Loading…
Security BSides London, the UK’s biggest community-driven infosec conference is happy to announce its 8th iteration open to all regardless of background, skill level, income or job-title.  
  • Doors to the main event open at 8.30am with talks starting at 9am on 6 June 2018
  • Workshops will be held on 5 June 2018 starting at 10am; Pre-registration is required
Please remember that Security BSides London has a strict code of conduct available here.
Simple
Expanded
Grid
By Room
Rookie Track [clear filter]
Wednesday, June 6
 

10:05 BST

Rushing to Market: The IoT without Security
An review of two IoT devices I have examined and found security vulnerabilities in (unreleased). The vulnerabilities and general design indicate that the manufacturers had little awareness of cyber security principles, and perhaps rushed them to market without appropriate security review.
Speakers
JW

Wednesday June 6, 2018 10:05 - 10:20 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD
  Rookies, Speaker

10:25 BST

Breaking the Bodyguards: Tech Enabled Crime
This talk looks at how modern day criminals are capable of using technology against Close Protection Operatives and how this could spell danger for the high net worth individuals they are employed to protect.
The presenter (Former CPO turned DPO) undertook a practical investigation into the CP industry and tells you the story of how she found the weak spots and what it is like to protect the protectors.
Speakers
CM

Wednesday June 6, 2018 10:25 - 10:40 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD
  Rookies, Speaker

10:45 BST

Understanding your business risks are key
Each business faces different risks, understanding what is important to your business helps to shape what mitigation's are important for you to put into place, risk awareness is a key strength
Speakers
avatar for Paul Holland

Paul Holland

Information Security Leader, Hiscox
Paul is a seasoned information security and risk expert of over 15 years and a CISSP. He has worked in a number of different businesses, giving him a wide breadth of knowledge and experience to draw from. Some of these include KPMG, BP, Lloyd's Bank, Ford Motor Company, Pearson, Lloyd's... Read More →

Wednesday June 6, 2018 10:45 - 11:00 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD
  Rookies, Speaker

11:25 BST

How to: Actually attack computers at cafes
The information security industry has claimed that unencrypted WiFi is a bad thing for a long time. This talk looks at the discoveries I made whilst trying to show this in a modern setting. Ultimately, the techniques aren't that new - I show that it is possible to capture NetNTLM hashes when presented with Man-in-the-Middle conditions - however, it turns out it isn't as simple as I first thought. The tool that I coerced into existence as part of this research is freely available online, and I hope that one day further developments can be made on it.
Speakers
FR

Felix Ryan

Felix is a freelance penetration tester and security consultant, he has been a geek since he was a child, and though life keeps him busy, he is happiest when doing something techie (but don't tell his wife as she would disagree). He has had the great fortune of getting a distinction... Read More →

Wednesday June 6, 2018 11:25 - 11:40 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD
  Rookies, Speaker

11:45 BST

Web browsing from the car, what's the worse that can happen?
Car hacking and the discovery of a vulnerability in a In Vehicle Infotainment Unit, showing the process of disclosure to the manufacturer and their response.
Also the further work I am doing to see if the vulnerability could be exploited more than just the issues originally found, some tips on how others could ‘hack’ there IVI. In the process of building a car on the bench for other car hacking.
My website is www.mintynet.com and my twitter handle is @mintynet 
Speakers
IT


Wednesday June 6, 2018 11:45 - 12:00 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD
  Rookies, Speaker

12:05 BST

From n00b to 1337: A CTF Story
This talk will be about how CTFs are used in and are apart of the InfoSec culture and how they have helped people like me dive head first into the industry. It will cover personal experiences from CTFs, alongside how they have helped me go from a complete Rookie (who didn't even know how to install Kali!) to Team UK representative for the European Cyber Security Challenge and budding security professional. CTFs are a unique concept, and are not only a great challenge for those in industry - but a fantastic learning tool for those just starting in information security. The versatile use of CTFs allows people from all experiences and backgrounds to come together and share a common ground - which is a concept I will also be talking about.
Speakers
SM

Wednesday June 6, 2018 12:05 - 12:20 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD
  Rookies, Speaker

12:25 BST

An approach to implementing a workstation host based firewall
How to pragmatically implement a host based firewall on workstations to 1) protect machines while off the corporate network and 2) prevent lateral movement while on the corporate network. How to build the policy, an example policy, how to ensure its effective (nmap, bloodhound etc) link it to the mitre attack framework, next steps etc.
Speakers
MB

Wednesday June 6, 2018 12:25 - 12:40 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD
  Rookies, Speaker

12:45 BST

Mitigating ROP Attacks
Return Oriented Programming (ROP) poses a significant threat to modern day systems as it is able to circumvent both traditional and more modern protection mechanisms such as antivirus, antimalware, Address Space Layout Randomisation (ASLR) and W⊕X/Data Execution Prevention (DEP). Large companies in the world of information technology such as Intel are actively researching ways in which ROP attacks can be mitigated emphasising e importance of research in this area. The talk is on my research to determine if a solution exists without the major caveats of current solutions such as access to source code, disassembly information and runtime overheads. My proposed solution ROPMit successfully mitigates ROP attacks without the caveats of other current research.
Speakers
DB

Wednesday June 6, 2018 12:45 - 13:00 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD
  Rookies, Speaker

13:05 BST

Continued fractions and breaking RSA
Wiener's attack is a well-known attack on RSA, which applies when the private key is small relative to the modulus. I'll explain how it works, and about a concept called continued fractions which is central to the attack
Speakers
EG

Wednesday June 6, 2018 13:05 - 13:20 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD
  Rookies, Speaker

13:25 BST

Connecting the dots: A beginner's experience of threat actor tracking
This talk will cover two main topics: - An overview of a threat actor I have been tracking during my time working in PwC's Threat Intelligence team, known in the open source community as "Dark Caracal", and tracked by PwC as White Troll. - An look into some of the unique behaviours of White Troll, and how these can be used to track any newer activity.
Speakers
KS

Wednesday June 6, 2018 13:25 - 13:40 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD
  Rookies, Speaker

13:45 BST

Stop training, start marketing.
How To Engage Your Employees
Speakers
JP

Wednesday June 6, 2018 13:45 - 14:00 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD
  Rookies, Speaker

14:05 BST

Structured analytical techniques for cyber security
Structured analytical techniques are commonplace in the intelligence and security community, but are yet to become commonplace in cyber security. They are designed to ensure that analytical processes are rigorous and free from bias, and that any findings are communicated clearly and accurately to readers. Based on my experience in threat intelligence, and broader cyber security, this talk will present an overview of some commonly used techniques, identify a number of quick wins for applying them to cyber security, and demonstrate the benefits they are able to bring. My aim is that attendees will leave with an appreciation of the importance and mechanics of some basic analytical techniques, and be able to apply these to their work in the field (and in doing so benefit the wider community)
Speakers
GC

Wednesday June 6, 2018 14:05 - 14:20 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD
  Rookies, Speaker

14:25 BST

Diggin Deep into Newly Created Domains
I ask "What can we learn about the current threat landscape from information derived from newly created domains, and how can we use this information?" This presentation goes through the process of data analysis, open source intelligence, and what recommendations I have.
Speakers
AF

Wednesday June 6, 2018 14:25 - 14:40 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD
  Rookies, Speaker

14:45 BST

Threat Hunting 101 or: How I Learned to Stop Worrying and Love the data
A lot of people new to infosec see the sheer sexiness of red teaming and all the cool and interesting work that goes on within the world of offensive security. I'm here to show that blue teams are bringing sexy back. This intro to threat hunting aims to not only introduce people to the core ideas and concepts behind it, but to also show that blue teaming isn't just staring at dashboards or trawling through logs - it's about having multifaceted skills and flexing those devops muscles as well. I'm also going to be throwing in a short bit of a practical example as well to help show what the full power of a blue team can do.
Speakers
BC

Wednesday June 6, 2018 14:45 - 15:00 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD
  Rookies, Speaker

15:05 BST

Psychical Pentesting and how to catch them?
101 to psychical Pentesting and basic skills of using public sources to be successful and how to catch people carrying them out in your work place.
Speakers
AJ

Wednesday June 6, 2018 15:05 - 15:20 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD
  Rookies, Speaker

15:25 BST

Unlocking Opportunities in Cyber Security
Are you doing the right things to break into the industry? A talk detailing the various activities and opportunities available to strengthen your CV and land yourself a job in Cyber Security.
Speakers
JH

Wednesday June 6, 2018 15:25 - 15:40 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD
  Rookies, Speaker

15:45 BST

One year in security - what was that thing called again?
I'm approaching my 1 year mark in infosec however, rather than gradually building the knowledge over years of study I was thrown in the deep end after completing the SANS retraining academy. This talk aims to explore the difficulties with cross training, learning cram style, and attempting to justify why you were hired whilst forgetting almost all technical details in spoken conversation.
Speakers
JP

Wednesday June 6, 2018 15:45 - 16:00 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD
  Rookies, Speaker

16:05 BST

Information Security - Lessons learnt from Military Intelligence
Currently writing a dissertation for my part-time MSc Information Security on the topic of lessons the security community can take from military intelligence. This is based on my own experiences having come from the intelligence community into the security industry. The talk will focus on how a 360 degree view is necessary and how we need to stop seeing security as a technology problem only. This will be supported by examples of battlefield evaluation and how this can work in industry as well as a federated intelligence sharing model to improve situational awareness and pool resources, without conflict of interest.
Speakers
DS

Wednesday June 6, 2018 16:05 - 16:20 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD
  Rookies, Speaker

16:25 BST

How I got access to your organization's private Git and production infrastructure / My Research on Misconfigured Jenkins Servers
In this talk, I will be covering some research I did whereby I discovered tens of thousands of misconfigured Jenkins (CI/CD) servers on the internet and how they led to some interesting findings.

I'll briefly go through the severity of the issues discovered, where I found them and the responses I received. Lastly I'll discuss some lessons to be learned and how we can use these lessons to collectively improve the security posture of our infrastructure.
Speakers
MT

Wednesday June 6, 2018 16:25 - 16:40 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD
  Rookies, Speaker

16:45 BST

Analysis of the Black Market Exploit Trade
Malicious actors routinely post advertisements to criminal marketplaces for exploits affecting an array of products and vendors. Using data dating back to January 2015, accessed through criminal underground investigation, this talk analyzes the supply and demand for exploits on the black market. The presentation aims to highlight some of the key findings from this research, including vulnerabilities that malicious actors are frequently seeking to exploit, impacted products and vendors and prices for exploits.
Speakers
AB

Wednesday June 6, 2018 16:45 - 17:00 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD
  Rookies, Speaker

17:05 BST

Why InfoSec needs rookies like us.
Know how to exploit your skills, curiosity and interests to build and improve security culture and, simultaneously, own your career. The future of the Security Industry is only as bright as its people. Despite having no previous industry experience, I found myself being invited and welcomed by the InfoSec community. I will be sharing my experience of how different areas of expertise, experience and skillsets are needed, desired and, can be put to good use.
Speakers
AL

Wednesday June 6, 2018 17:05 - 17:20 BST
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD
  Rookies, Speaker
 

Twitter Feed

Filter sessions
Apply filters to sessions.
Tuesday, June 5
Wednesday, June 6
Career Track (upstairs)
Lightning Track
Rookie Track
Track 1
Track 2
Track 3 (upstairs)
Workshop 1
Workshop 2
Workshop 3
Workshop 4
  • Break
  • Career
  • Rookies
  • Track 1
  • Track 2
  • Track 3
  • Track 4