Loading…
Security BSides London, the UK’s biggest community-driven infosec conference is happy to announce its 8th iteration open to all regardless of background, skill level, income or job-title.  
  • Doors to the main event open at 8.30am with talks starting at 9am on 6 June 2018
  • Workshops will be held on 5 June 2018 starting at 10am; Pre-registration is required
Please remember that Security BSides London has a strict code of conduct available here.

Log in to bookmark your favorites and sync them to your phone or calendar.

Track 1 [clear filter]
Tuesday, June 5
 

10:00 BST

I’ve got 99 problems but a pin ain’t one
In this workshop we’ll be covering certificate pinning (some focus on mobile applications). We’ll be discussing trade-offs of different pinning strategies, and how they can be bypassed. There will be a significant practical component covering what was discussed.

* Introduction
        * What is certificate pinning?
        * Why should you always pin?
        * Where and what to pin?
* So… how should you pin?
        * iOS
        * Android
* Exercises (all involve bypassing certificate pinning)
        * Patching / Re-packaging / Re-signing an Android APK
        * Code review
        * Runtime instrumentation with Frida

**Requirements**

"Students will need a system (*NIX or Windows) with the following installed and working:
* ADB
* unzip
* zipalign
* apktool
* jd-gui (or your Java decompiler of choice)
* dex2jar
* frida (pip install frida; frida –version)
* Burp Suite (or your HTTP proxy of choice)
* Text editor of your choice
* Genymotion Android Emulator
* If you can, bring your own rooted Android device (anything above 5.1 should work)


Speakers
avatar for Jose Lopes

Jose Lopes

I'm a Senior Security Consultant at Nettitude Ltd. I specialise in application and software security – mainly mobile applications and thick clients. My interests include reverse engineering, privacy, and going fast on motorcycles.


Tuesday June 5, 2018 10:00 - 12:00 BST
Workshop 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

12:30 BST

Hacker Academy
Go hack yourself:  This workshop will help to develop your understanding and practical application of awareness training with the intention of making awareness training far more relevant, effective and memorable by applying a combination of communication, motivation and metrics.  

In this workshop we will teach the participants what it takes to develop a strong foundation in which to roll-out organisational wide awareness training – starting with hacking your Board/ leadership team!

**Requirements**
Optional: Laptop with 2 VMs available (1 Kali and 1 Windows 10)

Speakers
avatar for David Prince

David Prince

David Prince is a deeply passionate cyber security expert, who takes a human focused approach to minimising risks. David has considerable experience and demonstrated success in designing and delivering cyber and information security strategies for a variety of businesses and private... Read More →
avatar for Zoë Rose

Zoë Rose

Zoë Rose is a highly regarded hands-on cyber security specialist, who helps her clients better identify and manage their vulnerabilities, with embed effective cyber resilience across their organisation. Whilst retaining deep technical expertise, Zoë has developed extensive experience... Read More →


Tuesday June 5, 2018 12:30 - 14:30 BST
Workshop 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD

15:00 BST

BLE Hacking - From Wearables to Insertables
Internet of Things devices are everywhere now; in part due to the influx of cheap devices from China and easy to construct boards. Most of these devices now communicate using the low power and ubiquitous Bluetooth Low Energy protocol (BLE).

In this workshop we will be taking people through BLE from how it works, on to how to replay messages and progressing onto more complex attacks such as intercepting the traffic from the BLE module onboard the device and reading out the chip’s firmware. The core aim will be to give both an understanding of how to hack the hardware itself, and how that fits into the larger context of practical attacks on devices.

Covering: Bluetooth Low Energy, Hardware Hacking

**Requirements**
Nice to have: a laptop plus a BT4 dongle

Speakers
avatar for Mark Carney

Mark Carney

Security Research Labs
Hacker & Math guy, formerly a Musician; Having started out on helpdesk in a software firm, then becoming violinist with a degree in Music w/ Philosophy via being a DBA for a firm, Mark then went on to do an MSc and now full-time PhD study in Mathematics. This rounded off several years... Read More →
avatar for David Lodge

David Lodge

Is a grumpy Yorkshireman who has been doing this sort of stuff for too long. Pen tester by day, pretender at hardware by night. Likes taking stuff apart, but is unable to get it back together afterwards. He is one half of the Nikto team and has presented at several cons.


Tuesday June 5, 2018 15:00 - 17:00 BST
Workshop 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD
 

Twitter Feed