Security BSides London, the UK’s biggest community-driven infosec conference is happy to announce its 8th iteration open to all regardless of background, skill level, income or job-title.  
  • Doors to the main event open at 8.30am with talks starting at 9am on 6 June 2018
  • Workshops will be held on 5 June 2018 starting at 10am; Pre-registration is required
Please remember that Security BSides London has a strict code of conduct available here.

Log in to bookmark your favorites and sync them to your phone or calendar.

Track 2 [clear filter]
Wednesday, June 6

10:00 BST

Urban Air Mobility (UAM)
The advancement of Unmanned Aerial Vehicles / Systems has matured at a rapid rate. There is an increase popularity in market trends towards the concept of Urban Air Mobility (UAM) with the socialization of autonomous vehicles. The Urban Air Mobility (UAM) industry will face similar threats to already unresolved airport SCADA threats/vulnerabilities. Their cybersecurity vulnerabilities are similar to autonomous vehicles, since they both rely on sensors for navigation, acceleration, and obstacle avoidance. The presentation will review the feasible multi-vector attacks and impact for Urban Air Mobility (UAM) using the following components - Sensor Spoof, Electro Magnetic Interference, LiDAR Vulnerability, Acoustic Attack, Accelerometers Sensors, Gyroscopes. Countermeasures remain a challenge in the Urban Air Mobility (UAM) space industry presenting a new threat to the aeronautical community.

avatar for Candice Carter

Candice Carter

Over 15 years of Risk Management, Information Security, Cyber Intelligence, Counterintelligence and Cyber Forensics experience. Conduct Classified/Unclassified briefings in the areas of Terroristic Cyber Capabilities using Social Media and Counterterrorism for the Intelligence Community... Read More →

Wednesday June 6, 2018 10:00 - 11:00 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

11:15 BST

Defending the Defenders: Case studies of success and failures from a security team
Defending an organisation from all threats, be they physical, personnel, or cyber, is not easy and every organisation has it's own challenges. MWR is a security company itself and is lucky to have large numbers of security experts, however, they are generally all busy and cannot give limitless time to internal causes. As such, like many organisations, the internal security team at MWR has had to work out how to push security out to other teams, make the absolute most of expert time that we can, automate as much as possible and bring the rest of the company along for the ride. This talk will cover lessons learnt, successes and failures and what other teams could be trying.

Specifically the talk will cover:
- Turning ad-hoc good efforts into a formal security programme using CPNI Passport to Good Security
- Reducing the time to make security decisions
- Managing the human side of security
- Security communications
- Making effective use of skilled time
- Applying the NCSC end user device guidance and other patterns
- A framework for remotely assessing SaaS providers
- Getting the best out of SOC analysts


David Chismon

MWR InfoSecurity
David Chismon is an Associate Director at MWR InfoSecurity. In his consulting time he works with organisations in high risk sectors to help them measure and improve their preparedness for attacks. He sits on MWR's internal security team and helps to coordinate Defensive Research within... Read More →

Wednesday June 6, 2018 11:15 - 12:15 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

12:15 BST

BotProbe - botnet traffic capture using IPFIX
IPFIX is the ratified standard for flow export. IPFIX was designed for security processes such as threat detection, overcoming the known drawbacks of network management based NetFlow. One major enhancement in IPFIX is template extensibility, allowing traffic capture at layers 3 through 7 of the OSI model. This talk introduces IPFIX and describes the creation of BotProbe - an IPFIX template specifically designed to capture botnet traffic communications from the analysis of almost 20 million botnet flows. BotProbe realises a 97% reduction in traffic volumes over traditional packet capture. Reduction of big data volumes of traffic not only opens up an opportunity to apply traffic capture in new areas such as pre-event forensics and legal traffic interception, but considerably improves traffic analysis times. Learn how IPFIX can be applied to botnet capture and other security threat detection scenarios. 

avatar for Mark Graham

Mark Graham

Anglia Ruskin University
Mark lectures in Information Security at Anglia Ruskin University, Cambridge. Mark's PhD was a novel application of IPFIX (the next generation flow protocol and RFC standard) towards capturing botnet traffic communications. This proof of concept is now undergoing commercialisation... Read More →

Wednesday June 6, 2018 12:15 - 13:00 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

13:30 BST

Hacking the Drones
Hacking the Drones will cover security issues of some of most popular drones and how to hack those drones. It will cover video demonstration on how to get complete access of Drones. This talk will also cover brief overview of drone laws on flying drones in UK. Thirdly, It will focus on GPS Spoofing techniques and how private drones are different from Military Drones and method used to hack private drones.

avatar for Aatif Khan

Aatif Khan

Aatif Khan has over a decade of experience in cyber security and is deeply involved in the areas of Network and Web Application Pentesting, Risk Assessment, Malware Analysis and Exploit Research. Apart from consulting on Application Security and Penetration Testing, he has also delivered... Read More →

Wednesday June 6, 2018 13:30 - 14:00 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

14:00 BST

The Insider - Users
What can your internal users do?

Over the years I have come to the conclusion that in most typical environments any domain user if they desired could gain full admin access, change or delete any data or machine if they desired to do so.

And would this be hard to accomplish?

No, typically it takes arround 30 mins to four hours, and worryingly sometimes even less time to gain full admin rights of a typical internal network domian.

So now consider your employee’s at work or students at a typical university, collage or school, they are already half way there with regards to the process required to exploit all, and why, because they have been issued with a standard domain account.

Without the constraints of time what could they achieve, have they already compromised accounts that belong to the domain administrative group?

And to those who hold accounts belonging to administrative groups, are you still in charge, or was your account compromised years ago?

Now this talk I will be presenting, I can guaranty you, that it will not be dull. If you love hacking this will be for you. I’m going to present how any user can compromise a typical network at any time they choose and then gain access to anything they wish internaly.

It will reveal common used techniques that I have personally used over the years, often these are simple techniques that could be used by anyone with a domain account or even without one.

What can disgruntled or malicious employees achieve, the answear to this will be detailed in full during the presentation.

I will be honest this talk will worry some, it’s going to reveal how simple it can be to go from a standard user account to owning everything in the domain in a very short time.

What are your users doing?


Neil Lines

Neil Lines is a senior penetration tester working at Raytheon as a security consultant performing red team and social engineering engagements as well as traditional external, internal infrastructure and web application testing. He has over ten years’ experience working in IT with... Read More →

Wednesday June 6, 2018 14:00 - 15:00 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

15:00 BST

Travel with Underground Services: ecosystem exposed
Unfortunately today, hackers and cybercriminals have holidays, days off and vacations too - and It is very unlikely for them not to employ their infosec and social engineering skills and to organize their travel. We will talk on how they have created their own ecosystem, that exploits literally all hospitality and travel industry for their own needs.  This presentation covers underground activities related to the Travel and Hospitality industries, including Underground travel agencies, cheap flights, hotels, car rentals and unveils mechanisms and modus operandi for these services. This includes a variety of abuses, from business process compromises to credit card fraud and  exploitation of vulnerabilities in traveling systems and mileage programs. With this talk we hope to bring more attention to the on-going criminal activities related to travel and hospitality industries.

avatar for Vladimir Kropotov

Vladimir Kropotov

Trend Micro
Vladimir Kropotov is a researcher with Trend Micro Forward-Looking Threat Research team. Active for over 15 years in information security projects and research, he previously built and led incident response teams at Fortune 500 companies and was head of the Incident Response Team... Read More →

Wednesday June 6, 2018 15:00 - 15:30 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

15:30 BST

Profiling the attacker - using offender profiling in SOC environments
It’s been said ‘‘Intrusion analysis is as much about tcpdump as astronomy is about telescopes". Understanding who is attacking your or a customer's network and why is just as important as analysing the packets on it.

This slot will focus on a technical offender profiling framework that can be used to build a knowledge base on malicious actors. This talk will delve into the following areas:
  • Building an information classification for your assets
  • Attack significance plotting
  • Attack factor comparison analysis
  • Discerning motive
  • Attacker kill chain analysis
  • Malicious actor profile checklist
  • Naming conventions for malicious actors

avatar for James Stevenson

James Stevenson

I've been working as a Software Engineer at BT Security for the past year, and before that I was an intern in a SOC at a Texan company called Alert Logic (Based in Cardiff, not as fancy, but no need for air-con).I’m a strong believer that the best way to deal with security is in... Read More →

Wednesday June 6, 2018 15:30 - 16:00 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

16:15 BST

The green padlock of doom, or why no one trusts us anymore
I want to talk about trust (or lack of it) in technology, conflicting messages and losing battles to make the regular user safe. I want to compress in this talk my observations, research and some proofs (with some finger pointing!) on how a lot of what we are doing to make the Internet safe is good and sound but it misses the mark when it reaches the untrained end user. I will present a brief but comprehensive overview of the DNS(sec) system, how well it was designed in terms of trust and how it's being misused, then move on with doing a similar overview of HTTPS/TLS and Certificate Authorities and try to find where the trust in that system is lost and finish with a bang about encrypting everything, everywhere.
The purpose of this talk is to draw the attention of infosec community, both those who implement the security and those who decide about it, that the normal user will only ever see the green padlock and get into trouble. I strongly believe that we can do more to help them be safe.

avatar for Meadow Ellis

Meadow Ellis

Software engineer, automation bad witch, end user security researcher, hardware hacker, aspiring red teamer, race car mechanic with a degree in journalism. I've created many automation/monitoring systems used by C-level non technical people and by doing that I've gained an unique... Read More →

Wednesday June 6, 2018 16:15 - 17:15 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

17:15 BST

How to get started in Cybersecurity
Over the course the last few years, I have mentored several people who are just figuring out how to get started in cybersecurity. Some of them are interested in becoming Penetration Testers, some are interested in Cyber Threat Intelligence. I would like to break down the artificial wall some people think exists that it is difficult to get started in cybersecurity. Part of my comments will be drawn from one of my blog postings, which has a section about this topic, available here: https://phoenixts.com/blog/what-is-cyber/

Attendees will learn how to get started on a path in cybersecurity, beyond (but including), the traditional bootcamps, and self-study methodologies. I also intend to take questions and make this a participative presentation/discussion. I will have very few slides, mostly so that attendees can get a link to the materials for access post-presentation.

avatar for John Stoner

John Stoner

Department of Defense (USA)
Mr. Stoner has over 18 years of experience in the national security and defense sector working a variety of roles, including most recently as a Cyber Threat Analyst, Cyber Counterintelligence Analyst and Cyber Instructor. His work experience includes IT, instruction and course design... Read More →

Wednesday June 6, 2018 17:15 - 17:45 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD

Twitter Feed