markets to ever exist on the dark web. In a story that involves multi-national cooperation, death and deception, this talk will look at the fascinating story behind Operation Bayonet and the seizure and subsequent takedown of AlphaBay and Hansa. It will also cover the subsequent closure, in April 2019, of the leading darknet market, Dream.

Speakers

John Shier

Senior Security Advisor, Sophos

John Shier is a Senior Security Advisor working in the office of the CTO doing research into all manner of threats and security issues. John is passionate about communicating and popularizing security concepts and technologies to customers, partners, and the public at large in an... Read More →

Wednesday June 5, 2019 15:00 - 15:45 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Speaker

15:00 BST

Hacking RF: Breaking what we can't see

An often over looked aspect of security is what happens when information is moving magicly from one device to another with no wires. we know this as (usually) WiFI or Bluetooth and any attacks are based off only these methods. but when you widen the concept of wireless communication. a lot more tools become available

Speakers

Grant Colgan

Grant has had years experience working with radio communications and currently works as a technical consultant within the cyber security space. His real passion however is Radio and using radio communication techniques and tools to find and exploit vulnerability in common communication... Read More →

Wednesday June 5, 2019 15:00 - 15:45 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Speaker

15:05 BST

The Keymaker

The Keymaker - a tool for creating access tokens for Service Providers using stolen ADFS signing certificate and a private key. Although the idea and methodology been around for a while there is limited previous work related to obtaining certificates and keys and signing requests with them.

Organizations are increasingly moving into the cloud. If we can obtain ADFS signing keys we can sign our own requests to Service Providers and get unrestricted access to the services. In case of Amazon Web Services, we even can assign ourselves any role in the request. This also gives us persistence as we don’t need to be on the network if we want to access emails, SharePoint, etc.

The Keymaker is a Python server which will run locally on our machine. Instead of making a request to Identity Provider, The Keymaker will capture the forwarded request and sign it without any interaction from the Identity Provider.

I will briefly go through what ADFS is, what processes are involved in getting access tokens and why we are interested in them. I will show example of access tokens and show a small demo of the tool with couple of notes on possible mitigation.

Speakers

Maksims Luferovs

Max specialises in Red Teaming and Pen Testing at KPMG. He is involved in security research of recent breaches, vulnerabilities and exploits. In his free time he likes participating in CTFs and coding challenges.

Wednesday June 5, 2019 15:05 - 15:20 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

15:25 BST

Forensicating Windows Artifacts: Investigation w/out Event Logs!

When dealing with security incidents, hackers tend to wipe their digital footprints to avoid being detected. Normally, they wanted to wipe event logs, so it would be hard for incident responders / forensicators to detect what exactly they did on the compromised machine. As a security professionals working in investigation like this, what would you do once the event logs got wiped? That's why windows artifacts are there to help us investigate and conduct forensics to know what happened before and after compromising the windows machine. On this talk, I'm going to show you the importance of windows artifacts such as prefetch files, registry keys, link files, browser artifacts, shell bags,etc. I will also show you the tools that I've been using in order to get the best out of it during forensics investigation. This lesson is very important specially to those people working in SOC environment, incident responders, and digital forensics investigators.

Speakers

Renzon Cruz

Renzon is a young security professional who works as a Senior Security Analyst and part of National Cyber Security Operations Center (NCSOC) in Doha, Qatar that performs threat hunting, incident response and digital forensics. Prior to that, he was a security consultant with the largest... Read More →

Wednesday June 5, 2019 15:25 - 15:40 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

15:45 BST

Break

Speakers

N/A

Wednesday June 5, 2019 15:45 - 16:00 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Break, Coffee

15:45 BST

Break

Speakers

N/A

Wednesday June 5, 2019 15:45 - 16:00 BST
Track 3 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Break, Coffee

15:45 BST

Break

Speakers

N/A

Wednesday June 5, 2019 15:45 - 16:00 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Break, Coffee

15:45 BST

The Definition of Madness

We keep seeing the same old mistakes and the same old issues. Isn't the definition of madness doing the same thing over and over expecting a different result? We need to change the approach, remove the elitism and make Infosec available to all.

Speakers

Ian Davies

Wednesday June 5, 2019 15:45 - 16:00 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

16:00 BST

Inside Magecart - their web skimming tactics revealed

Magecart is an umbrella term given to at least a dozen cybercriminal groups that are placing digital credit card skimmers on compromised e-commerce sites at an unprecedented rate and with frightening success. In a few short months, Magecart has gone from relative obscurity to dominating international headlines and ascending to the top of the e-commerce industry's public enemy list.

Responsible for recent high-profile UK breaches of British Airways, Sotheby’s, Cancer Research UK and Vision Express UK in which its operatives intercepted thousands of consumer credit card records, Magecart is only now becoming a household name. However, its activity isn't new and points to a complex and thriving criminal underworld that has operated in the shadows for years.

In this session we'll cover the evolution of the groups from 2014/2015 to the present day, detailing their the current tactics and techniques used to compromise website JavaScripts.

Speakers

Terry Bishop

Technical Director, RiskIQ

Terry has over 20 years of experience in IT Security & Networking working with both private and public sector organisations to deploy and manage security solutions, in both technical and leadership roles. His experience ranges from the endpoint to enterprise wide monitoring for... Read More →

Wednesday June 5, 2019 16:00 - 16:45 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Speaker

16:00 BST

Offensive pcap

When writing malware, oftentimes we need a bit more flexibility (i.e. sneakiness) than the victim's "normal" network stack provides us. Perhaps we'd like to not worry about our source address being identified or maybe we'd appreciate not having to fiddle with host-based firewalls. Enter libpcap. Aside from powering tcpdump, it enables us to send and receive all sorts of strange (and hopefully invisible) network traffic we can use on the offensive side of things.

In this talk we'll first take a broad look at what libpcap is and what it can do for us, then we'll explore how to use it to do devious things like circumvent host-based firewalls, grab interesting info off the wire, ask system processes call us back with shells, and keep pesky EDR connections from happening. Source code for all of the techniques discussed in the talk will be made available.

Speakers

Stuart McMurray

Red Team, IronNet Cybersecurity

Stuart is a Red Teamer at IronNet Cybersecurity, where he focuses on development, Unix, and general Swiss Army knifery. He's been on the offensive side of security for six years, living off the land since before it was cool, and connecting between boxes in strange ways for the better... Read More →

Wednesday June 5, 2019 16:00 - 16:45 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Speaker

16:05 BST

Frida the "Hooker"

FRIDA is a bad girl who can do nasty things - not only she is a hooker but also an expert at manipulating and eavesdropping. In other words, FRIDA is a superb customizable dynamic instrumentation toolkit which can attach to processes and inject code, even detach without crashing them. It can be used for reverse engineering, hooking, monitoring function calls and can also be used as a special malware analysis tool. This talk will tap into these cases a bit further and gives a glance at the capabilities of FRIDA and the possibilities it offers.

Speakers

Barnabas Sztan-Kovacs

Barna (@cyb3rsk) is an enthusiastic cybersecurity engineer, wannabe hacker and infosec noob. Technical Innovation Advisor @ MRG-Effitas and ex-student of the best university IT security research group in Hungary.

Wednesday June 5, 2019 16:05 - 16:20 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

16:25 BST

Vendor data science buzzwords hacked

In this talk I will go through buzzwords commonly used by security vendors, explain what they mean from a data science perspective and give advice on how to treat them with a healthy dose of scepticism. Think "Artificial Intelligence", "Data Driven" and "Advanced Analysis". These terms can all describe important approaches that are used in security data science, but they tend to be used too freely, potentially with the aim of blinding security teams with science and avoiding giving too much away. After this talk the audience will walk away with an arsenal to decode these buzzwords and the knowledge to ask pertinent question to vendors to discover what their products are *really* doing under the hood.

Speakers

Thordis Thorsteins

Wednesday June 5, 2019 16:25 - 16:40 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

16:45 BST

A Newbie's talk on Mobile Dangers through the Looking Glass

A talk on the vulnerabilities and attacks that can be carried out using other devices such as a Raspberry Pi and USB-OTG accessories to infect rooted Android devices, such as inserting malicious files, including exploring the consequences of rooted devices. I am going to explore the possibility of rooting a device programatically using a Raspberry Pi and documenting any issues encountered when doing this. One use case being the new types of charging ports. Not all charging points require plugs, but merely a USB port where you plug in your cable using the USB connector... what if this wasn't just a port to charge your phone, but had a Pi behind it?
I would also like to look at the past vulnerabilities associated with other OS's like IOS

Speakers

Sarah Kingham

Wednesday June 5, 2019 16:45 - 17:00 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

16:45 BST

CyberRange: an open-source offensive security lab in AWS

The SecDevOps-Cuse/CyberRange aims to be an open-source offensive/defensive security project providing aspiring & experienced cyber security professionals a bootstrap framework. It serves to automate the creation of a private training lab in AWS. This talk reviews the project’s underlying technology components, identifies the dependencies, then outlines both use-cases & learning opportunities. The ultimate goal is to introduce a safe environment where security professionals work to expand their vulnerability management, cloud computing, & offensive security knowledge.

Speakers

Thomas Cappetta

Vulnerability Research Engineer, Tenable

Cappetta is a Vulnerability Research Engineer at Tenable, the world's best cyber exposure company.His technical career started in Enterprise IT Operations, at 2 of the world’s largest banks. He embraced the DevOps movement in 2009, then navigated through the Quality Assurance... Read More →

Wednesday June 5, 2019 16:45 - 17:30 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Speaker

16:45 BST

Spear Phishing: From Linkedin to Loggedin

Spear phishing is on the rise, and the more our lives are displayed online, the more information a hacker has to target us. This talk will describe our journey for a spear phishing attack, detailing how to pick and research vulnerable targets via social media, and then how to construct emails based on the information discovered.

We will use real-life case studies from social engineering engagements, supported with statistics from the attacks and the resulting real-world consequences.

After this talk attendees will understand:

The effectiveness of social media in planning spear phishing attacks
How to recognise common spear phishing attack vectors
How to protect themselves and their organisation against spear phishing

Speakers

Alex Archondakis

Pentest People

Alex is a published blog author for the British Computer Society - Internet Specialist Group, from a programming background and originally self taught in Cyber Security. Currently working as a Senior Consultant for PentestPeople. Alex has spoken at Securi-Tay and taught a workshop... Read More →

Wednesday June 5, 2019 16:45 - 17:30 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Speaker

17:05 BST

Automation in application security

Most of security efforts are based on mitigation, detection and forensics, but little is done to prevent an attack from an application point of view. This talk will explain what can be done to to prevent an attack against an application and why automation is your best friend

Speakers

Javier Dominguez

Since I was a child, I had the weird ability to break anything that I touched, so finally I have found a way of making good use of my skills as an application security engineer.Twitter: @_JaviDR_

Wednesday June 5, 2019 17:05 - 17:20 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

17:30 BST

Closing Ceremony

Welcome address from the crew

Wednesday June 5, 2019 17:30 - 18:00 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

17:30 BST

Closing Ceremony

Welcome address from the crew

Wednesday June 5, 2019 17:30 - 18:00 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Speaker

17:30 BST

Closing Ceremony

Welcome address from the crew

Wednesday June 5, 2019 17:30 - 18:00 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Speaker

17:30 BST

Closing Ceremony

Welcome address from the crew

Wednesday June 5, 2019 17:30 - 18:00 BST
Track 3 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 3, Speaker