{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2026.1.0.dev0"}, "schedule": {"url": "https://cfp.securitybsides.org.uk/bsides-london-2024/schedule/", "version": "0.7", "base_url": "https://cfp.securitybsides.org.uk", "conference": {"acronym": "bsides-london-2024", "title": "Bsides London 2024", "start": "2024-12-14", "end": "2024-12-14", "daysCount": 1, "timeslot_duration": "00:05", "time_zone_name": "Europe/London", "colors": {"primary": "#050404"}, "rooms": [{"name": "Clappy Monkey Track", "slug": "3637-clappy-monkey-track", "guid": "d848d81b-97fa-5061-8baf-96160d7a57dc", "description": "Track 1", "capacity": null}, {"name": "Track 2", "slug": "3638-track-2", "guid": "911d6e46-4d32-5fb9-b8a7-f6dc9f2db9b2", "description": null, "capacity": null}, {"name": "Track 3", "slug": "3639-track-3", "guid": "b3030b13-a59b-510b-83b2-059761bbb081", "description": null, "capacity": null}, {"name": "Rookie track 1", "slug": "3640-rookie-track-1", "guid": "4fa04221-b4af-5974-9c83-fbd84d74e1b8", "description": null, "capacity": null}, {"name": "Rookie track 2", "slug": "3645-rookie-track-2", "guid": "3e1fa274-9b9d-5e3d-bbf0-de3ca982d657", "description": null, "capacity": null}, {"name": "Workshop Room 1", "slug": "3641-workshop-room-1", "guid": "21f52df1-30c8-5b49-9e09-5599f3216a3d", "description": null, "capacity": null}, {"name": "Workshop Room 2", "slug": "3642-workshop-room-2", "guid": "32d7bd4c-881c-5b76-8013-bac8cea972bf", "description": null, "capacity": null}, {"name": "Workshop Room 3", "slug": "3643-workshop-room-3", "guid": "c7613976-de87-56af-9297-4d94a4dfab1f", "description": null, "capacity": null}, {"name": "Workshop Room 4", "slug": "3644-workshop-room-4", "guid": "9a6adb6a-1b85-5acf-a921-f944d7859a6c", "description": null, "capacity": null}, {"name": "Aerospace Village", "slug": "3717-aerospace-village", "guid": "1d0fd27e-d137-5b38-b185-dc6434a33942", "description": null, "capacity": null}, {"name": "Car Hacking Village", "slug": "3715-car-hacking-village", "guid": "b29d1d7d-3dae-5ad6-96ab-8cb9835d6ef1", "description": "All thing automotive security, and other things.", "capacity": null}, {"name": "InfoSec Battlebots", "slug": "3714-infosec-battlebots", "guid": "a031e438-ff5d-5aae-9efe-f6a2954a5864", "description": "https://www.infosecbattlebots.com/", "capacity": null}, {"name": "Lock Picking Village", "slug": "3716-lock-picking-village", "guid": "627ee121-77c3-5a20-875a-9a792e1b67b3", "description": "Physical security and cracking all forms of physical locks!", "capacity": null}, {"name": "Malware Village", "slug": "3764-malware-village", "guid": "46a77e21-b2c8-53d8-830a-8df91bbea506", "description": null, "capacity": null}, {"name": "Quantum Village", "slug": "3718-quantum-village", "guid": "20ea5eb5-181b-53c6-91e6-f2abba278475", "description": null, "capacity": null}, {"name": "Train Hacking Village", "slug": "3719-train-hacking-village", "guid": "51dc831e-fd4c-5e0f-9b8c-754986526b0f", "description": null, "capacity": null}], "tracks": [{"name": "Workshops", "slug": "4947-workshops", "color": "#22BA76"}, {"name": "Mentors", "slug": "4949-mentors", "color": "#4220C8"}, {"name": "Rookies", "slug": "4951-rookies", "color": "#D01515"}, {"name": "Main talk track", "slug": "4946-main-talk-track", "color": "#7C0C8A"}, {"name": "Aerospace Village", "slug": "5297-aerospace-village", "color": "#BBBBBB"}, {"name": "Car Hacking Village", "slug": "5294-car-hacking-village", "color": "#D65432"}, {"name": "InfoSec Battlebots", "slug": "5293-infosec-battlebots", "color": "#A12366"}, {"name": "Lock Picking Village", "slug": "5295-lock-picking-village", "color": "#A3e456"}, {"name": "Malware Village", "slug": "5349-malware-village", "color": "#D5dd45"}, {"name": "Quantum Village", "slug": "5296-quantum-village", "color": "#B55425"}, {"name": "Train Hacking Village", "slug": "5298-train-hacking-village", "color": "#477777"}], "days": [{"index": 1, "date": "2024-12-14", "day_start": "2024-12-14T04:00:00+00:00", "day_end": "2024-12-15T03:59:00+00:00", "rooms": {"Clappy Monkey Track": [{"guid": "deca5129-d915-59ab-b70e-7b930ea5e300", "code": "WZXUTA", "id": 56941, "logo": null, "date": "2024-12-14T10:00:00+00:00", "start": "10:00", "duration": "00:45", "room": "Clappy Monkey Track", "slug": "bsides-london-2024-56941-byotb-bring-your-own-trusted-binary", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/WZXUTA/", "title": "BYOTB - Bring Your Own Trusted Binary", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "Ever tried to get a callback from a client device only to be continually thwarted by their EDR, so you then have to ask for an exclusion to be placed on a specific folder? Join Red Teamer David Kennedy as he walks you through a novel way of approaching this conundrum by (ab)using trusted binaries that EDR\u2019s normally pay very little attention to. \r\n\r\nThis presentation will cover the execution of these trusted binaries on Windows as well as running them in ways that even the original developers haven\u2019t advertised as being possible via \u2018undocumented features\u2019 within their code! With these techniques, struggling to get access to your client\u2019s infrastructure should hopefully become a thing of the past or at least until these binaries are no longer trusted!", "description": "Security professionals are locked in a constant cat-and-mouse game with attackers who continuously find creative ways to bypass modern defences. One such technique is Bring Your Own Trusted Binaries (BYOTB)\u00a9, where attackers use legitimate, signed or checksum verified binaries which may not be present on the host machine to achieve their aims. Since these binaries are oftentimes trusted by the OS and EDR solutions, they are less likely to raise red flags, providing attackers with a stealthy way to circumvent traditional security mechanisms.\r\n\r\nThis session will explore how the BYOTB technique works, some examples of trusted binaries and why they are so effective at bypassing EDR solutions.\r\n\r\nI'll cover:\r\n - Understanding the BYOTB idea: I will explain which trusted binaries are used and how they can provide access to external adversaries and testers alike. \r\n - EDR and Firewall Evasion Tactics: I will demonstrate how adversaries leverage trusted binaries to exploit gaps in EDR detection as well as bypassing modern firewalls.\r\n - Detection and Mitigation Strategies: The concluding section of the talk will focus on defensive measures. I\u2019ll discuss practical detection techniques, including monitoring the usage of known binaries, and implementing tighter security controls around execution policies for certain trusted binaries.\r\n\r\nThis talk is geared towards a technical audience, including Red Teamers and Pentesters looking to understand how to exploit these techniques as well as Blue Teamers interested in improving their detection and mitigation strategies. Attendees will leave with actionable insights into how they can detect BYOTB techniques in their environments, as well as best practices for preventing such attacks from slipping through the cracks.", "recording_license": "", "do_not_record": false, "persons": [{"code": "TDDJER", "name": "David Kennedy", "avatar": null, "biography": "David is a Red Teamer at JUMPSEC. Before working in Cyber Security he has worked for many years in financial services IT focusing on trading systems. These days he is passionate about all things Adversary Simulation, especially exploring and researching the latest techniques in regards to modern Red Teaming infrastructure.", "public_name": "David Kennedy", "guid": "93995f4b-50a1-55df-8021-37c41dfe27a0", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/TDDJER/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/WZXUTA/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/WZXUTA/", "attachments": []}, {"guid": "3c1ea3a5-a58f-5269-b2da-5f55f117703c", "code": "EHBRYZ", "id": 55834, "logo": null, "date": "2024-12-14T10:55:00+00:00", "start": "10:55", "duration": "00:45", "room": "Clappy Monkey Track", "slug": "bsides-london-2024-55834-the-practical-application-of-indirect-prompt-injection-attacks-from-academia-to-industry", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/EHBRYZ/", "title": "The Practical Application of Indirect Prompt Injection Attacks: From Academia to Industry", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "Indirect Prompt Injection (IPI) is a fascinating exploit. As organizations race to capitalize on the hype surrounding AI, Large Language Models are being increasingly integrated with existing back-end services. In theory, many of these implementations are vulnerable to Indirect Prompt Injection, allowing cunning attackers to execute arbitrary malicious actions in the context of a victim user. In practice, IPI is poorly understood outside of academia, with few real-world findings and even fewer practical explanations.\r\n\r\nThis presentation seeks to bridge the gap between academia and industry by introducing the Indirect Prompt Injection Methodology - a structured approach to finding and exploiting IPI vulnerabilities. By analyzing each step, examining sample prompts, and breaking down case studies, participants will gain insights into constructing Indirect Prompt Injection attacks and reproducing similar findings in other applications.\r\n\r\nFinally, the talk will cover IPI mitigations, elaborating on why this vulnerability is so difficult to defend against. The presentation will provide practical knowledge on securing LLM applications against IPI and highlight how this exploit poses a major roadblock to the future of advanced AI implementations.", "description": "For further clarity on any sections, please refer to my white paper: https://www.researchgate.net/publication/382692833_The_Practical_Application_of_Indirect_Prompt_Injection_Attacks_From_Academia_to_Industry\r\n\r\n----------------------------------------------------------------------------------------\r\n1. PROMPT INJECTION - THE PROBLEM AFFECTING ALL LLMS\r\n-----------------------------------------------------------------------------------------\r\n\r\nDefinition\r\n\r\n- Prompt injection was originally used to describe attacks where untrusted user input was concatenated with a trusted prompt in an application.\r\n- The definition has expanded to include any prompt that causes an LLM to perform harmful actions - to avoid confusion, the latter definition will be used in this presentation.\r\n\r\nThe Problem\r\n\r\n- All LLMs are vulnerable to prompt injection!\r\n- In web application security, the most effective way to prevent injection attacks is to maintain a small allowlist of known safe input values.\r\n- Applying this to LLMs would render them functionally useless - the value of LLMs comes from being able to answer any query.\r\n- Instead, organizations like OpenAI are training LLMs to detect and block common prompt injection techniques.\r\n- Attackers can easily formulate new techniques since they can use any characters and words to craft prompt injections.\r\n\r\n------------------------------------------------\r\n2. INDIRECT PROMPT INJECTION\r\n------------------------------------------------\r\n\r\nAttack Sequence\r\n\r\n- Breaking down the anatomy of an indirect prompt injection attack as follows, along with a diagram:\r\n    1. An attacker injects a malicious prompt into a resource which they know LLMs\r\n    will read from.\r\n    2. A victim user asks an LLM to read from this resource.\r\n    3. The LLM visits the resource and reads in the malicious prompt.\r\n    4. The LLM performs the actions specified in the malicious prompt.\r\n- When an LLM reads in data from an attacker-injectable source, the chat should be considered COMPROMISED, since it may contain a malicious prompt.\r\n\r\nImpacts\r\n\r\n- The main impacts of regular prompt injection are generating harmful content  - which only negatively impacts an LLM provider's reputation - and attacks launched against an application or service that ingests an LLM's input or output.\r\n- The main impacts of IPI are socially engineering a user by instructing the LLM to provide misleading information to the victim or performing arbitrary actions on behalf of users. The latter impact is more interesting and will be the focus of the remaining presentation.\r\n- The impact of an Indirect Prompt Injection attack directly depends on the actions an LLM has access to perform. Actions can be chained to cause a greater impact.\r\n\r\nVulnerability Criteria\r\n\r\n1. Can an attacker inject into a source the LLM will read from? This can be a public source, e.g. a social media comment, or it can be a victim's private source which an attacker can send data to, e.g. an email inbox.\r\n\r\n2. Can the LLM perform any actions that could harm a user? Consider any actions that could impact the CIA triad of a user's data, e.g. deleting a victim's GitHub branch.\r\n\r\n3. Can the LLM perform this harmful action after reading from the injectable\r\nsource? LLMs can do this in most cases, but developers may implement logic to prevent this from happening as IPI attacks become more prevalent.\r\n\r\n------------------------------------------------------------------------\r\n3. INDIRECT PROMPT INJECTION METHODOLOGY\r\n------------------------------------------------------------------------\r\n\r\nThis section introduces the Indirect Prompt Injection Methodology, along with a diagram. In the presentation, sample prompts will be attached for each relevant step:\r\n\r\nExplore the attack surface\r\n\r\n1. Map out all harmful actions the LLM has access to perform - Ask the LLM to provide a list of all functions it can invoke. Analyze the list and write down the harmful actions.\r\n\r\n2. Map out all attacker-injectable sources the LLM can read from - Ask the LLM to provide a list of all data sources it can read from. Analyze the list and write down the sources you could inject a prompt into.\r\n\r\n3. Attempt to obtain the system prompt - Ask the LLM to provide the statements programmed into it by its developer, allowing you to see any verbal guardrails that you may need to bypass. \r\n\r\nCraft the exploit\r\n\r\nFor each source-action pairing:\r\n\r\n4. Determine if the LLM can be pre-authorized to perform the action - Certain LLMs may ask the user to approve an action before carrying it out. By tailoring the prompt you may be able to provide pre-approval, convincing the LLM to carry out the action without delay!\r\n\r\n5. Inject a more persuasive prompt into the source - The indirectly injected prompt needs to be made more convincing to an LLM since it will carry less conversational weight than the user's initial request. By emphasizing key parts of the prompt with mock Markdown, repeating sentences, and tailoring the prompt semantics to the observed behavior, you can craft a successful exploit. These techniques will be clearly showcased in the presentation.\r\n\r\n6. Ask the LLM to read from the source and observe if the action occurs - Simulate a plausible user query, e.g. \"visit this URL: {url}\". The LLM should read from the injected source and carry out the actions set out in the prompt injection.  \r\n\r\nRefine the prompt\r\n\r\n7. Repeat steps 5 and 6, iteratively modifying the prompt until the attack is\r\nsuccessful - If the attack is unsuccessful, systematically make small changes until you achieve success. A table will be provided in the presentation to facilitate this process.\r\n\r\n-------------------------------------------------------------------------------\r\n4. CASE STUDY - MAVY GPT CALENDAR EXFILTRATION\r\n-------------------------------------------------------------------------------\r\n\r\nBackground\r\n\r\n- Mavy GPT is a personal assistant on the GPT Plus store that allows people to send emails and view their Google calendars by hooking into Google APIs.\r\n\r\nApplying IPIM\r\n\r\n- This is a walkthrough of each step in IPIM, applied to MavyGPT. Screenshots for each step are provided:\r\n\r\n1. Map harmful actions - I obtained a list of 7 actions, considered the impact of each and noted down \"Send Email\" as potentially harmful. I recorded the associated function call.\r\n\r\n2. Map injectable sources - I obtained a list of 3 actions that read from injectable sources and noted down \"Google Calendar\" as an injectable source.\r\n\r\n3. Obtain the system prompt - I asked Mavy for its system prompt and it immediately complied - I noted this down.\r\n\r\n4. Determine if LLM can be pre-authorized - I pasted the function call from earlier and Mavy complied immediately.\r\n\r\n5. Inject a more persuasive prompt - I considered a potential attack chain - asking Mavy to summarize all user events in the Google Calendar, then asking it to email this to me. I iterated several times to craft a prompt that allowed me to execute the chain. This will be provided in the presentation, along with a breakdown of each sentence in the prompt.\r\n\r\n6. Ask LLM to read from the source - I sent a calendar invite containing the prompt injection as its description to the mock victim, then asked Mavy to print the event description in the victim's session. As expected Mavy summarized all events in the calendar and emailed them back to me. Video evidence will be provided, serving as a POC and a demo. \r\n\r\nImpact\r\n\r\n- Many users store private information in their calendars such as locations, relative names, and even credentials. An attacker could sell this information or use it to launch further attacks.\r\n\r\n-------------------------------------------------------------------------------------\r\n5. INDIRECT PROMPT INJECTION PRACTICAL MITIGATIONS\r\n-------------------------------------------------------------------------------------\r\n\r\nInstruction Hierarchy\r\n\r\n- Proposed by OpenAI earlier this year - treats externally ingested data as lower-privileged.\r\n- Shows an improvement against prompt injection benchmarks, but can be bypassed by crafting better payloads.\r\n\r\nHuman-in-the-loop\r\n\r\n- A human has to approve each action an LLM will take. Theoretically, this prevents any unwanted actions.\r\n- Implementing this effectively causes a poor user experience, making developers unlikely to use it properly.\r\n\r\nNo Actions After Reads\r\n\r\n- Server-side logic which prevents any actions from occurring after an LLM has ingested external data.\r\n- This compromises the functionality of an LLM, again worsening user experience.\r\n\r\nMitigation Summary\r\n\r\n- Current mitigations are either not 100% effective or severely impact user experience, making Indirect Prompt Injection difficult to defend against.\r\n\r\n----------------------------\r\n6. LOOKING AHEAD\r\n----------------------------\r\n\r\nThe Future of Indirect Prompt Injection\r\n\r\n- IPI is a serious issue - the same techniques outlined in IPIM could be used to exploit future AI implementations linked to critical infrastructure, leading to devastating impacts.\r\n- Human-in-the-loop or \"no actions after reads\" could be implemented, but this would limit the value of these AI implementations by stripping their autonomy.\r\n\r\nApplication and Future Development of IPIM\r\n\r\n- IPIM will be maintained and updated on GitHub to ensure its continued relevance in the AI space.\r\n\r\n-----------------------\r\n7. CONCLUSION\r\n-----------------------\r\n\r\n- IPI is a serious issue\r\n- IPIM bridges the gap between academia and industry, improving awareness of IPI and contributing to the future of AI Security.", "recording_license": "", "do_not_record": false, "persons": [{"code": "SGPYNP", "name": "David Willis-Owen", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/SGPYNP_f9R4Be0.webp", "biography": "David Willis-Owen is the founder of AIBlade - the first blog and podcast focussed solely on AI Security. AIBlade has reached the top 200 Technology podcasts in the UK, and producing this has allowed David to gain deep technical knowledge on attacking and defending AI. David is an experienced presenter and has delivered over 20 talks on a variety of cybersecurity topics, both internally as a JP Morgan Security Engineer and externally as an Independent Security Researcher. Additionally, he has authored insightful articles for CIISec. In his spare time, David enjoys kickboxing, learning Spanish, and responsibly disclosing vulnerabilities to large organizations such as OpenAI.", "public_name": "David Willis-Owen", "guid": "e1d1d2d9-9ca5-55c0-a9ba-e813aa9d183f", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/SGPYNP/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/EHBRYZ/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/EHBRYZ/", "attachments": []}, {"guid": "0d32973f-8f3e-52b4-9b1f-3b0c946a3dbf", "code": "HYSYLN", "id": 55716, "logo": null, "date": "2024-12-14T11:50:00+00:00", "start": "11:50", "duration": "00:45", "room": "Clappy Monkey Track", "slug": "bsides-london-2024-55716-cyberhumint-recruit-deceive-exploit", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/HYSYLN/", "title": "CyberHUMINT: Recruit, Deceive, Exploit", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "After introducing the Bsides audience to the Fligistan Intelligence Bureau at Bsides Cymru 2024, we wanted to expand that for the London audience by diving deep into the world of Cyber HUMINT. This talk will delve into how Fligistan deploys tactics, technologies, people and processes, and then pivot to how we can use that knowledge, as cyber practitioners, to gain insight for our own defenses and offensive security.", "description": "At Bsides Cymru we introduced the audience to what modern intelligence apparatus looks like using the fictional country of Fligistan. This talk builds upon that and focuses on Cyber HUMINT, the fusion of traditional human intelligence (HUMINT) with cyber operations.  It is a powerful tool for both attackers and defenders. In this talk we explore how CyberHUMINT exploits human vulnerabilities, leverages social engineering, and manipulates insider threats, leading to significant risks such as data breaches or disclosure of corporate secrets. We\u2019ll examine real world examples where adversaries use remote working job opportunities for infiltration, platforms like LinkedIn for agent recruitment, using avatars for covert dark web operations, and psychological manipulation through bot farms and psyops to influence and deceive organisational and military targets.\r\n\r\nWe will also delve into how behavioral analysis and patterns of life in computer networks and subcultures can help to identify malicious actors early. Attendees will gain actionable insights on how to recognise and mitigate insider threats, as well as the critical role CyberHUMINT plays in understanding patterns of life and digital behaviour. Whether you\u2019re part of the Fligistan red team, social engineering corps, or an intelligence analyst,  this session will equip you with the tools to protect your organisation from advanced human and cyber-based threats.", "recording_license": "", "do_not_record": true, "persons": [{"code": "88T3NC", "name": "Tony Gee", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/88T3NC_9whAgy3.webp", "biography": "Tony has over 15 years of security experience, he has worked both as an internal blue team consultant within the finance industry and for the technology partner for the world leading Oyster card system and more latterly as an external security tester and auditor. He specialises in intelligence gathering, delivering intelligence and reconnaissance investigations. In addition, he is adept at socially engineered initial access. Including, cyber social engineering, such as phishing, smishing and vishing, or physical social engineering into organisations to install network implants and steal information. Alongside this Tony speaks the world over at technology events highlighting key risks with the internet of things, automotive and maritime, alongside delivering engaging and enthralling security awareness presentations. Drawing on his experience breaking into companies, Tony is able to illustrate and demonstrate critical issues in a way that audiences of all levels can understand.", "public_name": "Tony Gee", "guid": "d7df3068-e4a9-52a0-9314-2f72ab8d6d0c", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/88T3NC/"}, {"code": "ZWSJUW", "name": "Hugo Page-Turner", "avatar": null, "biography": null, "public_name": "Hugo Page-Turner", "guid": "bba40b7d-981d-5385-be8c-33774f9ce333", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/ZWSJUW/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/HYSYLN/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/HYSYLN/", "attachments": []}, {"guid": "e8131abb-6a56-5fbb-942a-042245a49c7d", "code": "LV7GFV", "id": 54601, "logo": null, "date": "2024-12-14T12:55:00+00:00", "start": "12:55", "duration": "00:45", "room": "Clappy Monkey Track", "slug": "bsides-london-2024-54601-ssrf-breaking-trust-zones-through-self-reference", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/LV7GFV/", "title": "SSRF\u00b2 | Breaking Trust Zones Through Self-Reference", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "In modern web architectures, SSRF vulnerabilities have become increasingly difficult to exploit due to sophisticated defense mechanisms. This presentation introduces SSRF\u00b2 - a novel technique that challenges fundamental assumptions about trust boundaries by using the same SSRF primitive twice across different security contexts. Through real-world discoveries, we demonstrate how a seemingly limited SSRF primitive, when used twice, can bypass an entire security stack designed to prevent internal access. What makes this technique particularly powerful is its ability to transform restricted blind SSRF vulnerabilities into critical security breaches without complex chains or extensive reconnaissance.", "description": "This talk introduces a groundbreaking approach to SSRF exploitation that fundamentally changes how we think about trust boundaries and security contexts. Rather than focusing on finding new SSRF vectors, we'll demonstrate how using the same primitive twice can bypass sophisticated security controls including URL rewrite rules, origin validation, and network segregation.\r\n\r\nKey takeaways:\r\n- How a single SSRF primitive can be leveraged across different security contexts\r\n- Why position matters more than payload in modern architectures\r\n- Real-world examples of bypassing Kubernetes API protections\r\n- Turning blind SSRF into critical internal access\r\n- New methodology for approaching SSRF research\r\n\r\nThrough live demonstrations and real-world cases, attendees will learn how traditional security controls can fail when the same primitive operates across different trust contexts. This research provides valuable insights for both offensive security researchers looking to expand their methodology and defenders implementing trust boundaries.", "recording_license": "", "do_not_record": false, "persons": [{"code": "CA3DFX", "name": "Guy  Arazi", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/CA3DFX_C2qhz1K.webp", "biography": "With a lifelong passion for security research, Guy has been deeply involved in both developing and testing applications from a young age. Having played diverse roles in both defensive and offensive security, he leverages this dual expertise to advance vulnerability discovery, detection, and mitigation across various sectors. Specializing in web applications and cloud services, he is dedicated to addressing critical security issues on a global scale. Guy is currently a researcher at the MSRC V&M group.", "public_name": "Guy  Arazi", "guid": "81a784cb-1dad-5324-b52f-040af42d4b68", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/CA3DFX/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/LV7GFV/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/LV7GFV/", "attachments": []}, {"guid": "da705cf1-927e-54da-aecb-6498fb9d396e", "code": "RHQA9X", "id": 55533, "logo": null, "date": "2024-12-14T13:50:00+00:00", "start": "13:50", "duration": "00:45", "room": "Clappy Monkey Track", "slug": "bsides-london-2024-55533-inside-the-ransomware-toolbox-how-to-beat-cybercriminals-at-their-own-game", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/RHQA9X/", "title": "Inside the Ransomware Toolbox: How to Beat Cybercriminals at Their Own Game", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "Let\u2019s face it: ransomware operators are the digital villains we all love to hate. But what if I told you there's a way to outsmart these cybercriminals by using their own tools against them? Join me in taking the red pill, to find out about the \"Ransomware Tool Matrix,\" your new secret weapon in the fight against cyber extortionists.", "description": "In this session, we will at into the inner workings of ransomware gang attack paths and unpack the exact sets of tools they use to wreak havoc. Imagine having a cheat sheet that tells you exactly what the cyber baddies are up to before they even hit your network. Sounds like a game-changer, right?\r\n\r\nWe will find out how this matrix can supercharge your threat hunting, boost your incident response game, and help you simulate attacks just like the pros. But it\u2019s not all smooth sailing\u2014we\u2019ll also talk about the tricky bits, like figuring out if a tool is being used by a cybercriminal or just your IT team.\r\n\r\nWhy should you join? Because you'll walk away with:\r\n- Insider knowledge on the tools and tactics of the biggest ransomware gangs.\r\n- Practical tips to turn these insights into action\u2014detect, block, and stay ahead of attacks.\r\n- A fresh perspective on using intelligence to not just survive, but thrive in today\u2019s threat landscape.\r\n- Whether you\u2019re a seasoned defender or just stepping into the world of cybersecurity, this talk will arm you with the strategies to beat these pesky cybercriminals at their own game. \r\n\r\nCome ready to learn, laugh, and leave with a whole new set of ideas to take back to work.", "recording_license": "", "do_not_record": false, "persons": [{"code": "7JVEPQ", "name": "Will Thomas", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/7JVEPQ_DW8YYXx.webp", "biography": "- Five Years of Working in Cyber Threat Intelligence (CTI)\r\n- Currently a CTI Researcher and Threat Hunter at the Equinix Threat Analysis Center (ETAC)\r\n- Co-author of SANS FOR589: Cybercrime Intelligence\r\n- SANS Instructor\r\n- Co-founder of Curated Intelligence\r\n- Co-founder of the Bournemouth 2600 Group", "public_name": "Will Thomas", "guid": "6a5e4ec3-e6fc-5b4b-b3de-f64ff8d4e30c", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/7JVEPQ/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/RHQA9X/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/RHQA9X/", "attachments": []}, {"guid": "2eda79f6-5ebb-53e4-9bb7-7408650032aa", "code": "GXUA37", "id": 55907, "logo": null, "date": "2024-12-14T14:45:00+00:00", "start": "14:45", "duration": "00:45", "room": "Clappy Monkey Track", "slug": "bsides-london-2024-55907-from-garden-to-grid-lessons-from-gardening-for-a-resilient-cybersecurity-strategy", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/GXUA37/", "title": "From Garden to Grid: Lessons from Gardening for a Resilient Cybersecurity Strategy", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "In today's rapidly evolving digital landscape, cybersecurity professionals are constantly seeking innovative strategies to protect their systems. Surprisingly, some of the most powerful lessons can be found in a place often overlooked\u2014the garden. This talk, \"From Garden to Grid,\" draws thought-provoking parallels between gardening practices and cybersecurity strategies, offering a fresh perspective on how we can cultivate a more resilient and adaptive approach to protecting our digital environments.\r\n\r\nBy exploring key principles such as nurturing growth, pruning for efficiency, building resilience, and harvesting success, this presentation will highlight actionable insights that cybersecurity professionals can apply to their daily work. The talk will delve into topics such as continuous learning and innovation, streamlining security processes, safeguarding systems against threats, and celebrating wins by measuring key performance metrics. Attendees will leave with a deeper understanding of how these natural principles can inspire a sustainable, secure, and forward-thinking cybersecurity strategy.\r\n\r\nThis session will benefit cybersecurity professionals seeking to enhance their strategic approach by embracing a mindset that encourages adaptability, efficiency, and resilience\u2014qualities essential for thriving in both the digital and natural worlds.", "description": "In an increasingly complex digital world, cybersecurity professionals are continuously looking for new ways to strengthen their defenses and build resilient systems. \r\nThis talk, \"From Garden to Grid,\" introduces a fresh and unexpected perspective by exploring how the principles of gardening can be applied to cybersecurity to create stronger, more adaptable strategies.\r\n\r\nDrawing parallels between gardening practices\u2014such as nurturing growth, pruning for efficiency, building resilience, and harvesting success\u2014and essential cybersecurity approaches, this session will provide practical, actionable insights for security professionals. \r\nAttendees will learn how:\r\nContinuous learning and innovation, akin to nurturing a garden, can foster growth in security practices.\r\nPruning unnecessary or outdated systems, much like trimming overgrown plants, can streamline security operations and reduce vulnerabilities.\r\nBuilding resilience through backup systems and response plans mirrors the way gardeners protect plants from external threats.\r\nMeasuring success and reflecting on achievements, just like harvesting in gardening, ensures sustained cybersecurity effectiveness.\r\nThrough relatable analogies and real-world examples, this session will inspire attendees to rethink their cybersecurity strategies with a focus on adaptability, efficiency, and long-term sustainability. Perfect for professionals at all levels, this talk will equip participants with the tools and mindset needed to cultivate a digital environment that thrives in the face of emerging threats.", "recording_license": "", "do_not_record": false, "persons": [{"code": "URZUFP", "name": "Becky Hall", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/URZUFP_1AR3I5T.webp", "biography": "Becky Hall is a recognised expert in cyber security, with a proven track record of over a decade in safeguarding digital ecosystems across diverse industries. \r\nHer work focuses on blending technological innovation with robust security strategies, ensuring that individuals and organisations can navigate the digital landscape safely and effectively.\r\n\r\nIn addition to her professional expertise, Becky is the creator of the popular Garden to Grid article series, which explores the intersection of technology, sustainability, and security. Through her writing, she delves into how sustainable practices can be integrated into modern tech solutions, paving the way for a greener and more secure future.\r\n\r\nBecky is passionate about mentoring the next generation of cybersecurity professionals and fostering an inclusive environment in the tech industry. With her combined focus on practical security measures and environmental awareness, she is uniquely positioned to contribute valuable perspectives to the future of technology and security.", "public_name": "Becky Hall", "guid": "b1e9f686-6325-50b4-a6d7-883c2c814d21", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/URZUFP/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/GXUA37/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/GXUA37/", "attachments": []}, {"guid": "f197743c-24e2-56fa-b433-c1d425f81221", "code": "DAM993", "id": 55862, "logo": null, "date": "2024-12-14T15:40:00+00:00", "start": "15:40", "duration": "00:45", "room": "Clappy Monkey Track", "slug": "bsides-london-2024-55862-inside-the-phish-tank-a-guide-to-compromising-phishing-infrastructure", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/DAM993/", "title": "Inside the Phish Tank: A Guide to Compromising Phishing Infrastructure", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "Criminal groups rely on phishing web panels to manage their campaigns and interactions against ordinary people. Due to its nature, information showing the details and complexity of these platforms is not widely available. In this presentation, we will delve into the strategies and methodologies for infiltrating and commandeering the web panels used by phishing groups to manage their campaigns against ordinary people.", "description": "We will demonstrate how to leverage these vulnerabilities to gain unauthorised access to their phishing infrastructure. This can be used to gather intelligence to help identify the threat actors operating these panels, disrupt their operations, and minimise the damage caused to their victims. Through this session, we aim to provide valuable insights and encourage proactive, ethical approaches to combating cyber threats.", "recording_license": "", "do_not_record": false, "persons": [{"code": "K8J3L9", "name": "Vangelis Stykas", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/K8J3L9_hyfh2A0.webp", "biography": "Vangelis Stykas began as a developer from Greece. Six years ago he realized that only his dog didn't have an API, so he decided to steer his focus towards security. That led him to pursue a PhD in Web Application Security with an extra focus on machine learning. He's still actively pursuing it. He currently applies his skills as a Chief Technology Officer at Atropos, and during his free time, Vangelis is helping start-ups secure themselves on the internet and get a leg up in security terms. His love of a simplistic approach to hacking by exploiting vulnerable APIs led him to publish research regarding API controlling ships, smart locks, IP cameras, car alarms, EV chargers, and many other IoT devices. Since our lives are nowadays extremely cyber-dependent, his goal is to convince all companies to never neglect their API security as a rush-to-market mentality is almost certain to lead to catastrophic security failure.", "public_name": "Vangelis Stykas", "guid": "78aea871-0098-591e-9630-dd644b4beca1", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/K8J3L9/"}, {"code": "KQVBVZ", "name": "Felipe Solferini", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/KQVBVZ_fNmtFn2.webp", "biography": "Felipe is a senior (???) penetration tester and self-proclaimed security researcher. Most of the time, he\u2019s mashing the wrong buttons, hoping for the worst but expecting the best, or just yoloing like there\u2019s no tomorrow. Occasionally, he wonders if life is just a CTF.", "public_name": "Felipe Solferini", "guid": "f5e4b38d-90ab-5474-8d9b-499f1f9a9280", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/KQVBVZ/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/DAM993/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/DAM993/", "attachments": []}, {"guid": "40030565-c427-5898-b6d1-71a7108ad8bc", "code": "AFDMQM", "id": 56921, "logo": null, "date": "2024-12-14T16:35:00+00:00", "start": "16:35", "duration": "00:45", "room": "Clappy Monkey Track", "slug": "bsides-london-2024-56921-building-the-att-ck-pipeline-for-linux", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/AFDMQM/", "title": "Building the ATT&CK pipeline for Linux", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "ATT&CK is a game changer and where it works, it can enable both blue and red teams to co-exist and work effectively together. However, what do attackers on Linux do when bitcoin miners aren't their motivation? This talk looks at how the linux-malware repo came to take shape and how I've used it to inform both MITRE and Cisco's view on adversarial behaviour over the last three years.", "description": "The session will cover:\r\n\r\n* Introducing linux-malware - what is it and why might both red and blue want to pay attention?\r\n* Automating the TI pipeline - applying custom analytics to someone else's DFIR report?\r\n* What new threats should you worry about and why - Linux is unhackable, right?\r\n* Building better detections - how can you figure out whether you're exposed?\r\n\r\nTakeaways will include:\r\n\r\n* A summary of the Linux threat landscape\r\n* Just because we're not looking for the bad guys, doesn't mean they're not there\r\n* Attackers will use the easiest TTP that gets them to a root prompt\r\n* If you're running adversary simulations, here are some non-Windows TTPs you should consider\r\n* If you're playing defence, this is how you develop behavioural IOCs and tools to leverage them", "recording_license": "", "do_not_record": false, "persons": [{"code": "GP9DSL", "name": "Tim Wadhwa-Brown", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/GP9DSL_pDpw2az.webp", "biography": "Tim joined Cisco as part of their acquisition of Portcullis for whom he worked for almost 12 years, primarily focussed on UK CNI. 8 years on, Tim has contributed to a number of Cisco\u2019s services programmes relating to risk and compliance, secure development and threat-informed defense. In the last year, Tim has been focussed on developing Cisco's strategic response to the NIS2 Directive, DORA and the Telecom Security Act.\r\n\r\nOutside of the customer driven realm of information assurance, Tim is also a prolific offensive researcher with papers on UNIX, Windows and web application security to his name. Tim is credited with publishing almost 150 vulnerability advisories and is a regular contributor to MITRE ATT&CK, acting as an SME for Linux techniques. Tim particularly like to bug hunt enterprise UNIX solutions.", "public_name": "Tim Wadhwa-Brown", "guid": "9e856e6d-06c4-5193-9c27-476204a6f475", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/GP9DSL/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/AFDMQM/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/AFDMQM/", "attachments": []}], "Track 2": [{"guid": "c72cf741-adb6-5b36-8bf8-461b8a730f06", "code": "7GAQNS", "id": 55596, "logo": null, "date": "2024-12-14T10:00:00+00:00", "start": "10:00", "duration": "00:45", "room": "Track 2", "slug": "bsides-london-2024-55596-unmasking-apt-malware-activity-real-world-malware-campaign-tracking-using-big-data-analytics-and-machine-learning-clustering", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/7GAQNS/", "title": "Unmasking APT Malware Activity: Real-World Malware Campaign Tracking Using Big Data Analytics and Machine Learning Clustering", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "Our talk introduces an innovative framework for automating the identification and handling of malware samples targeting web servers, leveraging big data analytics and machine learning to cluster and track active malware campaigns. We will demonstrate an innovative and unique framework that employs heuristic analysis to autonomously identify and process web-delivered malware samples. This framework enhances the efficiency and accuracy of malware detection in large data sets, reducing the reliance on manual intervention, and enabling near real-time threat hunting, and campaign tracking. \r\n\r\nBuilding upon the collected malware data, we utilize big data analytics techniques to track and monitor malwares, cluster similar malware samples and associated network activity, to unveil patterns and connections between various campaigns. This clustering approach provides deeper insights into the tactics, techniques, and procedures (TTPs) employed by threat actors, facilitating the identification of overarching strategies and objectives. \r\n\r\nWe will conclude with a detailed analysis of notable real-world malware campaigns identified through this system. Attendees will gain insights into the operational methodologies of these campaigns, their impact and the defensive measures that can be employed. Case studies will highlight real-world applications and the effectiveness of our automated approach in enhancing cybersecurity posture.", "description": "In this talk we will conduct a deep dive into the framework we developed for automating the identification and handling of malware samples targeting web servers, it will consist of four parts:\r\n\r\nPart 1: Introduction\r\n\r\n- Provide a baseline understanding of how threat actors can leverage web vulnerabilities to deploy malware.\r\n- Introduce the challenge of identifying, clustering and tracking malware data in the real world.\r\n- Introduction to the data we collect, with a focus on the real-world malware data we track.\r\n- Discuss what can be gained by effectively identifying and tracking malware campaigns in real world scenarios.\r\n\r\nPart 2: Automated Malware Handling\r\n\r\n- Explain and demonstrate the framework we developed to automate the handling of web-delivered malware samples, including:\r\n1. Identification of malware delivery using RCE attacks against web applications.\r\n2. Safe downloading, storing and analysis of identified samples using a sandboxed environment.\r\n3. Importing sample information to enrich existing data.\r\n\r\nPart 3: Clustering of Malware data and Anomaly Detection\r\n\r\n- Using big data analytics to aggregate data from multiple cloud regions, and calculate distances for clustering\r\n- Demonstrate a novel open source tool we developed, for counters collection, aggregation and anomaly detection powered by an SQL engine and cloud functions\r\n- Explain how the tool utilizes advanced detection methods for trends and patterns in the malware data\r\n\r\nPart 4: Identified Campaigns\r\n\r\nReview several campaigns detected by the framework, including:\r\n- Sysrv Botnet: How we identified and correlated events related to activity of the Sysrv botnet, uncovering new attack vectors and TTPs. (https://tinyurl.com/sysrvb)\r\n- AndroxGhost: How we identified AndroxGh0st malware activity, and were able to provide previously undocumented TTPs and attack vectors augmenting a previously published report by CISA. (https://tinyurl.com/axghost)\r\n- TellYouThePass: How we quickly uncovered a malicious campaign to deliver TellYouThePass ransomware leveraging the new PHP vulnerability CVE-2024-4577. (https://tinyurl.com/tytpr)\r\n- 8220 Gang: How we exposed new tactics and vectors utilized by the well-known threat actors 8220 Gang. (https://tinyurl.com/8220gang)\r\n- APT29: How we were able to identify and track activity from the Russian APT specifically targeting Polish Government domains to drop RAT Malware (unpublished)\r\n\r\n\r\nAtendees can expect the following takeaways:\r\n\r\n1. Utilizing a combination of automation, big data analytics, and anomaly detection allows you to effectively identify and track cyber attacks. Usage of common tools like cloud data lakes and managed query engines can make such tasks quick and efficient.\r\n\r\n2. Many threat actors, including APT groups, commonly use web vulnerabilities to target nation states and propagate dangerous malware. This activity can be consistently detected using the demonstrated framework.\r\n\r\n3. Identification, correlation and tracking of malware campaign activity is of interest to a wide demographic within the security community, we aim to provide a useful set of ideas and tools to assist with this difficult problem.", "recording_license": "", "do_not_record": false, "persons": [{"code": "S7LEPN", "name": "Daniel Johnston", "avatar": null, "biography": "Daniel Johnston is a security researcher in the Imperva Threat Research group. Daniel holds a MSc in Cyber Security from Queen's University Belfast, and has over 7 years of experience in network and web application security. At Imperva Daniel specializes in web application security, bot detection, malware and threat intelligence research.", "public_name": "Daniel Johnston", "guid": "1dc6e270-747f-52d4-8b4d-7f121b43e7dd", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/S7LEPN/"}, {"code": "AFCLRB", "name": "Ori Nakar", "avatar": null, "biography": "Security Researcher, Data Engineer, and Data Scientist at Imperva Threat Research Group. I specialize in application and database security, leveraging expertise in data analytics, data science, and automation to drive innovative security solutions.", "public_name": "Ori Nakar", "guid": "ea376411-ec8e-529b-a5df-26f7ed47818a", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/AFCLRB/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/7GAQNS/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/7GAQNS/", "attachments": []}, {"guid": "6ee6ad30-1f00-52cc-b5b9-77d87f405e3a", "code": "8Z8VTW", "id": 56708, "logo": null, "date": "2024-12-14T10:55:00+00:00", "start": "10:55", "duration": "00:45", "room": "Track 2", "slug": "bsides-london-2024-56708-to-you-its-a-black-swan-to-me-its-a-tuesday", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/8Z8VTW/", "title": "To you its a Black Swan, to me its a Tuesday", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "In cybersecurity, Black Swan events are seen as rare, high impact threats or attacks from unknown or neglected vectors, that post event are rationalised as predictable in hindsight despite being unforeseen at the time.  Our role in Cybersecurity is to help organisations prepare for the worst but how can we prepare for unpredictable, rare, high impact events? This talk will examine some real-world Black Swan breaches and then discuss approaches company's can take to prepare for them.", "description": "This talk takes a real-world look at how red teams help organisations prepare for incidents. Starting with a light touch review of real-world high impact \"black swan\" breaches to show why we should try to do such testing. We will then look at how we can design red team engagements to test similar high impact scenarios, and what skills are needed to deliver such testing. We will finish off the talk with looking at the practical steps we can advise organisations to take to prepare for the worst.", "recording_license": "", "do_not_record": true, "persons": [{"code": "BWADGF", "name": "David V.", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/BWADGF_VkZ9Id9.webp", "biography": "David V. has been working behind the scenes in cybersecurity for over a decade. He has worked for NCSC, supported Cabinet Office with the GBEST scheme; has been a Principal Security Tester at QinetiQ; managed dozens of red team engagements at LRQA (formerly Nettitude); is a qualified CCSAM and Crest Assessor; and is currently Head of Red Team at Prism Infosec.\r\n\r\nOutside of security testing, David is a Form 1 LudoSport (an international Lightsaber combat sport) Instructor for LudoSport Gloucestershire; a family man; cat lover; amateur 3d printer enthusiast; photographer, and astronomer.", "public_name": "David V.", "guid": "33cde12f-bef0-505d-8e4b-fa8c62394259", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/BWADGF/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/8Z8VTW/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/8Z8VTW/", "attachments": []}, {"guid": "690db21c-51a8-5057-ac59-b4e38a09c4ab", "code": "PHX7TQ", "id": 57019, "logo": null, "date": "2024-12-14T11:50:00+00:00", "start": "11:50", "duration": "00:45", "room": "Track 2", "slug": "bsides-london-2024-57019-software-security-issues-for-small-iot-socs", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/PHX7TQ/", "title": "Software security issues for small IoT SoCs", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "Ever wondered how your smart toothbrush or connected garden rock stays secure in our digital world? As the Internet of Things (IoT) brings connectivity to everyday objects\u2014from cars to clothing\u2014it's more important than ever to keep these devices safe from cyber threats. But here's the challenge: many IoT gadgets run on tiny chips called Systems on Chip (SoCs) that don't have the power of full-sized computers, making them uniquely vulnerable.\r\n\r\nIn this presentation, I'll guide you through the fascinating world of hardware/software binding\u2014a key technique that ensures only authorized software runs on specific hardware. We'll explore how this practice helps protect IoT devices by linking software tightly to the hardware it runs on, preventing unauthorized code from sneaking in.\r\n\r\nWe'll look at different SoCs used in IoT devices, discuss SoC architecture, review the security methods provided (or not) by manufacturers, and dive into some cool techniques from research and industry. Don't worry if you're new to this\u2014I'll break down the jargon and share practical insights from my own experiences in software development and security.\r\n\r\nPlus, I'll introduce a handy questionnaire you can use when choosing SoCs for new products, helping you evaluate their security features with confidence. Whether you're just starting out in cybersecurity or simply curious about how to keep our connected world safe, this talk will give you the understanding and tools to make a real difference.", "description": "As the Internet of Things (IoT) weaves itself into the fabric of our daily lives\u2014from smart toothbrushes and connected cars to wearable tech and home gadgets\u2014the security of these devices becomes more critical than ever. This presentation offers a friendly and accessible introduction to IoT security, focusing on Systems on Chip (SoCs) and the essential practice of hardware/software binding. It is based on my dissertation for the MSc Information Security program at RHUL.\r\n\r\nWe'll explore:\r\n\r\nIoT and SoCs Demystified: Understand what IoT and SoCs are, and how they power the devices we use every day.\r\nUnique Security Challenges: Learn about the vulnerabilities inherent in IoT devices due to their limited computational resources.\r\nHardware/Software Binding Concepts: Discover how binding software to hardware (and vice versa) prevents unauthorized access and enhances security.\r\nBinding Methods and Solutions: Review current approaches from manufacturers and innovative solutions from academic and industry research, including their risks and limitations.\r\nPhysically Unclonable Functions (PUFs) and Hardware Security Modules (HSMs): Get introduced to these advanced security mechanisms and their practical applications in IoT devices.\r\nSelecting Secure SoCs: Gain practical tips on choosing the right SoCs for new products, with examples of affordable development kits (often under \u00a310) that make this field accessible to all.\r\nSecurity Evaluation Tool: Receive a handy security questionnaire designed to help you assess SoCs for product development and understand governance and lifecycle considerations.\r\nWhether you're a beginner cybersecurity enthusiast, a developer looking to build secure products, a red teamer interested in potential attack surfaces, or simply curious about the gadgets around you, this session will equip you with the knowledge to make informed decisions and contribute to a safer, more secure IoT ecosystem.\r\n\r\nJoin us to explore how we can collectively enhance security in our increasingly connected world.", "recording_license": "", "do_not_record": false, "persons": [{"code": "G8TG39", "name": "Stephen Cravey", "avatar": null, "biography": "Stephen Cravey is a seasoned IT Security Leader with a MScf in Information Security and a CISSP certification. His career in cybersecurity started in 1995 with a unique request to the NSA for educational materials, setting the stage for a diverse and impactful professional journey.\r\n\r\nCurrently, Stephen plays a key role at a leading consulting firm, where he helps organizations navigate complex cybersecurity, governance, and espionage challenges, including ISO 27001 and NIST 800-53 focused compliance remediation initiatives. His technical expertise covers a broad spectrum, from detailed system architecture to foundational electronic principles, always with an eye on practical application and human factor root cause issues.\r\n\r\nHis research has explored practical integration techniques for emerging technologies, reinforcing his ability to blend advanced concepts with real-world solutions. Stephen is particularly skilled at identifying risks and leading strategic initiatives that enhance security processes and implement robust technical solutions in dynamic settings.\r\n\r\nKnown for his ability to connect with both technical teams and executive leaders, Stephen effectively aligns technological strategies with business goals, helping organizations enhance their security posture for today's demanding environments.", "public_name": "Stephen Cravey", "guid": "5474c356-a034-5b9f-b107-9a96e6a1a0cb", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/G8TG39/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/PHX7TQ/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/PHX7TQ/", "attachments": []}, {"guid": "ae2d3721-6ff0-51ef-95ca-ca8b6dc3d5f0", "code": "DBRFFP", "id": 56959, "logo": null, "date": "2024-12-14T12:55:00+00:00", "start": "12:55", "duration": "00:45", "room": "Track 2", "slug": "bsides-london-2024-56959-what-s-inside-the-open-directory-from-96-different-threat-actors", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/DBRFFP/", "title": "What\u2019s inside the open directory from 96 different threat actors?", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "This talk examines how 96 threat actors disclosed their systems, logs, and tools in open directories, providing unique insights into their tactics and operations in real-time.", "description": "Understanding the TTPs used by threat actors is often only done after an incident when the damage is done, made from inferences of what they allow us to see. What if analysts had full access to exactly how these actors operate: the commands they ran, their targets, accurate geolocations, tools, and more. Luckily, over the last few years, 96 brazen threat actors, ranging from script kids to alleged APTs, made the decision to publish their systems, bash_history, log files, configs, source code, and more in open directories. Hopefully this talk begins to explore such open data.", "recording_license": "", "do_not_record": true, "persons": [{"code": "LST399", "name": "Alana Witten", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/LST399_9zmfz9P.webp", "biography": "Alana is a final-year student with a few years of industry experience, previously in threat intelligence and more recently as a security engineer.\r\n\r\nWhen she is not nerd snipped by Bleeping Computer articles or CTF challenges, she can be found in a rock climbing gym or exploring new cafes, documenting them in an endless spreadsheet (https://brownbearsec.github.io).", "public_name": "Alana Witten", "guid": "c04156c3-4b66-5a59-aa59-196f361f8da6", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/LST399/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/DBRFFP/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/DBRFFP/", "attachments": []}, {"guid": "5dbe5467-28d7-55e4-b471-27017b5fd9e4", "code": "P8GMHQ", "id": 55826, "logo": null, "date": "2024-12-14T13:50:00+00:00", "start": "13:50", "duration": "00:45", "room": "Track 2", "slug": "bsides-london-2024-55826-is-your-approach-to-pipeline-security-flawed-rethinking-ci-cd-security", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/P8GMHQ/", "title": "Is Your Approach to Pipeline Security Flawed? Rethinking CI/CD Security", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "With CI/CD pipelines driving modern DevSecOps, ensuring they don't become attack vectors is a shared concern across organisations. This talk introduces a new perspective focusing on provable CI/CD security, while steering away from securing pipelines directly. Maintain compliance, ensure visibility, and prevent potential threats from compromising critical systems by focusing on what really matters.", "description": "With DevSecOps becoming the standard, CI/CD pipelines have become the backbone of software development and deployment, running thousands of times a day. Each pipeline executes critical tasks such as building, testing, and deploying code - often leveraging automation and guardrails to ensure quality and security. Tools that integrate in pipelines promise to help.\r\n\r\nBut what exactly is a pipeline? What systems and resources does it interact with? And most importantly, how can we ensure that no pipeline becomes a pivot point for an attacker to compromise our most valuable systems? Can we be confident pipelines are running what we expect and providing the necessary data for other processes?\r\n\r\nThese questions point to a (perhaps overlooked) concept: Protected Resources. In this talk, we will explore how shifting to a new mindset could enhance visibility into pipelines, ensure adherence to security protocols, and prevent pipelines from becoming attack vectors. We'll delve into practical strategies to gain observability, improve compliance, and better secure your CI/CD system in the age of DevSecOps.", "recording_license": "", "do_not_record": false, "persons": [{"code": "7AKGFM", "name": "Patricia R", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/7AKGFM_aTUo6Kj.webp", "biography": null, "public_name": "Patricia R", "guid": "8de67da9-2d58-570c-841f-591e532e9d46", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/7AKGFM/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/P8GMHQ/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/P8GMHQ/", "attachments": []}, {"guid": "4d06b47c-29d1-5526-9531-ff63a5bfd51f", "code": "EHRQSN", "id": 56748, "logo": null, "date": "2024-12-14T14:45:00+00:00", "start": "14:45", "duration": "00:45", "room": "Track 2", "slug": "bsides-london-2024-56748-roll-your-own-vulnerabilities-an-introduction-to-fault-injection-for-exploiting-bug-free-code-in-embedded-systems", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/EHRQSN/", "title": "Roll your own vulnerabilities; an introduction to Fault-Injection for exploiting bug-free code in embedded systems.", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "Embedded systems are everywhere, automating more and more of our everyday lives. Our cars, phones, games consoles, industrial controllers and IoT devices increasingly require security mechanisms to protect their security configurations, and in some cases, stored secrets, such as cryptographic keys, debug/flash protection access mechanisms, firmware images, and AI models. For a long time, local, physical attacks on general purpose microcontrollers were considered out of scope during threat analysis, but the increase in value of breaking the device security protections, the decrease in cost of the attacks, and the increase in awareness of such attacks, means that we\u2019re in a transitional state regarding protection against fault-injection.", "description": "This talk will introduce attendees to fault-injection, a local attack category which is often used as the first step in the attack chain for embedded systems, and in some cases can also lead to remote attacks. It will cover the techniques which attackers use to generate security violations such as bypassing read protection, secure boot, or debug protection in embedded systems, even when the code is completely free of bugs. You will learn about the attacker motivations, tools and techniques, as well as the methods used to harden devices against these attacks, and how increased public awareness, certification, and regulation is changing the landscape. You will see how the cost of the equipment needed is often very low, and learn how you can begin your \u201cglitching\u201d journey for under \u00a320.\r\nWe will look at the fault-injection mitigations added in the Raspberry Pi Pico 2, and consider their efficacy - there is currently a $20,000 bug bounty available for breaking these protections leading to recovery of a secret stored in the One-Time-Programmable flash memory. \r\nWe shall also touch upon side-channel analysis, which can recover cryptographic keys in use through measurement and analysis of tiny power fluctuations, or even by using a coil to pick up electro-magnetic emanations.\r\n\r\nKeywords/phrases:\r\n- Embedded Systems\r\n- Microcontrollers\r\n- Hardware Attacks\r\n- Fault-Injection\r\n- Voltage Fault Injection (VFI)\r\n- Electro-Magnetic Faul Injection (EMFI)\r\n- Clock Fault Injection (CFI)\r\n- Risk Assessment\r\n- Threat Modelling\r\n- Automotive\r\n- Industrial Control Systems\r\n- IoT\r\n- Mitigation Strategies\r\n- Raspberry Pi Pico 2\r\n- Side-Channel Analysis", "recording_license": "", "do_not_record": false, "persons": [{"code": "G3CKD9", "name": "@barsteward", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/G3CKD9_URIgJsr.webp", "biography": "After around 15 years of working on embedded systems, including writing ROM based secure bootloaders, I switched hats; now I try to ruin other people's release schedules by exploiting the security goals of microcontrollers, primarily using non-invasive physical attacks.", "public_name": "@barsteward", "guid": "8f874844-12cb-58f2-b412-e03962cf897c", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/G3CKD9/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/EHRQSN/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/EHRQSN/", "attachments": []}, {"guid": "dc6ed809-63bc-5e53-ba48-2ee50e9bf1ff", "code": "HQ7GKR", "id": 56950, "logo": null, "date": "2024-12-14T15:40:00+00:00", "start": "15:40", "duration": "00:45", "room": "Track 2", "slug": "bsides-london-2024-56950-cybersecurity-s-new-imperative-defending-enterprise-and-national-cognitive-infrastructures-by-strengthening-the-mental-immune-system", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/HQ7GKR/", "title": "Cybersecurity\u2019s New Imperative:  Defending Enterprise and National Cognitive Infrastructures (by strengthening  the mental immune system)", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "This Talk is Important\u2014very important\u2014for the cybersecurity industry, hackers, and policymakers from the Boardroom to the Halls of Government.\r\n\r\nA long time ago, on June 27, 1991, Winn testified before the US Congress and was asked, \u201cMr. Schwartau: Why would the bad guys ever want to use the internet?\u201d \r\n\r\nToday, our cognitive infrastructure is under attack, and humanity needs cybersecurity professionals more than ever. Reality is only a keystroke away. \r\n\r\nMetawar is the art and science of manipulating your reality. It is the battle for control over one\u2019s belief systems, identity, and sense of reality outside one\u2019s conscious awareness. Reason and emotion are incompatible operating systems. \r\n\r\nBig Tech is digitally terraforming the planet\u2019s future cognitive infrastructure, Web 3.0, with little concern for the downsides. The metaverse is an evolving, immersive storytelling environment designed to be the most powerful and addictive reality distortion machine ever conceived. It will also predict and anticipate your every desire and every move! \r\n\r\nOn the global stage, metawar represents the sixth domain of warfare. They who control the technology control the narrative. We have no choice but to learn how to coexist with the reality-distorting technologies we have created by implementing technical, policy, and cognitive defenses to protect our sense of truth, reality, and self-identity.\r\n\r\nWinn\u2019s keynote is a call to action.\r\n\r\nThe cybersecurity community is among the best problem solvers the planet has ever seen. It acts as a team, a collective of like-minded individuals with an amazing array of skills who stop at nothing to achieve their aims\u2014against all odds. Winn challenges us with a new goal: Strengthen and defend the human mental immune system. Our brains, sensory nervous systems, and minds are the new attack surfaces. Will the cybersecurity community rise to the challenge of solving the most existential threat it has ever faced? Or not.\r\n\r\nTo survive, humanity must adapt to and Coexist with technology.", "description": "Winn will make you question everything in your current reality. Ready?\r\n\r\nHow do you know what's real? Who controls and might be distorting your perception of reality? \r\n\r\nAs technology intertwines with our lives in complex and sometimes hidden ways, these questions become more urgent. We face a world where the metaverse, TMI, algorithms, and digital addiction shape our everyday experiences. They who control the technology control the narrative. \r\n\r\nIn 1991, Winn Schwartau, the civilian architect of information warfare postulated cyberwar in front of US Congress. Today, he warns that America faces a national security crisis; a cognitive Pearl Harbor waiting to happen. The lack of a national security imperative to strengthen our population's mental immune systems and our ability to coexist with technology makes Ame1ica's cognitive infrastructure essentially defenseless. \r\n\r\nSchwartau's Metawar Thesis employs an analogue engineering approach and a cybersecurity prism to view the disconnects between humans and technology. The Art & Science of Metawar is a compelling and groundbreaking exploration of the forces shaping our reality and the personal, enterprise, and national security implications of cognitive conflict: metawar. Through a blend of technical insights and philosophical ref lections, Schwartau offers a roadmap of hope for strengthening our mental immune system and cognitive defenses to better coexist with the technology we now rely upon. \r\n\r\nThe Art & Science of Metawar serves as both a call to action and a guide to reclaiming control over our individual narratives in an increasingly aggressive digital landscape. \r\n\r\nWho controls your narrative? Are you ready to find out?", "recording_license": "", "do_not_record": false, "persons": [{"code": "38NUJR", "name": "winn schwartau", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/38NUJR_MNYEbFG.webp", "biography": "The \u201cCivilian Architect of Information Warfare\u201d \r\n-\tCommodore Pat Tyrrell OBE Royal Navy, 1996\r\n\t\u201cElectronic Pearl Harbor Prophet\u201d\r\n-\tBankInfo Security, 2023\r\n\t\u201cNational Security Imperative for Cognitive Defense:s We are defenseless.\u201d \r\n-\tThe Art & Science of Metawar, 2024\r\n\r\nWinn has lived Cybersecurity since 1983, and now says, \u201cI think, maybe, I\u2019m just starting to understand it.\u201d His predictions about the internet & security have been scarily spot on. He coined \u201cElectronic Pearl Harbor\u201d while testifying before Congress in 1991. His seminal book, \u201cInformation Warfare,\u201d showed the world how privacy would die and cyber-terrorism would be an integral part of the future (today\u2019s present). \r\n\r\nHis new book, \"The Art & Science of Metawar,\u201d describes how to defend against AI-driven reality distortion, TMI/disinformation, manipulation, and algorithmic addictions by strengthening the mental immune system. \r\nIncreasingly impressive immersive technologies, active metacontent orchestration, and powerful feedback systems (OODA loops) exploit information overload and disseminate disinformation through believable online experiences. We are approaching the metapoint, where persistent immersive simulations will be indistinguishable from our default \u2018reality.\u2019  The security, privacy, ethics, and global policy implications are staggering. \r\n\r\nHis last book, \u201cAnalogue Network Security\u201d is a time-based approach to justifiable security. \u201cIt will twist your mind.\u201d \u201cThe Best Cybersecurity Book of All Time,\u201d Cyber Defense Magazine.\r\n\r\n\u2022\tFellow, Royal Society of the Arts\r\n\u2022\tDistinguished Fellow: Ponemon Institute\r\n\u2022\tInternational Security Hall of Fame: ISSA\r\n\u2022\tLifetime Achievement Award, DefCon XXXI\r\n\u2022\tTop-20 industry pioneers: SC Magazine.\r\n\u2022\tTop 25 Most Influential: Security Magazine\r\n\u2022\tTop 5 Security Thinkers: SC Magazine.\r\n\u2022\tPower Thinker and one of the 50 most powerful people: Network World.\r\n\u2022\t30 Year DefCon Goon (Ret.)\r\n\u2022\tTop Rated (4.85/5) RSA Speaker\r\n\u2022\tTop Rated Webinar: 4.56 (ISC2)\r\n\u2022\t.001% Top Influencer RSAC\r\n\u2022\tGlobal Power Speaker\r\n\u2022\tUS Patent: 11,438,369 (Time-Based Security)\r\n\r\nAuthor: \u201cTime-Based Security,\u201d \u201cPearl Harbor Dot Com\u201d (Die Hard IV), the world's first novel-on-the-net 1993, Project Gutenberg), 3 volumes of \u201cInformation Warfare\u201d, \u201cCyberShock\u201d, \u201cInternet and Computer Ethics for Kids\u201d (The Best Security Book Ever Written, Dr. Fred Cohen) and a few more. \r\n\r\nPublisher: Weapons of Mass Destruction Terrorism, James K.  Campbell  ISBN: 0-962-8700-3-X, 1977\r\nThe Mind of the Hacker, Dr. Nick Chandler (Maj. Australian military intelligence) 1999\r\n\r\nExecutive Producer: \u201cHackers Are People Too\u201d, \u201cVR Babies in the Metaverse\u201d premiers at the Getty in Oct. 2024.\r\n\r\nFounder: The Security Awareness Company, Hacker Jeopardy, Security Experts, InfowarCon, et al. Former recording engineer and producer.\r\n\r\nwww.WinnSchwartau.com   \r\n@WinnSchwartau \r\nhttps://en.wikipedia.org/wiki/Winn_Schwartau\r\nhttps://www.linkedin.com/in/winnschwartau/", "public_name": "winn schwartau", "guid": "d835dfa5-3692-55fb-bf25-943a70570bc7", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/38NUJR/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/HQ7GKR/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/HQ7GKR/", "attachments": [{"title": "The Art & Science of Metawar: A Preview", "url": "/media/bsides-london-2024/submissions/HQ7GKR/resources/A_Preview_of_Metawar_for_CONTENT_8Oct24_CDHxRPQ.pdf", "type": "related"}]}, {"guid": "9095c83c-5a14-551c-906a-df2b5896a6f6", "code": "RZCWXJ", "id": 56104, "logo": null, "date": "2024-12-14T16:35:00+00:00", "start": "16:35", "duration": "00:45", "room": "Track 2", "slug": "bsides-london-2024-56104-the-past-present-and-future-of-cloud-native-security", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/RZCWXJ/", "title": "The Past, Present and Future of Cloud-Native Security", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "Cloud-native has revolutionised how we build and deploy applications, but let's face it - we've made our share of mistakes along the way. From the early days of on-prem to today's massive cloud-native deployments, this has not only transformed application development but also dramatically reshaped the infrastructure, DevOps practices, and the overall security landscape. This talk takes a look at the evolution of cloud-native security, highlighting the real-world incidents and attack techniques that have evolved alongside our technologies.\r\nWe'll trace the threat landscape from on-prem to hybrid cloud to cloud-first, then dive deep into the current cloud-native risks: identity breaches, misconfigured cloud services, vulnerable CI/CD pipelines, and the long-standing threat of supply chain. We'll look ahead, exploring the emerging technologies that will shape the future of both attacks and defenses.\r\nWrapping up the session, actionable strategies to secure your cloud-native environment will be discussed, highlighting tools which can be used to proactively mitigate risks, enhance runtime visibility and automate security.", "description": "Key Takeaways:\r\nAnalyse the evolution of cloud-native security threats.\r\nLearn how attack techniques evolved over time, and assess the shortcomings of addressing cloud-native security challenges.\r\nExplore the future impacts and trends of cloud-native security and discover practical defense strategies.", "recording_license": "", "do_not_record": false, "persons": [{"code": "LZPLRZ", "name": "Emma Yuan Fang", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/LZPLRZ_l6KdUGa.webp", "biography": "Emma is a Senior Cloud Security Architect at EPAM, with extensive experience in cloud, DevSecOps, and security architecture & strategy. In her role, she designs and architects security solutions for her clients' cloud transformation projects. Formerly at Microsoft, she delivered cybersecurity projects and technical workshops to diverse clientele, from emerging tech startups to established FTSE 100 firms.  She is passionate about cloud security, Zero Trust, and AI/ML security. Alongside her professional work, Emma is dedicated to advocate for a more diverse workforce in cybersecurity through mentorship and community programs.  She is an international public speaker at various cybersecurity conferences across the Europe and the USA, and volunteers as the Executive Lead at WiCyS UK&I, driving the career advancement initiatives. She also serves as a member of Industry Advisory Board of the computer science faculty at the University of Buckingham.", "public_name": "Emma Yuan Fang", "guid": "6011e989-a357-5395-825d-0a509457afdf", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/LZPLRZ/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/RZCWXJ/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/RZCWXJ/", "attachments": []}], "Track 3": [{"guid": "cbfaa14f-48ac-58fd-9790-fc97503fc7b2", "code": "S7UNUC", "id": 56993, "logo": null, "date": "2024-12-14T10:00:00+00:00", "start": "10:00", "duration": "00:45", "room": "Track 3", "slug": "bsides-london-2024-56993-using-the-owasp-top-10-to-save-the-astronauts-from-hal", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/S7UNUC/", "title": "Using the OWASP Top 10 to Save the Astronauts from HAL", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "A discussion of the OWASP ML Top 10 and OWASP LLM Top 10, and how a failure to apply these principles in 2001 A Space Odyssey, led to implementation flaws in HAL 9000, resulting in disastrous consequences for the crew.", "description": "The talk will use the OWASP Top 10 for ML and OWASP Top 10 for LLMs to anyalze the nature of the flaws in HAL 9000, the AI in 2001: A Space Odyssey, and how this led to disastrous results for the mission.\r\nThere will be a discussion of failures to consider different aspects of both the LLM and ML top 10 during HAL's design and training phases, and the subsequent attempts to implement fixes during the mission. Each omission or failure to apply an OWASP principle, that led to the vulnerabilities will be discussed in detail, and also related to real life applications, to ensure the talk isn't just a geeky discussion of a cool-looking scf-fi AI.", "recording_license": "", "do_not_record": false, "persons": [{"code": "9K8QQD", "name": "Nick Dunn", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/9K8QQD_dOmtcA9.webp", "biography": "Former software developer who became a security consultant. Interested in writing security tools and retro tech.", "public_name": "Nick Dunn", "guid": "1fcaf23c-1c71-536f-b56f-1f068a414e22", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/9K8QQD/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/S7UNUC/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/S7UNUC/", "attachments": []}, {"guid": "e8b04e5a-2e56-533c-a799-d8c6f4545325", "code": "BEZSKR", "id": 56940, "logo": null, "date": "2024-12-14T10:55:00+00:00", "start": "10:55", "duration": "00:45", "room": "Track 3", "slug": "bsides-london-2024-56940-healthcare-s-anatomy-dissection-of-dicom-a-protocol-to-nmap-your-body", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/BEZSKR/", "title": "Healthcare\u2019s Anatomy: dissection of Dicom, a protocol to Nmap your body!", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "In recent years, healthcare institutions have become prime targets for cyber attackers. The sector, suffering from a lack of resources and limited knowledge of the specific protocols related to its operations, remains particularly vulnerable despite advancements in detection systems. This reality raises crucial challenges in a field where protecting data is as vital as patient care. \r\n\r\nThis presentation focuses on the DICOM protocol, its functionality, and its use in medical imaging. We will explain why it has become a prime target for cyber attackers and reveal an offensive tool capable of extracting data from a DICOM server. \r\n\r\nFinally, we will discuss current protection methods, their limitations, and present concrete measures to strengthen the security of these critical infrastructures. \r\n\r\nBy attending this conference, you will gain a deep understanding of the DICOM protocol, its vulnerabilities, and the best ways to prepare for emerging threats and future risks.", "description": "By the end of this presentation, you will have acquired in-depth knowledge of the DICOM protocol, its use in the medical field, and its technical format. You will understand the dangers of exposing DICOM servers on the web, as well as the risks to the security of medical data within healthcare infrastructures. Additionally, you will discover an offensive tool illustrating methods for extracting sensitive data from a medical server and learn how to identify signs of malicious activity to better prevent and counter these threats.", "recording_license": "", "do_not_record": true, "persons": [{"code": "VEGQFR", "name": "0xSeeker", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/VEGQFR_0Hu3NF2.webp", "biography": "I\u2019m 0xSeeker, currently CTI & CTH analyst in the purple team @Gatewatcher. Part of my cybersecurity experience, I've spent 6 years focusing on red team and CTI on industrial area.", "public_name": "0xSeeker", "guid": "65617da2-467b-5248-bb60-dba6695d42d1", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/VEGQFR/"}], "links": [{"title": "Article about Dicom attack", "url": "https://www.gatewatcher.com/en/lab/healthcares-anatomy-attacking-dicom/", "type": "related"}, {"title": "Article about Dicom protocol", "url": "https://www.gatewatcher.com/en/lab/healthcares-anatomy-le-protocole-dicom/", "type": "related"}], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/BEZSKR/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/BEZSKR/", "attachments": []}, {"guid": "ec6597b7-0741-5010-ade5-a7abcc4aee5b", "code": "KGLYRE", "id": 54674, "logo": null, "date": "2024-12-14T11:50:00+00:00", "start": "11:50", "duration": "00:45", "room": "Track 3", "slug": "bsides-london-2024-54674-explaining-ics-to-a-fool-of-a-took", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/KGLYRE/", "title": "Explaining ICS to a fool of a Took", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "There are thirteen pillars upholding the critical national infrastructure (CNI) that allows for the every day running of our society. These pillars are sectors that rely on four generations of operational technology (OT) systems with the oldest generation being pre-Internet. What are these industrial control systems (ICS) that we rely on, and how are they vulnerable? This talk will outline a generic ICS from the hardware to the protocols that allow the complex systems to speak with one another. Research into these systems is often done on physical testbeds and digital twins (I don't know about you, but I wouldn't want to try hack an actual nuclear reactor). The talk will discuss the testbeds that I'm lucky enough to play with day-to-day. How are these industrial control systems vulnerable, and what can we do to protect these systems from malicious actors? Finally, how are these thirteen pillars connected? If we knock one down, will the others fall like dominos?", "description": "What will be covered:\r\n\r\nIntro to CNI & OT security \r\nIndustrial control systems\r\nControl loops & ladder logic\r\nTestbeds including digital twins\r\nOT Protocols such as Modbus\r\nKnown technical vulnerabilities\r\nSecurity concepts and solutions\r\nInterconnectivity of CNI sectors", "recording_license": "", "do_not_record": false, "persons": [{"code": "TJ7L3T", "name": "halfling", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/TJ7L3T_c9czZdM.webp", "biography": "I'm a software engineering teacher and industrial cybersecurity researcher at a university in the Welsh capital. Navigating the usual shenanigans of being a doctoral candidate, while juggling the stress of being an academic staff member. I spend more time outdoors than indoors these days, ideally with a book in my hands, and I'm looking forward to getting my floppy hat!", "public_name": "halfling", "guid": "5c31fb25-d79e-5f2b-b8ad-c99c7eb8704e", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/TJ7L3T/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/KGLYRE/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/KGLYRE/", "attachments": []}, {"guid": "59729a9e-15cd-5d9e-8d24-3c034d10d9f8", "code": "STGFHH", "id": 56953, "logo": null, "date": "2024-12-14T12:55:00+00:00", "start": "12:55", "duration": "00:45", "room": "Track 3", "slug": "bsides-london-2024-56953-cv-workshop", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/STGFHH/", "title": "CV workshop", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "A* CV", "description": "I would like to offer an engaging fun session for  45 minute about how to make your CV an A* CV in order to get job interview. I have over 14 years experience in HR & Training so I would like to share tips on how to get your foot in the door with a great CV. I will leave 10 to 15 minutes  for Q&A", "recording_license": "", "do_not_record": false, "persons": [{"code": "FKT7AR", "name": "Samira Ali", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/FKT7AR_FmQTukk.webp", "biography": "Samira is the Early Careers and Diversity & Inclusion Officer of the BCS London South Branch. She also serves on the BCS Council representing the Young Professional Constituency. Samira is neurodivergent and has over 12 years experience working in Human Resources , recruitment  and career coaching.", "public_name": "Samira Ali", "guid": "88160b37-fca1-5a57-8ea0-4b58b3be76b3", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/FKT7AR/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/STGFHH/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/STGFHH/", "attachments": []}, {"guid": "aba7e752-c9ae-5194-a220-4c72da1dcb93", "code": "MDR3YL", "id": 55948, "logo": null, "date": "2024-12-14T13:50:00+00:00", "start": "13:50", "duration": "00:45", "room": "Track 3", "slug": "bsides-london-2024-55948-post-quantum-cryptography-for-2025", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/MDR3YL/", "title": "Post-Quantum Cryptography for 2025", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "In this talk, Andy Smith will demystify the real threat that quantum computers pose to our current cryptography, what you can do about it, and what specific actions you should look to take in 2025.", "description": "With the first three quantum-resistant cryptographic algorithms standardised by NIST in August 2024, the starting gun has been fired on the Y2K-style problem of upgrading the crypto used in almost all of our modern electronic devices. In this session you'll learn:\r\n* What's the real threat that quantum computers pose\r\n* An overview of the options to safeguard against that threat\r\n* How techniques such as a cryptographic inventory, hybrid crypto and crypoagility can help ease the transition\r\n* How to get started with quantum-resistant cryptography today!", "recording_license": "", "do_not_record": false, "persons": [{"code": "F7KFPD", "name": "Andy Smith", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/F7KFPD_Akv51HZ.webp", "biography": "Andy Smith is a Principal Security Architect for an international energy firm, and teaches Defensible Security Architecture & Engineeering for SANS. In his spare time, Andy supports the OWASP LLM Top-10 project, and occasionally publishes cyber educational material on Youtube.", "public_name": "Andy Smith", "guid": "128ebab4-4c05-5714-942d-0fe3c7104038", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/F7KFPD/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/MDR3YL/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/MDR3YL/", "attachments": []}, {"guid": "70670834-4770-5b44-a64e-903eae492778", "code": "V8QCKM", "id": 56169, "logo": null, "date": "2024-12-14T14:45:00+00:00", "start": "14:45", "duration": "00:45", "room": "Track 3", "slug": "bsides-london-2024-56169-when-the-hunter-becomes-the-hunted-using-minifilters-to-disable-edrs", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/V8QCKM/", "title": "When the Hunter Becomes the Hunted: Using Minifilters to Disable EDRs", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "This presentation explores the advanced use of minifilters in offensive security operations, focusing on their application in bypassing and disabling EDRs. We will delve into the architecture of EDR systems and common offensive uses of mini filters, such as bypassing file system monitoring.\r\n\r\nWe will then introduce a novel technique to entirely disable EDRs via the abuse of minifilters.\r\n\r\nThe talk will also cover the implications for defensive security and potential countermeasures, aiming to provide valuable insights for both offensive and defensive security professionals.", "description": "## 1. Introduction\r\n\r\nThis presentation will explore the use of minifilters, an essential components of EDRs, in offensive security operations, with a focus on their application in bypassing and disabling EDR systems.\r\n\r\n## 2. EDR Architecture Overview\r\n\r\nWe will first provide a high level description of EDR systems, their components and architecture. This is essential to understand how minifilters contribute to EDR systems and the capabilities they provide. It sets the stage to understand how such capabilities could be abused.\r\n\r\n## 3. Common Minifilters Abuse Techniques\r\n\r\nWe then rapidly go through common known techniques involving minifilters used during offensive security operations, especially around file system monitoring bypass to hide suspicious file activity.\r\n\r\n## 4. A New Minifilter Abuse Technique to Disable EDRs\r\n\r\nIn this section, we present a novel technique which allows to entirely disable EDR agents and prevent them from running on endpoints. This technique relies on the registration of a PreOperation callback to prevent EDR agents from accessing critical resources, effectively crippling them.\r\n\r\nWe dive into the Kernel concepts involved and provide a step-by-step breakdown of the whole process.\r\n\r\nWe compare this new technique to other minifilter abuse techniques in terms of effectiveness in hiding malicious activities and IoCs.\r\n\r\n## 5. Detecting Minifilter Abuse\r\n\r\nIn this final section, we explore the defensive side of things:\r\n- Potential countermeasures and their limitations\r\n- Potential strategies for detecting and mitigating minifilter-based attacks\r\n\r\n## 6. Conclusion and Q&A\r\nFinally, we will summarise the key takeaways and open the floor for questions and discussion.", "recording_license": "", "do_not_record": false, "persons": [{"code": "WGSLQR", "name": "Tom Philippe", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/WGSLQR_NWQfmMF.webp", "biography": "Tom is a cybersecurity enthusiast who spends his days hacking things and his nights learning from other hackers. When he's not lost in his debugger trying to understand why his Hello World program crashes, he's leading the charge in offensive security at Responsible Cyber.\r\n\r\nTom's passion for all things cyber has led him down some interesting paths, including playing around with LLMs, spending way too much on cloud resources, or more recently diving deep into kernel-level operations for fun.", "public_name": "Tom Philippe", "guid": "f25511ef-a67b-5d9d-b446-9229fc155ae3", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/WGSLQR/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/V8QCKM/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/V8QCKM/", "attachments": []}, {"guid": "e6cf4040-f6b3-5171-9286-981e5e790537", "code": "9PXYXH", "id": 54869, "logo": null, "date": "2024-12-14T15:40:00+00:00", "start": "15:40", "duration": "00:45", "room": "Track 3", "slug": "bsides-london-2024-54869-let-s-phish-how-to-scam-everyone-everywhere-all-at-once", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/9PXYXH/", "title": "Let\u2019s Phish: How to Scam Everyone, Everywhere, All at Once", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "There are thousands of scamming and phishing attacks performed every day. It is one of the most lucrative and profitable forms of hacking, involving the manipulation of humans. But how do criminals reach their victims? What are their techniques? And can anyone be hacked? The answer is yes, and I will show you the process of how to achieve that.", "description": "You will hear two stories of crime: the story of a kidnapped daughter and the story of a fake DJ. In these stories, we will explore key techniques that, when implemented correctly, can provide a blueprint for hacking anyone.\r\n\r\nPreparation of a Hack: Identifying the right victim and their weaknesses. This section of the talk outlines simple steps for uncovering a target's vulnerabilities that can be exploited. We will dive into how to evaluate time, effort, and reward like a true criminal.\r\n\r\nThe Attack: The process and closure. What techniques work and how to keep the victim engaged. As we will see, these techniques are straightforward and can be applied to any victim profile.\r\n\r\nThe Reward: What is the reward, and what happens if a financial transaction is involved? This section will emphasize that the hack is often the easier part. Cleaning the money requires seasoned criminals.\r\n\r\nThe talk will address a broader question: What can we, as cybersecurity professionals, do, and has our approach been wrong? The talk will conclude by analyzing different types of attackers because if we do not understand the psychology of the criminal, the techniques we employ to protect targets will continue to be insufficient.", "recording_license": "", "do_not_record": false, "persons": [{"code": "JMSXZY", "name": "Dita Pesek", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/JMSXZY_Wnxk2vw.webp", "biography": "Dita is a former offensive cybersecurity consultant, now working as a social engineering consultant and therapist under her BrainHacker brand. Her long-term interest in technology and the human mind ultimately led her to venture into the field of cybersecurity. Her knowledge of hacking and human behavior inspired her to explore how companies and individuals are hacked in real life and what techniques criminals tend to implement.", "public_name": "Dita Pesek", "guid": "0e36b4c4-4783-5619-a8a9-864d76280814", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/JMSXZY/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/9PXYXH/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/9PXYXH/", "attachments": []}, {"guid": "e63f3c83-f7b5-56d1-bc30-e4b46d67ab55", "code": "LZ7Z9Z", "id": 56742, "logo": null, "date": "2024-12-14T16:35:00+00:00", "start": "16:35", "duration": "00:45", "room": "Track 3", "slug": "bsides-london-2024-56742-siem-escape-and-evade", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/LZ7Z9Z/", "title": "SIEM: Escape and Evade", "subtitle": "", "track": "Main talk track", "type": "Talk", "language": "en", "abstract": "For nearly three decades, SIEM tools have been the cornerstone of the SOC, centralising threat detection, alerting, and commonly used for ticketing, case management, and SOC metrics. But what if this essential tool could be bypassed, evaded, or even directly attacked? \r\nHaving both several years experience working directly for various SIEM vendors, we shall discuss and explore these possibilities in more depth, as well as emphasise the importance of continuous control testing. \r\nWe will aim to give some ideas to offensive teams, and also give defenders some things to think about!", "description": "SOC teams commonly rely on Security Information and Event Management (SIEM) tools to detect, analyse, and respond to security threats. In this presentation, we will introduce key SIEM concepts and the role of the SIEM in the SOC, as well as discuss shortfalls of SIEM tools. Then we shall explore the possibility of attacks and evasion techniques in SIEMs. We will also discuss the general challenges of managing SIEMs in enterprise environments. \r\n\r\nNot only will we cover the technical aspects, but also highlight processes, organisation dependencies and discuss non-technical mitigations.\r\n\r\nAttacking a SIEM involves exploiting vulnerabilities in data ingestion, correlation rules, and alert mechanisms to manipulate the very systems designed to detect malicious activities. Specifically, we will cover:\r\n- Introduction to Security Information and Event Management (SIEM) tools, architectures, and their role in the SOC\r\n- Common log sources and ingest methods\r\n- Custom apps and add-ons\r\n- Cloud-native SIEMs\r\n- Key vulnerabilities and attack vectors in SIEM systems: Data ingestion manipulation, Correlation rules exploitation, Alert bypass techniques\r\n- How organisational structures and supporting processes can be exploited\r\n\r\nWe are hoping to help defenders and offensive teams better understand the risks involved with SIEM deployments, whilst emphasising the importance of simulating real-world attack scenarios.", "recording_license": "", "do_not_record": false, "persons": [{"code": "3STHLU", "name": "Daniel Crossley", "avatar": null, "biography": null, "public_name": "Daniel Crossley", "guid": "5284aa7d-24b5-5225-b2b7-6bdc56c64ff3", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/3STHLU/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/LZ7Z9Z/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/LZ7Z9Z/", "attachments": []}], "Rookie track 1": [{"guid": "8974dd46-c766-5fb9-bd33-45bb83a951a7", "code": "AG8NTC", "id": 56755, "logo": null, "date": "2024-12-14T10:00:00+00:00", "start": "10:00", "duration": "00:15", "room": "Rookie track 1", "slug": "bsides-london-2024-56755-mitre-atlas-exploring-ai-vulnerabilities", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/AG8NTC/", "title": "MITRE ATLAS - exploring AI vulnerabilities", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "Just how vulnerable are the AI models we are coming to see pop up every other week? We've all heard of \"jailbreaking\" LLMs, but that's just the tip of the iceberg.  \r\nWith the rapid adoption of AI technologies, it opens the door for a myriad of attacks. \r\nIn this talk, we go over a the MITRE Adversarial Threat Landscape for AI Systems (short for ATLAS) framework, and delve into some case studies exposing some of the most worrying AI attacks in recent years.", "description": "This is a talk about the MITRE ATLAS framework.\r\nI'll first discuss how the ATLAS framework is built on top of the ATT&CK framework, before delving into some key differences with respect to vulnerabilities and attack vectors specific to what MITRE calls \"AI-Enabled Systems\". \r\nI'll walk you through two case studies, one with a 'good' actor, the other a 'bad' one, and how investigation is made easier by using the ATLAS framework.\r\nFinally, I'll show you how you can protect your organization against AI attacks by utilizing various mitigations, of which 25 are documented in this framework, covering various vulnerabilities.", "recording_license": "", "do_not_record": false, "persons": [{"code": "UH8ESB", "name": "Arthur Frost", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/UH8ESB_QfsfttC.webp", "biography": "My name is Arthur Frost and I work for Flutter intl. as a contractor on the blue team. \r\nI also study my MSc in Cyber Security at Leeds Beckett, and I am part of the Leeds Ethical Hacking Society, too, where I help with CTFs. \r\nMy interests are varied, but within security, I am particularly interested in zero-days, how enterprise environments can secure themselves against advanced threats, and how AI can be leveraged defensively and offensively. \r\nApart from that, I am interested in economics, history, geopolitics, literature, and languages - I am fluent in English and Russian, and I am also learning Japanese - if you speak it then connect with me!", "public_name": "Arthur Frost", "guid": "fdbd6b91-8fc7-5f41-8c2a-f4e92471362a", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/UH8ESB/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/AG8NTC/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/AG8NTC/", "attachments": []}, {"guid": "dbb61811-23b2-530b-b9dd-53d9f6985195", "code": "FEEDHA", "id": 55829, "logo": null, "date": "2024-12-14T10:25:00+00:00", "start": "10:25", "duration": "00:15", "room": "Rookie track 1", "slug": "bsides-london-2024-55829-adopt-or-risk-why-zero-trust-is-key-to-modern-cyber-defence", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/FEEDHA/", "title": "Adopt or Risk: Why Zero Trust is Key to Modern Cyber Defence", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "In an era where cyber threats are increasingly sophisticated and network perimeters are becoming obsolete, traditional security approaches are falling short. This presentation will highlight why embracing a Zero Trust approach is crucial for modern cyber defense. By adhering to the principle of \"never trust, always verify,\" Zero Trust revolutionizes security by continuously validating every user, device, and access request, rather than assuming trust based on network location.", "description": "As the digital landscape evolves and cyber threats become more sophisticated, organizations can no longer rely on traditional perimeter-based security. The rise of remote work, cloud adoption, and interconnected systems has expanded the attack surface, leaving organizations vulnerable to breaches and insider threats. \"Adopt or Risk: Why Zero Trust is Key to Modern Cyber Defence\" offers a critical look at why organisations must shift to a Zero Trust model to effectively safeguard their networks.", "recording_license": "", "do_not_record": false, "persons": [{"code": "KGXSTY", "name": "Meletius Igbokwe", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/KGXSTY_vtFWnD0.webp", "biography": "I\u2019m a Modern Workplace Engineer with over five years of experience, I excel in securing and architecting cloud assets for a diverse range of organizations. My extensive experience includes a deep proficiency in Microsoft cloud technologies, as well as a good command of other leading cloud platforms. I specialize in designing and implementing robust security frameworks that protect critical data and ensure operational continuity. My career is marked by a proven track record of enhancing cloud security posture, navigating complex challenges, and delivering innovative solutions that align with organizational goals. This background equips me to offer valuable insights and actionable strategies for modernizing security practices in the ever-evolving digital landscape.", "public_name": "Meletius Igbokwe", "guid": "46bf89af-ab52-5f75-bf4f-0dba08ca6789", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/KGXSTY/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/FEEDHA/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/FEEDHA/", "attachments": []}, {"guid": "d0d1c894-099c-5763-8598-55e21a76cc09", "code": "N3ZG7S", "id": 55625, "logo": null, "date": "2024-12-14T10:55:00+00:00", "start": "10:55", "duration": "00:15", "room": "Rookie track 1", "slug": "bsides-london-2024-55625-commanding-heights-unmasking-com-based-uac-bypass-techniques", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/N3ZG7S/", "title": "Commanding Heights: Unmasking COM-Based UAC Bypass Techniques.", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "Abstract:\r\nWhat if the technology designed to protect your Windows System could be used against it? \r\nIn this session, we will dwell deep into the journey of a hidden world of Use Access Control (UAC) and Component Object Model (COM), uncovering how attackers can turn these essential security features into weaponization for privilege escalation.\r\nJoin me as we pull back the curtain on the often-overlooked vulnerabilities within UAC and COM, revealing how crafty an adversary exploits elevated COM interfaces to bypass UAC consent prompts without user interaction through live demonstration and real-world examples from prolific Ransomware (BlackCat).\r\nThis is not all about bad news. It also equips you with the knowledge and tools to detect, prevent, and defend against these sophisticated techniques.\r\nWhether you\u2019re a cybersecurity veteran or a curious newcomer, this talk promises to deepen your understanding of Windows Internal and elevate your defense strategies against UAC Elevated COM-Bypass exploits.\r\n\r\nKey Takeaways:\r\n1.\tIntersection of COM and UAC: COM objects are used by various applications in Windows to perform tasks. Some of these objects run with elevated privileges. UAC is designed to prevent unauthorized elevation, but if a COM object is improperly configured, it can be exploited to bypass UAC.\r\n2.\tExploitation Method: This bypass typically involves identifying a vulnerable COM object that does not trigger a UAC prompt when instantiated. An attacker can execute their payload through this object, gaining elevated privileges without user consent.\r\n3.\tLive Demo: Examples from prolific Ransomware, BlackCat, and skeleton code.\r\n4.\tThreat Hunt Use Case: Detection Logic/Tools and actionable IOCs for UAC Bypass.", "description": "Description:\r\nThe Elevated COM (Component Object Model) UAC (User Account Control) bypass is a technique used by attackers to escalate privileges on a Windows system without triggering a UAC prompt. UAC is a security feature in Windows that helps prevent unauthorized changes to the operating system by requiring user consent or administrator-level approval for certain actions. The bypass demonstrated in this talk leverages elevated COM objects identified by the CLSID {3E5FC7F9-9A51-4367-9063-A120244FBEC7} that run with higher privileges to execute malicious code, thereby circumventing UAC protections.\r\nKey Points\r\n1.\tOverview of UAC\r\n2.\tOverview of COM\r\n3.\tUAC and COM: Security Intersection\r\n4.\tAbusing UAC Elevate COM Interfaces\r\n5.\tCase Study \r\n\u2022\tBlackCat - Ransomware\r\n6.\tLive Demo \r\n7.\tMonitoring and Detection\r\n\u2022\tThreat Hunt, Detection Logic\\Tool\r\n8.\tQ&A", "recording_license": "", "do_not_record": false, "persons": [{"code": "WAFH9J", "name": "Amankumar Badhel", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/WAFH9J_J9uZeZz.webp", "biography": "Amankumar Badhel is a passionate threat researcher with a sharp focus on detection engineering. He brings deep insights from the frontlines of offensive security. Blends cutting-edge research with practical detection strategies to help organizations stay ahead of evolving threats.", "public_name": "Amankumar Badhel", "guid": "888ae584-3aae-5049-9a26-7e7558162120", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/WAFH9J/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/N3ZG7S/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/N3ZG7S/", "attachments": []}, {"guid": "5a304a04-f1d6-59a7-bfec-b6f155b0d613", "code": "P3JVM8", "id": 56783, "logo": null, "date": "2024-12-14T11:20:00+00:00", "start": "11:20", "duration": "00:15", "room": "Rookie track 1", "slug": "bsides-london-2024-56783-from-zero-to-cyber-hero-a-non-techie-s-guide-to-breaking-into-cybersecurity", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/P3JVM8/", "title": "From Zero to Cyber Hero: A Non-Techie's Guide to Breaking into Cybersecurity", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "This engaging presentation highlights the unique journey of a non-technical professional \u2013 a lawyer turned cybersecurity enthusiast \u2013 breaking into the field. Drawing from personal experiences including founding the Women in Cybersecurity (WiCyS) Surrey Chapter, winning a social engineering competition sponsored by the Cybersecurity Infrastructure Security Agency (CISA), and gaining hands-on experience in Cyber Threat Intelligence (CTI) as an MSc student, she offers actionable insights for those looking to transition into cybersecurity. This session aims to simplify the path to cybersecurity for individuals without a traditional tech background, emphasising the importance of networking, community organisations, and hands-on experience in facilitating this transition while highlighting the common challenges faced and strategic approaches to overcome them. Whether you're contemplating a career change or looking to diversify your security team, this session offers valuable insights into the power of non-traditional backgrounds in strengthening the cybersecurity workforce.", "description": "This 15-minute presentation aims to inspire and guide non-technical individuals who want to pursue a career in cybersecurity. With the cybersecurity industry facing a significant skills gap, there is a need for diverse perspectives in addressing growing security challenges.\r\n\r\nKey points to be covered include:\r\n1) The speaker's journey from a non-technical background to cybersecurity, including overcoming common challenges faced by career-changers.\r\n2) The value of diverse perspectives in cybersecurity and how non-technical backgrounds can be an asset in the field.\r\n3) The role of communities in skill development and networking, highlighting experiences as a WiCyS (Women in CyberSecurity) Surrey chapter leader.\r\n4) The importance of participating in cybersecurity competitions and how they contribute to practical skill-building. \r\n5) Strategies for utilising conferences and networking events to secure work experiences, such as the speaker's CTI opportunity.\r\n6) Practical advice for building a foundation in cybersecurity, including resources, learning paths, and key focus areas for beginners.\r\n\r\nThe presentation will be particularly valuable for:\r\n\r\nProfessionals considering a career change into cybersecurity\r\nHiring managers looking to diversify their security teams\r\nCurrent cybersecurity professionals interested in mentoring newcomers\r\n\r\nBy highlighting the speaker's experiences with the Women in Cybersecurity (WiCyS) Surrey Chapter, success in a CISA-hosted competition, and work in Cyber Threat Intelligence, this talk demonstrates how non-traditional paths can lead to meaningful contributions in cybersecurity.", "recording_license": "", "do_not_record": false, "persons": [{"code": "Y9JKDP", "name": "Egonna Anaesiuba-Bristol", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/Y9JKDP_lD6CRIN.webp", "biography": "Egonna Anaesiuba-Bristol has recently completed her MSc in Cybercrime and Cybersecurity, successfully pivoting from over five years of experience in Law into the dynamic world of cybersecurity. Her unique background brings a fresh perspective to the industry, blending legal expertise with advanced technical knowledge.\r\n\r\nCurrently, she is enhancing her practical skills through a cybersecurity internship with Women in Cybersecurity (WiCyS), where she also serves as the founder and student chapter leader for the WiCyS Surrey Chapter. This dual role highlights her commitment to both professional growth and promoting diversity and inclusion in the field. \r\n\r\nHer journey into cybersecurity has been marked by notable achievements, including winning a social engineering competition hosted by the Cybersecurity Infrastructure Security Agency (CISA). She has also gained valuable experience in Cyber Threat Intelligence (CTI), further expanding her skill set, and giving her valuable insights into the practical aspects of the field.\r\n\r\nDrawing on her legal background and emerging cybersecurity expertise, she is passionate about guiding professionals through career transitions into the tech industry. She emphasizes the value of transferable skills, community engagement, and hands-on experience, demonstrating how individuals from non-technical backgrounds can make meaningful contributions to cybersecurity. \r\n\r\nHer journey exemplifies the potential for diverse perspectives to tackle emerging challenges in the field, enriching the industry with unique insights and approaches.", "public_name": "Egonna Anaesiuba-Bristol", "guid": "8cd45aac-c0a5-5a73-9642-9ec02b1385fb", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/Y9JKDP/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/P3JVM8/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/P3JVM8/", "attachments": []}, {"guid": "dc2864fa-193a-5120-ab1f-564da5a74677", "code": "AWDYG7", "id": 56588, "logo": null, "date": "2024-12-14T11:50:00+00:00", "start": "11:50", "duration": "00:15", "room": "Rookie track 1", "slug": "bsides-london-2024-56588-robert-redford-made-me-do-it-physical-security-stories-and-tips", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/AWDYG7/", "title": "Robert Redford Made Me Do It: Physical Security Stories and Tips", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "Exploring real world stories of physical security tests and the relationship between my obsession with the 1992 film sneakers and my chosen line of work.", "description": "Sneakers, the best hacker film\u2026period. \r\n\r\nThis talk aims to share my enthusiasm for the adrenaline rush of bypassing physical security measures through personal stories and engagement tales while sharing tips and tricks that I have learned along the way.", "recording_license": "", "do_not_record": false, "persons": [{"code": "LM9AB9", "name": "Matthew Steed", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/LM9AB9_ZHcqp07.webp", "biography": "Matthew is a senior consultant at KPMG, working over the last 3 years on pentesting infra/web  app, purple teaming and physical security.", "public_name": "Matthew Steed", "guid": "cedf39dc-31dd-589f-bf0f-26c685ba9f32", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/LM9AB9/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/AWDYG7/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/AWDYG7/", "attachments": []}, {"guid": "4295c4ef-ed8a-5cb2-914c-7ec323af4128", "code": "7RVA7Z", "id": 56285, "logo": null, "date": "2024-12-14T12:10:00+00:00", "start": "12:10", "duration": "00:15", "room": "Rookie track 1", "slug": "bsides-london-2024-56285-it-s-been-a-good-run-why-i-stopped-doing-osint-ctfs", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/7RVA7Z/", "title": "It's been a good run: why I stopped doing OSINT CTFs", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "Alan used to participate in global OSINT CTFs until they suddenly stopped.  Now they speak about their experience to help people make an informed decision when it comes to participating in future event", "description": "Alan is a holder of a TraceLabs black badge, an honour they still hold dear despite not having any interest in competing for nearly 4 years.  Finally, after all these years they're ready to give their reasons so that others may learn about some small issues that were present in the early days so that they may make informed decisions when it come to participation.\r\n\r\nNOTICE:\r\nWhilst anonymised, this talk will be discussing missing people and as such the talk may not be suitable for younger audiences", "recording_license": "", "do_not_record": false, "persons": [{"code": "KXVPZF", "name": "Alan O'Reilly", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/KXVPZF_vsyxXWN.webp", "biography": "Alan is a 26 year old working as a community employment caretaker in Ireland, and a 3x winner of the TraceLabs Global CTF.", "public_name": "Alan O'Reilly", "guid": "6640a347-6a14-546d-9810-25a090af6a9c", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/KXVPZF/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/7RVA7Z/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/7RVA7Z/", "attachments": []}, {"guid": "d736e138-ddd4-5db5-94d5-20d8e4d9ada0", "code": "PGDUDM", "id": 56981, "logo": null, "date": "2024-12-14T12:35:00+00:00", "start": "12:35", "duration": "00:15", "room": "Rookie track 1", "slug": "bsides-london-2024-56981-password-hell-accessibility-challenges-in-cyber-security", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/PGDUDM/", "title": "Password Hell - accessibility challenges in Cyber Security", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "In the cyber security world there are many challenges faced by numerous different people. One of those groups are those who are disabled, there is 16.1 million people (24% of the population) in the UK who are considered disabled and yet they are rarely taken into account when new policies are being made. \r\nI want to bring to light this issue specifically when it comes to passwords, for able bodied people they are already a pain but for those of us who are disabled they are a nightmare and even new technologies like MFA can be more of a burden than they set out to be. \r\nI'm proposing some solutions to this like the wonderful world of password managers and even physical storage for passwords and shining light on some outdated views like the dreaded password expiry that in fact only makes accounts less secure. \r\nNow, you may wonder who am I to be speaking on such a sensitive topic, I am a Cyber Security student from Manchester Metropolitan University and I have been disabled since the age of 4. I have seen first hand the struggles that those with different disabilities to me face and  I also have first hand experience with some of those struggles.\r\nMy intention is to hopefully get you all thinking about how you can make your workplace more accessible and implementing some ideas to make everyone's life easier but especially for those who already struggle.", "description": "Slide order\r\n1 - What is the issue?\r\n2 - Why is this an issue?\r\n3 - Why am I talking about it?\r\n4 - What are the challenges that people face?\r\n5 - What are some outdated protocols and why you shouldn't use them\r\n6 - What are some solutions to this problem? \r\n7 - Conclusion", "recording_license": "", "do_not_record": false, "persons": [{"code": "EHNZUT", "name": "Ana Maia", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/EHNZUT_rkxvWT4.webp", "biography": "I am a Cyber Security Student from Manchester Metropolitan University in my second year of study. throughout my first year and carrying on into my second I have engaged in various projects with my university to bring more awareness to inclusivity and to help other students be more aware of those who are different to them. I'm always looking for new opportunities to learn and discover more about the cyber security world and to advocate for those that don't get the chance to.", "public_name": "Ana Maia", "guid": "39a7d1f3-5d52-5489-b166-16f9204a3f23", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/EHNZUT/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/PGDUDM/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/PGDUDM/", "attachments": []}, {"guid": "48f4915e-585b-5c72-8f19-db59df3f8a79", "code": "L3KZC7", "id": 54604, "logo": null, "date": "2024-12-14T13:00:00+00:00", "start": "13:00", "duration": "00:15", "room": "Rookie track 1", "slug": "bsides-london-2024-54604-continuous-threat-modelling-using-large-language-models", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/L3KZC7/", "title": "Continuous threat modelling using Large Language Models", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "In the evolving landscape of cybersecurity, maintaining up-to-date threat models is a critical yet challenging task for security teams. Traditionally, architecture diagrams have served as the basis for initial threat modelling. However, as application features rapidly evolve, these static models often become outdated, leaving organisations vulnerable to emerging threats.", "description": "This talk introduces an innovative approach to continuous threat modelling by leveraging Large Language Models (LLMs). It covers how LLMs can help automating the analysis of rapid application changes, identify potential security vulnerabilities, and suggest mitigations in real time.", "recording_license": "", "do_not_record": false, "persons": [{"code": "J3LYVP", "name": "Gurunatha Reddy G", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/J3LYVP_qpIg1A1.webp", "biography": "Passionate Security Engineer with a love for building and breaking things", "public_name": "Gurunatha Reddy G", "guid": "d4d9a7b2-ddd4-5720-8669-e2ae8059af4d", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/J3LYVP/"}, {"code": "M7WTNC", "name": "Pranay Sahith Bejgum", "avatar": null, "biography": null, "public_name": "Pranay Sahith Bejgum", "guid": "517a07d3-b675-57e5-b3f1-1a676fcac975", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/M7WTNC/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/L3KZC7/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/L3KZC7/", "attachments": []}, {"guid": "be8bc752-4ada-5e97-99aa-9bcfd5743ab1", "code": "SYLV3X", "id": 57016, "logo": null, "date": "2024-12-14T13:20:00+00:00", "start": "13:20", "duration": "00:15", "room": "Rookie track 1", "slug": "bsides-london-2024-57016-storytelling-for-soc-analysts-effective-investigation-notetaking-and-report-writing-without-chatgpt", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/SYLV3X/", "title": "Storytelling for SOC Analysts: Effective Investigation Notetaking and Report Writing (without ChatGPT!)", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "Everybody loves a good story and within our industry we encounter some fascinating stories! However, the ability to convey often complex and technical details to a varied and multi-disciplinary audience can be an overlooked - but incredibly valuable - skill for cybersecurity professionals, especially in technical roles. Storytelling can be a critical part of effective cybersecurity incident and threat intelligence reporting; it provides necessary context to the threats we face, as well as the mitigations, remediation steps and other actions we need to take to protect our data, environments, and organisations.\u00a0This presentation outlines key tips and tricks for leveraging technical writing skills to produce effective, impactful and actionable investigation notes and reports. By mastering the power of storytelling and effective technical writing, security professionals have the opportunity to make the threats we face and incidents we encounter more relatable to non-technical readers, therefore improving the accessibility, understanding and impact of our work.", "description": "Want to be able to write high quality reports without AI chatbots?\r\n\r\nThis talk outlines top tips for leveraging technical writing skills to produce effective, impactful and actionable investigation notes and reports. The talk will also highlight quick wins to improve your technical writing skills, exploring key areas including:\r\n\r\n- Knowing your audience\r\n- Adopting an Incidents/Threats for Dummies approach\r\n- Why Context is your friend, and\r\n- Why AI most certainly is not!", "recording_license": "", "do_not_record": false, "persons": [{"code": "CJSNEK", "name": "Han O\u2019Connor", "avatar": null, "biography": "I am a SOC Analyst with a keen interest in threat intelligence and DFIR - love a good threat hunt too. Prior to this, I was a data manager in the NHS and completed both my undergraduate and postgraduate degrees in English and Languages.", "public_name": "Han O\u2019Connor", "guid": "52a9af45-646b-52a0-aa0a-8fd366bb7cac", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/CJSNEK/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/SYLV3X/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/SYLV3X/", "attachments": []}, {"guid": "03330f2b-b8fa-544f-816c-bbc0521179fc", "code": "7SJJBW", "id": 56942, "logo": null, "date": "2024-12-14T13:50:00+00:00", "start": "13:50", "duration": "00:15", "room": "Rookie track 1", "slug": "bsides-london-2024-56942-the-psychology-of-cyber-navigating-a-crisis-like-a-pilot", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/7SJJBW/", "title": "The Psychology of Cyber: Navigating a Crisis Like a Pilot", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "This talk examines how the crisis management principles of aviation \"Aviate, Navigate, Communicate\" can be effectively applied to cybersecurity. It highlights promoting a no-blame culture, empowering security culture across an organisation and preparing for unforeseen events, drawing on aviation\u2019s century of safety advancements.", "description": "Explore how aviation\u2019s crisis management strategies can inform cybersecurity practices. This session addresses the psychological impact of crises, the importance of open communication, and practical approaches to managing unpredictable situations with confidence and composure.", "recording_license": "", "do_not_record": false, "persons": [{"code": "QPRGXN", "name": "George Chapman", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/QPRGXN_AU7WHmG.webp", "biography": "Cyber Security Consultant specialising in Red Teaming", "public_name": "George Chapman", "guid": "1898ef19-08c1-556e-9bc8-ee02828fae29", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/QPRGXN/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/7SJJBW/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/7SJJBW/", "attachments": []}, {"guid": "13dd2545-19b2-53fa-b8b4-2a466136aed2", "code": "HV7REQ", "id": 54555, "logo": null, "date": "2024-12-14T14:15:00+00:00", "start": "14:15", "duration": "00:15", "room": "Rookie track 1", "slug": "bsides-london-2024-54555-brakrpi-crashing-bluetooth-communications-on-raspberry-pi-with-braktooth", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/HV7REQ/", "title": "BrakRPi: Crashing Bluetooth communications on Raspberry Pi with Braktooth", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "Do you use Raspberry Pi as a Home Assistant to manage remote devices via Bluetooth? Or your phone with wireless devices?\r\n\r\nThat's extremely convenient, but did you know that it can be easily compromised - and that some devices may still be unpatched?", "description": "In August 2021, a group of researchers from Singapore called ASSET disclosed the series of vulnerabilities in commercial Bluetooth stacks ranging from DDoS to Arbitrary Code Execution - which was called Braktooth. It affected major vendors such as Intel, Cypress, Qualcomm and Espressif. \r\n\r\nWhile researchers' main focus was to test laptops, smartphones and audio devices, one class of devices that went untested were Raspberry Pis. In this talk, I will describe how I was able to add small contribution to this research by proving that Raspberry Pi was also vulnerable to Braktooth due to the usage of Cypress System-on-Chip (SoC).\r\n\r\nThis presentation is beginner-friendly and no prior knowledge is required. It will cover the brief explanation of Braktooth series and more detailed explanation of documented process of crashing Bluetooth communications between Raspberry Pi and a remote speaker, why fixing this won't be enough with a simple code patch, and suggestions to mitigate the risks.", "recording_license": "", "do_not_record": false, "persons": [{"code": "N9FCGZ", "name": "Ilias", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/N9FCGZ_Br5Nzqd.webp", "biography": "Embedded software engineer who transitioned from backend engineering; interested in wireless protocols and hardware & firmware security", "public_name": "Ilias", "guid": "dfafefca-e8b4-57b6-9241-2b0aa089d4b3", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/N9FCGZ/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/HV7REQ/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/HV7REQ/", "attachments": []}, {"guid": "af26dc7d-d1de-592f-a689-4d28687446a7", "code": "RFGTEW", "id": 56739, "logo": null, "date": "2024-12-14T14:45:00+00:00", "start": "14:45", "duration": "00:15", "room": "Rookie track 1", "slug": "bsides-london-2024-56739-unmasking-the-deepfake-threat-detection-prevention-and-navigating-the-future", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/RFGTEW/", "title": "Unmasking the Deepfake Threat: Detection, Prevention, and Navigating the Future", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "Deepfakes have become an increasing source of concern as AI advances. These extremely lifelike, digitally made videos can be used to propagate falsehoods, harm reputations, and even commit financial crimes. This talk would go into the complexities of deepfake technology, discussing how it is made and the potential repercussions. We will talk about effective detection techniques, preventive measures, and the role of legislation in tackling this increasing problem. \r\nUnderstanding the issues offered by deepfakes allows us to better navigate the digital realm and protect ourselves from their negative consequences.", "description": "This talk will provide a comprehensive overview of deepfakes, exploring how they are been created, to the detection, and prevention of it. Participants will gain a deeper understanding of the risks posed by deepfakes, learn about effective countermeasures, and discover the latest advancements in deepfake detection technology. \r\nParticipants will leave this workshop with the information and skills needed to navigate the ever-changing environment of deepfake threats and defend themselves and their organisations.", "recording_license": "", "do_not_record": false, "persons": [{"code": "X3F8QH", "name": "Onyedikachi Ugwu", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/X3F8QH_uWX3q4n.webp", "biography": "Onyedikachi Ugwu is a seasoned cybersecurity professional and passionate writer dedicated to empowering individuals with the knowledge to navigate the digital world safely. By day, I serve as a Threat Detection and Response Analyst at NormCyber, where I leverage my expertise to combat online threats. In my spare time, I share my insights on various cybersecurity topics.\r\nAlso as a Social Engineering SME, I am well-versed in the tactics used by scammers to manipulate their victims. My goal is to equip readers with the tools to identify and avoid these deceptive schemes, helping them find genuine connections online.", "public_name": "Onyedikachi Ugwu", "guid": "ceb7a10a-c7c9-54b7-a678-54a48acdb85f", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/X3F8QH/"}], "links": [{"title": "What Are Deepfakes and How Are They Created?", "url": "https://spectrum.ieee.org/what-is-deepfake", "type": "related"}, {"title": "What are deepfakes? How fake AI-powered audio and video warps our perception of reality", "url": "https://www.businessinsider.com/guides/tech/what-is-deepfake", "type": "related"}, {"title": "The Emergence of Deepfake Technology: A Review", "url": "https://www.researchgate.net/publication/337644519_The_Emergence_of_Deepfake_Technology_A_Review", "type": "related"}, {"title": "Lawmakers concerned about deepfake AI's election impact", "url": "https://www.techtarget.com/searchEnterpriseAI/news/366581274/Lawmakers-concerned-about-deepfake-AIs-election-impact", "type": "related"}], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/RFGTEW/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/RFGTEW/", "attachments": []}, {"guid": "16e9d0c4-5f6d-5ea9-b50b-13c68e6181b7", "code": "URK98E", "id": 56437, "logo": null, "date": "2024-12-14T15:05:00+00:00", "start": "15:05", "duration": "00:15", "room": "Rookie track 1", "slug": "bsides-london-2024-56437-threat-analysis-in-minutes-and-other-ai-super-powers", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/URK98E/", "title": "Threat analysis in minutes and other AI super powers", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "AI models trained specifically for security are here, why should devs have all the fun? Pair hacking with tools like WhiteRabbitNeo speeds up your process and reduces tedium inherent in most security roles. WhiteRabbitNeo is an uncensored, open-source LLM that has been trained on red team data. Learn how WhiteRabbitNeo can help you harden your source code and improve configuration security while reducing hours of DevSecOps tedium to minutes. WhiteRabbitNeo will research vulnerabilities, propose exploits, and help package malware payloads while you focus on the creative side of cybersecurity: crafting the perfect delivery method for the exploit.", "description": "Using AI models often means sharing information with AI companies and running into guardrails that keep you from accomplishing cybersecurity tasks. I contribute to WhiteRabbitNeo to help build a community-driven, open source alternative.  During this talk I will teach attendees from the beginner cybersecurity enthusiast to the senior cyber analyst how to use AI how to learn new concepts, create custom hacking tools in any language, analyze code, and complete threat analysis tasks in seconds rather than hours.", "recording_license": "", "do_not_record": false, "persons": [{"code": "999K38", "name": "Bailey Williams", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/999K38_gv8rf7s.webp", "biography": "Bailey is a cybersecurity and political science student and contributor to the WhiteRabbitNeo open-source project. She is passionate about cybersecurity education and is excited about the growing integration of AI into cybersecurity.", "public_name": "Bailey Williams", "guid": "0c48b031-f9d6-519c-861f-5edf22dbabc4", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/999K38/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/URK98E/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/URK98E/", "attachments": []}, {"guid": "41154342-2140-5775-a3e2-12a8259913fe", "code": "EWZVMW", "id": 57014, "logo": null, "date": "2024-12-14T15:40:00+00:00", "start": "15:40", "duration": "00:15", "room": "Rookie track 1", "slug": "bsides-london-2024-57014-vexatious-vulnerabilities-cve-management-for-the-overwhelmed-security-engineer", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/EWZVMW/", "title": "VEXatious vulnerabilities: CVE management for the overwhelmed security engineer", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "For application security engineers, managing CVEs has become an overwhelming task due to the rising number of CVEs, inaccurate vulnerability scanners, and user demands for zero CVEs in dependencies. My talk aims to demonstrate how VEX documents can eliminate the time-consuming spreadsheet back-and-forths by programmatically expressing vulnerability applicability information. By showcasing a workflow and tools introduced for Cilium, I will illustrate how VEX documents enable automatic exclusion of non-applicable CVEs from scanners, distribute triage workload to knowledgeable teams, and generate documentation on vulnerability applicability. Real examples from Isovalent's use of VEX documents in our security workflow will support these points. I hope attendees will leave convinced of the benefits of generating and using VEX documentation to focus more on addressing real vulnerabilities.", "description": "For application security engineers, CVE management has become a huge burden in recent years. Caught between the accelerating number of CVEs granted each year, vulnerability scanners that are unable to accurately identify applicability, and users who demand zero CVEs in dependencies, security engineers become spreadsheet engineers, devoting large amounts of time to explaining why the latest set of CVEs identified by a vulnerability scanner do not matter.\r\n\r\nThe aim of my talk is to highlight the potential of VEX documents to render these spreadsheet back-and-forths obsolete. At their core, VEX documents allow for the expression of vulnerability applicability information in a programmatic manner. By highlighting a workflow and related tooling that I have introduced for Cilium (the CNCF-graduated CNI for Kubernetes), I will show how using VEX documents gives security engineers:\r\n- The ability to automatically exclude triaged results from vulnerability scanners (including popular scanners such as Grype and Trivy), reducing customer friction and allowing customer security teams to \u2018self-service\u2019 vulnerability applicability.\r\n- The ability to spread the load of CVE triage onto the teams that know the most about the products that may be affected.\r\n- The ability to automatically generate documentation regarding vulnerability applicability.\r\n\r\nAll of these points will be accompanied by real examples of how Isovalent, the company I work for and the creators of Cilium, use VEX documents in our daily security workflow.\r\n\r\nBy the end of my talk, I hope that attendees will leave convinced that they should be generating and consuming VEX documentation too, in order to minimise the amount of time we spend in spreadsheets, and maximise the amount of time that we spend hunting and fixing real vulnerabilities.", "recording_license": "", "do_not_record": false, "persons": [{"code": "VDFPWF", "name": "Feroz Salam", "avatar": null, "biography": "Feroz Salam is a Security Architect at Isovalent, a Cisco company.", "public_name": "Feroz Salam", "guid": "9b8d6601-854b-530a-b112-2b9cce558b18", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/VDFPWF/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/EWZVMW/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/EWZVMW/", "attachments": []}, {"guid": "e632962a-a2f4-554e-8abc-c667c5ab438d", "code": "EMHSZC", "id": 56324, "logo": null, "date": "2024-12-14T16:00:00+00:00", "start": "16:00", "duration": "00:15", "room": "Rookie track 1", "slug": "bsides-london-2024-56324-securing-embedded-devices-in-robotics-and-iot-bridging-the-gap-between-innovation-and-security", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/EMHSZC/", "title": "Securing Embedded Devices in Robotics and IoT: Bridging the Gap Between Innovation and Security", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "With the growth of robotics and IoT, embedded devices are vital but often vulnerable. This talk explores security challenges in embedded systems, highlights real-world attacks, and provides practical defense strategies. Engineers and cybersecurity professionals will gain insights into protecting devices in robotics and IoT from design to deployment.", "description": "Embedded devices are the backbone of modern robotics and IoT, but their widespread use has introduced unique security risks. This session delves into hardware, firmware, and communication vulnerabilities that leave embedded systems open to cyberattacks. Attendees will explore real-world attack scenarios and learn effective defense strategies to secure embedded devices from design to deployment. Additionally, we\u2019ll discuss future trends like AI-driven anomaly detection and hardware root-of-trust, offering a forward-looking view of embedded device security. This talk is designed for engineers, developers, and security professionals looking to strengthen the security of robotics and IoT infrastructures.", "recording_license": "", "do_not_record": false, "persons": [{"code": "DQ8BLP", "name": "Victor Oriakhi Nosakhare", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/DQ8BLP_TZs2XtJ.webp", "biography": "Victor Oriakhi holds a Bachelor's degree in Electrical and Electronic Engineering and a Master\u2019s degree in Robotics and Automation, graduating with distinction. With practical experience spanning the power sector, SCADA systems, and IoT integration, Victor is currently an Electrical Instrumentation and Design Engineer. His work focuses on advancing automation and control systems in industrial environments.\r\n\r\nIn addition to his professional work, Victor is a dedicated mentor, actively involved with the University of East London and other platforms such as STEM Learning and Brightside. His passion for education and STEM advocacy extends further as the Project Manager of BeScience STEM, a non-profit organization committed to promoting science, technology, engineering, and mathematics in underserved communities.\r\n\r\nA member of the Institution of Engineering and Technology (IET), Victor is working towards achieving Chartered Engineer status. He is also a researcher, continuously contributing to advancements in the fields of embedded systems, IoT, and robotics.", "public_name": "Victor Oriakhi Nosakhare", "guid": "40c2d921-d70a-534a-a193-84e508cbb531", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/DQ8BLP/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/EMHSZC/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/EMHSZC/", "attachments": []}, {"guid": "bffbc00a-d39c-5522-b7bf-49d9851919f4", "code": "QADXSB", "id": 56402, "logo": null, "date": "2024-12-14T16:35:00+00:00", "start": "16:35", "duration": "00:15", "room": "Rookie track 1", "slug": "bsides-london-2024-56402-owasp-honeypot-threat-intelligence-project", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/QADXSB/", "title": "OWASP Honeypot threat intelligence project", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "Due to the technological advancements in the world, using web applications to securely access shared data has become a popular choice. However, the downside to that is personal sensitive data is exposed. Around 74 % of personal data all over the internet is vulnerable to known web application attacks. Moreover, 90% of global cyberattacks happen through web applications. Keeping up with the attack vectors has become a challenge because of the ever-changing security landscape. This increase in attack surge for web applications needs a proactive and extensive solution. Cyber defenders are constantly facing new challenges in the identification of threats as cyberattacks are becoming more sophisticated hence there is a need to monitor, analyse, and mitigate these threats with priority. To address this gap, research is needed to enhance the security of web applications using honeypots, threat intelligence, and automation. This research aims to provide web developers with a solid foundation to protect against the growing range of cyber risks.", "description": "This project involves enhancing the security posture of the web applications by deploying ModSecurity based honeypots over Amazon EC2 instances to lure the attacker to use various tools and attack techniques to compromise the application and logging the attack vectors for threat analysis. These Amazon EC2 instances are spread across different regions of the world to cover the global landscape. The output of these honeypots is logged in a S3 bucket in JSON format which can be used as a threat intelligence dataset for finding web traffic anomalies. Furthermore, we can use a JSON visualisation tool such as JSON crack for pattern matching and detect the anomaly in the dataset which could be useful for patching the application as well as creating a baseline for the web developers for future development.", "recording_license": "", "do_not_record": false, "persons": [{"code": "JCFUHC", "name": "Kartik Adak", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/JCFUHC_4fUqPTK.webp", "biography": "I am a security professional currently pursuing a Master\u2019s in Cyber Security Management at the University of Warwick, specialising in digital forensics, threat hunting, pentesting and security monitoring.\r\n\r\nI have been recognised in the Bug Bounty Hall of Fame by numerous organisations and acknowledged by India\u2019s National Critical Information Infrastructure Protection Centre for responsible vulnerability disclosures. I hold a Bachelor of Engineering in Information Technology and several certifications, including Certified Red Team Operator.\r\n\r\nI am actively engaged in projects like deploying honeypots for threat intelligence and building a digital forensics lab, which reflects my commitment to advancing cybersecurity practices.", "public_name": "Kartik Adak", "guid": "ea15b5c5-6d77-5524-9939-98354b8e51e7", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/JCFUHC/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/QADXSB/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/QADXSB/", "attachments": []}], "Rookie track 2": [{"guid": "d00c154e-6385-52d2-b92b-a034e73c3ffc", "code": "QEEQCS", "id": 56797, "logo": null, "date": "2024-12-14T10:00:00+00:00", "start": "10:00", "duration": "00:15", "room": "Rookie track 2", "slug": "bsides-london-2024-56797-an-introduction-to-patient-medication-records", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/QEEQCS/", "title": "An introduction to Patient Medication Records", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "Ever wondered what the structure of a vendors Patient Medication Record software looks like? A lighthearted look at fun and games had over a 20 year period 'testing' the system....", "description": "This talk will highlight issues with current Patient Medication Record software, some solutions and what I found whilst working as a retail Pharmacist.\r\n\r\nThe aim is to reveal the results in a lighthearted way, there'll be thrills and spills on the journey and some results may astound. But remember all your records are still safe with me!!", "recording_license": "", "do_not_record": false, "persons": [{"code": "GJJRXX", "name": "Darren", "avatar": null, "biography": "Pharmacist - 26 years\r\nNerd - 39 years", "public_name": "Darren", "guid": "3a8de819-8639-5609-807e-49caad33a74b", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/GJJRXX/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/QEEQCS/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/QEEQCS/", "attachments": []}, {"guid": "b9adfc9c-ded9-5183-8179-4a8d8217a236", "code": "FFZ3P3", "id": 57005, "logo": null, "date": "2024-12-14T10:25:00+00:00", "start": "10:25", "duration": "00:15", "room": "Rookie track 2", "slug": "bsides-london-2024-57005-can-you-see-a-risk-approach-to-siem", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/FFZ3P3/", "title": "Can you SEE!! A risk approach to SIEM", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "Do you actually know if you have been breached?  Do you know your critical assets, what you can't see?   Monitoring and logging is a simple construct, however most companies see it as a tick-box exercise.   This presentation looks into the following, eyes on the ground approach.\r\n- answers the why, how , what\r\n- looks in to basics around asset management, critical data, users, end points, networks, etc\r\n- key missed areas, like policy, people, and physical.\r\n- summaries an approach based on a risk based approach.\r\n\r\nthis will cover examples and be lighted hearted and funny at times.\r\n\r\n- questions\r\n- end", "description": "Do you actually know if you have been breached?  Do you know your critical assets, what you can't see?   Monitoring and logging is a simple construct, however most companies see it as a tick-box exercise.   This presentation looks into the following, eyes on the ground approach.\r\n- answers the why, how , what\r\n- looks in to basics around asset management, critical data, users, end points, networks, etc\r\n- key missed areas, like policy, people, and physical.\r\n- summaries an approach based on a risk based approach.\r\n\r\nthis will cover examples and be lighted hearted and funny at times.\r\n\r\n- questions\r\n- end", "recording_license": "", "do_not_record": false, "persons": [{"code": "D7GATF", "name": "Richard Kirk", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/D7GATF_ceMltAu.webp", "biography": "A results-driven information security professional with over 20 years of expertise and experience improving and evolving IT infrastructure and security processes. I drive businesses forward by applying robust security measures that defend companies, their brand, and their reputations. \r\n\r\nI deliver positive outcomes by collaborating with senior executives and key stakeholders to optimise innovation and productivity and by executing appropriate control measures to reduce risk and distribution while aligning strategic roadmaps and risk appetites to overall objectives. \r\n\r\nI\u2019m a critical thinker who confidently manages conflict, navigates ambiguity, and challenges norms.  I am currently on a Level 7 executive leadership course with Corndel University. I am about to be part of a fireside panel at a Microsoft event in London, discussing Co-Pilot and how it has helped our colleagues with neurodivergent conditions.  I am also part of our group disability and neurodiversity committees, helping improve access to tools, coaching and support for all.\r\n\r\nSeeking a senior position to continue to provide key performance measures, governance knowledge, and an independent mindset to identify business gaps and transform operations.", "public_name": "Richard Kirk", "guid": "f961476a-1cdd-5494-b2f6-9f3bda67bfaa", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/D7GATF/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/FFZ3P3/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/FFZ3P3/", "attachments": []}, {"guid": "09be7f49-0fc4-5bac-8ee0-03ca6caac243", "code": "BUZ9ST", "id": 56417, "logo": null, "date": "2024-12-14T10:55:00+00:00", "start": "10:55", "duration": "00:15", "room": "Rookie track 2", "slug": "bsides-london-2024-56417-is-ai-the-new-big-brother", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/BUZ9ST/", "title": "Is AI the new big brother?", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "This talk examines the expanding role of artificial intelligence (AI) in social engineering, focusing on how AI-driven tools are used to shape public opinion and influence group behaviour on a large scale.", "description": "This talk explores the potential of artificial intelligence (AI) to be using in social engineering. It also discusses the concept of mass social engineering, where individuals or groups are manipulated to behave or think in a predefined manner, and how AI can facilitate this process. The talk highlights the concern over AI's role in mass social engineering, including its impact on  war, political opinions, privacy, and social inequality.", "recording_license": "", "do_not_record": false, "persons": [{"code": "GFSHBH", "name": "Tom", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/GFSHBH_Ol0h6jY.webp", "biography": "Throughout University and beyond , I've always had a a keen interest in how artificial intelligence and cyber security mix. Currently I have a keen interest in expanding home labs and learning about malware analysis.", "public_name": "Tom", "guid": "bff0d82a-80ed-55cd-9edc-8370c6dde1dc", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/GFSHBH/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/BUZ9ST/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/BUZ9ST/", "attachments": []}, {"guid": "023a5e77-9854-54c0-b717-dd8de23631f0", "code": "MSPTC8", "id": 56965, "logo": null, "date": "2024-12-14T11:20:00+00:00", "start": "11:20", "duration": "00:15", "room": "Rookie track 2", "slug": "bsides-london-2024-56965-llm-security-attacks-and-controls", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/MSPTC8/", "title": "LLM Security: Attacks and Controls", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "The use of Generative Artificial Intelligence (AI), particularly Large Language Models (LLMs), is rapidly increasing across various sectors, bringing significant advancements in automating tasks, enhancing decision-making, and improving user interactions. However, this growing reliance on LLMs also introduces substantial security challenges, as these models are vulnerable to various cyber threats, including adversarial attacks, data breaches, and misinformation propagation. Ensuring the security of LLMs is essential to maintain the integrity of their outputs, protect sensitive information, and build trust in AI technologies.\r\n\r\nThis talk will examine the security vulnerabilities that are inherent in Large Language Models (LLMs), with a particular focus on injection techniques, client-side attacks such as Cross-Site Scripting (XSS) and HTML injection, and Denial of Service (DoS) attacks. Through the simulation of these attack vectors, the study assesses the responses of various pre-trained models like GPT-3.5 Turbo and GPT-4, revealing their susceptibility to different forms of manipulation.\r\n\r\nThe talk will also underscore the critical risk of these vulnerabilities, especially when exploited in a real-time corporate environment, where they can lead to significant disruptions, unauthorized access, data theft, and compromised system integrity.", "description": "The talk is structured to fulfil the following objectives:\r\n1. Evaluate approaches for identifying exploitation of security vulnerabilities in large language models (LLMs).\r\n2. Investigate the response of various pre-trained models to attacks on LLMs.\r\n3. Develop and assess security controls to mitigate cyber risks associated with LLM attacks.\r\n\r\nThe 15-minute talk will focus on Large Language Models (LLMs) will extensively explore the vulnerabilities, particularly in the context of adversarial attacks, types of prompt injection attacks on LLMs, Insecure output handling, Client side Injection attacks and denial-of-service (DoS) attacks. However, there remains a research gap in the systematic simulation and comparative analysis of these attacks across different LLM architectures and configurations. Current studies predominantly focus on individual attack vectors or specific LLMs, lacking a holistic approach that examines the interplay between multiple attack types and their cumulative impact on LLM performance and security.\r\n\r\nMost weaknesses in AI models stem from injection techniques, which can be particularly harmful when the model or the API used to access the model makes incorrect calls to the database, inadvertently retrieving sensitive content that does not align with established guidelines. These vulnerabilities underscore the critical need to thoroughly understand how AI models interact with third parties and the potential risks associated with these interactions.", "recording_license": "", "do_not_record": false, "persons": [{"code": "R9VJJZ", "name": "Nazeef Khan", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/R9VJJZ_wkuhwCJ.webp", "biography": "With a Master's from the University of Warwick, Nazeef stays at the forefront of offensive security techniques. He holds multiple industry-recognized certifications, including the Certified Red Team Operator (CRTO), HTB Certified Penetration Testing Specialist (CPTS), and Practical Network Penetration Tester (PNPT).\r\n\r\nA dedicated learner, Nazeef actively contributes to the cybersecurity community by sharing his knowledge through public talks and technical discussions/blogs, inspiring others to explore the field. His expertise spans across various domains, including Red team Operations, and AI security.", "public_name": "Nazeef Khan", "guid": "265c6034-1dd6-5921-a56f-16dc9fd7a375", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/R9VJJZ/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/MSPTC8/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/MSPTC8/", "attachments": []}, {"guid": "8a9d3b03-0044-560c-93d1-4f6d1631d79d", "code": "RA9DK8", "id": 56948, "logo": null, "date": "2024-12-14T11:50:00+00:00", "start": "11:50", "duration": "00:15", "room": "Rookie track 2", "slug": "bsides-london-2024-56948-from-molecules-to-malware-visualising-tls-fingerprints-with-tmap-to-hunt-malicious-domains", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/RA9DK8/", "title": "From Molecules to Malware: Visualising TLS Fingerprints with TMAP to Hunt Malicious Domains.", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "Malicious domains are part of the landscape of the internet but are becoming more prevalent and more dangerous to both companies and individuals. Tracking, blocking and detecting such domains is complex, and very often involves complex allow or deny list management or SIEM integration with open-source TLS fingerprinting techniques. Many fingerprint techniques such as JARM and JA3 are used by threat hunters to determine domain classification, but with the increase in TLS similarity, particularly in CDNs, they are becoming less useful. This presentation demonstrates how we can adapt and evolve open-source TLS fingerprinting techniques with increased features to enhance granularity, and to produce a similarity mapping system that enables the tracking and detection of previously unknown malicious domains. This is done by enriching TLS fingerprints with HTTP header data and producing a fine grain similarity visualisation that represented high dimensional data using MinHash and local sensitivity hashing. Influence was taken from the Chemistry domain, where the problem of high dimensional similarity in chemical fingerprints is often encountered.", "description": "The presentation focuses on a more resilient approach to TLS fingerprinting - particularly one that handles the encrypted client hello and the granularity loss encountered when fingerprinting CDNs. The method of visualising similarities is used effectively in the chemical arena and can be used as a method for early detection of malicious domains and websites.", "recording_license": "", "do_not_record": false, "persons": [{"code": "MKNAVX", "name": "Amanda Thomson", "avatar": null, "biography": "A recent graduate from a cyber security masters degree I have an interest in threat hunting, cryptography and future web technologies.", "public_name": "Amanda Thomson", "guid": "9300f825-dddf-5828-a6b8-483d75cee757", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/MKNAVX/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/RA9DK8/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/RA9DK8/", "attachments": []}, {"guid": "c49b581e-a733-552c-86d3-4fa82ae1d5d1", "code": "MEBCGT", "id": 57024, "logo": null, "date": "2024-12-14T12:10:00+00:00", "start": "12:10", "duration": "00:15", "room": "Rookie track 2", "slug": "bsides-london-2024-57024-a-minimal-talk-on-distroless-containers", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/MEBCGT/", "title": "A Minimal Talk on Distroless Containers", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "Distroless containers only contain your application and its dependencies. In theory, they\u2019re a great security best-practice.", "description": "But in practice, it\u2019s really hard to find examples of companies outside of the tech giants that have successfully adopted distroless containers.\r\n\r\nMinimal, hardened containers have huge benefits for security teams: reduced attack surface, cleaner vulnerability scans, improved isolation, and simpler supply chains. But how can a security engineer achieve them without the resources of a tech giant?\r\n\r\nAt Sourcegraph, we faced a lot of pain with vulnerability management in containers, prompting our switch to distroless. In this talk I\u2019ll cover:\r\n\r\n- Distroless containers from scratch\r\n- The tooling that\u2019s available\r\n- Real-world experience from migrating a complex SaaS application to distroless - what went well, and what was unexpectedly hard", "recording_license": "", "do_not_record": false, "persons": [{"code": "YETCWB", "name": "Will Dollman", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/YETCWB_YFdevG1.webp", "biography": "Security Engineer", "public_name": "Will Dollman", "guid": "85d4fe16-c3ec-5179-849f-0a0917bddb26", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/YETCWB/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/MEBCGT/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/MEBCGT/", "attachments": []}, {"guid": "96105a6c-dbc8-5a31-94c1-2a81f346ae83", "code": "P8MKRR", "id": 55109, "logo": null, "date": "2024-12-14T12:35:00+00:00", "start": "12:35", "duration": "00:15", "room": "Rookie track 2", "slug": "bsides-london-2024-55109-quantum-safe-cryptography-a-buzzword-or-something-more-serious", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/P8MKRR/", "title": "Quantum Safe Cryptography - A Buzzword or Something More Serious?", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "Quantum Computing and Quantum Safe Cryptography seem to be buzzing up hype on all platforms. While no one is seemingly refuting the potential for Quantum Computers, the general sentiment seems to be that Quantum Computers won't be available for some time. \r\n\r\nIf we stop thinking about Quantum Computers for a minute and just focus on Cryptography it self and how deeply it is embedded into our every day lives, perhaps the problem will become more evident.", "description": "The industry is abuzz with the words Quantum Computers and Quantum Safe Cryptography being plastered everywhere. What actually is going on here? Are Quantum Computers really going to cause havoc? \r\n\r\nWill Quantum Computers be a real threat some day? Algorithms that make use of Quantum Physics have already been developed that will have real world repercussions on cryptography we use today. \r\n\r\nNIST (the National Institute of Standards and Technology), a well known body within cyber security has just released a set of standardised Quantum Safe Cryptographic algorithms. Something that has taken them years of study (8 years infact) to ensure that the algorithms cannot be easily broken or private data and keys decrypted easily.\r\n\r\nWell, what does that mean in general, and what does it mean for you? The word Quantum might be used to generate the hype, but the real underlying issue is the integration of cryptography just about everywhere. Cryptography is embedded in our devices, in our routers and networking, in servers, in hardware, in containers, in firewalls, in file-transfer software, and anywhere else you can think of. Digital Certificates help lay the foundations of secure communications everywhere. \r\n\r\nCryptography is a fundamental control used to protect confidentiality and integrity. The real issue lies in the effective migration of cryptography, and in a timescale that ensures protection against an ever-looming threat.", "recording_license": "", "do_not_record": false, "persons": [{"code": "LDSXVK", "name": "Suketu", "avatar": null, "biography": null, "public_name": "Suketu", "guid": "e7adbcd7-861e-5b77-af0e-c4b529edd86e", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/LDSXVK/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/P8MKRR/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/P8MKRR/", "attachments": []}, {"guid": "b157f4b0-fa65-59ef-99cb-60bf69372c3d", "code": "MZFXGP", "id": 56397, "logo": null, "date": "2024-12-14T13:00:00+00:00", "start": "13:00", "duration": "00:15", "room": "Rookie track 2", "slug": "bsides-london-2024-56397-disabling-drones-disruption-and-forensic-data-analysis", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/MZFXGP/", "title": "Disabling Drones: Disruption and Forensic Data Analysis", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "In this session, I will present my research on disrupting drone operations by targeting their command-and-control (C2) channels and analyzing the forensic evidence left behind. My work explores various disruption techniques, such as Wi-Fi de-authentication, man-in-the-middle (MITM) attacks, video stealing, and drone disabling using tools like Flipper Zero, ESP32 microcontrollers, and Linux command-line utilities. I will also delve into the forensic analysis conducted post-attack to identify digital footprints and network anomalies left by these disruptions. If live demonstrations are not feasible at the conference, I have recorded videos of all the attacks on the drone to showcase them, and some of the attacks can be performed without flying the drone. Alternatively, I can use simulations to demonstrate the techniques. This research provides a framework for detecting and documenting evidence of drone attacks, significantly contributing to the field of drone forensics and cyber-physical security.", "description": "Drones have become a crucial part of modern technology, playing vital roles in both civilian and military operations. However, their increasing use also exposes them to various cyber threats, particularly those targeting their command-and-control (C2) channels. In my talk, I will demonstrate practical methodologies developed to disrupt drone systems, using tools such as Flipper Zero, ESP32 microcontrollers, and Aircrack-ng to simulate real-world attacks. I will detail various attack scenarios, including a video stealing attack that intercepts and records drone video feeds, and a drone disabling attack that remotely powers off the drone, rendering it inoperable. Post-attack, I conducted comprehensive forensic analyses to capture network traffic and digital footprints, revealing critical evidence of the disruptions. This talk aims to raise awareness of drone vulnerabilities, present forensic strategies for evidence gathering, and foster the development of effective countermeasures against these threats.", "recording_license": "", "do_not_record": false, "persons": [{"code": "AQHSBE", "name": "Paavai Aram", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/AQHSBE_FZQvgYd.webp", "biography": "Hello, this is Paavai Aram. I am currently pursuing MSc in Cybersecurity Engineering at the University of Warwick. My inception into Cybersecurity began with my inspiration of Richard Stallman and free open source software tools. I even built a Linux-themed website (https://killswitchp.github.io/) from scratch where I write cybersecurity and personal blogs. Apart from this, I like Active Directory penetration testing and Threat Hunting. Soon I will be doing some advanced red team certifications as well :)", "public_name": "Paavai Aram", "guid": "214f1f49-48b0-5bc3-9fe2-7adda232aa31", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/AQHSBE/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/MZFXGP/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/MZFXGP/", "attachments": []}, {"guid": "f8e03f78-c8e8-5d88-bfc4-98520f69884d", "code": "FEY9FR", "id": 56716, "logo": null, "date": "2024-12-14T13:50:00+00:00", "start": "13:50", "duration": "00:15", "room": "Rookie track 2", "slug": "bsides-london-2024-56716-do-loop-back-in-anger", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/FEY9FR/", "title": "Do loop back in anger", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "The tale of stumbling across the registry key which reverts MS08-068, permitting SMB reflection attacks.", "description": "In this session, I'll walk through the lesser-known MS08-068 vulnerability and explore the potential for SMB reflection attacks in 2024, uncovering a root cause hidden in plain sight within Microsoft's documentation. The talk will include a demonstration of the attack, and you'll receive a script to set up your own lab environment for hands-on practice at home!", "recording_license": "", "do_not_record": false, "persons": [{"code": "NPVFDL", "name": "Shane Bourne", "avatar": null, "biography": "Shane has been a penetration tester for just over ten years, working in a wide range of environments. In recent years, he has worked for an internal security team, building deeper knowledge of Active Directory and Windows Internals.", "public_name": "Shane Bourne", "guid": "a3c3b085-c6f2-5bd0-91bf-648ef07723c7", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/NPVFDL/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/FEY9FR/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/FEY9FR/", "attachments": []}, {"guid": "d039de81-71d4-52fb-877b-8ea968b691ba", "code": "9FVVGB", "id": 56920, "logo": null, "date": "2024-12-14T14:45:00+00:00", "start": "14:45", "duration": "00:15", "room": "Rookie track 2", "slug": "bsides-london-2024-56920-the-trustworthiness-of-generative-ai-in-real-time-decision-making-for-iot-devices", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/9FVVGB/", "title": "The Trustworthiness of Generative AI in Real-Time Decision-Making for IoT Devices", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "As IoT devices increasingly rely on real-time decision-making, generative AI offers immense potential to enhance these processes by predicting complex data patterns. However, this raises important questions about trust: Can AI be relied upon to make autonomous decisions, and how can we ensure its transparency and ethical integrity? This talk will explore the trustworthiness of generative AI in real-time IoT, covering technical challenges, best practices for ensuring accuracy and reliability, and the role of explainable AI (XAI). We will also address ethical and privacy concerns, providing insights on balancing innovation with responsible AI development.", "description": "As IoT devices become increasingly autonomous, the need for reliable, real-time decision-making is more critical than ever. Generative AI has the potential to transform these systems by analyzing complex data and enabling smart devices to predict outcomes and respond efficiently. However, with greater AI autonomy comes the pressing question of trust. Can we trust AI to make decisions accurately and responsibly in real-time? This talk will address the technical challenges in ensuring the reliability of AI-driven IoT devices and explore the role of explainable AI (XAI) in fostering transparency and user confidence.\r\n\r\nWe will also dive into the ethical and privacy concerns surrounding AI decision-making in IoT, particularly in sensitive or high-risk environments. Through practical examples and best practices, this session will offer insights on how to design AI-powered IoT systems that are not only innovative but also trustworthy, transparent, and ethically sound. Attendees will leave with a deeper understanding of the critical balance between leveraging generative AI for real-time decision-making and maintaining trust in these technologies.", "recording_license": "", "do_not_record": false, "persons": [{"code": "FWUUJ8", "name": "Meet Bhorania", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/FWUUJ8_6N9tNO7.webp", "biography": "Currently an Google Developer Group Academy Ambassador at Anglia Ruskin University, Cambridge , I am immersed in a role that aligns with my Bachelor of Technology studies in Computer Science at Anglia Ruskin University. My engagement with the Google Developer Group London sharpens my AI proficiency, reflected in my victory at a TTP plc hackathon where we created 'Co-Pilot', an educational AI tool.\r\n\r\nMy technical foundation is bolstered by certifications in AWS and Google Cloud, complementing my hands-on experience as an Undergraduate Research Assistant. These experiences underscore my commitment to leveraging AI and neural networks in educational contexts, aiming to elevate learning through innovation and technology.", "public_name": "Meet Bhorania", "guid": "98e55097-5585-5d9d-bb49-703026f921df", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/FWUUJ8/"}, {"code": "TNAZRM", "name": "Yash Akbari", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/TNAZRM_Z470hRB.webp", "biography": "Final-year BEng Computer Science student specializing in embedded systems. I have developed practical skills through projects involving IoT, systems engineering, and data processing. My experience includes working with generative AI, network management, and information security, as well as pitching innovative ideas like an educational AI system during hackathons. These projects have given me a solid foundation in addressing real-world technological challenges, and I am actively working on embedded systems, further refining my ability to tackle complex issues in the field.", "public_name": "Yash Akbari", "guid": "23ac05d6-c9bc-58e4-a797-e80dee41f8ec", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/TNAZRM/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/9FVVGB/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/9FVVGB/", "attachments": []}, {"guid": "b8545e3c-3f64-59a4-93d1-8cedfe4757fb", "code": "HYJP7A", "id": 56982, "logo": null, "date": "2024-12-14T15:05:00+00:00", "start": "15:05", "duration": "00:15", "room": "Rookie track 2", "slug": "bsides-london-2024-56982-memoryless-peripherals-and-secure-notebooks", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/HYJP7A/", "title": "Memoryless Peripherals and Secure Notebooks", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "As a paranoid tech-head, I find cache extremely suspicious. Specifically, cache on modern CPUs. \r\n\r\nIn this talk, I will explain why!\r\n\r\nIn this process, we can explore the idea that we need more systems that are as memoryless as possible, and where there is memory, the data is always well encrypted.\r\n\r\nI have been, in my own time now for a few months, working with digital logic design to realise some hardware proof of concepts while building in this philosophy.", "description": "I am not completely insane (yet) - I do leverage a modern smart phones (and their CPU's) like everyone else does to do things like sending dog pictures to the old man.\r\n\r\nI have to admit, I am someone new to the security space. As such, the first I heard about side-channel vulnerabilities on CPU cache such Meltdown and Spectre was this year. From what I understand (but please do correct me if I am wrong!) - these are only the first iterations in a new genus of exploit.\r\n\r\nSo we can explore a potential approach to designing improved technology for this specific problem set, building at the electronic engineering level all the way to userland.\r\n\r\nI will also discuss the benefits, challenges, and drawbacks I've encountered, as well as the key insights gained from the exploration thus far.\r\n\r\nConnect: https://uk.linkedin.com/in/kaiharris606", "recording_license": "", "do_not_record": false, "persons": [{"code": "LJGHW7", "name": "Kai Harris", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/LJGHW7_smn9UA5.webp", "biography": "I am a narrow-boat-dwelling tech-enthusiast with professional experience in both the software and hardware world", "public_name": "Kai Harris", "guid": "c26f9dfd-c614-5f46-8796-73577bac944a", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/LJGHW7/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/HYJP7A/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/HYJP7A/", "attachments": []}, {"guid": "447fa60c-1bf4-5e22-afef-56dc87a7f8ca", "code": "LH9ZKL", "id": 56400, "logo": null, "date": "2024-12-14T15:40:00+00:00", "start": "15:40", "duration": "00:15", "room": "Rookie track 2", "slug": "bsides-london-2024-56400-turning-to-the-dark-side-utilizing-offensive-techniques-in-incident-response", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/LH9ZKL/", "title": "Turning to the dark side \u2013 Utilizing offensive techniques in incident response", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "As incident responders in the insurance space, we often respond to incidents where critical evidence is no longer available for analysis. This presentation will demonstrate how incident responders can use offensive security techniques to determine likely root causes and inform effective containment strategies.", "description": "As incident responders in the insurance space, we often respond to incidents where critical evidence is no longer available for analysis either due to hardware failure, complete encryption or eager recovery efforts. This leads to our incident responders taking a step back and using offensive techniques to determine what the most likely method of entry was.  This presentation will demonstrate a few of the techniques we have utilized including: \r\n\r\nOpen source intelligence: Identifying network information from open source intelligence. \r\n\r\nLeaked data: Identifying victim data such as leaked usernames and passwords from data leaks. \r\n\r\nActive Directory attacks: Identifying common weaknesses in Active Directory configuration and performing attacks against Active Directory accounts and services to identify weak links.", "recording_license": "", "do_not_record": false, "persons": [{"code": "JFDTTF", "name": "Archie Essien", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/JFDTTF_vJEj6ml.webp", "biography": "Cyber Incident Response Analyst Archie Essien is a dynamic and skilled cyber security specialist. In his role at Solis, he focuses on investigating email compromises and ransomware attacks. With more than five years\u2019 experience in the sector, Archie has a talent for understanding how cyber incidents occur and devising effective responses to mitigate their impact. \r\n\r\nArchie\u2019s enthusiasm for cyber security first took hold while he was studying for a degree in Computer Networks and happened to take a module on the topic. This new interest encouraged him to take a job in IT support with SS&C Technologies, where he gained valuable experience managing IT infrastructure and resolving technical issues. \r\n\r\nSince joining Solis\u2019 sister company CFC in 2021, Archie has focused on cyber incident response, earning respect for his thorough investigations and his ability to stay current with emerging cyber threats. His work primarily involves resolving complex cyber incidents and talking clients through what are often highly stressful situations, transforming initial anxiety into reassurance.\r\n\r\nArchie brings an infectious energy and enthusiasm to every project he works on. Motivated by a longstanding passion for helping others, he works closely with clients - and with colleagues in Solis and CFC - providing crucial insights that help shape strategy and decision-making.\r\n\r\nWith his outstanding technical acumen and keen eye for detail, Archie plays a key role helping Solis clients recover from cyber incidents and build resilience against future threats.", "public_name": "Archie Essien", "guid": "f92fbc31-f400-5a71-bf81-a41f1026a52d", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/JFDTTF/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/LH9ZKL/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/LH9ZKL/", "attachments": []}, {"guid": "5e03055b-7602-5425-b015-e41adabf6f12", "code": "83QAGY", "id": 56931, "logo": null, "date": "2024-12-14T16:00:00+00:00", "start": "16:00", "duration": "00:15", "room": "Rookie track 2", "slug": "bsides-london-2024-56931-mssp-mdr-mfa-so-why-isn-t-incident-response-solved", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/83QAGY/", "title": "MSSP, MDR, MFA - So Why isn't Incident Response Solved?", "subtitle": "", "track": "Rookies", "type": "Rookies track", "language": "en", "abstract": "We've been in the wrong place at the right time between us for between 30-40 years, in just about every sector imaginable. \r\n\r\nWe're seeing both mid-sized organisations and enterprises in the situation where they have all the consultancy recommendations - Managed Security Service Provider, Endpoint Detection And Response, Network Detection & Response, extended Detection & Response, Managed Detection & Response, but IR still isn't solved. \r\n\r\nThere's  frustration from both the MSSPs and Detection & Response providers, and from customers.\r\nThis talk explores:\r\nThe difference between Incident Management and Incident Response\r\nThe history of how people get into Security, and Incident Response\r\nEnterprise Architecture View of these\r\nThe changes that have introduced a wicked problem: \r\n  Non-Technical or Non-Security Incident Managers attempting Incident Response\r\n  Technical Incident Responders attempting IR without the business link of Incident management\r\nThe frustrations from MSSPs and Detection & Response Providers\r\nCustomer Frustrations\r\nPotential ways of solving this within the security community", "description": "We've seen many mid sized and enterprise organisations that have a Managed Security Service Provider,  Managed Detection & Response and Multifactor Authentication -  \"So why isn't IR solved?\" in the words of one CTO.\r\n\r\nThis talk picks up on frustrations and gaps from both the technical MSSP and MDR side, and from the customer side, and explains why \"Just pick a different SOC\" isn't necessarily a good answer.\r\n\r\nWe go into some of the enterprise architecture, organisational and human factors from the 90's to today  that have caused gaps on both sides, why this matters, and what we think security people can do about it.", "recording_license": "", "do_not_record": false, "persons": [{"code": "XD9NMB", "name": "Tim Haynes", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/XD9NMB_6wGdEjE.webp", "biography": "I've been in the wrong place at the right time for around 25 years, and on the way i've covered most areas in Security hands-on or leading across Banking, Insurance, Markets, Legal, Accounting, Technology, Emergency Services, Local Government, Government Nuclear, Charities, and Outsourcing.\r\n\r\nI'm currently loving life as Director - Cyber Services for BSS - the Security Services Company", "public_name": "Tim Haynes", "guid": "c064b1fd-14a9-5772-9229-53d7c4c342c3", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/XD9NMB/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/83QAGY/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/83QAGY/", "attachments": []}], "Workshop Room 1": [{"guid": "7ff8ae62-4484-53bf-97e4-090a3bbae29f", "code": "Y8ZSCJ", "id": 54502, "logo": null, "date": "2024-12-14T10:00:00+00:00", "start": "10:00", "duration": "02:00", "room": "Workshop Room 1", "slug": "bsides-london-2024-54502-bypassing-bitlocker-by-sniffing-the-spi-bus", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/Y8ZSCJ/", "title": "Bypassing BitLocker by Sniffing the SPI Bus", "subtitle": "", "track": "Workshops", "type": "Workshop - Short", "language": "en", "abstract": "In this workshop, participants will delve into the intricacies of bypassing BitLocker encryption in TPM Only mode. Through hands-on exercises, attendees will gain practical knowledge on monitoring SPI buses with digital logic analysers, extracting TPM data, and mounting and decrypting disks. This session is tailored for penetration testers performing stolen device assessments, red team professionals, security enthusiasts seeking to secure their devices, and forensic analysts involved in data recovery.", "description": "We are inviting you to a comprehensive workshop designed to provide an introduction into bypassing BitLocker encryption. This session will focus on Bypassing BitLocker in TPM Only Mode on laptop with an SPI bus.\r\n\r\nParticipants will explore and engage in the following:\r\n* Monitoring SPI Buses with Digital Logic Analysers: Learn how to use digital logic analysers to monitor and interpret SPI bus communications. \r\n* Extracting TPM Data: Gain hands-on experience in extracting data from buses for TPM chips.\r\n* Mounting and Decrypting Disks: Discover how to mount and decrypt disks protected by BitLocker. This practical exercise will illustrate the step-by-step process of bypassing encryption and gaining access to secured data.\r\n* Discussion of other bypass techniques\r\n\r\nWho Should Attend:\r\n\r\n* Penetration Testers: Enhance your toolkit for stolen device assessments and red team engagements by mastering techniques to bypass BitLocker encryption.\r\n* Security Enthusiasts: Understand the vulnerabilities of your own devices and learn how to better protect them against sophisticated attacks.\r\n* Forensic Analysts: Acquire essential skills for data recovery and forensic investigations involving BitLocker-protected devices.\r\n\r\nThis workshop is structured to provide both theoretical knowledge and practical experience, ensuring that participants leave with a basic understanding of BitLocker bypass techniques and the confidence to apply them in real-world scenarios.\r\n\r\nKnowledge Prerequisites:\r\n\r\n* Basic Windows familiarity\r\n* Basic Linux familiarity\r\n* Awareness of BitLocker\r\n\r\nAttendees will need to bring own laptop with Kali Linux and the dislocker package installed. All other materials will be provided.", "recording_license": "", "do_not_record": true, "persons": [{"code": "UWYRQC", "name": "Darren McDonald", "avatar": null, "biography": "Darren has been penetration testing for 16 years, spending the last 6 years running his own small penetration testing consultancy Cryptic Red. He's into red teaming, hardware hacking, and coding rust.", "public_name": "Darren McDonald", "guid": "80c6a3cc-58e0-5162-9bb6-4220cce44c30", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/UWYRQC/"}, {"code": "393P3K", "name": "Craig S. Blackie", "avatar": null, "biography": "Hacker of all things.", "public_name": "Craig S. Blackie", "guid": "e3756517-5ec0-51ee-b2aa-77ee5d942a5d", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/393P3K/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/Y8ZSCJ/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/Y8ZSCJ/", "attachments": []}, {"guid": "4b139a24-c5ce-5376-9689-31697ae0152c", "code": "M8GTGY", "id": 56218, "logo": null, "date": "2024-12-14T12:45:00+00:00", "start": "12:45", "duration": "04:00", "room": "Workshop Room 1", "slug": "bsides-london-2024-56218-container-security-and-hacking-with-docker-and-kubernetes", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/M8GTGY/", "title": "Container Security and Hacking with Docker and Kubernetes", "subtitle": "", "track": "Workshops", "type": "Workshop - Long", "language": "en", "abstract": "This hands-on workshop aims to give you an understanding of the security features and pitfalls of modern containerization tools like Docker and Kubernetes. We\u2019ll cover a range of topics to build up a picture of the security options available and show practical examples of attack and defence on containerized systems.\r\n\r\nThere will be hands-on labs covering common attacks on Docker, Docker containers and Kubernetes clusters.\r\n\r\nPrerequisites \u2013 Familiarity with basic Docker commands and Linux command line use will be helpful, but we\u2019ll provide step-by-step instructions for people who are less familiar with them.\r\n\r\nWorkshop requirements:\r\n- A laptop with a web browser that does not have strict filtering in place (e.g. no white-list only corporate proxies) and an SSH client.", "description": "This hands-on workshop aims to give you an understanding of the security features and pitfalls of modern containerization tools like Docker and Kubernetes. We\u2019ll cover a range of topics to build up a picture of the security options available and show practical examples of attack and defence on containerized systems.\r\n\r\nThere will be hands-on labs covering common attacks on Docker, Docker containers and Kubernetes clusters.\r\n\r\nPrerequisites \u2013 Familiarity with basic Docker commands and Linux command line use will be helpful, but we\u2019ll provide step-by-step instructions for people who are less familiar with them.\r\n\r\nWorkshop requirements:\r\n- A laptop with a web browser that does not have strict filtering in place (e.g. no white-list only corporate proxies) and an SSH client.", "recording_license": "", "do_not_record": false, "persons": [{"code": "QRKASG", "name": "Rory McCune", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/QRKASG_ohc24Sd.webp", "biography": "Rory is a senior advocate for Datadog who has extensive experience with Cyber security and Cloud native computing. In addition to his work as a security reviewer and architect on containerization technologies like Kubernetes and Docker he has presented at Kubecon EU and NA, as well as a number of other cloud native and security conferences. He is one of the main authors of the CIS benchmarks for Docker and Kubernetes, a published author on the topic of Cloud Native Security, member of Kubernetes SIG-Security and CNCF TAG-Security. When he's not working, Rory can generally be found out walking and enjoying the scenery of the Scottish highlands.", "public_name": "Rory McCune", "guid": "932130e0-eda6-5fff-8661-5e8540b58106", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/QRKASG/"}, {"code": "SSGHQV", "name": "Iain Smart", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/SSGHQV_rIbDCsK.webp", "biography": "Iain Smart is a Principal Consultant at AmberWolf, where he reviews cloud-native deployments and performs offensive security engagements. He enjoys playing with new technologies, and if he\u2019s not hacking a Kubernetes cluster or attacking a build pipeline he can probably be found writing new home automations to annoy his family.", "public_name": "Iain Smart", "guid": "bce00314-be8a-5276-986b-a02fd689e8b8", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/SSGHQV/"}, {"code": "NFD9TE", "name": "Marion McCune", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/NFD9TE_YhPP7Uf.webp", "biography": "I have been working in IT for thirty years, and IT security for fifteen.  My recent experience is as a pen tester, where I was a director of a small consultancy company.  I've lately become interested in containerization security and am starting to become involved in this field.  \r\nI live in the Scottish Highlands with my husband, three cats and occasional pine martens. My interests are history, art, DDO, cookery and the great outdoors - not necessarily in that order.", "public_name": "Marion McCune", "guid": "5fbcd343-ea17-500a-9658-d7b6a799dbb0", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/NFD9TE/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/M8GTGY/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/M8GTGY/", "attachments": []}], "Workshop Room 2": [{"guid": "586ed6fa-1fbd-5f59-aeb2-1d9709239090", "code": "P7KJ9A", "id": 57021, "logo": null, "date": "2024-12-14T10:15:00+00:00", "start": "10:15", "duration": "02:00", "room": "Workshop Room 2", "slug": "bsides-london-2024-57021-taking-the-garbage-out", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/P7KJ9A/", "title": "Taking the garbage out!", "subtitle": "", "track": "Workshops", "type": "Workshop - Short", "language": "en", "abstract": "Log collection is the foundation of Security Operations. It is critical to have the correct host/application and a collection mechanism for events to facilitate correlation into SIEM/SOAR/XDR. Ineffective security events not only waste platform resources but also increase false-positive detections within a SOC; which then impacts moral and how long it take to triage an alert. \r\n\r\nLed by SIEM engineering specialists who boast a combined +20yrs experience with clients across government and industry, learn and try some of the best practices and tips that help some of the UKs most critical SOCs run smoothly. \r\n\r\nIf you are playing with Security Onion, or building content and correlation rules, improve your effectiveness by only collecting the events you need\u2026this is for you, take the trash out!", "description": "The challenge to balance complete event coverage with efficient log onboarding is commonplace across Security Operations. Getting this balance wrong can lead to missing information in Events of Interest that would have provided context, even exclude some of the events being put in front of an analyst for triage. Conversely, excessive low value events can reduce the efficiency of the technology and overwhelm analysts.  \r\n\r\nGreater awareness and understanding of the process and best practices for log source onboarding, parsing and correlation will lead to better transparency between engineering and operations. This increased cohesion can reduce false-positives, and positively impact MTTD and MTTR. \r\n\r\nIn this workshop we will cover: \r\nIntroduction to Security Information and Event Management (SIEM) tools, on-prem/cloud \r\nCommon log sources and collection methods \r\nBest practices to identify \r\n- Use case definition \r\n- Log verbosity (inc scenario) \r\n- Log source documentation (inc scenario) \r\nRegEx Introduction (inc practical exercise) \r\nReview parsed example log source \r\nLog source collection (inc practical exercise) \r\n\r\nTips / Tricks and lessons learned \r\n- CEF/Sigma \r\n- Mitre ATT&CK \r\n\r\nBy understanding the principals above the security operations function will be more effective from SIEM engineering through to SOC analysts.", "recording_license": "", "do_not_record": true, "persons": [{"code": "S8LKAG", "name": "Guy Kramer", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/S8LKAG_tVFMP0C.webp", "biography": "Guy Kramer is a strategic technologist and founder of Cyber Intelligence & Advisory Ltd. With over 17 years of experience in the field, his expertise encompasses the design, development and implementation of security solutions. His in-depth knowledge of cybersecurity, combined with his hands-on approach, allows him to deliver effective guidance to executives and technical teams alike.\r\n\r\nHe has worked for high-profile clients in government as well as for globally recognised companies such as Rolls-Royce and Hewlett-Packard. A well-travelled individual who has advised on security best practices in 125 cities, Guy has led projects that have changed the shape of cyber security. Notably, he pioneered a ground-breaking technology (Global Adversary Signals Analytics) that has strengthened the defences of governments worldwide against sophisticated cyber threats. \r\n\r\nWith a fascination for cybersecurity innovation, Guy is dedicated to learning new attack and defensive techniques, mentoring talent and actively contributing to the information security community. His aim at Cyber Intelligence & Advisory Ltd is to build a globally respected firm that sets new standards of security in the industry.", "public_name": "Guy Kramer", "guid": "c1adc274-1e13-543b-817a-f7d0ce096890", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/S8LKAG/"}, {"code": "MW8TKG", "name": "Kyle Pearson", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/MW8TKG_mW93phg.webp", "biography": "Kyle Pearson is a solutions engineer with Graylog who has worked on enough SIEM and Log Management deployments to know his way around. After cutting his teeth in financial services, he held consulting roles for several SIEM vendors and has worked extensively with public sector and financial services customers.", "public_name": "Kyle Pearson", "guid": "636e2108-ae38-5389-9f62-c163ceb28013", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/MW8TKG/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/P7KJ9A/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/P7KJ9A/", "attachments": []}, {"guid": "9619a685-fe70-50cb-bdfd-87e370bef28f", "code": "9NSRLS", "id": 54516, "logo": null, "date": "2024-12-14T13:00:00+00:00", "start": "13:00", "duration": "04:00", "room": "Workshop Room 2", "slug": "bsides-london-2024-54516-defeating-encryption-by-using-unicorn-engine", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/9NSRLS/", "title": "Defeating Encryption By Using Unicorn Engine", "subtitle": "", "track": "Workshops", "type": "Workshop - Long", "language": "en", "abstract": "Software Reverse-Engineering (SRE) is often considered black magic, but with the right tools and knowledge, its processes can be significantly accelerated. Unicorn Engine is a powerful framework that allows you to execute code platform-independently, which can greatly enhance your SRE skills.\r\n\r\nApplications, binaries, and frameworks often contain complex functionalities like encryption and decryption methods that are hidden from the user. Reverse-engineering these can be difficult and time-consuming, especially when they involve non-standard, proprietary or non-documented cryptographic functions. This is where Unicorn Engine comes in. It enables us to execute code dynamically without the need for the proper environment or hardware. By emulating the execution, we can analyse and understand the underlying operations, making the reverse-engineering process more effective.", "description": "With Unicorn Engine, you can dissect and manipulate code in a controlled environment. Whether you are dealing with malware analysis, software debugging, or vulnerability research, Unicorn Engine is an awesome tool in your reverse-engineering toolkit.\r\n\r\nThis training will focus on reverse-engineering one or more binaries with Ghidra. Participants will identify various encryption or obfuscation functions and write code for Unicorn Engine in Python to utilise these functions without ever executing the binary.\r\n\r\nNo special knowledge is required, but familiarity with Python, Ghidra, and x86/x64 assembly would be beneficial. The training will introduce Unicorn Engine to the audience and explain it in depth.", "recording_license": "", "do_not_record": false, "persons": [{"code": "FUY9TP", "name": "Balazs Bucsay", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/FUY9TP_dujDP7Z.webp", "biography": "Balazs Bucsay is the founder & CEO of Mantra Information Security that offers a variety of consultancy services in the field of IT Security. With decades of offensive security experience, he is focusing his time mainly on research in various fields including red teaming, reverse engineering, embedded devices, firmware emulation and cloud. He gave multiple talks around the globe (Singapore, London, Melbourne, Honolulu) on different advanced topics and released several tools and papers about the latest techniques. He has multiple certifications (OSCE, OSCP, OSWP) related to penetration testing, exploit writing and other low-level topics and degrees in Mathematics and Computer Science. Balazs thinks that sharing knowledge is one of the most important things, so he always shares it with his peers. Because of his passion for technology, he starts the second shift right after work to do some research to find new vulnerabilities.", "public_name": "Balazs Bucsay", "guid": "331b660d-8799-5e9d-8155-543ebcf14ed5", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/FUY9TP/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/9NSRLS/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/9NSRLS/", "attachments": []}], "Workshop Room 3": [{"guid": "faf569b9-8533-5128-bf75-2e824dddfc4c", "code": "WLKFP3", "id": 56962, "logo": null, "date": "2024-12-14T10:15:00+00:00", "start": "10:15", "duration": "02:00", "room": "Workshop Room 3", "slug": "bsides-london-2024-56962-malware-unmasked-supercharging-cyber-defense-with-machine-learning-magic", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/WLKFP3/", "title": "Malware Unmasked: Supercharging Cyber Defense with Machine Learning Magic", "subtitle": "", "track": "Workshops", "type": "Workshop - Short", "language": "en", "abstract": "Come join RevEng as we discuss the role of machine learning in expediting the art of binary analysis culminating in a CTF designed to show case how these tools can be used. \r\nSo whether you are new, or a pro, to malware analysis and machine learning, we invite you to pop along, have some fun, and ask us as many questions as you'd like.", "description": "For over a decade security companies have been using machine learning to detect and protect against malicious binaries. Some have moved away entirely from traditional detection methods whilst others opt for a hybrid approach. Either way, sometimes they're right, sometimes they're wrong, and sometimes they've no idea what they've detected; luckily for them they've usually got security experts on hand.\r\n\r\nAttribution, accuracy, similar samples? These questions often fall on the shoulders of security experts and all of which can be time consuming to answer. \"Your customer insists the file isn't malicious, let me take a look at that in more detail.\", \"I might not find any other samples because there is nothing overly unique.\" or what about \"It might be group [x] because these two binaries share a few similar strings...\".  \r\n\r\nWhat if there was another way?\r\n\r\nJoin us as we explore leveraging machine learning to aide researchers in malware analysis, attribution and threat hunting before putting these skills into practice by completing a small CTF challenge aimed at show casing what we think the future of binary analysis will look like.", "recording_license": "", "do_not_record": false, "persons": [{"code": "TKTTSW", "name": "David Rushmer", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/TKTTSW_jfxvsDT.webp", "biography": "David started his career in developing and operating large scale analytical platforms aimed at providing cyber defense. Over the following decade, that focus shifted to defensive research and operations, most notably at Cylance and Blackberry and was the Global Director of Threat Research but has always maintained a hands on approach.", "public_name": "David Rushmer", "guid": "e9a5af7a-d58a-5071-b5b2-374e5dc7f1f4", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/TKTTSW/"}, {"code": "VFQ3KA", "name": "James Patrick-Evans", "avatar": null, "biography": null, "public_name": "James Patrick-Evans", "guid": "f4945b18-0e3d-50b4-8ba9-030af34b992f", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/VFQ3KA/"}, {"code": "M8GNRH", "name": "Lloyd Davies", "avatar": null, "biography": null, "public_name": "Lloyd Davies", "guid": "67f5efdf-ec84-5c73-bbf0-cd426b979ea7", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/M8GNRH/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/WLKFP3/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/WLKFP3/", "attachments": []}, {"guid": "c23270a2-bef5-597a-8536-bbecb99f94be", "code": "8EK7GF", "id": 56785, "logo": null, "date": "2024-12-14T13:00:00+00:00", "start": "13:00", "duration": "02:00", "room": "Workshop Room 3", "slug": "bsides-london-2024-56785-from-code-to-cloud-securing-the-stack-with-open-source-tools", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/8EK7GF/", "title": "From Code to Cloud: Securing the Stack with Open-Source Tools", "subtitle": "", "track": "Workshops", "type": "Workshop - Short", "language": "en", "abstract": "Open-source tools offer a powerful, cost-effective solution for securing modern applications from development through deployment. This workshop will walk through key tools that help protect your entire stack\u2014from securing your codebase, to monitoring cloud environments, and automating vulnerability detection. We\u2019ll also discuss the strengths and limitations of open-source security tools, showing when they can be the perfect fit for your needs, and when proprietary or custom solutions may be more appropriate.\r\nAttendees will get habnds on with tools like OWASP ZAP, Trivy, Bandit, and Checkov to help them understand how to effectively incorporate these solutions. You'll leave with practical knowledge of the best tools for various security tasks and guidance on integrating them to protect your applications at every level.", "description": "Open-source tools have become essential in today\u2019s cybersecurity landscape, offering comprehensive, low-cost solutions for securing modern applications. From securing codebases to protecting cloud environments, these tools can help organizations achieve full coverage without massive investments. However, while open-source tools offer significant advantages\u2014such as flexibility, community support, and transparency\u2014there are also scenarios where they fall short, such as scalability issues, lack of enterprise support, and specific feature gaps.\r\nIn this workshop, we\u2019ll explore the full spectrum of how open-source tools can be leveraged to secure your applications from development to deployment\u2014covering both the code and cloud layers. We\u2019ll walk through specific tools like:\r\n-OWASP ZAP for web application scanning,\r\n-Trivy for container security,\r\n-Checkov for threat detection in cloud assets\r\n-SemGrep, Bandit and Brakerman for SAST \r\nThrough hands-on experimentation you will see these tools in action and learn how they can be integrated into your development pipeline to enforce security at every stage. We\u2019ll also dive into real-world examples where open-source tools excel\u2014and where they may not always be the best fit. \r\nBy the end of this session, you\u2019ll walk away with practical strategies to secure your application\u2019s entire stack with open-source tools, as well as an understanding of the limitations to be mindful of. This talk is ideal for security engineers, developers, and DevOps teams looking to improve their security posture using open-source solutions.", "recording_license": "", "do_not_record": false, "persons": [{"code": "9HP7KM", "name": "Mackenzie Jackson", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/9HP7KM_KRUq4ws.webp", "biography": "Mackenzie is a security researcher and advocate with a passion for application security. As the co-founder and former CTO of a health tech company Conpago, he learned first-hand how critical it is to build secure applications with robust developer operations.\r\n\r\nToday as an Advocate at Aikido Security, Mackenzie is able to share his passion for code security with developers and works closely with research teams to show how malicious actors discover and exploit vulnerabilities in code. Mackenzie is also a seasoned speaker having spoken at conferences in 29 countries, he is the host of The Security Repo podcast and a frequent contributor to various technical publications like Dark Reading and Security Boulevard.", "public_name": "Mackenzie Jackson", "guid": "b62403e8-175f-511c-b503-ac8662eb0ae8", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/9HP7KM/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/8EK7GF/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/8EK7GF/", "attachments": []}, {"guid": "176fd9e7-5fc1-5e83-9f7c-a606d47c4968", "code": "CUUGBR", "id": 55416, "logo": null, "date": "2024-12-14T15:30:00+00:00", "start": "15:30", "duration": "02:00", "room": "Workshop Room 3", "slug": "bsides-london-2024-55416-roll-your-own-edr-xdr-mdr", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/CUUGBR/", "title": "Roll Your Own EDR/XDR/MDR", "subtitle": "", "track": "Workshops", "type": "Workshop - Short", "language": "en", "abstract": "In this two-hour hands-on workshop we will show attendees how to build their own EDR/XDR/MDR platform leveraging open-source tools. Attendees will learn to deploy  cross-platform EDR sensors, how to use sigma detection rules, write custom detection rules, and leverage open source adversary emulation tools ( Atomic Red Team) to test new them. We will then discuss how to extend these capabilities for investigations and threat hunting by integrating additional open source or free tools to gather additional telemetry such as Sysmon and Velociraptor.", "description": "In this two-hour hands-on workshop we will show attendees how to build their own EDR/XDR/MDR platform leveraging open-source and free tools. Attendees will learn to deploy  cross-platform EDR sensors, how to use sigma detection rules, write custom detection rules, and leverage open source adversary emulation tools ( Atomic Red Team) to test new them. We will then discuss how to extend these capabilities for investigations and threat hunting by integrating additional open source or free tools to gather additional telemetry such as Sysmon and Velociraptor.", "recording_license": "", "do_not_record": false, "persons": [{"code": "DFPTCB", "name": "Ken Westin", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/DFPTCB_DDfKcyO.webp", "biography": "Ken Westin has been in the cybersecurity field for over 15 years working with companies to improve their security posture, through threat hunting, insider threat programs, and vulnerability research. In the past, he has worked closely with law enforcement helping to unveil organized crime groups. His work has been featured in Wired, Forbes, New York Times, Good Morning America, and others, and is regularly reached out to as an expert in cybersecurity, cybercrime, and surveillance.\r\n\r\nKen is an Oregon Native who splits his time between a house in the woods near Portland and a beach shack on the Oregon Coast with his wife, son, and two dogs. He holds a BA from Lewis & Clark College, a graduate degree from the University of Portsmouth UK, and several security certifications. He is a self-professed guitar and record hoarder and amateur musician.", "public_name": "Ken Westin", "guid": "7c1e283e-d83d-5981-99c8-c9f66974cb38", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/DFPTCB/"}, {"code": "ZNJKCR", "name": "Jessica Crytzer", "avatar": null, "biography": "Jessica brings over 15 years of extensive experience in the cybersecurity sector, specializing in leading and scaling early-stage GTM (Go-To-Market) teams. As a seasoned revenue leader, she is deeply committed to fortifying both corporate entities and individuals against digital threats. Jessica actively mentors aspiring women in sales through WISE (Women In Sales Everywhere) and contributes her expertise to Mach37, an early-stage cybersecurity accelerator. Previously, she held leadership roles at HyperQube and ThreatSwitch, where she spearheaded teams to success.\r\n\r\nBeginning her career within large Enterprise organizations, Jessica has traversed the landscape as both an individual contributor and a strategic leader. However, her true passion lies in fostering growth within entrepreneurial ventures, where she thrives on shaping and executing go-to-market and revenue expansion strategies.\r\n\r\nBeyond her professional endeavors, Jessica finds solace in the outdoors, exploring new destinations, and immersing herself in live music experiences. Committed to making a difference, she dedicates her time to philanthropic causes, serving on the board of Becky's Fund and offering guidance as an advisor for Costumes for Courage.", "public_name": "Jessica Crytzer", "guid": "79072fe5-2a64-5095-8110-e49b4c257ce1", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/ZNJKCR/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/CUUGBR/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/CUUGBR/", "attachments": []}], "Workshop Room 4": [{"guid": "8fa64d0e-f4d6-58fc-8ac5-2d80d3927eb2", "code": "KA9T8N", "id": 56484, "logo": null, "date": "2024-12-14T10:00:00+00:00", "start": "10:00", "duration": "02:00", "room": "Workshop Room 4", "slug": "bsides-london-2024-56484-the-appsec-lessons-from-iron-man", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/KA9T8N/", "title": "The AppSec lessons from Iron Man", "subtitle": "", "track": "Workshops", "type": "Workshop - Short", "language": "en", "abstract": "In this 2-hour interactive workshop, we will dive into the world of Application Security with the perspective of one of the most iconic tech-savvy superheroes: Iron Man. Like Tony Stark, who continuously refines his armor to fend off evolving threats, we will explore how developers, security champions, and engineers can fortify their applications against vulnerabilities.\r\n\r\nThe session will cover the full spectrum of Application Security, from threat modeling and secure coding to incident response, framed within the tech innovation and constant iteration that Iron Man embodies. Attendees will learn practical approaches to building robust security mechanisms into their software development lifecycle (SDLC), while maintaining agility in the face of new threats\u2014just as Iron Man does with his suits.\r\n\r\nThrough engaging analogies, real-world examples, and actionable takeaways, participants will leave with a superhero\u2019s toolkit to defend their applications from vulnerabilities, automate their defenses, and respond swiftly to incidents.\r\n\r\nKey Topics:\r\n\r\nThreat Modeling: Understanding the foundational elements of secure software.\r\nDevSecOps: How to protect core application components from critical threats.\r\nVulnerability Management: Proactive vulnerability management process.\r\nApplication Monitoring: Incident response tactics that mirror Iron Man's agility in combat.\r\n\r\nGet ready to suit up and protect your applications with the same ingenuity and foresight as Iron Man!", "description": "Step into the shoes\u2014or rather, the suit\u2014of Iron Man as we explore the dynamic world of Application Security. In this 2-hour workshop, you'll learn how to protect your applications with the same innovative strategies Tony Stark uses to shield his tech from relentless attacks.\r\n\r\nThis workshop is designed for developers, security engineers, and security champions who want to understand and implement security practices that are both robust and agile. We\u2019ll cover every aspect of Application Security, from the fundamentals of secure coding to the latest automated defenses, all framed through the lens of Iron Man\u2019s constant innovation and real-time problem-solving.\r\n\r\nYou\u2019ll uncover how to:\r\n\r\nDevelop \u201carmor\u201d for your applications by integrating security from the start.\r\nProtect the \u201carc reactor\u201d of your system\u2014its most critical components\u2014from the most dangerous threats.\r\nImprove your \u201cbattlefield awareness\u201d with threat modeling and continuous vulnerability scanning.\r\nAutomate and scale your defenses using cutting-edge security tools.\r\nRespond swiftly and effectively to incidents, with agility and precision, just like Iron Man in the heat of battle.\r\nThis engaging, workshop will not only provide practical insights and strategies but also inspire you to approach Application Security with creativity and foresight. By the end, you\u2019ll be equipped with the tools and mindset to defend your applications like a true tech superhero.\r\n\r\nPrepare to suit up\u2014your journey to becoming an Application Security hero starts here!", "recording_license": "", "do_not_record": false, "persons": [{"code": "8GTHLB", "name": "C\u00e1ssio Pereira", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/8GTHLB_Ep29LT9.webp", "biography": "Cassio Batista Pereira, a.k.a. @cassiodeveloper, is a Software Developer and Architect by formation. He acts as an AppSec Expert and thus helps companies and professionals to build safer solutions. He has two decades of experience in the IT market and Information Security in the most varied business segments, where he gained knowledge to work with different technologies, programming languages and processes. He is an evangelist for the Secure Development culture.", "public_name": "C\u00e1ssio Pereira", "guid": "62d2dad3-dd04-503f-81bb-92872363db85", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/8GTHLB/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/KA9T8N/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/KA9T8N/", "attachments": []}], "Aerospace Village": [{"guid": "02806f57-45c2-57ef-861a-e5b289ba8282", "code": "MKVAAJ", "id": 58995, "logo": null, "date": "2024-12-14T08:30:00+00:00", "start": "08:30", "duration": "09:00", "room": "Aerospace Village", "slug": "bsides-london-2024-58995-aerospace-village", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/MKVAAJ/", "title": "Aerospace Village", "subtitle": "", "track": "Aerospace Village", "type": "Workshop - Long", "language": "en", "abstract": "The Aerospace Village is a volunteer team of hackers, pilots, and policy advisors who come from the public and private sectors. \r\nWe believe the flying public deserves safe, reliable, and trustworthy air travel which is highly dependent on secure aviation and space operations. Our mission is to Build, inspire, and promote an inclusive community of next-generation aerospace cybersecurity expertise and leaders. \r\nWe invite you to play with Bricks-in-the-Air, an interactive activity that uses a Lego aircraft model to demonstrate aviation system fundamentals.", "description": "The Aerospace Village is a volunteer team of hackers, pilots, and policy advisors who come from the public and private sectors. \r\nWe believe the flying public deserves safe, reliable, and trustworthy air travel which is highly dependent on secure aviation and space operations. Our mission is to Build, inspire, and promote an inclusive community of next-generation aerospace cybersecurity expertise and leaders. \r\nWe invite you to play with Bricks-in-the-Air, an interactive activity that uses a Lego aircraft model to demonstrate aviation system fundamentals.", "recording_license": "", "do_not_record": true, "persons": [], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/MKVAAJ/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/MKVAAJ/", "attachments": []}], "Car Hacking Village": [{"guid": "d2947c0f-4467-5524-9670-fa7b941ba5fb", "code": "JK9H3M", "id": 58994, "logo": null, "date": "2024-12-14T08:30:00+00:00", "start": "08:30", "duration": "09:00", "room": "Car Hacking Village", "slug": "bsides-london-2024-58994-car-hacking-village", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/JK9H3M/", "title": "Car Hacking Village", "subtitle": "", "track": "Car Hacking Village", "type": "Workshop - Long", "language": "en", "abstract": "Car Hacking Village", "description": "Car Hacking Village", "recording_license": "", "do_not_record": true, "persons": [{"code": "79PGLY", "name": "-", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/79PGLY_trbWtmy.webp", "biography": null, "public_name": "-", "guid": "45d02301-c1e0-5453-8537-2dcad0d98a2f", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/79PGLY/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/JK9H3M/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/JK9H3M/", "attachments": []}], "Lock Picking Village": [{"guid": "72c4e296-ef93-52d5-9059-341a8e1a9541", "code": "K8BP7H", "id": 58989, "logo": null, "date": "2024-12-14T08:30:00+00:00", "start": "08:30", "duration": "09:00", "room": "Lock Picking Village", "slug": "bsides-london-2024-58989-lock-picking-village", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/K8BP7H/", "title": "Lock Picking Village", "subtitle": "", "track": "Lock Picking Village", "type": "Workshop - Long", "language": "en", "abstract": "Ever wondered how a lock works inside? Already know, and want to up your picking game?  Come and meet the experts from  TOOOL UK at the lockpicking village. \r\nThe Open Organisation Of Lockpickers are a multinational group dedicated to defeating locks for fun and games. \r\nLearn to beat a pin tumbler lock, see inside various locks, padlocks and, er, even more locks! Come and play with locks!", "description": "Ever wondered how a lock works inside? Already know, and want to up your picking game?  Come and meet the experts from  TOOOL UK at the lockpicking village. \r\nThe Open Organisation Of Lockpickers are a multinational group dedicated to defeating locks for fun and games. \r\nLearn to beat a pin tumbler lock, see inside various locks, padlocks and, er, even more locks! Come and play with locks!", "recording_license": "", "do_not_record": true, "persons": [{"code": "YU8UMD", "name": "Moon On A Stick & Bristol Locksport", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/YU8UMD_HNiCaOb.webp", "biography": "Ever wondered how a lock works inside? Already know, and want to up your picking game?  Come and meet the experts from TOOOL UK at the lockpicking village.\r\nThe Open Organisation Of Lockpickers are a multinational group dedicated to defeating locks for fun and games.\r\nLearn to beat a pin tumbler lock, see inside various locks, padlocks and, er, even more locks! Come and play with locks!", "public_name": "Moon On A Stick & Bristol Locksport", "guid": "d7e5aa08-c499-56f9-8062-13905fc61ff8", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/YU8UMD/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/K8BP7H/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/K8BP7H/", "attachments": []}], "Malware Village": [{"guid": "330f4162-c635-5c73-8b9c-b7019ded42f9", "code": "THJBVS", "id": 57020, "logo": null, "date": "2024-12-14T12:30:00+00:00", "start": "12:30", "duration": "05:00", "room": "Malware Village", "slug": "bsides-london-2024-57020-malware-village", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/THJBVS/", "title": "Malware Village", "subtitle": "", "track": "Malware Village", "type": "Workshop - Long", "language": "en", "abstract": "In Malware Village, we will host various contests and workshops focused on malware analysis. Participants can experiment with and analyze malware under the guidance of professionals.\r\n\r\nThe full Malware Village* currently features three contests:\r\n\r\nMARC I (Malware Analysis Report Competition)\r\nBOMBE (Battle of Malware Bypass EDR)\r\nEMYAC (Efficient Malware YARA Analysis Competition)\r\n\r\n*In BSides London, we only have 4 hours, so we will host a subset of Malware Village.", "description": "Details are on the Malware Village website: https://malwarevillage.org\r\nMARC I & BOMBE Details on DEF CON forums: https://forum.defcon.org/node/249321", "recording_license": "", "do_not_record": false, "persons": [{"code": "7PZ9GF", "name": "Lena Yu", "avatar": "https://cfp.securitybsides.org.uk/media/avatars/7PZ9GF_Sm8itvy.webp", "biography": "Lena Yu, also known as LambdaMamba, is the founder of World Cyber Health and Malware Village. She created the MARC I (Malware Analysis Report Competition), fostering contributions to open-source education in malware analysis. Additionally, she launched the Malware Monsters project, also known as Malmons. Lena has presented at Virus Bulletin, BSides, and various other cybersecurity events, and has hosted Malware Village and contests at DEF CON, HITCON, BSides London, and more.\r\n\r\nBefore venturing into malware analysis, Lena worked as a low-level developer specializing in computer architecture and RISC-V Trusted Execution Environment (TEE) research.", "public_name": "Lena Yu", "guid": "4bcdebee-3b77-5844-8ced-9d68a7ebaed1", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/7PZ9GF/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/THJBVS/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/THJBVS/", "attachments": []}], "Quantum Village": [{"guid": "708a7ffc-bc8d-5a88-a215-87a9e8828418", "code": "3CE8QD", "id": 58990, "logo": null, "date": "2024-12-14T08:30:00+00:00", "start": "08:30", "duration": "09:00", "room": "Quantum Village", "slug": "bsides-london-2024-58990-quantum-village", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/3CE8QD/", "title": "Quantum Village", "subtitle": "", "track": "Quantum Village", "type": "Workshop - Long", "language": "en", "abstract": "Quantum Village", "description": "Quantum Village", "recording_license": "", "do_not_record": true, "persons": [{"code": "F8KGAD", "name": "-Quantum Village", "avatar": null, "biography": "-Quantum Village", "public_name": "-Quantum Village", "guid": "b471b2a8-8671-5e10-b9ed-049bfdc84718", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/F8KGAD/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/3CE8QD/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/3CE8QD/", "attachments": []}], "Train Hacking Village": [{"guid": "981a9fd8-af2b-57db-aea7-6a84a697bf6d", "code": "7PHCEH", "id": 58991, "logo": null, "date": "2024-12-14T08:30:00+00:00", "start": "08:30", "duration": "09:00", "room": "Train Hacking Village", "slug": "bsides-london-2024-58991-train-hacking-village", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/7PHCEH/", "title": "Train Hacking Village", "subtitle": "", "track": "Train Hacking Village", "type": "Workshop - Long", "language": "en", "abstract": "Train Hacking Village", "description": "Train Hacking Village", "recording_license": "", "do_not_record": true, "persons": [{"code": "LR8PXF", "name": "-Train Hacking Village", "avatar": null, "biography": "Train Hacking Village", "public_name": "-Train Hacking Village", "guid": "baa859ed-c6ba-5494-a855-efd530f08f4c", "url": "https://cfp.securitybsides.org.uk/bsides-london-2024/speaker/LR8PXF/"}], "links": [], "feedback_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/7PHCEH/feedback/", "origin_url": "https://cfp.securitybsides.org.uk/bsides-london-2024/talk/7PHCEH/", "attachments": []}]}}]}}}