Security BSides London 2018: Full Schedule

Security BSides London, the UK’s biggest community-driven infosec conference is happy to announce its 8th iteration open to all regardless of background, skill level, income or job-title.

Doors to the main event open at 8.30am with talks starting at 9am on 6 June 2018
Workshops will be held on 5 June 2018 starting at 10am; Pre-registration is required

Please remember that Security BSides London has a strict code of conduct available here.

10:00 BST

I’ve got 99 problems but a pin ain’t one

In this workshop we’ll be covering certificate pinning (some focus on mobile applications). We’ll be discussing trade-offs of different pinning strategies, and how they can be bypassed. There will be a significant practical component covering what was discussed.

* Introduction
* What is certificate pinning?
* Why should you always pin?
* Where and what to pin?
* So… how should you pin?
* iOS
* Android
* Exercises (all involve bypassing certificate pinning)
* Patching / Re-packaging / Re-signing an Android APK
* Code review
* Runtime instrumentation with Frida

**Requirements**

"Students will need a system (*NIX or Windows) with the following installed and working:
* ADB
* unzip
* zipalign
* apktool
* jd-gui (or your Java decompiler of choice)
* dex2jar
* frida (pip install frida; frida –version)
* Burp Suite (or your HTTP proxy of choice)
* Text editor of your choice
* Genymotion Android Emulator
* If you can, bring your own rooted Android device (anything above 5.1 should work)

Speakers

Jose Lopes

I'm a Senior Security Consultant at Nettitude Ltd. I specialise in application and software security – mainly mobile applications and thick clients. My interests include reverse engineering, privacy, and going fast on motorcycles.

Tuesday June 5, 2018 10:00 - 12:00 BST
Workshop 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Workshop

10:00 BST

Red teaming: Better defence through offence

The workshop will give the audience a good understanding of some of the techniques which can be used to teach organisations how to make both their buildings and their IT estate more secure. This will be achieved by demonstrating how building access systems, organizational processes and people's habits and actions can create weak spots which can then be exploited by criminals. The workshop will focus on showing the techniques used by criminals in order to gain access to infrastructure or to defeat security mechanisms.

Speakers

Tom Van de Wiele

Tom Van de Wiele is Principal Cyber Security Consultant at F-Secure with 15 years of experience in information security. He specializes in red team operations and targeted penetration testing for the financial, gaming, and service industries. When not breaking into banks, Tom acts... Read More →

Tuesday June 5, 2018 10:00 - 12:00 BST
Workshop 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Workshop

10:00 BST

Writing effective Penetration Test Reports

In this workshop, we'll aim to cover the following:
1. What does a good pentest report look like?
2. Common things that should be factored in while writing a pentest report. We will cover typical structures, coverage and depth on each.
3. Writing crisp and effective executive summaries, which appeals to both a technical and non-technical audience.
4. Providing the right level of detail for a technical person to understand the attack scenario and take action.
5. Leveraging tools such as a Dradis to help us become more efficient at reporting.

**Requirements**
A laptop is recommended.

Speakers

Vinayak Ram

Vinayak is an Associate Director at Protiviti, where he heads up the Technical Security Practice in the UK. Vinayak has 10+ years of broad ranging experience in Information Security across multiple domains. He is passionate about bridging the “understanding gap” between technical... Read More →

Tuesday June 5, 2018 10:00 - 12:00 BST
Workshop 3 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 3, Workshop

10:00 BST

My log obeys commands - Parse!

Vendor content isn't always enough - log formats change, new products arrive and you can't always wait or pay the arm and leg for professional services. Learn the basics of turning logs from raw data to structured information.
- Expand your knowledge of regular expressions
- Try it out with some common log formats
- Discover re-usable patterns
- Prioritise key data

**Requirements**
Laptop with virtualbox

Speakers

Joash Lewis

Who am I and why should you listen to me about log parsing?For the past 4 1/2 years I've been a Security Operations Centre Analyst.I've worked with some pretty big SIEM installations (hundreds of millions of events per day) for some pretty big organisations (NATO, for example).Along... Read More →

Tuesday June 5, 2018 10:00 - 12:00 BST
Workshop 4 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 4, Workshop

12:30 BST

Hacker Academy

Go hack yourself: This workshop will help to develop your understanding and practical application of awareness training with the intention of making awareness training far more relevant, effective and memorable by applying a combination of communication, motivation and metrics.

In this workshop we will teach the participants what it takes to develop a strong foundation in which to roll-out organisational wide awareness training – starting with hacking your Board/ leadership team!

**Requirements**
Optional: Laptop with 2 VMs available (1 Kali and 1 Windows 10)

Speakers

David Prince

David Prince is a deeply passionate cyber security expert, who takes a human focused approach to minimising risks. David has considerable experience and demonstrated success in designing and delivering cyber and information security strategies for a variety of businesses and private... Read More →

Zoë Rose

Zoë Rose is a highly regarded hands-on cyber security specialist, who helps her clients better identify and manage their vulnerabilities, with embed effective cyber resilience across their organisation. Whilst retaining deep technical expertise, Zoë has developed extensive experience... Read More →

Tuesday June 5, 2018 12:30 - 14:30 BST
Workshop 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Workshop

12:30 BST

Intro to Heap Exploitation

The workshop’s main goal is to put students up to speed on understanding the concepts of how the heap works on Linux (more specifically, the ptmalloc2 allocator) and correlating such knowledge to the basic exploitation primitives used on Linux Heap Exploitation.

**Requirements**
A laptop able to run a VM/Docker image

Speakers

Javier Jimenez

Javier is a security analyst at SensePost with around 3 years of experience in the industry. He has a passion for exploit development and fuzzing and has contributed to find bugs in software such as Apache Server, Acunetix, GNU NetCat and others.

Tuesday June 5, 2018 12:30 - 16:30 BST
Workshop 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Workshop

12:30 BST

How To Be A Ghost: Developing Operational Security (OPSEC) for security researchers

In the security community, most threat researchers are conducting research in an insecure and time-consuming environment. Whether intelligence is gathered from private communications over an IRC server or postings on an underground forum, researchers must be able to identify, document, and disseminate their findings quickly and without compromise. Having a secure and monitored enterprise covert communications framework in place will allow your researchers to focus on producing finished intelligence. In this workshop, we will discuss everything from creating/securing system architecture to developing methods for automation, all while staying protected.
The speakers will begin by detailing virtual server presence and configurations for virtual machines. The systems will be setup properly with tools and services commonly required by researchers. Network communications and anonymization techniques will also be covered in depth. This includes best practices for buying online services with Bitcoin and cash, the caretaking and sharing of online personas, and demonstrations on how actions done on a website, IRC server, forum, or gaming chat room can be tracked back to the researcher. Counter-log activities, the integration of mobile/social platforms, and legal implications/nuances will also be discussed.
The Advanced Programs Group within McAfee has experience in conducting sensitive and timely investigations in an enterprise environment. APG’s lessons learned in creating and maintaining these systems can assist research teams of any size in their endeavor to be more secure and deliver timely intelligence.

Speakers

Rhett Greenhagen

Rhett Greenhagen has worked in the NetSec/IC for over a decade. He specializes in open source intelligence, cyber counter-intelligence, profiling, exploitation, malware analysis, and technical research and development. Career highlights include Primary Forensic Investigator for the... Read More →

Jean Yav

Jean Yav (@projekrex) is a Security Engineer at one of the world’s largest dedicated security technology companies. He has spent the last fifteen years supporting blue team operations in the healthcare and nonprofit industries. Jean Yav’s official billets have included System... Read More →

Tuesday June 5, 2018 12:30 - 16:30 BST
Workshop 3 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 3, Workshop

12:30 BST

Do you even sniff, Bro? An Introduction to Bro IDS

An introduction into Bro IDS, a brilliant open source gem in the Blueteam detection arsenal.
We'll cover best practise for architecture and implementation, after that it'll be hands on with Bro. Getting deeper we'll analyse some traffic, explore RDP coming from the outside the network, domain frequency for exfil/malware, top ports/talkers etc. We'll show some easy wins and give you useful tips that you can use in your own environment.

Demos, exercises and the material will be available on Github for further exploration.

**Requirements**
Laptop, complete with virtualbox. Should have a basic understanding of networks.

Speakers

Michael Eriksson

Michael Eriksson is a Senior Cyber Security Specialist in Sophos, responsible for global network attack detection systems, protecting Sophos' networks.

Craig Jones

Senior Manager - Security Engineering, Sophos

Craig is Senior Manager of Security Engineering in Sophos, responsible for detection engineering, IR and security infrastructure.@albanwr

Tuesday June 5, 2018 12:30 - 16:30 BST
Workshop 4 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 4, Workshop

15:00 BST

BLE Hacking - From Wearables to Insertables

Internet of Things devices are everywhere now; in part due to the influx of cheap devices from China and easy to construct boards. Most of these devices now communicate using the low power and ubiquitous Bluetooth Low Energy protocol (BLE).

In this workshop we will be taking people through BLE from how it works, on to how to replay messages and progressing onto more complex attacks such as intercepting the traffic from the BLE module onboard the device and reading out the chip’s firmware. The core aim will be to give both an understanding of how to hack the hardware itself, and how that fits into the larger context of practical attacks on devices.

Covering: Bluetooth Low Energy, Hardware Hacking

**Requirements**
Nice to have: a laptop plus a BT4 dongle

Speakers

Mark Carney

Security Research Labs

Hacker & Math guy, formerly a Musician; Having started out on helpdesk in a software firm, then becoming violinist with a degree in Music w/ Philosophy via being a DBA for a firm, Mark then went on to do an MSc and now full-time PhD study in Mathematics. This rounded off several years... Read More →

David Lodge

Is a grumpy Yorkshireman who has been doing this sort of stuff for too long. Pen tester by day, pretender at hardware by night. Likes taking stuff apart, but is unable to get it back together afterwards. He is one half of the Nikto team and has presented at several cons.

Tuesday June 5, 2018 15:00 - 17:00 BST
Workshop 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Workshop

09:00 BST

State of The Net

Technology around us is changing faster than ever. We've already become dependent of our digital devices, and this is just the beginning. As connected devices open new opportunities for imagination, they also open up new opportunities for online criminals. What can we do?

Speakers

Mikko Hypponen

Wednesday June 6, 2018 09:00 - 10:00 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Keynote

09:00 BST

State of The Net

Speakers

Mikko Hypponen

Wednesday June 6, 2018 09:00 - 10:00 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Keynote

09:00 BST

State of The Net

Speakers

Mikko Hypponen

Wednesday June 6, 2018 09:00 - 10:00 BST
Track 3 (upstairs) ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 3, Keynote

10:00 BST

Hacking SCADA - How We Attacked a Company and Lost them £1.6M with Only 4 Lines of Code

Hacking SCADA, or more commonly ICS is serious business, unlike other areas of offensive security one mistake can cost lives. Mike and Matt will present their ICS research, walk through caveats, protocols and show some demos. We will also show how you can start researching industrial systems safely and cover what you need to know to not get someone killed. We will also share the story and method behind how we cost a company £1.6M in lost earnings with only 4 lines of code. We will not be showing exploit code as we believe given what's at stake, it's highly irresponsible, what we will do is give responsible researchers the knowledge they need to get involved and start helping to secure critical infrastructure.

Speakers

Matt

Head of R&D, Insinia

Matt (@sekuryti) is currently head of R&D at Insinia Security. Matt's previous roles included senior penetration tester and researcher at SecureLink, Europe's largest managed security services provider and Operational Security Specialist at Ikea overseeing worldwide Operational Security... Read More →

Mike

Director, Insinia

Mike (@mikeghacks), Director of INSINIA Security, started life as a “hacker” before he had hit his teens. Mike has a professional background in Electro-technical / Electro-mechanical Engineering and almost 20 years’ experience in building and breaking computers.Mike offers a... Read More →

Wednesday June 6, 2018 10:00 - 11:00 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Speaker

10:00 BST

Urban Air Mobility (UAM)

The advancement of Unmanned Aerial Vehicles / Systems has matured at a rapid rate. There is an increase popularity in market trends towards the concept of Urban Air Mobility (UAM) with the socialization of autonomous vehicles. The Urban Air Mobility (UAM) industry will face similar threats to already unresolved airport SCADA threats/vulnerabilities. Their cybersecurity vulnerabilities are similar to autonomous vehicles, since they both rely on sensors for navigation, acceleration, and obstacle avoidance. The presentation will review the feasible multi-vector attacks and impact for Urban Air Mobility (UAM) using the following components - Sensor Spoof, Electro Magnetic Interference, LiDAR Vulnerability, Acoustic Attack, Accelerometers Sensors, Gyroscopes. Countermeasures remain a challenge in the Urban Air Mobility (UAM) space industry presenting a new threat to the aeronautical community.

Speakers

Candice Carter

Imperva

Over 15 years of Risk Management, Information Security, Cyber Intelligence, Counterintelligence and Cyber Forensics experience. Conduct Classified/Unclassified briefings in the areas of Terroristic Cyber Capabilities using Social Media and Counterterrorism for the Intelligence Community... Read More →

Wednesday June 6, 2018 10:00 - 11:00 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Speaker

10:05 BST

Rushing to Market: The IoT without Security

An review of two IoT devices I have examined and found security vulnerabilities in (unreleased). The vulnerabilities and general design indicate that the manufacturers had little awareness of cyber security principles, and perhaps rushed them to market without appropriate security review.

Speakers

James Winstanley

Wednesday June 6, 2018 10:05 - 10:20 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

10:15 BST

Working with and thoughts from an internal recruiter

Tom Williams from Context and Dan Dale from Tenable are both internal recruiters for their respected business's, they will be covering off how they and their companies hire, what they look for, various processes to get and attract talent as well as some industry insights with time for Q&A at the end

Wednesday June 6, 2018 10:15 - 11:00 BST
Lightning Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Career, Job Hunting

10:25 BST

Breaking the Bodyguards: Tech Enabled Crime

This talk looks at how modern day criminals are capable of using technology against Close Protection Operatives and how this could spell danger for the high net worth individuals they are employed to protect.
The presenter (Former CPO turned DPO) undertook a practical investigation into the CP industry and tells you the story of how she found the weak spots and what it is like to protect the protectors.

Speakers

Chrissy Morgan

Wednesday June 6, 2018 10:25 - 10:40 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

10:45 BST

Understanding your business risks are key

Each business faces different risks, understanding what is important to your business helps to shape what mitigation's are important for you to put into place, risk awareness is a key strength

Speakers

Paul Holland

Information Security Leader, Hiscox

Paul is a seasoned information security and risk expert of over 15 years and a CISSP. He has worked in a number of different businesses, giving him a wide breadth of knowledge and experience to draw from. Some of these include KPMG, BP, Lloyd's Bank, Ford Motor Company, Pearson, Lloyd's... Read More →

Wednesday June 6, 2018 10:45 - 11:00 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

11:00 BST

Break

Wednesday June 6, 2018 11:00 - 11:15 BST
Track 3 (upstairs) ILEC Conference Centre 47 Lillie Road London SW6 1UD

Break, Coffee Break

11:00 BST

Break

Wednesday June 6, 2018 11:00 - 11:15 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Break, Coffee Break

11:00 BST

Break

Wednesday June 6, 2018 11:00 - 11:15 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Break, Coffee Break

11:00 BST

Working with and thoughts from a recruitment agency

Ryan King from Hawker Chase/ARM and Dan Hathaway from Secure Source have 30 years industry experience between them and will give insights into what a recruiter looks for and how they do it, mythbusting and some advice on finding that next role and some industry insights.

Wednesday June 6, 2018 11:00 - 11:45 BST
Lightning Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Career, Job Hunting

11:15 BST

OpSec for Hackers - What You Need to Know to Not Get Caught, Leveraged or Pwned

They say Crypto is hard, OpSec is harder. This talk will combine proper operational security techniques with Porthunters experience in the field, you will walk away with practical OpSec know-how and ideas on how your operations can be more secure. We will cover the heros, loosers and funny stories from the world of OpSec.

Speakers

porthunter

Porthunter has worked in OpSec and offensive security roles for some of the worlds largest corporations. Porthunter is a guest lecturer on offensive security at Malmö technology university, a keen CTF player (xil.se) and founder of FR13NDS (Global Hacker Collective). Porthunter now... Read More →

Wednesday June 6, 2018 11:15 - 12:15 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Speaker

11:15 BST

Defending the Defenders: Case studies of success and failures from a security team

Defending an organisation from all threats, be they physical, personnel, or cyber, is not easy and every organisation has it's own challenges. MWR is a security company itself and is lucky to have large numbers of security experts, however, they are generally all busy and cannot give limitless time to internal causes. As such, like many organisations, the internal security team at MWR has had to work out how to push security out to other teams, make the absolute most of expert time that we can, automate as much as possible and bring the rest of the company along for the ride. This talk will cover lessons learnt, successes and failures and what other teams could be trying.

Specifically the talk will cover:
- Turning ad-hoc good efforts into a formal security programme using CPNI Passport to Good Security
- Reducing the time to make security decisions
- Managing the human side of security
- Security communications
- Making effective use of skilled time
- Applying the NCSC end user device guidance and other patterns
- A framework for remotely assessing SaaS providers
- Getting the best out of SOC analysts

Speakers

David Chismon

MWR InfoSecurity

David Chismon is an Associate Director at MWR InfoSecurity. In his consulting time he works with organisations in high risk sectors to help them measure and improve their preparedness for attacks. He sits on MWR's internal security team and helps to coordinate Defensive Research within... Read More →

Wednesday June 6, 2018 11:15 - 12:15 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Speaker

11:15 BST

Mr Sandman: Timelock puzzles for attack and defence

Delayed execution is a concept of significant interest to attackers, who seek to use it so that their malware is able to bypass the analysis period of sandboxes and antivirus emulators. Historically, techniques used to delay execution have included Windows API calls, and short, simple loops involving assembly, counters, or loading libraries. However, security tools are increasingly able to detect and prevent these techniques, using methods such as accelerating time, returning false tick counts, intercepting API calls, and performing multipath execution. As a result, attackers are constantly striving to find new and creative ways to delay execution. Delayed execution is also of some interest to defenders, who try to implement it, in either manual or automated solutions, in order to frustrate the attack models of bots, botnets, and spammers.

Enter the timelock puzzle - a relatively unknown cryptographic construct whereby a puzzle is presented, the solution to which requires a certain amount of time or computational effort. Historically, timelock puzzles were proposed for benign applications, such as sealed auction bids, escrow, and the timed release of confidential information. However, they provide an interesting method of delayed execution which to date has been underexplored in security research, particularly as an offensive methodology. Specifically, they may present a significant challenge in malware detection and analysis, particularly for automated solutions such as sandboxes.

In this talk, I cover the history of timelock puzzles and their proposed applications for offence and defence, and examine some case studies. I then demonstrate several timelock puzzles which I have developed, including some novel constructions, and show through demonstrations how they can be weaponised - including both process hollowing within executables, and within VBA macros. For each construction, I explore the advantages and disadvantages for both attackers and defenders, and explain how they work, and why. I then turn to prevention and detection, presenting a heuristic model for generic detection of timelock puzzles, and cover the defender's perspective in the form of attacks against timelock puzzles, including parallelisation, predictability, and enhanced computational processing.

I then cover the challenges and feasibility of using timelock puzzles for good, discussing some of the models presented in previous work and a real-world case study where timelock puzzles could have been used to significant effect, break down a proof-of-concept defensive timelock puzzle I created, and some of the issues identified with it from an attacker's perspective.

Finally, I assess the practicality of timelock puzzles for both attack and defence, share some lessons learned from this research, and outline suggestions for future research in this area.

Speakers

Matt Wixey

PwC

Matt leads on vulnerability R&D for the PwC Cyber Security practice in the UK, working closely with the Ethical Hacking team, and is a PhD candidate at UCL, in the Department of Security and Crime Science and the Department of Computer Science. Prior to joining PwC, Matt led a technical... Read More →

Wednesday June 6, 2018 11:15 - 12:15 BST
Track 3 (upstairs) ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 3, Speaker

11:25 BST

How to: Actually attack computers at cafes

The information security industry has claimed that unencrypted WiFi is a bad thing for a long time. This talk looks at the discoveries I made whilst trying to show this in a modern setting. Ultimately, the techniques aren't that new - I show that it is possible to capture NetNTLM hashes when presented with Man-in-the-Middle conditions - however, it turns out it isn't as simple as I first thought. The tool that I coerced into existence as part of this research is freely available online, and I hope that one day further developments can be made on it.

Speakers

Felix Ryan

Felix is a freelance penetration tester and security consultant, he has been a geek since he was a child, and though life keeps him busy, he is happiest when doing something techie (but don't tell his wife as she would disagree). He has had the great fortune of getting a distinction... Read More →

Wednesday June 6, 2018 11:25 - 11:40 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

11:45 BST

Web browsing from the car, what's the worse that can happen?

Car hacking and the discovery of a vulnerability in a In Vehicle Infotainment Unit, showing the process of disclosure to the manufacturer and their response.
Also the further work I am doing to see if the vulnerability could be exploited more than just the issues originally found, some tips on how others could ‘hack’ there IVI. In the process of building a car on the bench for other car hacking.
My website is www.mintynet.com and my twitter handle is @mintynet

Speakers

Ian Tabor

Wednesday June 6, 2018 11:45 - 12:00 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

11:45 BST

Career Track - What Hiring Managers look for and the industry (Talks from Sophos and KPMG)

Criag Jones, Senior Security Engineering Manager from Sophos and William Barlow, threat assessment and response manager from KPMG will give their insights in what they look for in a candidate, how they review CVs through to onboarding, their tips for getting into or advancing in the industry with time for Q&A at the end.

Speakers

Craig Jones

Senior Manager - Security Engineering, Sophos

Craig is Senior Manager of Security Engineering in Sophos, responsible for detection engineering, IR and security infrastructure.@albanwr

Wednesday June 6, 2018 11:45 - 12:30 BST
Lightning Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Career, Job Hunting

12:05 BST

From n00b to 1337: A CTF Story

This talk will be about how CTFs are used in and are apart of the InfoSec culture and how they have helped people like me dive head first into the industry. It will cover personal experiences from CTFs, alongside how they have helped me go from a complete Rookie (who didn't even know how to install Kali!) to Team UK representative for the European Cyber Security Challenge and budding security professional. CTFs are a unique concept, and are not only a great challenge for those in industry - but a fantastic learning tool for those just starting in information security. The versatile use of CTFs allows people from all experiences and backgrounds to come together and share a common ground - which is a concept I will also be talking about.

Speakers

Sophia McCall

Wednesday June 6, 2018 12:05 - 12:20 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

12:15 BST

OODA Loops: Ctrl+Break the Attack Cycle

The OODA (Observe – Orient – Decide – Act) loop is a conceptual model of human decision-making that we all use whether we are aware of it or not. Originating in military strategy, it is especially relevant when two parties have opposing goals as it makes it possible for one side to exploit flaws in their adversary’s decision making process; conversely, understanding the OODA loop allows one to protect the integrity of one’s own decision making.

This talk will briefly introduce the concept of OODA loops and explain why they are both relevant and useful in an infosec context through a number of case studies showing how the model can be applied to real-world attacks. It will describe typical OODA loops used by both attackers and defenders then explain how attackers’ OODA loops can be disrupted to reduce dwell time and frustrate them in achieving their objectives.

Speakers

Abel Toro

Forcepoint

Abel Toro is a Security Researcher with Forcepoint Security Labs' Special Investigation team focusing on reverse engineering, malware analysis and threat intelligence especially tracking existing groups, analysing their infrastructure and toolchain as well as uncovering new ones... Read More →

Wednesday June 6, 2018 12:15 - 12:45 BST
Track 3 (upstairs) ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 3, Speaker

12:15 BST

How to take over a production system in the cloud

One misconfigured line of code results in anyone in the world being able to destroy or take over a production system in the cloud...

Paul presents examples and demonstrations of real life cloud security issues based on his experience working on cloud migration projects and operational cloud applications for both public and private sector organisations.

He then discusses the root causes of these issues, and how best to mitigate cloud security risks, looking not only at technical controls such as automated testing and compliance enforcement, but also aspects such as knowledge, training, culture and organisational structure.

Speakers

Paul Schwarzenberger

Celidor

Paul is a Cloud Security Architect and DevSecOps specialist with 15 years experience leading a wide range of security engagements and cloud migration projects for customers across sectors including financial services, telcos, pharmaceutical, education, and UK Government.Paul has numerous... Read More →

Wednesday June 6, 2018 12:15 - 13:00 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Speaker

12:15 BST

BotProbe - botnet traffic capture using IPFIX

IPFIX is the ratified standard for flow export. IPFIX was designed for security processes such as threat detection, overcoming the known drawbacks of network management based NetFlow. One major enhancement in IPFIX is template extensibility, allowing traffic capture at layers 3 through 7 of the OSI model. This talk introduces IPFIX and describes the creation of BotProbe - an IPFIX template specifically designed to capture botnet traffic communications from the analysis of almost 20 million botnet flows. BotProbe realises a 97% reduction in traffic volumes over traditional packet capture. Reduction of big data volumes of traffic not only opens up an opportunity to apply traffic capture in new areas such as pre-event forensics and legal traffic interception, but considerably improves traffic analysis times. Learn how IPFIX can be applied to botnet capture and other security threat detection scenarios.

Speakers

Mark Graham

Anglia Ruskin University

Mark lectures in Information Security at Anglia Ruskin University, Cambridge. Mark's PhD was a novel application of IPFIX (the next generation flow protocol and RFC standard) towards capturing botnet traffic communications. This proof of concept is now undergoing commercialisation... Read More →

Wednesday June 6, 2018 12:15 - 13:00 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Speaker

12:25 BST

An approach to implementing a workstation host based firewall

How to pragmatically implement a host based firewall on workstations to 1) protect machines while off the corporate network and 2) prevent lateral movement while on the corporate network. How to build the policy, an example policy, how to ensure its effective (nmap, bloodhound etc) link it to the mitre attack framework, next steps etc.

Speakers

Matthew Bullimore

Wednesday June 6, 2018 12:25 - 12:40 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

12:30 BST

CV clinic

A number of volunteers will be around in this 30 minute session to either grab for 1 on 1 time or ask group questions on how to write a CV or review your CV

Wednesday June 6, 2018 12:30 - 13:00 BST
Lightning Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Career, Job Hunting

12:45 BST

Mitigating ROP Attacks

Return Oriented Programming (ROP) poses a significant threat to modern day systems as it is able to circumvent both traditional and more modern protection mechanisms such as antivirus, antimalware, Address Space Layout Randomisation (ASLR) and W⊕X/Data Execution Prevention (DEP). Large companies in the world of information technology such as Intel are actively researching ways in which ROP attacks can be mitigated emphasising e importance of research in this area. The talk is on my research to determine if a solution exists without the major caveats of current solutions such as access to source code, disassembly information and runtime overheads. My proposed solution ROPMit successfully mitigates ROP attacks without the caveats of other current research.

Speakers

David Baker

Wednesday June 6, 2018 12:45 - 13:00 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

13:00 BST

Lunch Break

Wednesday June 6, 2018 13:00 - 13:30 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Break, Lunch

13:00 BST

Lunch Break

Wednesday June 6, 2018 13:00 - 13:30 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Break, Lunch

13:00 BST

Lunch Break

Wednesday June 6, 2018 13:00 - 13:30 BST
Track 3 (upstairs) ILEC Conference Centre 47 Lillie Road London SW6 1UD

Break, Lunch

13:05 BST

Continued fractions and breaking RSA

Wiener's attack is a well-known attack on RSA, which applies when the private key is small relative to the modulus. I'll explain how it works, and about a concept called continued fractions which is central to the attack

Speakers

Edward Godfrey

Wednesday June 6, 2018 13:05 - 13:20 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

13:25 BST

Connecting the dots: A beginner's experience of threat actor tracking

This talk will cover two main topics: - An overview of a threat actor I have been tracking during my time working in PwC's Threat Intelligence team, known in the open source community as "Dark Caracal", and tracked by PwC as White Troll. - An look into some of the unique behaviours of White Troll, and how these can be used to track any newer activity.

Speakers

Keith Short

Wednesday June 6, 2018 13:25 - 13:40 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

13:30 BST

How I break into Casinos, Airports and CNI: The Basics of Social Engineering

This talk will be about the basics of social engineering into a client’s site/office. I think most SE talks focus on the more technical “human” aspects and I’m purposefully ignoring that side as I think the audience can often get scared by thinking they have to learn every facial micro expression to get into a client’s office successfully. So, I’m going to focus on the basics, how to perform reconnaissance, how to match dress styles, how to make up a pretext that fits your knowledge, how to get real staff to help you, what to do if you do get in, why you should interact with staff, why you should practice being observant, and why you should leave people feeling better for having meet you (Chris Hadnagy taught me this).

Speakers

Chris Pritchard

Pen Test Partners

Chris has worked in a range of industries, most notable of which are Critical National Infrastructure and leading edge design and manufacturing. Doing so has given him a huge array of knowledge, from penetration testing robot vacuum cleaners to designing and testing secure ICS/SCADA... Read More →

Wednesday June 6, 2018 13:30 - 14:00 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Speaker

13:30 BST

Hacking the Drones

Hacking the Drones will cover security issues of some of most popular drones and how to hack those drones. It will cover video demonstration on how to get complete access of Drones. This talk will also cover brief overview of drone laws on flying drones in UK. Thirdly, It will focus on GPS Spoofing techniques and how private drones are different from Military Drones and method used to hack private drones.

Speakers

Aatif Khan

Aatif Khan has over a decade of experience in cyber security and is deeply involved in the areas of Network and Web Application Pentesting, Risk Assessment, Malware Analysis and Exploit Research. Apart from consulting on Application Security and Penetration Testing, he has also delivered... Read More →

Wednesday June 6, 2018 13:30 - 14:00 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Speaker

13:30 BST

CVSS - The Good, The Bad and The Ugly.

Human nature looks for shortcuts and can lead to “lets focus on the critical and high vulnerabilities then we may be able to fix the others later” which is a classic cause of technical debt. From a simple logic perspective this makes sense but fails to address chained vulnerabilities that represent a high or critical vulnerability, but individually are less impactful. CVSS scoring has its place, but its not a pure numbers game when it comes to securing your systems, you need to think more like a hacker in defending your information.

At MoJ I break things and find out how secure systems really are, in Feb 17 I found a high severity vulnerability in a high end Cisco data centre device. This was a CVSS8.8 but became several low risk vulnerabilities when disclosed to Cisco through responsible disclosure.

Speakers

Greg Smith

Ministry of Justice

Greg currently works as for the Ministry of Justice where he is employed as a Senior Security Engineer within the Digital & Technology team, working closely with other government departments including GDS & NCSC. His role encompasses penetration testing, security monitoring and implementation... Read More →

Wednesday June 6, 2018 13:30 - 14:00 BST
Track 3 (upstairs) ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 3, Speaker

13:45 BST

Stop training, start marketing.

How To Engage Your Employees

Speakers

Jessica Payne

Wednesday June 6, 2018 13:45 - 14:00 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

14:00 BST

Deep Dive on the Dark Web

Regardless of skill, anyone with an internet connection can stitch together a complex attack with very little effort. Organisations must understand their adversaries, both skilled and unskilled, in order to protect against all manner of threats. This presentation will demonstrate the tools available for purchase on the dark web, how easy it is to acquire them and how they can be used to target individuals and organisations both large and small.

Speakers

John Shier

Sophos

John Shier is a Senior Security Advisor working in the office of the CTO doing research into all manner of threats and security issues. John is passionate about communicating and popularizing security concepts and technologies to customers, partners, and the public at large in an... Read More →

Wednesday June 6, 2018 14:00 - 14:45 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Speaker

14:00 BST

Learning The Ropes : Breaking into the Industry

For a lot of people, the industry of security is very exciting and there's always so many talks about how there's a skills shortage, we need more people! Well I saw the opportunity a few years ago and wrote a primer book on helping folks get into the industry, however 3400 copies later I've learned a lot more via reader feedback and want to give back some more to the community.

So with that said, this talk will take you on a journey of how I and many of my friends/followers/colleagues got into the industry, it will discuss the best ways to land your first job and how to effectively keep up with an ever-evolving landscape. It won't be a super technical talk but will touch on some technicalities of how to get through x and y.

Speakers

Andy Gill

Pen Test Partners

I am an old school hacker at heart, who's always been interested in taking things apart and sometimes even putting them together again(in-fact he spent a good 5 years in computer repair and data recovery). As my day job I work as a senior penetration tester but in my nights I can... Read More →

Wednesday June 6, 2018 14:00 - 14:45 BST
Track 3 (upstairs) ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 3, Speaker

14:00 BST

Graduate Career Panel

Panel discussion on graduate related issues such as Is SOC still the best entry level role, how to stand out from the crowd, skills shortages/where and how to fill the gaps, will you need to relocate.

Panel including Ryan King, Emma Gillman (SMarkets), Tushal Modessa (KPMG), David Chismon (MWR) and TBC

Wednesday June 6, 2018 14:00 - 15:00 BST
Career Track (upstairs) ILEC Conference Centre 47 Lillie Road London SW6 1UD

Career, Job Hunting

14:00 BST

The Insider - Users

What can your internal users do?

Over the years I have come to the conclusion that in most typical environments any domain user if they desired could gain full admin access, change or delete any data or machine if they desired to do so.

And would this be hard to accomplish?

No, typically it takes arround 30 mins to four hours, and worryingly sometimes even less time to gain full admin rights of a typical internal network domian.

So now consider your employee’s at work or students at a typical university, collage or school, they are already half way there with regards to the process required to exploit all, and why, because they have been issued with a standard domain account.

Without the constraints of time what could they achieve, have they already compromised accounts that belong to the domain administrative group?

And to those who hold accounts belonging to administrative groups, are you still in charge, or was your account compromised years ago?

Now this talk I will be presenting, I can guaranty you, that it will not be dull. If you love hacking this will be for you. I’m going to present how any user can compromise a typical network at any time they choose and then gain access to anything they wish internaly.

It will reveal common used techniques that I have personally used over the years, often these are simple techniques that could be used by anyone with a domain account or even without one.

What can disgruntled or malicious employees achieve, the answear to this will be detailed in full during the presentation.

I will be honest this talk will worry some, it’s going to reveal how simple it can be to go from a standard user account to owning everything in the domain in a very short time.

What are your users doing?

Speakers

Neil Lines

Raytheon

Neil Lines is a senior penetration tester working at Raytheon as a security consultant performing red team and social engineering engagements as well as traditional external, internal infrastructure and web application testing. He has over ten years’ experience working in IT with... Read More →

Wednesday June 6, 2018 14:00 - 15:00 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Speaker

14:05 BST

Structured analytical techniques for cyber security

Structured analytical techniques are commonplace in the intelligence and security community, but are yet to become commonplace in cyber security. They are designed to ensure that analytical processes are rigorous and free from bias, and that any findings are communicated clearly and accurately to readers. Based on my experience in threat intelligence, and broader cyber security, this talk will present an overview of some commonly used techniques, identify a number of quick wins for applying them to cyber security, and demonstrate the benefits they are able to bring. My aim is that attendees will leave with an appreciation of the importance and mechanics of some basic analytical techniques, and be able to apply these to their work in the field (and in doing so benefit the wider community)

Speakers

Gabriel Currie

Wednesday June 6, 2018 14:05 - 14:20 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

14:25 BST

Diggin Deep into Newly Created Domains

I ask "What can we learn about the current threat landscape from information derived from newly created domains, and how can we use this information?" This presentation goes through the process of data analysis, open source intelligence, and what recommendations I have.

Speakers

Andrew Freebrey

Wednesday June 6, 2018 14:25 - 14:40 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

14:45 BST

Threat Hunting 101 or: How I Learned to Stop Worrying and Love the data

A lot of people new to infosec see the sheer sexiness of red teaming and all the cool and interesting work that goes on within the world of offensive security. I'm here to show that blue teams are bringing sexy back. This intro to threat hunting aims to not only introduce people to the core ideas and concepts behind it, but to also show that blue teaming isn't just staring at dashboards or trawling through logs - it's about having multifaceted skills and flexing those devops muscles as well. I'm also going to be throwing in a short bit of a practical example as well to help show what the full power of a blue team can do.

Speakers

Brett Calderbank

Wednesday June 6, 2018 14:45 - 15:00 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

14:45 BST

Circumventing egress filtering by exploiting HTTP “transfer-encoding: chunked” for faster web shells

During a red team engagement we breached a web server that only allowed HTTP inbound and no outbound connections. While able to upload web shells, reverse shells were unable to establish a connection back to us and as all ports were firewalled, bind shells were not an option. Furthermore, the only existing tool we were aware of TUNNA proved to be too slow for practical
exploitation. In this talk we'll introduce ChunkyTuna, a web shell which allowed us to pivot through the compromised server and reach further into the target network. ChunkyTuna began as a reengineering of TUNNA which utilizes the "transfer-encoding: chunked" HTTP mechanism rather than a constant poll loop with request/response pairs. In effect ChunkyTuna piggybacks an existing HTTP connection to offer near direct access to either the STDIO streams of an arbitrary process or the IO streams of an arbitrary TCP port, in a manner similar to the streaming of a media file with unknown content-length.

Speakers

Lorenzo Grespan

Secarma Ltd.

I’m a computer scientist turned penetration tester; I’ve been a systems administrator, a developer and a project manager in medical robotics as well as researcher in computational neuroscience and evolutionary and adaptive systems. I like to solve interesting problems.

Wednesday June 6, 2018 14:45 - 15:15 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Speaker

14:45 BST

The (Great) Web Application Firewall: What Is It And Is It All That?

In this talk, I describe my firm's journey from having all of its (100+) web applications exposed to the internet with zero protection, our journey from a chronic DoS incident, through to a trial, error and final success story of holding back the bad guys. Is it perfect? No. In the talk I'll discuss the pros and cons.

Speakers

Michael Thompson

Zen Internet

I’m Mike and I’m an information security analyst, working for a mid-sized UK based telecoms and internet service provider. My role includes threat analysis and management, proactive web application, infrastructure and network security, as well as risk and compliance management.There... Read More →

Wednesday June 6, 2018 14:45 - 15:15 BST
Track 3 (upstairs) ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 3, Speaker

15:00 BST

Travel with Underground Services: ecosystem exposed

Unfortunately today, hackers and cybercriminals have holidays, days off and vacations too - and It is very unlikely for them not to employ their infosec and social engineering skills and to organize their travel. We will talk on how they have created their own ecosystem, that exploits literally all hospitality and travel industry for their own needs. This presentation covers underground activities related to the Travel and Hospitality industries, including Underground travel agencies, cheap flights, hotels, car rentals and unveils mechanisms and modus operandi for these services. This includes a variety of abuses, from business process compromises to credit card fraud and exploitation of vulnerabilities in traveling systems and mileage programs. With this talk we hope to bring more attention to the on-going criminal activities related to travel and hospitality industries.

Speakers

Vladimir Kropotov

Trend Micro

Vladimir Kropotov is a researcher with Trend Micro Forward-Looking Threat Research team. Active for over 15 years in information security projects and research, he previously built and led incident response teams at Fortune 500 companies and was head of the Incident Response Team... Read More →

Wednesday June 6, 2018 15:00 - 15:30 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Speaker

15:05 BST

Psychical Pentesting and how to catch them?

101 to psychical Pentesting and basic skills of using public sources to be successful and how to catch people carrying them out in your work place.

Speakers

April Jones

Wednesday June 6, 2018 15:05 - 15:20 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

15:15 BST

Breaking into Embedded Devices and IoT Security

Embedded devices and IoT have received a lot of bad press over recent years. The problem with embedded devices and IOT is that the ever-growing number of Internet connected devices greatly increases the chances of attackers achieving exploitation by discovering security weaknesses. For example, the Mirai botnet reached record breaking DDoS speeds in excess of 650 GBps back in 2016, by exploiting default logon usernames and passwords in commonly used home routers and Internet connected cameras.
This talk aims to cover how to get started finding and exploiting vulnerabilities in embedded devices and IoT. Along the way, the audience will learn some of the hardware and software tools of the trade, how to get started, common attack vectors, responsible disclosure, and how IoT overlaps somewhat with OT/ICS security challenges.

Speakers

Andrew Costis

LogRhythm

Andrew Costis (“AC”) is a Threat Research Engineer within the Labs team at LogRhythm. AC has over 17 years of professional experience working in various technical capacities. AC spends his days performing incident response, forensics, malware analysis and reverse engineering... Read More →

Wednesday June 6, 2018 15:15 - 16:00 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Speaker

15:15 BST

Experienced career channel - future of you

This will be a panel discussion with Q&A on the future of the industry covering topics such as: Future of CISO role, is penetration testing becoming too autonomous, skills shortage and where the real gaps are as well as how to progress in your career

Panel including Ross Mckerchar, CISO @ Sophos, David Ferbrache CTO @ KPMG, Luke Vile Cyber Risk Director @ 2-sec, David Chismon Associate Director @MWR

Wednesday June 6, 2018 15:15 - 16:15 BST
Career Track (upstairs) ILEC Conference Centre 47 Lillie Road London SW6 1UD

Career, Job Hunting

15:25 BST

Unlocking Opportunities in Cyber Security

Are you doing the right things to break into the industry? A talk detailing the various activities and opportunities available to strengthen your CV and land yourself a job in Cyber Security.

Speakers

James Hickie

Wednesday June 6, 2018 15:25 - 15:40 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

15:30 BST

Profiling the attacker - using offender profiling in SOC environments

It’s been said ‘‘Intrusion analysis is as much about tcpdump as astronomy is about telescopes". Understanding who is attacking your or a customer's network and why is just as important as analysing the packets on it.

This slot will focus on a technical offender profiling framework that can be used to build a knowledge base on malicious actors. This talk will delve into the following areas:

Building an information classification for your assets
Attack significance plotting
Attack factor comparison analysis
Discerning motive
Attacker kill chain analysis
Malicious actor profile checklist
Naming conventions for malicious actors

Speakers

James Stevenson

I've been working as a Software Engineer at BT Security for the past year, and before that I was an intern in a SOC at a Texan company called Alert Logic (Based in Cardiff, not as fancy, but no need for air-con).I’m a strong believer that the best way to deal with security is in... Read More →

Wednesday June 6, 2018 15:30 - 16:00 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Speaker

15:45 BST

One year in security - what was that thing called again?

I'm approaching my 1 year mark in infosec however, rather than gradually building the knowledge over years of study I was thrown in the deep end after completing the SANS retraining academy. This talk aims to explore the difficulties with cross training, learning cram style, and attempting to justify why you were hired whilst forgetting almost all technical details in spoken conversation.

Speakers

Joel Potts

Wednesday June 6, 2018 15:45 - 16:00 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

16:00 BST

Break

Wednesday June 6, 2018 16:00 - 16:15 BST
Track 3 (upstairs) ILEC Conference Centre 47 Lillie Road London SW6 1UD

Break, Coffee Break

16:00 BST

Break

Wednesday June 6, 2018 16:00 - 16:15 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Break, Coffee Break

16:00 BST

Break

Wednesday June 6, 2018 16:00 - 16:15 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Break, Coffee Break

16:05 BST

Information Security - Lessons learnt from Military Intelligence

Currently writing a dissertation for my part-time MSc Information Security on the topic of lessons the security community can take from military intelligence. This is based on my own experiences having come from the intelligence community into the security industry. The talk will focus on how a 360 degree view is necessary and how we need to stop seeing security as a technology problem only. This will be supported by examples of battlefield evaluation and how this can work in industry as well as a federated intelligence sharing model to improve situational awareness and pool resources, without conflict of interest.

Speakers

David Sirignano

Wednesday June 6, 2018 16:05 - 16:20 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

16:15 BST

Random Problems in IoT

Random Numbers are important. Really f***ing important! Yet, they are so often misunderstood. Decent Random Number generation is relied upon by large chunks of our cryptographic wizardry, and yet mistakes are repeatedly made - and we're seeing these mistakes bleeding into IoT.
With the proliferation of 'smart' devices, what affects the security of these devices could affect anything from lightbulbs to pacemakers. The author's own research has found some real problems with embedded devices generating random numbers, some proposed fixes, and then some problems with those for good measure.
We will present an overview of what 'random' is (with little to no scary maths), the current state of the art, and overview of embedded devices RNG's, our assessment results, and how things can move forward.
This talk will give you:

A solid overview of the basics of RNG
Some handy hints and nifty tricks for understanding what 'random' really is
An overview of the well-known problems in embedded/IoT RNG's - microcontrollers and SDK's just doing it wrong
An assessment of what fixes are available - which ones we found issues with, and which seem to work better
HSM's and other solutions we look to assess
What manufacturers, vendors, compliance bodies, and developers can do

This talk is suitable for people of any technical level, but is aimed at those with an interest in IoT security, cryptography, and hardware.

Speakers

Mark Carney

Security Research Labs

Wednesday June 6, 2018 16:15 - 17:15 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Speaker

16:15 BST

The green padlock of doom, or why no one trusts us anymore

I want to talk about trust (or lack of it) in technology, conflicting messages and losing battles to make the regular user safe. I want to compress in this talk my observations, research and some proofs (with some finger pointing!) on how a lot of what we are doing to make the Internet safe is good and sound but it misses the mark when it reaches the untrained end user. I will present a brief but comprehensive overview of the DNS(sec) system, how well it was designed in terms of trust and how it's being misused, then move on with doing a similar overview of HTTPS/TLS and Certificate Authorities and try to find where the trust in that system is lost and finish with a bang about encrypting everything, everywhere.
The purpose of this talk is to draw the attention of infosec community, both those who implement the security and those who decide about it, that the normal user will only ever see the green padlock and get into trouble. I strongly believe that we can do more to help them be safe.

Speakers

Meadow Ellis

Software engineer, automation bad witch, end user security researcher, hardware hacker, aspiring red teamer, race car mechanic with a degree in journalism. I've created many automation/monitoring systems used by C-level non technical people and by doing that I've gained an unique... Read More →

Wednesday June 6, 2018 16:15 - 17:15 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Speaker

16:25 BST

How I got access to your organization's private Git and production infrastructure / My Research on Misconfigured Jenkins Servers

In this talk, I will be covering some research I did whereby I discovered tens of thousands of misconfigured Jenkins (CI/CD) servers on the internet and how they led to some interesting findings.

I'll briefly go through the severity of the issues discovered, where I found them and the responses I received. Lastly I'll discuss some lessons to be learned and how we can use these lessons to collectively improve the security posture of our infrastructure.

Speakers

Mikail Tunç

Wednesday June 6, 2018 16:25 - 16:40 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

16:30 BST

How to get started in Cyber Security - Phill Kimpton

"in 2015, fed up with my direction in life, I set a goal that i wanted to become a pentester. The only problem i faced was that i had little experience in IT. I became committed to personal development and achieved my goal in September 2016. Since then I have been learning at an incredible rate and absolutely love it!"

Wednesday June 6, 2018 16:30 - 17:15 BST
Career Track (upstairs) ILEC Conference Centre 47 Lillie Road London SW6 1UD

Career, Job Hunting

16:45 BST

Analysis of the Black Market Exploit Trade

Malicious actors routinely post advertisements to criminal marketplaces for exploits affecting an array of products and vendors. Using data dating back to January 2015, accessed through criminal underground investigation, this talk analyzes the supply and demand for exploits on the black market. The presentation aims to highlight some of the key findings from this research, including vulnerabilities that malicious actors are frequently seeking to exploit, impacted products and vendors and prices for exploits.

Speakers

Adam Bumgarner

Wednesday June 6, 2018 16:45 - 17:00 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

17:05 BST

Why InfoSec needs rookies like us.

Know how to exploit your skills, curiosity and interests to build and improve security culture and, simultaneously, own your career. The future of the Security Industry is only as bright as its people. Despite having no previous industry experience, I found myself being invited and welcomed by the InfoSec community. I will be sharing my experience of how different areas of expertise, experience and skillsets are needed, desired and, can be put to good use.

Speakers

Aimee Laycock

Wednesday June 6, 2018 17:05 - 17:20 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Rookies, Speaker

17:15 BST

Solving Threat Detection

Why do organisations fail so badly at threat detection? Despite chucking tons of cash at staff and magic next-gen ML products, detection teams rarely deliver reliable, high quality, tangible results. Where are we going so wrong?

This talk will step through key issues such as re-inventing the wheel syndrome, why information accumulation/sharing matters, the traditional SOC model and detection priorities, building/retaining awesome employees and an honest look at the state of detection tooling (and often underestimated deployment hurdles).

Although perhaps surprising, many issues actually have simple solutions which will be discussed through-out the talk. Technical examples will be used to quantify the challenges and how solutions can work in the real world, with lessons learnt coming straight from the experiences of the Countercept hunt team.

Speakers

Alex Davies

Countercept

Alex Davies is the TechOps Lead for the UK hunting team at Countercept. An attacker turned defender, Alex spends his days picking apart the entire kill chain and figuring out how to detect each and every step taken. He also has a passion for all things webapp and is a long term bug... Read More →

Wednesday June 6, 2018 17:15 - 17:45 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Speaker

17:15 BST

How to get started in Cybersecurity

Over the course the last few years, I have mentored several people who are just figuring out how to get started in cybersecurity. Some of them are interested in becoming Penetration Testers, some are interested in Cyber Threat Intelligence. I would like to break down the artificial wall some people think exists that it is difficult to get started in cybersecurity. Part of my comments will be drawn from one of my blog postings, which has a section about this topic, available here: https://phoenixts.com/blog/what-is-cyber/

Attendees will learn how to get started on a path in cybersecurity, beyond (but including), the traditional bootcamps, and self-study methodologies. I also intend to take questions and make this a participative presentation/discussion. I will have very few slides, mostly so that attendees can get a link to the materials for access post-presentation.

Speakers

John Stoner

Department of Defense (USA)

Mr. Stoner has over 18 years of experience in the national security and defense sector working a variety of roles, including most recently as a Cyber Threat Analyst, Cyber Counterintelligence Analyst and Cyber Instructor. His work experience includes IT, instruction and course design... Read More →

Wednesday June 6, 2018 17:15 - 17:45 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 2, Speaker

17:45 BST

Closing

Wednesday June 6, 2018 17:45 - 18:00 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Track 1, Speaker