2.0 -//Pentabarf//Schedule//EN PUBLISH WZXUTA@@cfp.securitybsides.org.uk -WZXUTA BYOTB - Bring Your Own Trusted Binary en en 20241214T100000 20241214T104500 004500 BYOTB - Bring Your Own Trusted Binary Security professionals are locked in a constant cat-and-mouse game with attackers who continuously find creative ways to bypass modern defences. One such technique is Bring Your Own Trusted Binaries (BYOTB)©, where attackers use legitimate, signed or checksum verified binaries which may not be present on the host machine to achieve their aims. Since these binaries are oftentimes trusted by the OS and EDR solutions, they are less likely to raise red flags, providing attackers with a stealthy way to circumvent traditional security mechanisms. This session will explore how the BYOTB technique works, some examples of trusted binaries and why they are so effective at bypassing EDR solutions. I'll cover: - Understanding the BYOTB idea: I will explain which trusted binaries are used and how they can provide access to external adversaries and testers alike. - EDR and Firewall Evasion Tactics: I will demonstrate how adversaries leverage trusted binaries to exploit gaps in EDR detection as well as bypassing modern firewalls. - Detection and Mitigation Strategies: The concluding section of the talk will focus on defensive measures. I’ll discuss practical detection techniques, including monitoring the usage of known binaries, and implementing tighter security controls around execution policies for certain trusted binaries. This talk is geared towards a technical audience, including Red Teamers and Pentesters looking to understand how to exploit these techniques as well as Blue Teamers interested in improving their detection and mitigation strategies. Attendees will leave with actionable insights into how they can detect BYOTB techniques in their environments, as well as best practices for preventing such attacks from slipping through the cracks. PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/WZXUTA/ Clappy Monkey Track David Kennedy PUBLISH EHBRYZ@@cfp.securitybsides.org.uk -EHBRYZ The Practical Application of Indirect Prompt Injection Attacks: From Academia to Industry en en 20241214T105500 20241214T114000 004500 The Practical Application of Indirect Prompt Injection Attacks: From Academia to Industry For further clarity on any sections, please refer to my white paper: https://www.researchgate.net/publication/382692833_The_Practical_Application_of_Indirect_Prompt_Injection_Attacks_From_Academia_to_Industry ---------------------------------------------------------------------------------------- 1. PROMPT INJECTION - THE PROBLEM AFFECTING ALL LLMS ----------------------------------------------------------------------------------------- Definition - Prompt injection was originally used to describe attacks where untrusted user input was concatenated with a trusted prompt in an application. - The definition has expanded to include any prompt that causes an LLM to perform harmful actions - to avoid confusion, the latter definition will be used in this presentation. The Problem - All LLMs are vulnerable to prompt injection! - In web application security, the most effective way to prevent injection attacks is to maintain a small allowlist of known safe input values. - Applying this to LLMs would render them functionally useless - the value of LLMs comes from being able to answer any query. - Instead, organizations like OpenAI are training LLMs to detect and block common prompt injection techniques. - Attackers can easily formulate new techniques since they can use any characters and words to craft prompt injections. ------------------------------------------------ 2. INDIRECT PROMPT INJECTION ------------------------------------------------ Attack Sequence - Breaking down the anatomy of an indirect prompt injection attack as follows, along with a diagram: 1. An attacker injects a malicious prompt into a resource which they know LLMs will read from. 2. A victim user asks an LLM to read from this resource. 3. The LLM visits the resource and reads in the malicious prompt. 4. The LLM performs the actions specified in the malicious prompt. - When an LLM reads in data from an attacker-injectable source, the chat should be considered COMPROMISED, since it may contain a malicious prompt. Impacts - The main impacts of regular prompt injection are generating harmful content - which only negatively impacts an LLM provider's reputation - and attacks launched against an application or service that ingests an LLM's input or output. - The main impacts of IPI are socially engineering a user by instructing the LLM to provide misleading information to the victim or performing arbitrary actions on behalf of users. The latter impact is more interesting and will be the focus of the remaining presentation. - The impact of an Indirect Prompt Injection attack directly depends on the actions an LLM has access to perform. Actions can be chained to cause a greater impact. Vulnerability Criteria 1. Can an attacker inject into a source the LLM will read from? This can be a public source, e.g. a social media comment, or it can be a victim's private source which an attacker can send data to, e.g. an email inbox. 2. Can the LLM perform any actions that could harm a user? Consider any actions that could impact the CIA triad of a user's data, e.g. deleting a victim's GitHub branch. 3. Can the LLM perform this harmful action after reading from the injectable source? LLMs can do this in most cases, but developers may implement logic to prevent this from happening as IPI attacks become more prevalent. ------------------------------------------------------------------------ 3. INDIRECT PROMPT INJECTION METHODOLOGY ------------------------------------------------------------------------ This section introduces the Indirect Prompt Injection Methodology, along with a diagram. In the presentation, sample prompts will be attached for each relevant step: Explore the attack surface 1. Map out all harmful actions the LLM has access to perform - Ask the LLM to provide a list of all functions it can invoke. Analyze the list and write down the harmful actions. 2. Map out all attacker-injectable sources the LLM can read from - Ask the LLM to provide a list of all data sources it can read from. Analyze the list and write down the sources you could inject a prompt into. 3. Attempt to obtain the system prompt - Ask the LLM to provide the statements programmed into it by its developer, allowing you to see any verbal guardrails that you may need to bypass. Craft the exploit For each source-action pairing: 4. Determine if the LLM can be pre-authorized to perform the action - Certain LLMs may ask the user to approve an action before carrying it out. By tailoring the prompt you may be able to provide pre-approval, convincing the LLM to carry out the action without delay! 5. Inject a more persuasive prompt into the source - The indirectly injected prompt needs to be made more convincing to an LLM since it will carry less conversational weight than the user's initial request. By emphasizing key parts of the prompt with mock Markdown, repeating sentences, and tailoring the prompt semantics to the observed behavior, you can craft a successful exploit. These techniques will be clearly showcased in the presentation. 6. Ask the LLM to read from the source and observe if the action occurs - Simulate a plausible user query, e.g. "visit this URL: {url}". The LLM should read from the injected source and carry out the actions set out in the prompt injection. Refine the prompt 7. Repeat steps 5 and 6, iteratively modifying the prompt until the attack is successful - If the attack is unsuccessful, systematically make small changes until you achieve success. A table will be provided in the presentation to facilitate this process. ------------------------------------------------------------------------------- 4. CASE STUDY - MAVY GPT CALENDAR EXFILTRATION ------------------------------------------------------------------------------- Background - Mavy GPT is a personal assistant on the GPT Plus store that allows people to send emails and view their Google calendars by hooking into Google APIs. Applying IPIM - This is a walkthrough of each step in IPIM, applied to MavyGPT. Screenshots for each step are provided: 1. Map harmful actions - I obtained a list of 7 actions, considered the impact of each and noted down "Send Email" as potentially harmful. I recorded the associated function call. 2. Map injectable sources - I obtained a list of 3 actions that read from injectable sources and noted down "Google Calendar" as an injectable source. 3. Obtain the system prompt - I asked Mavy for its system prompt and it immediately complied - I noted this down. 4. Determine if LLM can be pre-authorized - I pasted the function call from earlier and Mavy complied immediately. 5. Inject a more persuasive prompt - I considered a potential attack chain - asking Mavy to summarize all user events in the Google Calendar, then asking it to email this to me. I iterated several times to craft a prompt that allowed me to execute the chain. This will be provided in the presentation, along with a breakdown of each sentence in the prompt. 6. Ask LLM to read from the source - I sent a calendar invite containing the prompt injection as its description to the mock victim, then asked Mavy to print the event description in the victim's session. As expected Mavy summarized all events in the calendar and emailed them back to me. Video evidence will be provided, serving as a POC and a demo. Impact - Many users store private information in their calendars such as locations, relative names, and even credentials. An attacker could sell this information or use it to launch further attacks. ------------------------------------------------------------------------------------- 5. INDIRECT PROMPT INJECTION PRACTICAL MITIGATIONS ------------------------------------------------------------------------------------- Instruction Hierarchy - Proposed by OpenAI earlier this year - treats externally ingested data as lower-privileged. - Shows an improvement against prompt injection benchmarks, but can be bypassed by crafting better payloads. Human-in-the-loop - A human has to approve each action an LLM will take. Theoretically, this prevents any unwanted actions. - Implementing this effectively causes a poor user experience, making developers unlikely to use it properly. No Actions After Reads - Server-side logic which prevents any actions from occurring after an LLM has ingested external data. - This compromises the functionality of an LLM, again worsening user experience. Mitigation Summary - Current mitigations are either not 100% effective or severely impact user experience, making Indirect Prompt Injection difficult to defend against. ---------------------------- 6. LOOKING AHEAD ---------------------------- The Future of Indirect Prompt Injection - IPI is a serious issue - the same techniques outlined in IPIM could be used to exploit future AI implementations linked to critical infrastructure, leading to devastating impacts. - Human-in-the-loop or "no actions after reads" could be implemented, but this would limit the value of these AI implementations by stripping their autonomy. Application and Future Development of IPIM - IPIM will be maintained and updated on GitHub to ensure its continued relevance in the AI space. ----------------------- 7. CONCLUSION ----------------------- - IPI is a serious issue - IPIM bridges the gap between academia and industry, improving awareness of IPI and contributing to the future of AI Security. PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/EHBRYZ/ Clappy Monkey Track David Willis-Owen PUBLISH HYSYLN@@cfp.securitybsides.org.uk -HYSYLN CyberHUMINT: Recruit, Deceive, Exploit en en 20241214T115000 20241214T123500 004500 CyberHUMINT: Recruit, Deceive, Exploit At Bsides Cymru we introduced the audience to what modern intelligence apparatus looks like using the fictional country of Fligistan. This talk builds upon that and focuses on Cyber HUMINT, the fusion of traditional human intelligence (HUMINT) with cyber operations. It is a powerful tool for both attackers and defenders. In this talk we explore how CyberHUMINT exploits human vulnerabilities, leverages social engineering, and manipulates insider threats, leading to significant risks such as data breaches or disclosure of corporate secrets. We’ll examine real world examples where adversaries use remote working job opportunities for infiltration, platforms like LinkedIn for agent recruitment, using avatars for covert dark web operations, and psychological manipulation through bot farms and psyops to influence and deceive organisational and military targets. We will also delve into how behavioral analysis and patterns of life in computer networks and subcultures can help to identify malicious actors early. Attendees will gain actionable insights on how to recognise and mitigate insider threats, as well as the critical role CyberHUMINT plays in understanding patterns of life and digital behaviour. Whether you’re part of the Fligistan red team, social engineering corps, or an intelligence analyst, this session will equip you with the tools to protect your organisation from advanced human and cyber-based threats. PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/HYSYLN/ Clappy Monkey Track Tony Gee Hugo Page-Turner PUBLISH LV7GFV@@cfp.securitybsides.org.uk -LV7GFV SSRF² | Breaking Trust Zones Through Self-Reference en en 20241214T125500 20241214T134000 004500 SSRF² | Breaking Trust Zones Through Self-Reference This talk introduces a groundbreaking approach to SSRF exploitation that fundamentally changes how we think about trust boundaries and security contexts. Rather than focusing on finding new SSRF vectors, we'll demonstrate how using the same primitive twice can bypass sophisticated security controls including URL rewrite rules, origin validation, and network segregation. Key takeaways: - How a single SSRF primitive can be leveraged across different security contexts - Why position matters more than payload in modern architectures - Real-world examples of bypassing Kubernetes API protections - Turning blind SSRF into critical internal access - New methodology for approaching SSRF research Through live demonstrations and real-world cases, attendees will learn how traditional security controls can fail when the same primitive operates across different trust contexts. This research provides valuable insights for both offensive security researchers looking to expand their methodology and defenders implementing trust boundaries. PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/LV7GFV/ Clappy Monkey Track Guy Arazi PUBLISH RHQA9X@@cfp.securitybsides.org.uk -RHQA9X Inside the Ransomware Toolbox: How to Beat Cybercriminals at Their Own Game en en 20241214T135000 20241214T143500 004500 Inside the Ransomware Toolbox: How to Beat Cybercriminals at Their Own Game In this session, we will at into the inner workings of ransomware gang attack paths and unpack the exact sets of tools they use to wreak havoc. Imagine having a cheat sheet that tells you exactly what the cyber baddies are up to before they even hit your network. Sounds like a game-changer, right? We will find out how this matrix can supercharge your threat hunting, boost your incident response game, and help you simulate attacks just like the pros. But it’s not all smooth sailing—we’ll also talk about the tricky bits, like figuring out if a tool is being used by a cybercriminal or just your IT team. Why should you join? Because you'll walk away with: - Insider knowledge on the tools and tactics of the biggest ransomware gangs. - Practical tips to turn these insights into action—detect, block, and stay ahead of attacks. - A fresh perspective on using intelligence to not just survive, but thrive in today’s threat landscape. - Whether you’re a seasoned defender or just stepping into the world of cybersecurity, this talk will arm you with the strategies to beat these pesky cybercriminals at their own game. Come ready to learn, laugh, and leave with a whole new set of ideas to take back to work. PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/RHQA9X/ Clappy Monkey Track Will Thomas PUBLISH GXUA37@@cfp.securitybsides.org.uk -GXUA37 From Garden to Grid: Lessons from Gardening for a Resilient Cybersecurity Strategy en en 20241214T144500 20241214T153000 004500 From Garden to Grid: Lessons from Gardening for a Resilient Cybersecurity Strategy In an increasingly complex digital world, cybersecurity professionals are continuously looking for new ways to strengthen their defenses and build resilient systems. This talk, "From Garden to Grid," introduces a fresh and unexpected perspective by exploring how the principles of gardening can be applied to cybersecurity to create stronger, more adaptable strategies. Drawing parallels between gardening practices—such as nurturing growth, pruning for efficiency, building resilience, and harvesting success—and essential cybersecurity approaches, this session will provide practical, actionable insights for security professionals. Attendees will learn how: Continuous learning and innovation, akin to nurturing a garden, can foster growth in security practices. Pruning unnecessary or outdated systems, much like trimming overgrown plants, can streamline security operations and reduce vulnerabilities. Building resilience through backup systems and response plans mirrors the way gardeners protect plants from external threats. Measuring success and reflecting on achievements, just like harvesting in gardening, ensures sustained cybersecurity effectiveness. Through relatable analogies and real-world examples, this session will inspire attendees to rethink their cybersecurity strategies with a focus on adaptability, efficiency, and long-term sustainability. Perfect for professionals at all levels, this talk will equip participants with the tools and mindset needed to cultivate a digital environment that thrives in the face of emerging threats. PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/GXUA37/ Clappy Monkey Track Becky Hall PUBLISH DAM993@@cfp.securitybsides.org.uk -DAM993 Inside the Phish Tank: A Guide to Compromising Phishing Infrastructure en en 20241214T154000 20241214T162500 004500 Inside the Phish Tank: A Guide to Compromising Phishing Infrastructure We will demonstrate how to leverage these vulnerabilities to gain unauthorised access to their phishing infrastructure. This can be used to gather intelligence to help identify the threat actors operating these panels, disrupt their operations, and minimise the damage caused to their victims. Through this session, we aim to provide valuable insights and encourage proactive, ethical approaches to combating cyber threats. PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/DAM993/ Clappy Monkey Track Vangelis Stykas Felipe Solferini PUBLISH AFDMQM@@cfp.securitybsides.org.uk -AFDMQM Building the ATT&CK pipeline for Linux en en 20241214T163500 20241214T172000 004500 Building the ATT&CK pipeline for Linux The session will cover: * Introducing linux-malware - what is it and why might both red and blue want to pay attention? * Automating the TI pipeline - applying custom analytics to someone else's DFIR report? * What new threats should you worry about and why - Linux is unhackable, right? * Building better detections - how can you figure out whether you're exposed? Takeaways will include: * A summary of the Linux threat landscape * Just because we're not looking for the bad guys, doesn't mean they're not there * Attackers will use the easiest TTP that gets them to a root prompt * If you're running adversary simulations, here are some non-Windows TTPs you should consider * If you're playing defence, this is how you develop behavioural IOCs and tools to leverage them PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/AFDMQM/ Clappy Monkey Track Tim Wadhwa-Brown PUBLISH 7GAQNS@@cfp.securitybsides.org.uk -7GAQNS Unmasking APT Malware Activity: Real-World Malware Campaign Tracking Using Big Data Analytics and Machine Learning Clustering en en 20241214T100000 20241214T104500 004500 Unmasking APT Malware Activity: Real-World Malware Campaign Tracking Using Big Data Analytics and Machine Learning Clustering In this talk we will conduct a deep dive into the framework we developed for automating the identification and handling of malware samples targeting web servers, it will consist of four parts: Part 1: Introduction - Provide a baseline understanding of how threat actors can leverage web vulnerabilities to deploy malware. - Introduce the challenge of identifying, clustering and tracking malware data in the real world. - Introduction to the data we collect, with a focus on the real-world malware data we track. - Discuss what can be gained by effectively identifying and tracking malware campaigns in real world scenarios. Part 2: Automated Malware Handling - Explain and demonstrate the framework we developed to automate the handling of web-delivered malware samples, including: 1. Identification of malware delivery using RCE attacks against web applications. 2. Safe downloading, storing and analysis of identified samples using a sandboxed environment. 3. Importing sample information to enrich existing data. Part 3: Clustering of Malware data and Anomaly Detection - Using big data analytics to aggregate data from multiple cloud regions, and calculate distances for clustering - Demonstrate a novel open source tool we developed, for counters collection, aggregation and anomaly detection powered by an SQL engine and cloud functions - Explain how the tool utilizes advanced detection methods for trends and patterns in the malware data Part 4: Identified Campaigns Review several campaigns detected by the framework, including: - Sysrv Botnet: How we identified and correlated events related to activity of the Sysrv botnet, uncovering new attack vectors and TTPs. (https://tinyurl.com/sysrvb) - AndroxGhost: How we identified AndroxGh0st malware activity, and were able to provide previously undocumented TTPs and attack vectors augmenting a previously published report by CISA. (https://tinyurl.com/axghost) - TellYouThePass: How we quickly uncovered a malicious campaign to deliver TellYouThePass ransomware leveraging the new PHP vulnerability CVE-2024-4577. (https://tinyurl.com/tytpr) - 8220 Gang: How we exposed new tactics and vectors utilized by the well-known threat actors 8220 Gang. (https://tinyurl.com/8220gang) - APT29: How we were able to identify and track activity from the Russian APT specifically targeting Polish Government domains to drop RAT Malware (unpublished) Atendees can expect the following takeaways: 1. Utilizing a combination of automation, big data analytics, and anomaly detection allows you to effectively identify and track cyber attacks. Usage of common tools like cloud data lakes and managed query engines can make such tasks quick and efficient. 2. Many threat actors, including APT groups, commonly use web vulnerabilities to target nation states and propagate dangerous malware. This activity can be consistently detected using the demonstrated framework. 3. Identification, correlation and tracking of malware campaign activity is of interest to a wide demographic within the security community, we aim to provide a useful set of ideas and tools to assist with this difficult problem. PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/7GAQNS/ Track 2 Daniel Johnston Ori Nakar PUBLISH 8Z8VTW@@cfp.securitybsides.org.uk -8Z8VTW To you its a Black Swan, to me its a Tuesday en en 20241214T105500 20241214T114000 004500 To you its a Black Swan, to me its a Tuesday This talk takes a real-world look at how red teams help organisations prepare for incidents. Starting with a light touch review of real-world high impact "black swan" breaches to show why we should try to do such testing. We will then look at how we can design red team engagements to test similar high impact scenarios, and what skills are needed to deliver such testing. We will finish off the talk with looking at the practical steps we can advise organisations to take to prepare for the worst. PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/8Z8VTW/ Track 2 David V. PUBLISH PHX7TQ@@cfp.securitybsides.org.uk -PHX7TQ Software security issues for small IoT SoCs en en 20241214T115000 20241214T123500 004500 Software security issues for small IoT SoCs As the Internet of Things (IoT) weaves itself into the fabric of our daily lives—from smart toothbrushes and connected cars to wearable tech and home gadgets—the security of these devices becomes more critical than ever. This presentation offers a friendly and accessible introduction to IoT security, focusing on Systems on Chip (SoCs) and the essential practice of hardware/software binding. It is based on my dissertation for the MSc Information Security program at RHUL. We'll explore: IoT and SoCs Demystified: Understand what IoT and SoCs are, and how they power the devices we use every day. Unique Security Challenges: Learn about the vulnerabilities inherent in IoT devices due to their limited computational resources. Hardware/Software Binding Concepts: Discover how binding software to hardware (and vice versa) prevents unauthorized access and enhances security. Binding Methods and Solutions: Review current approaches from manufacturers and innovative solutions from academic and industry research, including their risks and limitations. Physically Unclonable Functions (PUFs) and Hardware Security Modules (HSMs): Get introduced to these advanced security mechanisms and their practical applications in IoT devices. Selecting Secure SoCs: Gain practical tips on choosing the right SoCs for new products, with examples of affordable development kits (often under £10) that make this field accessible to all. Security Evaluation Tool: Receive a handy security questionnaire designed to help you assess SoCs for product development and understand governance and lifecycle considerations. Whether you're a beginner cybersecurity enthusiast, a developer looking to build secure products, a red teamer interested in potential attack surfaces, or simply curious about the gadgets around you, this session will equip you with the knowledge to make informed decisions and contribute to a safer, more secure IoT ecosystem. Join us to explore how we can collectively enhance security in our increasingly connected world. PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/PHX7TQ/ Track 2 Stephen Cravey PUBLISH DBRFFP@@cfp.securitybsides.org.uk -DBRFFP What’s inside the open directory from 96 different threat actors? en en 20241214T125500 20241214T134000 004500 What’s inside the open directory from 96 different threat actors? Understanding the TTPs used by threat actors is often only done after an incident when the damage is done, made from inferences of what they allow us to see. What if analysts had full access to exactly how these actors operate: the commands they ran, their targets, accurate geolocations, tools, and more. Luckily, over the last few years, 96 brazen threat actors, ranging from script kids to alleged APTs, made the decision to publish their systems, bash_history, log files, configs, source code, and more in open directories. Hopefully this talk begins to explore such open data. PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/DBRFFP/ Track 2 Alana Witten PUBLISH P8GMHQ@@cfp.securitybsides.org.uk -P8GMHQ Is Your Approach to Pipeline Security Flawed? Rethinking CI/CD Security en en 20241214T135000 20241214T143500 004500 Is Your Approach to Pipeline Security Flawed? Rethinking CI/CD Security With DevSecOps becoming the standard, CI/CD pipelines have become the backbone of software development and deployment, running thousands of times a day. Each pipeline executes critical tasks such as building, testing, and deploying code - often leveraging automation and guardrails to ensure quality and security. Tools that integrate in pipelines promise to help. But what exactly is a pipeline? What systems and resources does it interact with? And most importantly, how can we ensure that no pipeline becomes a pivot point for an attacker to compromise our most valuable systems? Can we be confident pipelines are running what we expect and providing the necessary data for other processes? These questions point to a (perhaps overlooked) concept: Protected Resources. In this talk, we will explore how shifting to a new mindset could enhance visibility into pipelines, ensure adherence to security protocols, and prevent pipelines from becoming attack vectors. We'll delve into practical strategies to gain observability, improve compliance, and better secure your CI/CD system in the age of DevSecOps. PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/P8GMHQ/ Track 2 Patricia R PUBLISH EHRQSN@@cfp.securitybsides.org.uk -EHRQSN Roll your own vulnerabilities; an introduction to Fault-Injection for exploiting bug-free code in embedded systems. en en 20241214T144500 20241214T153000 004500 Roll your own vulnerabilities; an introduction to Fault-Injection for exploiting bug-free code in embedded systems. This talk will introduce attendees to fault-injection, a local attack category which is often used as the first step in the attack chain for embedded systems, and in some cases can also lead to remote attacks. It will cover the techniques which attackers use to generate security violations such as bypassing read protection, secure boot, or debug protection in embedded systems, even when the code is completely free of bugs. You will learn about the attacker motivations, tools and techniques, as well as the methods used to harden devices against these attacks, and how increased public awareness, certification, and regulation is changing the landscape. You will see how the cost of the equipment needed is often very low, and learn how you can begin your “glitching” journey for under £20. We will look at the fault-injection mitigations added in the Raspberry Pi Pico 2, and consider their efficacy - there is currently a $20,000 bug bounty available for breaking these protections leading to recovery of a secret stored in the One-Time-Programmable flash memory. We shall also touch upon side-channel analysis, which can recover cryptographic keys in use through measurement and analysis of tiny power fluctuations, or even by using a coil to pick up electro-magnetic emanations. Keywords/phrases: - Embedded Systems - Microcontrollers - Hardware Attacks - Fault-Injection - Voltage Fault Injection (VFI) - Electro-Magnetic Faul Injection (EMFI) - Clock Fault Injection (CFI) - Risk Assessment - Threat Modelling - Automotive - Industrial Control Systems - IoT - Mitigation Strategies - Raspberry Pi Pico 2 - Side-Channel Analysis PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/EHRQSN/ Track 2 @barsteward PUBLISH HQ7GKR@@cfp.securitybsides.org.uk -HQ7GKR Cybersecurity’s New Imperative: Defending Enterprise and National Cognitive Infrastructures (by strengthening the mental immune system) en en 20241214T154000 20241214T162500 004500 Cybersecurity’s New Imperative: Defending Enterprise and National Cognitive Infrastructures (by strengthening the mental immune system) Winn will make you question everything in your current reality. Ready? How do you know what's real? Who controls and might be distorting your perception of reality? As technology intertwines with our lives in complex and sometimes hidden ways, these questions become more urgent. We face a world where the metaverse, TMI, algorithms, and digital addiction shape our everyday experiences. They who control the technology control the narrative. In 1991, Winn Schwartau, the civilian architect of information warfare postulated cyberwar in front of US Congress. Today, he warns that America faces a national security crisis; a cognitive Pearl Harbor waiting to happen. The lack of a national security imperative to strengthen our population's mental immune systems and our ability to coexist with technology makes Ame1ica's cognitive infrastructure essentially defenseless. Schwartau's Metawar Thesis employs an analogue engineering approach and a cybersecurity prism to view the disconnects between humans and technology. The Art & Science of Metawar is a compelling and groundbreaking exploration of the forces shaping our reality and the personal, enterprise, and national security implications of cognitive conflict: metawar. Through a blend of technical insights and philosophical ref lections, Schwartau offers a roadmap of hope for strengthening our mental immune system and cognitive defenses to better coexist with the technology we now rely upon. The Art & Science of Metawar serves as both a call to action and a guide to reclaiming control over our individual narratives in an increasingly aggressive digital landscape. Who controls your narrative? Are you ready to find out? PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/HQ7GKR/ Track 2 winn schwartau PUBLISH RZCWXJ@@cfp.securitybsides.org.uk -RZCWXJ The Past, Present and Future of Cloud-Native Security en en 20241214T163500 20241214T172000 004500 The Past, Present and Future of Cloud-Native Security Key Takeaways: Analyse the evolution of cloud-native security threats. Learn how attack techniques evolved over time, and assess the shortcomings of addressing cloud-native security challenges. Explore the future impacts and trends of cloud-native security and discover practical defense strategies. PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/RZCWXJ/ Track 2 Emma Yuan Fang PUBLISH S7UNUC@@cfp.securitybsides.org.uk -S7UNUC Using the OWASP Top 10 to Save the Astronauts from HAL en en 20241214T100000 20241214T104500 004500 Using the OWASP Top 10 to Save the Astronauts from HAL The talk will use the OWASP Top 10 for ML and OWASP Top 10 for LLMs to anyalze the nature of the flaws in HAL 9000, the AI in 2001: A Space Odyssey, and how this led to disastrous results for the mission. There will be a discussion of failures to consider different aspects of both the LLM and ML top 10 during HAL's design and training phases, and the subsequent attempts to implement fixes during the mission. Each omission or failure to apply an OWASP principle, that led to the vulnerabilities will be discussed in detail, and also related to real life applications, to ensure the talk isn't just a geeky discussion of a cool-looking scf-fi AI. PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/S7UNUC/ Track 3 Nick Dunn PUBLISH BEZSKR@@cfp.securitybsides.org.uk -BEZSKR Healthcare’s Anatomy: dissection of Dicom, a protocol to Nmap your body! en en 20241214T105500 20241214T114000 004500 Healthcare’s Anatomy: dissection of Dicom, a protocol to Nmap your body! By the end of this presentation, you will have acquired in-depth knowledge of the DICOM protocol, its use in the medical field, and its technical format. You will understand the dangers of exposing DICOM servers on the web, as well as the risks to the security of medical data within healthcare infrastructures. Additionally, you will discover an offensive tool illustrating methods for extracting sensitive data from a medical server and learn how to identify signs of malicious activity to better prevent and counter these threats. PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/BEZSKR/ Track 3 0xSeeker PUBLISH KGLYRE@@cfp.securitybsides.org.uk -KGLYRE Explaining ICS to a fool of a Took en en 20241214T115000 20241214T123500 004500 Explaining ICS to a fool of a Took What will be covered: Intro to CNI & OT security Industrial control systems Control loops & ladder logic Testbeds including digital twins OT Protocols such as Modbus Known technical vulnerabilities Security concepts and solutions Interconnectivity of CNI sectors PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/KGLYRE/ Track 3 halfling PUBLISH STGFHH@@cfp.securitybsides.org.uk -STGFHH CV workshop en en 20241214T125500 20241214T134000 004500 CV workshop I would like to offer an engaging fun session for 45 minute about how to make your CV an A* CV in order to get job interview. I have over 14 years experience in HR & Training so I would like to share tips on how to get your foot in the door with a great CV. I will leave 10 to 15 minutes for Q&A PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/STGFHH/ Track 3 Samira Ali PUBLISH MDR3YL@@cfp.securitybsides.org.uk -MDR3YL Post-Quantum Cryptography for 2025 en en 20241214T135000 20241214T143500 004500 Post-Quantum Cryptography for 2025 With the first three quantum-resistant cryptographic algorithms standardised by NIST in August 2024, the starting gun has been fired on the Y2K-style problem of upgrading the crypto used in almost all of our modern electronic devices. In this session you'll learn: * What's the real threat that quantum computers pose * An overview of the options to safeguard against that threat * How techniques such as a cryptographic inventory, hybrid crypto and crypoagility can help ease the transition * How to get started with quantum-resistant cryptography today! PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/MDR3YL/ Track 3 Andy Smith PUBLISH V8QCKM@@cfp.securitybsides.org.uk -V8QCKM When the Hunter Becomes the Hunted: Using Minifilters to Disable EDRs en en 20241214T144500 20241214T153000 004500 When the Hunter Becomes the Hunted: Using Minifilters to Disable EDRs ## 1. Introduction This presentation will explore the use of minifilters, an essential components of EDRs, in offensive security operations, with a focus on their application in bypassing and disabling EDR systems. ## 2. EDR Architecture Overview We will first provide a high level description of EDR systems, their components and architecture. This is essential to understand how minifilters contribute to EDR systems and the capabilities they provide. It sets the stage to understand how such capabilities could be abused. ## 3. Common Minifilters Abuse Techniques We then rapidly go through common known techniques involving minifilters used during offensive security operations, especially around file system monitoring bypass to hide suspicious file activity. ## 4. A New Minifilter Abuse Technique to Disable EDRs In this section, we present a novel technique which allows to entirely disable EDR agents and prevent them from running on endpoints. This technique relies on the registration of a PreOperation callback to prevent EDR agents from accessing critical resources, effectively crippling them. We dive into the Kernel concepts involved and provide a step-by-step breakdown of the whole process. We compare this new technique to other minifilter abuse techniques in terms of effectiveness in hiding malicious activities and IoCs. ## 5. Detecting Minifilter Abuse In this final section, we explore the defensive side of things: - Potential countermeasures and their limitations - Potential strategies for detecting and mitigating minifilter-based attacks ## 6. Conclusion and Q&A Finally, we will summarise the key takeaways and open the floor for questions and discussion. PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/V8QCKM/ Track 3 Tom Philippe PUBLISH 9PXYXH@@cfp.securitybsides.org.uk -9PXYXH Let’s Phish: How to Scam Everyone, Everywhere, All at Once en en 20241214T154000 20241214T162500 004500 Let’s Phish: How to Scam Everyone, Everywhere, All at Once You will hear two stories of crime: the story of a kidnapped daughter and the story of a fake DJ. In these stories, we will explore key techniques that, when implemented correctly, can provide a blueprint for hacking anyone. Preparation of a Hack: Identifying the right victim and their weaknesses. This section of the talk outlines simple steps for uncovering a target's vulnerabilities that can be exploited. We will dive into how to evaluate time, effort, and reward like a true criminal. The Attack: The process and closure. What techniques work and how to keep the victim engaged. As we will see, these techniques are straightforward and can be applied to any victim profile. The Reward: What is the reward, and what happens if a financial transaction is involved? This section will emphasize that the hack is often the easier part. Cleaning the money requires seasoned criminals. The talk will address a broader question: What can we, as cybersecurity professionals, do, and has our approach been wrong? The talk will conclude by analyzing different types of attackers because if we do not understand the psychology of the criminal, the techniques we employ to protect targets will continue to be insufficient. PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/9PXYXH/ Track 3 Dita Pesek PUBLISH LZ7Z9Z@@cfp.securitybsides.org.uk -LZ7Z9Z SIEM: Escape and Evade en en 20241214T163500 20241214T172000 004500 SIEM: Escape and Evade SOC teams commonly rely on Security Information and Event Management (SIEM) tools to detect, analyse, and respond to security threats. In this presentation, we will introduce key SIEM concepts and the role of the SIEM in the SOC, as well as discuss shortfalls of SIEM tools. Then we shall explore the possibility of attacks and evasion techniques in SIEMs. We will also discuss the general challenges of managing SIEMs in enterprise environments. Not only will we cover the technical aspects, but also highlight processes, organisation dependencies and discuss non-technical mitigations. Attacking a SIEM involves exploiting vulnerabilities in data ingestion, correlation rules, and alert mechanisms to manipulate the very systems designed to detect malicious activities. Specifically, we will cover: - Introduction to Security Information and Event Management (SIEM) tools, architectures, and their role in the SOC - Common log sources and ingest methods - Custom apps and add-ons - Cloud-native SIEMs - Key vulnerabilities and attack vectors in SIEM systems: Data ingestion manipulation, Correlation rules exploitation, Alert bypass techniques - How organisational structures and supporting processes can be exploited We are hoping to help defenders and offensive teams better understand the risks involved with SIEM deployments, whilst emphasising the importance of simulating real-world attack scenarios. PUBLIC CONFIRMED Talk https://cfp.securitybsides.org.uk/bsides-london-2024/talk/LZ7Z9Z/ Track 3 Daniel Crossley PUBLISH AG8NTC@@cfp.securitybsides.org.uk -AG8NTC MITRE ATLAS - exploring AI vulnerabilities en en 20241214T100000 20241214T101500 001500 MITRE ATLAS - exploring AI vulnerabilities This is a talk about the MITRE ATLAS framework. I'll first discuss how the ATLAS framework is built on top of the ATT&CK framework, before delving into some key differences with respect to vulnerabilities and attack vectors specific to what MITRE calls "AI-Enabled Systems". I'll walk you through two case studies, one with a 'good' actor, the other a 'bad' one, and how investigation is made easier by using the ATLAS framework. Finally, I'll show you how you can protect your organization against AI attacks by utilizing various mitigations, of which 25 are documented in this framework, covering various vulnerabilities. PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/AG8NTC/ Rookie track 1 Arthur Frost PUBLISH FEEDHA@@cfp.securitybsides.org.uk -FEEDHA Adopt or Risk: Why Zero Trust is Key to Modern Cyber Defence en en 20241214T102500 20241214T104000 001500 Adopt or Risk: Why Zero Trust is Key to Modern Cyber Defence As the digital landscape evolves and cyber threats become more sophisticated, organizations can no longer rely on traditional perimeter-based security. The rise of remote work, cloud adoption, and interconnected systems has expanded the attack surface, leaving organizations vulnerable to breaches and insider threats. "Adopt or Risk: Why Zero Trust is Key to Modern Cyber Defence" offers a critical look at why organisations must shift to a Zero Trust model to effectively safeguard their networks. PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/FEEDHA/ Rookie track 1 Meletius Igbokwe PUBLISH N3ZG7S@@cfp.securitybsides.org.uk -N3ZG7S Commanding Heights: Unmasking COM-Based UAC Bypass Techniques. en en 20241214T105500 20241214T111000 001500 Commanding Heights: Unmasking COM-Based UAC Bypass Techniques. Description: The Elevated COM (Component Object Model) UAC (User Account Control) bypass is a technique used by attackers to escalate privileges on a Windows system without triggering a UAC prompt. UAC is a security feature in Windows that helps prevent unauthorized changes to the operating system by requiring user consent or administrator-level approval for certain actions. The bypass demonstrated in this talk leverages elevated COM objects identified by the CLSID {3E5FC7F9-9A51-4367-9063-A120244FBEC7} that run with higher privileges to execute malicious code, thereby circumventing UAC protections. Key Points 1. Overview of UAC 2. Overview of COM 3. UAC and COM: Security Intersection 4. Abusing UAC Elevate COM Interfaces 5. Case Study • BlackCat - Ransomware 6. Live Demo 7. Monitoring and Detection • Threat Hunt, Detection Logic\Tool 8. Q&A PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/N3ZG7S/ Rookie track 1 Amankumar Badhel PUBLISH P3JVM8@@cfp.securitybsides.org.uk -P3JVM8 From Zero to Cyber Hero: A Non-Techie's Guide to Breaking into Cybersecurity en en 20241214T112000 20241214T113500 001500 From Zero to Cyber Hero: A Non-Techie's Guide to Breaking into Cybersecurity This 15-minute presentation aims to inspire and guide non-technical individuals who want to pursue a career in cybersecurity. With the cybersecurity industry facing a significant skills gap, there is a need for diverse perspectives in addressing growing security challenges. Key points to be covered include: 1) The speaker's journey from a non-technical background to cybersecurity, including overcoming common challenges faced by career-changers. 2) The value of diverse perspectives in cybersecurity and how non-technical backgrounds can be an asset in the field. 3) The role of communities in skill development and networking, highlighting experiences as a WiCyS (Women in CyberSecurity) Surrey chapter leader. 4) The importance of participating in cybersecurity competitions and how they contribute to practical skill-building. 5) Strategies for utilising conferences and networking events to secure work experiences, such as the speaker's CTI opportunity. 6) Practical advice for building a foundation in cybersecurity, including resources, learning paths, and key focus areas for beginners. The presentation will be particularly valuable for: Professionals considering a career change into cybersecurity Hiring managers looking to diversify their security teams Current cybersecurity professionals interested in mentoring newcomers By highlighting the speaker's experiences with the Women in Cybersecurity (WiCyS) Surrey Chapter, success in a CISA-hosted competition, and work in Cyber Threat Intelligence, this talk demonstrates how non-traditional paths can lead to meaningful contributions in cybersecurity. PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/P3JVM8/ Rookie track 1 Egonna Anaesiuba-Bristol PUBLISH AWDYG7@@cfp.securitybsides.org.uk -AWDYG7 Robert Redford Made Me Do It: Physical Security Stories and Tips en en 20241214T115000 20241214T120500 001500 Robert Redford Made Me Do It: Physical Security Stories and Tips Sneakers, the best hacker film…period. This talk aims to share my enthusiasm for the adrenaline rush of bypassing physical security measures through personal stories and engagement tales while sharing tips and tricks that I have learned along the way. PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/AWDYG7/ Rookie track 1 Matthew Steed PUBLISH 7RVA7Z@@cfp.securitybsides.org.uk -7RVA7Z It's been a good run: why I stopped doing OSINT CTFs en en 20241214T121000 20241214T122500 001500 It's been a good run: why I stopped doing OSINT CTFs Alan is a holder of a TraceLabs black badge, an honour they still hold dear despite not having any interest in competing for nearly 4 years. Finally, after all these years they're ready to give their reasons so that others may learn about some small issues that were present in the early days so that they may make informed decisions when it come to participation. NOTICE: Whilst anonymised, this talk will be discussing missing people and as such the talk may not be suitable for younger audiences PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/7RVA7Z/ Rookie track 1 Alan O'Reilly PUBLISH PGDUDM@@cfp.securitybsides.org.uk -PGDUDM Password Hell - accessibility challenges in Cyber Security en en 20241214T123500 20241214T125000 001500 Password Hell - accessibility challenges in Cyber Security Slide order 1 - What is the issue? 2 - Why is this an issue? 3 - Why am I talking about it? 4 - What are the challenges that people face? 5 - What are some outdated protocols and why you shouldn't use them 6 - What are some solutions to this problem? 7 - Conclusion PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/PGDUDM/ Rookie track 1 Ana Maia PUBLISH L3KZC7@@cfp.securitybsides.org.uk -L3KZC7 Continuous threat modelling using Large Language Models en en 20241214T130000 20241214T131500 001500 Continuous threat modelling using Large Language Models This talk introduces an innovative approach to continuous threat modelling by leveraging Large Language Models (LLMs). It covers how LLMs can help automating the analysis of rapid application changes, identify potential security vulnerabilities, and suggest mitigations in real time. PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/L3KZC7/ Rookie track 1 Gurunatha Reddy G Pranay Sahith Bejgum PUBLISH SYLV3X@@cfp.securitybsides.org.uk -SYLV3X Storytelling for SOC Analysts: Effective Investigation Notetaking and Report Writing (without ChatGPT!) en en 20241214T132000 20241214T133500 001500 Storytelling for SOC Analysts: Effective Investigation Notetaking and Report Writing (without ChatGPT!) Want to be able to write high quality reports without AI chatbots? This talk outlines top tips for leveraging technical writing skills to produce effective, impactful and actionable investigation notes and reports. The talk will also highlight quick wins to improve your technical writing skills, exploring key areas including: - Knowing your audience - Adopting an Incidents/Threats for Dummies approach - Why Context is your friend, and - Why AI most certainly is not! PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/SYLV3X/ Rookie track 1 Han O’Connor PUBLISH 7SJJBW@@cfp.securitybsides.org.uk -7SJJBW The Psychology of Cyber: Navigating a Crisis Like a Pilot en en 20241214T135000 20241214T140500 001500 The Psychology of Cyber: Navigating a Crisis Like a Pilot Explore how aviation’s crisis management strategies can inform cybersecurity practices. This session addresses the psychological impact of crises, the importance of open communication, and practical approaches to managing unpredictable situations with confidence and composure. PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/7SJJBW/ Rookie track 1 George Chapman PUBLISH HV7REQ@@cfp.securitybsides.org.uk -HV7REQ BrakRPi: Crashing Bluetooth communications on Raspberry Pi with Braktooth en en 20241214T141500 20241214T143000 001500 BrakRPi: Crashing Bluetooth communications on Raspberry Pi with Braktooth In August 2021, a group of researchers from Singapore called ASSET disclosed the series of vulnerabilities in commercial Bluetooth stacks ranging from DDoS to Arbitrary Code Execution - which was called Braktooth. It affected major vendors such as Intel, Cypress, Qualcomm and Espressif. While researchers' main focus was to test laptops, smartphones and audio devices, one class of devices that went untested were Raspberry Pis. In this talk, I will describe how I was able to add small contribution to this research by proving that Raspberry Pi was also vulnerable to Braktooth due to the usage of Cypress System-on-Chip (SoC). This presentation is beginner-friendly and no prior knowledge is required. It will cover the brief explanation of Braktooth series and more detailed explanation of documented process of crashing Bluetooth communications between Raspberry Pi and a remote speaker, why fixing this won't be enough with a simple code patch, and suggestions to mitigate the risks. PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/HV7REQ/ Rookie track 1 Ilias PUBLISH RFGTEW@@cfp.securitybsides.org.uk -RFGTEW Unmasking the Deepfake Threat: Detection, Prevention, and Navigating the Future en en 20241214T144500 20241214T150000 001500 Unmasking the Deepfake Threat: Detection, Prevention, and Navigating the Future This talk will provide a comprehensive overview of deepfakes, exploring how they are been created, to the detection, and prevention of it. Participants will gain a deeper understanding of the risks posed by deepfakes, learn about effective countermeasures, and discover the latest advancements in deepfake detection technology. Participants will leave this workshop with the information and skills needed to navigate the ever-changing environment of deepfake threats and defend themselves and their organisations. PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/RFGTEW/ Rookie track 1 Onyedikachi Ugwu PUBLISH URK98E@@cfp.securitybsides.org.uk -URK98E Threat analysis in minutes and other AI super powers en en 20241214T150500 20241214T152000 001500 Threat analysis in minutes and other AI super powers Using AI models often means sharing information with AI companies and running into guardrails that keep you from accomplishing cybersecurity tasks. I contribute to WhiteRabbitNeo to help build a community-driven, open source alternative. During this talk I will teach attendees from the beginner cybersecurity enthusiast to the senior cyber analyst how to use AI how to learn new concepts, create custom hacking tools in any language, analyze code, and complete threat analysis tasks in seconds rather than hours. PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/URK98E/ Rookie track 1 Bailey Williams PUBLISH EWZVMW@@cfp.securitybsides.org.uk -EWZVMW VEXatious vulnerabilities: CVE management for the overwhelmed security engineer en en 20241214T154000 20241214T155500 001500 VEXatious vulnerabilities: CVE management for the overwhelmed security engineer For application security engineers, CVE management has become a huge burden in recent years. Caught between the accelerating number of CVEs granted each year, vulnerability scanners that are unable to accurately identify applicability, and users who demand zero CVEs in dependencies, security engineers become spreadsheet engineers, devoting large amounts of time to explaining why the latest set of CVEs identified by a vulnerability scanner do not matter. The aim of my talk is to highlight the potential of VEX documents to render these spreadsheet back-and-forths obsolete. At their core, VEX documents allow for the expression of vulnerability applicability information in a programmatic manner. By highlighting a workflow and related tooling that I have introduced for Cilium (the CNCF-graduated CNI for Kubernetes), I will show how using VEX documents gives security engineers: - The ability to automatically exclude triaged results from vulnerability scanners (including popular scanners such as Grype and Trivy), reducing customer friction and allowing customer security teams to ‘self-service’ vulnerability applicability. - The ability to spread the load of CVE triage onto the teams that know the most about the products that may be affected. - The ability to automatically generate documentation regarding vulnerability applicability. All of these points will be accompanied by real examples of how Isovalent, the company I work for and the creators of Cilium, use VEX documents in our daily security workflow. By the end of my talk, I hope that attendees will leave convinced that they should be generating and consuming VEX documentation too, in order to minimise the amount of time we spend in spreadsheets, and maximise the amount of time that we spend hunting and fixing real vulnerabilities. PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/EWZVMW/ Rookie track 1 Feroz Salam PUBLISH EMHSZC@@cfp.securitybsides.org.uk -EMHSZC Securing Embedded Devices in Robotics and IoT: Bridging the Gap Between Innovation and Security en en 20241214T160000 20241214T161500 001500 Securing Embedded Devices in Robotics and IoT: Bridging the Gap Between Innovation and Security Embedded devices are the backbone of modern robotics and IoT, but their widespread use has introduced unique security risks. This session delves into hardware, firmware, and communication vulnerabilities that leave embedded systems open to cyberattacks. Attendees will explore real-world attack scenarios and learn effective defense strategies to secure embedded devices from design to deployment. Additionally, we’ll discuss future trends like AI-driven anomaly detection and hardware root-of-trust, offering a forward-looking view of embedded device security. This talk is designed for engineers, developers, and security professionals looking to strengthen the security of robotics and IoT infrastructures. PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/EMHSZC/ Rookie track 1 Victor Oriakhi Nosakhare PUBLISH QADXSB@@cfp.securitybsides.org.uk -QADXSB OWASP Honeypot threat intelligence project en en 20241214T163500 20241214T165000 001500 OWASP Honeypot threat intelligence project This project involves enhancing the security posture of the web applications by deploying ModSecurity based honeypots over Amazon EC2 instances to lure the attacker to use various tools and attack techniques to compromise the application and logging the attack vectors for threat analysis. These Amazon EC2 instances are spread across different regions of the world to cover the global landscape. The output of these honeypots is logged in a S3 bucket in JSON format which can be used as a threat intelligence dataset for finding web traffic anomalies. Furthermore, we can use a JSON visualisation tool such as JSON crack for pattern matching and detect the anomaly in the dataset which could be useful for patching the application as well as creating a baseline for the web developers for future development. PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/QADXSB/ Rookie track 1 Kartik Adak PUBLISH QEEQCS@@cfp.securitybsides.org.uk -QEEQCS An introduction to Patient Medication Records en en 20241214T100000 20241214T101500 001500 An introduction to Patient Medication Records This talk will highlight issues with current Patient Medication Record software, some solutions and what I found whilst working as a retail Pharmacist. The aim is to reveal the results in a lighthearted way, there'll be thrills and spills on the journey and some results may astound. But remember all your records are still safe with me!! PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/QEEQCS/ Rookie track 2 Darren PUBLISH FFZ3P3@@cfp.securitybsides.org.uk -FFZ3P3 Can you SEE!! A risk approach to SIEM en en 20241214T102500 20241214T104000 001500 Can you SEE!! A risk approach to SIEM Do you actually know if you have been breached? Do you know your critical assets, what you can't see? Monitoring and logging is a simple construct, however most companies see it as a tick-box exercise. This presentation looks into the following, eyes on the ground approach. - answers the why, how , what - looks in to basics around asset management, critical data, users, end points, networks, etc - key missed areas, like policy, people, and physical. - summaries an approach based on a risk based approach. this will cover examples and be lighted hearted and funny at times. - questions - end PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/FFZ3P3/ Rookie track 2 Richard Kirk PUBLISH BUZ9ST@@cfp.securitybsides.org.uk -BUZ9ST Is AI the new big brother? en en 20241214T105500 20241214T111000 001500 Is AI the new big brother? This talk explores the potential of artificial intelligence (AI) to be using in social engineering. It also discusses the concept of mass social engineering, where individuals or groups are manipulated to behave or think in a predefined manner, and how AI can facilitate this process. The talk highlights the concern over AI's role in mass social engineering, including its impact on war, political opinions, privacy, and social inequality. PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/BUZ9ST/ Rookie track 2 Tom PUBLISH MSPTC8@@cfp.securitybsides.org.uk -MSPTC8 LLM Security: Attacks and Controls en en 20241214T112000 20241214T113500 001500 LLM Security: Attacks and Controls The talk is structured to fulfil the following objectives: 1. Evaluate approaches for identifying exploitation of security vulnerabilities in large language models (LLMs). 2. Investigate the response of various pre-trained models to attacks on LLMs. 3. Develop and assess security controls to mitigate cyber risks associated with LLM attacks. The 15-minute talk will focus on Large Language Models (LLMs) will extensively explore the vulnerabilities, particularly in the context of adversarial attacks, types of prompt injection attacks on LLMs, Insecure output handling, Client side Injection attacks and denial-of-service (DoS) attacks. However, there remains a research gap in the systematic simulation and comparative analysis of these attacks across different LLM architectures and configurations. Current studies predominantly focus on individual attack vectors or specific LLMs, lacking a holistic approach that examines the interplay between multiple attack types and their cumulative impact on LLM performance and security. Most weaknesses in AI models stem from injection techniques, which can be particularly harmful when the model or the API used to access the model makes incorrect calls to the database, inadvertently retrieving sensitive content that does not align with established guidelines. These vulnerabilities underscore the critical need to thoroughly understand how AI models interact with third parties and the potential risks associated with these interactions. PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/MSPTC8/ Rookie track 2 Nazeef Khan PUBLISH RA9DK8@@cfp.securitybsides.org.uk -RA9DK8 From Molecules to Malware: Visualising TLS Fingerprints with TMAP to Hunt Malicious Domains. en en 20241214T115000 20241214T120500 001500 From Molecules to Malware: Visualising TLS Fingerprints with TMAP to Hunt Malicious Domains. The presentation focuses on a more resilient approach to TLS fingerprinting - particularly one that handles the encrypted client hello and the granularity loss encountered when fingerprinting CDNs. The method of visualising similarities is used effectively in the chemical arena and can be used as a method for early detection of malicious domains and websites. PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/RA9DK8/ Rookie track 2 Amanda Thomson PUBLISH MEBCGT@@cfp.securitybsides.org.uk -MEBCGT A Minimal Talk on Distroless Containers en en 20241214T121000 20241214T122500 001500 A Minimal Talk on Distroless Containers But in practice, it’s really hard to find examples of companies outside of the tech giants that have successfully adopted distroless containers. Minimal, hardened containers have huge benefits for security teams: reduced attack surface, cleaner vulnerability scans, improved isolation, and simpler supply chains. But how can a security engineer achieve them without the resources of a tech giant? At Sourcegraph, we faced a lot of pain with vulnerability management in containers, prompting our switch to distroless. In this talk I’ll cover: - Distroless containers from scratch - The tooling that’s available - Real-world experience from migrating a complex SaaS application to distroless - what went well, and what was unexpectedly hard PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/MEBCGT/ Rookie track 2 Will Dollman PUBLISH P8MKRR@@cfp.securitybsides.org.uk -P8MKRR Quantum Safe Cryptography - A Buzzword or Something More Serious? en en 20241214T123500 20241214T125000 001500 Quantum Safe Cryptography - A Buzzword or Something More Serious? The industry is abuzz with the words Quantum Computers and Quantum Safe Cryptography being plastered everywhere. What actually is going on here? Are Quantum Computers really going to cause havoc? Will Quantum Computers be a real threat some day? Algorithms that make use of Quantum Physics have already been developed that will have real world repercussions on cryptography we use today. NIST (the National Institute of Standards and Technology), a well known body within cyber security has just released a set of standardised Quantum Safe Cryptographic algorithms. Something that has taken them years of study (8 years infact) to ensure that the algorithms cannot be easily broken or private data and keys decrypted easily. Well, what does that mean in general, and what does it mean for you? The word Quantum might be used to generate the hype, but the real underlying issue is the integration of cryptography just about everywhere. Cryptography is embedded in our devices, in our routers and networking, in servers, in hardware, in containers, in firewalls, in file-transfer software, and anywhere else you can think of. Digital Certificates help lay the foundations of secure communications everywhere. Cryptography is a fundamental control used to protect confidentiality and integrity. The real issue lies in the effective migration of cryptography, and in a timescale that ensures protection against an ever-looming threat. PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/P8MKRR/ Rookie track 2 Suketu PUBLISH MZFXGP@@cfp.securitybsides.org.uk -MZFXGP Disabling Drones: Disruption and Forensic Data Analysis en en 20241214T130000 20241214T131500 001500 Disabling Drones: Disruption and Forensic Data Analysis Drones have become a crucial part of modern technology, playing vital roles in both civilian and military operations. However, their increasing use also exposes them to various cyber threats, particularly those targeting their command-and-control (C2) channels. In my talk, I will demonstrate practical methodologies developed to disrupt drone systems, using tools such as Flipper Zero, ESP32 microcontrollers, and Aircrack-ng to simulate real-world attacks. I will detail various attack scenarios, including a video stealing attack that intercepts and records drone video feeds, and a drone disabling attack that remotely powers off the drone, rendering it inoperable. Post-attack, I conducted comprehensive forensic analyses to capture network traffic and digital footprints, revealing critical evidence of the disruptions. This talk aims to raise awareness of drone vulnerabilities, present forensic strategies for evidence gathering, and foster the development of effective countermeasures against these threats. PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/MZFXGP/ Rookie track 2 Paavai Aram PUBLISH FEY9FR@@cfp.securitybsides.org.uk -FEY9FR Do loop back in anger en en 20241214T135000 20241214T140500 001500 Do loop back in anger In this session, I'll walk through the lesser-known MS08-068 vulnerability and explore the potential for SMB reflection attacks in 2024, uncovering a root cause hidden in plain sight within Microsoft's documentation. The talk will include a demonstration of the attack, and you'll receive a script to set up your own lab environment for hands-on practice at home! PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/FEY9FR/ Rookie track 2 Shane Bourne PUBLISH 9FVVGB@@cfp.securitybsides.org.uk -9FVVGB The Trustworthiness of Generative AI in Real-Time Decision-Making for IoT Devices en en 20241214T144500 20241214T150000 001500 The Trustworthiness of Generative AI in Real-Time Decision-Making for IoT Devices As IoT devices become increasingly autonomous, the need for reliable, real-time decision-making is more critical than ever. Generative AI has the potential to transform these systems by analyzing complex data and enabling smart devices to predict outcomes and respond efficiently. However, with greater AI autonomy comes the pressing question of trust. Can we trust AI to make decisions accurately and responsibly in real-time? This talk will address the technical challenges in ensuring the reliability of AI-driven IoT devices and explore the role of explainable AI (XAI) in fostering transparency and user confidence. We will also dive into the ethical and privacy concerns surrounding AI decision-making in IoT, particularly in sensitive or high-risk environments. Through practical examples and best practices, this session will offer insights on how to design AI-powered IoT systems that are not only innovative but also trustworthy, transparent, and ethically sound. Attendees will leave with a deeper understanding of the critical balance between leveraging generative AI for real-time decision-making and maintaining trust in these technologies. PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/9FVVGB/ Rookie track 2 Meet Bhorania Yash Akbari PUBLISH HYJP7A@@cfp.securitybsides.org.uk -HYJP7A Memoryless Peripherals and Secure Notebooks en en 20241214T150500 20241214T152000 001500 Memoryless Peripherals and Secure Notebooks I am not completely insane (yet) - I do leverage a modern smart phones (and their CPU's) like everyone else does to do things like sending dog pictures to the old man. I have to admit, I am someone new to the security space. As such, the first I heard about side-channel vulnerabilities on CPU cache such Meltdown and Spectre was this year. From what I understand (but please do correct me if I am wrong!) - these are only the first iterations in a new genus of exploit. So we can explore a potential approach to designing improved technology for this specific problem set, building at the electronic engineering level all the way to userland. I will also discuss the benefits, challenges, and drawbacks I've encountered, as well as the key insights gained from the exploration thus far. Connect: https://uk.linkedin.com/in/kaiharris606 PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/HYJP7A/ Rookie track 2 Kai Harris PUBLISH LH9ZKL@@cfp.securitybsides.org.uk -LH9ZKL Turning to the dark side – Utilizing offensive techniques in incident response en en 20241214T154000 20241214T155500 001500 Turning to the dark side – Utilizing offensive techniques in incident response As incident responders in the insurance space, we often respond to incidents where critical evidence is no longer available for analysis either due to hardware failure, complete encryption or eager recovery efforts. This leads to our incident responders taking a step back and using offensive techniques to determine what the most likely method of entry was. This presentation will demonstrate a few of the techniques we have utilized including: Open source intelligence: Identifying network information from open source intelligence. Leaked data: Identifying victim data such as leaked usernames and passwords from data leaks. Active Directory attacks: Identifying common weaknesses in Active Directory configuration and performing attacks against Active Directory accounts and services to identify weak links. PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/LH9ZKL/ Rookie track 2 Archie Essien PUBLISH 83QAGY@@cfp.securitybsides.org.uk -83QAGY MSSP, MDR, MFA - So Why isn't Incident Response Solved? en en 20241214T160000 20241214T161500 001500 MSSP, MDR, MFA - So Why isn't Incident Response Solved? We've seen many mid sized and enterprise organisations that have a Managed Security Service Provider, Managed Detection & Response and Multifactor Authentication - "So why isn't IR solved?" in the words of one CTO. This talk picks up on frustrations and gaps from both the technical MSSP and MDR side, and from the customer side, and explains why "Just pick a different SOC" isn't necessarily a good answer. We go into some of the enterprise architecture, organisational and human factors from the 90's to today that have caused gaps on both sides, why this matters, and what we think security people can do about it. PUBLIC CONFIRMED Rookies track https://cfp.securitybsides.org.uk/bsides-london-2024/talk/83QAGY/ Rookie track 2 Tim Haynes PUBLISH Y8ZSCJ@@cfp.securitybsides.org.uk -Y8ZSCJ Bypassing BitLocker by Sniffing the SPI Bus en en 20241214T100000 20241214T120000 020000 Bypassing BitLocker by Sniffing the SPI Bus We are inviting you to a comprehensive workshop designed to provide an introduction into bypassing BitLocker encryption. This session will focus on Bypassing BitLocker in TPM Only Mode on laptop with an SPI bus. Participants will explore and engage in the following: * Monitoring SPI Buses with Digital Logic Analysers: Learn how to use digital logic analysers to monitor and interpret SPI bus communications. * Extracting TPM Data: Gain hands-on experience in extracting data from buses for TPM chips. * Mounting and Decrypting Disks: Discover how to mount and decrypt disks protected by BitLocker. This practical exercise will illustrate the step-by-step process of bypassing encryption and gaining access to secured data. * Discussion of other bypass techniques Who Should Attend: * Penetration Testers: Enhance your toolkit for stolen device assessments and red team engagements by mastering techniques to bypass BitLocker encryption. * Security Enthusiasts: Understand the vulnerabilities of your own devices and learn how to better protect them against sophisticated attacks. * Forensic Analysts: Acquire essential skills for data recovery and forensic investigations involving BitLocker-protected devices. This workshop is structured to provide both theoretical knowledge and practical experience, ensuring that participants leave with a basic understanding of BitLocker bypass techniques and the confidence to apply them in real-world scenarios. Knowledge Prerequisites: * Basic Windows familiarity * Basic Linux familiarity * Awareness of BitLocker Attendees will need to bring own laptop with Kali Linux and the dislocker package installed. All other materials will be provided. PUBLIC CONFIRMED Workshop - Short https://cfp.securitybsides.org.uk/bsides-london-2024/talk/Y8ZSCJ/ Workshop Room 1 Darren McDonald Craig S. Blackie PUBLISH M8GTGY@@cfp.securitybsides.org.uk -M8GTGY Container Security and Hacking with Docker and Kubernetes en en 20241214T124500 20241214T164500 040000 Container Security and Hacking with Docker and Kubernetes This hands-on workshop aims to give you an understanding of the security features and pitfalls of modern containerization tools like Docker and Kubernetes. We’ll cover a range of topics to build up a picture of the security options available and show practical examples of attack and defence on containerized systems. There will be hands-on labs covering common attacks on Docker, Docker containers and Kubernetes clusters. Prerequisites – Familiarity with basic Docker commands and Linux command line use will be helpful, but we’ll provide step-by-step instructions for people who are less familiar with them. Workshop requirements: - A laptop with a web browser that does not have strict filtering in place (e.g. no white-list only corporate proxies) and an SSH client. PUBLIC CONFIRMED Workshop - Long https://cfp.securitybsides.org.uk/bsides-london-2024/talk/M8GTGY/ Workshop Room 1 Rory McCune Iain Smart Marion McCune PUBLISH P7KJ9A@@cfp.securitybsides.org.uk -P7KJ9A Taking the garbage out! en en 20241214T101500 20241214T121500 020000 Taking the garbage out! The challenge to balance complete event coverage with efficient log onboarding is commonplace across Security Operations. Getting this balance wrong can lead to missing information in Events of Interest that would have provided context, even exclude some of the events being put in front of an analyst for triage. Conversely, excessive low value events can reduce the efficiency of the technology and overwhelm analysts. Greater awareness and understanding of the process and best practices for log source onboarding, parsing and correlation will lead to better transparency between engineering and operations. This increased cohesion can reduce false-positives, and positively impact MTTD and MTTR. In this workshop we will cover: Introduction to Security Information and Event Management (SIEM) tools, on-prem/cloud Common log sources and collection methods Best practices to identify - Use case definition - Log verbosity (inc scenario) - Log source documentation (inc scenario) RegEx Introduction (inc practical exercise) Review parsed example log source Log source collection (inc practical exercise) Tips / Tricks and lessons learned - CEF/Sigma - Mitre ATT&CK By understanding the principals above the security operations function will be more effective from SIEM engineering through to SOC analysts. PUBLIC CONFIRMED Workshop - Short https://cfp.securitybsides.org.uk/bsides-london-2024/talk/P7KJ9A/ Workshop Room 2 Guy Kramer Kyle Pearson PUBLISH 9NSRLS@@cfp.securitybsides.org.uk -9NSRLS Defeating Encryption By Using Unicorn Engine en en 20241214T130000 20241214T170000 040000 Defeating Encryption By Using Unicorn Engine With Unicorn Engine, you can dissect and manipulate code in a controlled environment. Whether you are dealing with malware analysis, software debugging, or vulnerability research, Unicorn Engine is an awesome tool in your reverse-engineering toolkit. This training will focus on reverse-engineering one or more binaries with Ghidra. Participants will identify various encryption or obfuscation functions and write code for Unicorn Engine in Python to utilise these functions without ever executing the binary. No special knowledge is required, but familiarity with Python, Ghidra, and x86/x64 assembly would be beneficial. The training will introduce Unicorn Engine to the audience and explain it in depth. PUBLIC CONFIRMED Workshop - Long https://cfp.securitybsides.org.uk/bsides-london-2024/talk/9NSRLS/ Workshop Room 2 Balazs Bucsay PUBLISH WLKFP3@@cfp.securitybsides.org.uk -WLKFP3 Malware Unmasked: Supercharging Cyber Defense with Machine Learning Magic en en 20241214T101500 20241214T121500 020000 Malware Unmasked: Supercharging Cyber Defense with Machine Learning Magic For over a decade security companies have been using machine learning to detect and protect against malicious binaries. Some have moved away entirely from traditional detection methods whilst others opt for a hybrid approach. Either way, sometimes they're right, sometimes they're wrong, and sometimes they've no idea what they've detected; luckily for them they've usually got security experts on hand. Attribution, accuracy, similar samples? These questions often fall on the shoulders of security experts and all of which can be time consuming to answer. "Your customer insists the file isn't malicious, let me take a look at that in more detail.", "I might not find any other samples because there is nothing overly unique." or what about "It might be group [x] because these two binaries share a few similar strings...". What if there was another way? Join us as we explore leveraging machine learning to aide researchers in malware analysis, attribution and threat hunting before putting these skills into practice by completing a small CTF challenge aimed at show casing what we think the future of binary analysis will look like. PUBLIC CONFIRMED Workshop - Short https://cfp.securitybsides.org.uk/bsides-london-2024/talk/WLKFP3/ Workshop Room 3 David Rushmer James Patrick-Evans Lloyd Davies PUBLISH 8EK7GF@@cfp.securitybsides.org.uk -8EK7GF From Code to Cloud: Securing the Stack with Open-Source Tools en en 20241214T130000 20241214T150000 020000 From Code to Cloud: Securing the Stack with Open-Source Tools Open-source tools have become essential in today’s cybersecurity landscape, offering comprehensive, low-cost solutions for securing modern applications. From securing codebases to protecting cloud environments, these tools can help organizations achieve full coverage without massive investments. However, while open-source tools offer significant advantages—such as flexibility, community support, and transparency—there are also scenarios where they fall short, such as scalability issues, lack of enterprise support, and specific feature gaps. In this workshop, we’ll explore the full spectrum of how open-source tools can be leveraged to secure your applications from development to deployment—covering both the code and cloud layers. We’ll walk through specific tools like: -OWASP ZAP for web application scanning, -Trivy for container security, -Checkov for threat detection in cloud assets -SemGrep, Bandit and Brakerman for SAST Through hands-on experimentation you will see these tools in action and learn how they can be integrated into your development pipeline to enforce security at every stage. We’ll also dive into real-world examples where open-source tools excel—and where they may not always be the best fit. By the end of this session, you’ll walk away with practical strategies to secure your application’s entire stack with open-source tools, as well as an understanding of the limitations to be mindful of. This talk is ideal for security engineers, developers, and DevOps teams looking to improve their security posture using open-source solutions. PUBLIC CONFIRMED Workshop - Short https://cfp.securitybsides.org.uk/bsides-london-2024/talk/8EK7GF/ Workshop Room 3 Mackenzie Jackson PUBLISH CUUGBR@@cfp.securitybsides.org.uk -CUUGBR Roll Your Own EDR/XDR/MDR en en 20241214T153000 20241214T173000 020000 Roll Your Own EDR/XDR/MDR In this two-hour hands-on workshop we will show attendees how to build their own EDR/XDR/MDR platform leveraging open-source and free tools. Attendees will learn to deploy cross-platform EDR sensors, how to use sigma detection rules, write custom detection rules, and leverage open source adversary emulation tools ( Atomic Red Team) to test new them. We will then discuss how to extend these capabilities for investigations and threat hunting by integrating additional open source or free tools to gather additional telemetry such as Sysmon and Velociraptor. PUBLIC CONFIRMED Workshop - Short https://cfp.securitybsides.org.uk/bsides-london-2024/talk/CUUGBR/ Workshop Room 3 Ken Westin Jessica Crytzer PUBLISH KA9T8N@@cfp.securitybsides.org.uk -KA9T8N The AppSec lessons from Iron Man en en 20241214T100000 20241214T120000 020000 The AppSec lessons from Iron Man Step into the shoes—or rather, the suit—of Iron Man as we explore the dynamic world of Application Security. In this 2-hour workshop, you'll learn how to protect your applications with the same innovative strategies Tony Stark uses to shield his tech from relentless attacks. This workshop is designed for developers, security engineers, and security champions who want to understand and implement security practices that are both robust and agile. We’ll cover every aspect of Application Security, from the fundamentals of secure coding to the latest automated defenses, all framed through the lens of Iron Man’s constant innovation and real-time problem-solving. You’ll uncover how to: Develop “armor” for your applications by integrating security from the start. Protect the “arc reactor” of your system—its most critical components—from the most dangerous threats. Improve your “battlefield awareness” with threat modeling and continuous vulnerability scanning. Automate and scale your defenses using cutting-edge security tools. Respond swiftly and effectively to incidents, with agility and precision, just like Iron Man in the heat of battle. This engaging, workshop will not only provide practical insights and strategies but also inspire you to approach Application Security with creativity and foresight. By the end, you’ll be equipped with the tools and mindset to defend your applications like a true tech superhero. Prepare to suit up—your journey to becoming an Application Security hero starts here! PUBLIC CONFIRMED Workshop - Short https://cfp.securitybsides.org.uk/bsides-london-2024/talk/KA9T8N/ Workshop Room 4 Cássio Pereira PUBLISH MKVAAJ@@cfp.securitybsides.org.uk -MKVAAJ Aerospace Village en en 20241214T083000 20241214T173000 090000 Aerospace Village The Aerospace Village is a volunteer team of hackers, pilots, and policy advisors who come from the public and private sectors. We believe the flying public deserves safe, reliable, and trustworthy air travel which is highly dependent on secure aviation and space operations. Our mission is to Build, inspire, and promote an inclusive community of next-generation aerospace cybersecurity expertise and leaders. We invite you to play with Bricks-in-the-Air, an interactive activity that uses a Lego aircraft model to demonstrate aviation system fundamentals. PUBLIC CONFIRMED Workshop - Long https://cfp.securitybsides.org.uk/bsides-london-2024/talk/MKVAAJ/ Aerospace Village PUBLISH JK9H3M@@cfp.securitybsides.org.uk -JK9H3M Car Hacking Village en en 20241214T083000 20241214T173000 090000 Car Hacking Village Car Hacking Village PUBLIC CONFIRMED Workshop - Long https://cfp.securitybsides.org.uk/bsides-london-2024/talk/JK9H3M/ Car Hacking Village - PUBLISH K8BP7H@@cfp.securitybsides.org.uk -K8BP7H Lock Picking Village en en 20241214T083000 20241214T173000 090000 Lock Picking Village Ever wondered how a lock works inside? Already know, and want to up your picking game? Come and meet the experts from TOOOL UK at the lockpicking village. The Open Organisation Of Lockpickers are a multinational group dedicated to defeating locks for fun and games. Learn to beat a pin tumbler lock, see inside various locks, padlocks and, er, even more locks! Come and play with locks! PUBLIC CONFIRMED Workshop - Long https://cfp.securitybsides.org.uk/bsides-london-2024/talk/K8BP7H/ Lock Picking Village Moon On A Stick & Bristol Locksport PUBLISH THJBVS@@cfp.securitybsides.org.uk -THJBVS Malware Village en en 20241214T123000 20241214T173000 050000 Malware Village Details are on the Malware Village website: https://malwarevillage.org MARC I & BOMBE Details on DEF CON forums: https://forum.defcon.org/node/249321 PUBLIC CONFIRMED Workshop - Long https://cfp.securitybsides.org.uk/bsides-london-2024/talk/THJBVS/ Malware Village Lena Yu PUBLISH 3CE8QD@@cfp.securitybsides.org.uk -3CE8QD Quantum Village en en 20241214T083000 20241214T173000 090000 Quantum Village Quantum Village PUBLIC CONFIRMED Workshop - Long https://cfp.securitybsides.org.uk/bsides-london-2024/talk/3CE8QD/ Quantum Village -Quantum Village PUBLISH 7PHCEH@@cfp.securitybsides.org.uk -7PHCEH Train Hacking Village en en 20241214T083000 20241214T173000 090000 Train Hacking Village Train Hacking Village PUBLIC CONFIRMED Workshop - Long https://cfp.securitybsides.org.uk/bsides-london-2024/talk/7PHCEH/ Train Hacking Village -Train Hacking Village