The Aerospace Village is a volunteer team of hackers, pilots, and policy advisors who come from the public and private sectors.
We believe the flying public deserves safe, reliable, and trustworthy air travel which is highly dependent on secure aviation and space operations. Our mission is to Build, inspire, and promote an inclusive community of next-generation aerospace cybersecurity expertise and leaders.
We invite you to play with Bricks-in-the-Air, an interactive activity that uses a Lego aircraft model to demonstrate aviation system fundamentals.
Car Hacking Village
InfoSec Battlebots
Ever wondered how a lock works inside? Already know, and want to up your picking game? Come and meet the experts from TOOOL UK at the lockpicking village.
The Open Organisation Of Lockpickers are a multinational group dedicated to defeating locks for fun and games.
Learn to beat a pin tumbler lock, see inside various locks, padlocks and, er, even more locks! Come and play with locks!
Quantum Village
Train Hacking Village
Ever wondered what the structure of a vendors Patient Medication Record software looks like? A lighthearted look at fun and games had over a 20 year period 'testing' the system....
Ever tried to get a callback from a client device only to be continually thwarted by their EDR, so you then have to ask for an exclusion to be placed on a specific folder? Join Red Teamer David Kennedy as he walks you through a novel way of approaching this conundrum by (ab)using trusted binaries that EDR’s normally pay very little attention to.
This presentation will cover the execution of these trusted binaries on Windows as well as running them in ways that even the original developers haven’t advertised as being possible via ‘undocumented features’ within their code! With these techniques, struggling to get access to your client’s infrastructure should hopefully become a thing of the past or at least until these binaries are no longer trusted!
In this workshop, participants will delve into the intricacies of bypassing BitLocker encryption in TPM Only mode. Through hands-on exercises, attendees will gain practical knowledge on monitoring SPI buses with digital logic analysers, extracting TPM data, and mounting and decrypting disks. This session is tailored for penetration testers performing stolen device assessments, red team professionals, security enthusiasts seeking to secure their devices, and forensic analysts involved in data recovery.
Just how vulnerable are the AI models we are coming to see pop up every other week? We've all heard of "jailbreaking" LLMs, but that's just the tip of the iceberg.
With the rapid adoption of AI technologies, it opens the door for a myriad of attacks.
In this talk, we go over a the MITRE Adversarial Threat Landscape for AI Systems (short for ATLAS) framework, and delve into some case studies exposing some of the most worrying AI attacks in recent years.
In this 2-hour interactive workshop, we will dive into the world of Application Security with the perspective of one of the most iconic tech-savvy superheroes: Iron Man. Like Tony Stark, who continuously refines his armor to fend off evolving threats, we will explore how developers, security champions, and engineers can fortify their applications against vulnerabilities.
The session will cover the full spectrum of Application Security, from threat modeling and secure coding to incident response, framed within the tech innovation and constant iteration that Iron Man embodies. Attendees will learn practical approaches to building robust security mechanisms into their software development lifecycle (SDLC), while maintaining agility in the face of new threats—just as Iron Man does with his suits.
Through engaging analogies, real-world examples, and actionable takeaways, participants will leave with a superhero’s toolkit to defend their applications from vulnerabilities, automate their defenses, and respond swiftly to incidents.
Key Topics:
Threat Modeling: Understanding the foundational elements of secure software.
DevSecOps: How to protect core application components from critical threats.
Vulnerability Management: Proactive vulnerability management process.
Application Monitoring: Incident response tactics that mirror Iron Man's agility in combat.
Get ready to suit up and protect your applications with the same ingenuity and foresight as Iron Man!
Our talk introduces an innovative framework for automating the identification and handling of malware samples targeting web servers, leveraging big data analytics and machine learning to cluster and track active malware campaigns. We will demonstrate an innovative and unique framework that employs heuristic analysis to autonomously identify and process web-delivered malware samples. This framework enhances the efficiency and accuracy of malware detection in large data sets, reducing the reliance on manual intervention, and enabling near real-time threat hunting, and campaign tracking.
Building upon the collected malware data, we utilize big data analytics techniques to track and monitor malwares, cluster similar malware samples and associated network activity, to unveil patterns and connections between various campaigns. This clustering approach provides deeper insights into the tactics, techniques, and procedures (TTPs) employed by threat actors, facilitating the identification of overarching strategies and objectives.
We will conclude with a detailed analysis of notable real-world malware campaigns identified through this system. Attendees will gain insights into the operational methodologies of these campaigns, their impact and the defensive measures that can be employed. Case studies will highlight real-world applications and the effectiveness of our automated approach in enhancing cybersecurity posture.
A discussion of the OWASP ML Top 10 and OWASP LLM Top 10, and how a failure to apply these principles in 2001 A Space Odyssey, led to implementation flaws in HAL 9000, resulting in disastrous consequences for the crew.
Come join RevEng as we discuss the role of machine learning in expediting the art of binary analysis culminating in a CTF designed to show case how these tools can be used.
So whether you are new, or a pro, to malware analysis and machine learning, we invite you to pop along, have some fun, and ask us as many questions as you'd like.
Log collection is the foundation of Security Operations. It is critical to have the correct host/application and a collection mechanism for events to facilitate correlation into SIEM/SOAR/XDR. Ineffective security events not only waste platform resources but also increase false-positive detections within a SOC; which then impacts moral and how long it take to triage an alert.
Led by SIEM engineering specialists who boast a combined +20yrs experience with clients across government and industry, learn and try some of the best practices and tips that help some of the UKs most critical SOCs run smoothly.
If you are playing with Security Onion, or building content and correlation rules, improve your effectiveness by only collecting the events you need…this is for you, take the trash out!
In an era where cyber threats are increasingly sophisticated and network perimeters are becoming obsolete, traditional security approaches are falling short. This presentation will highlight why embracing a Zero Trust approach is crucial for modern cyber defense. By adhering to the principle of "never trust, always verify," Zero Trust revolutionizes security by continuously validating every user, device, and access request, rather than assuming trust based on network location.
Do you actually know if you have been breached? Do you know your critical assets, what you can't see? Monitoring and logging is a simple construct, however most companies see it as a tick-box exercise. This presentation looks into the following, eyes on the ground approach.
- answers the why, how , what
- looks in to basics around asset management, critical data, users, end points, networks, etc
- key missed areas, like policy, people, and physical.
- summaries an approach based on a risk based approach.
this will cover examples and be lighted hearted and funny at times.
- questions
- end
Abstract:
What if the technology designed to protect your Windows System could be used against it?
In this session, we will dwell deep into the journey of a hidden world of Use Access Control (UAC) and Component Object Model (COM), uncovering how attackers can turn these essential security features into weaponization for privilege escalation.
Join me as we pull back the curtain on the often-overlooked vulnerabilities within UAC and COM, revealing how crafty an adversary exploits elevated COM interfaces to bypass UAC consent prompts without user interaction through live demonstration and real-world examples from prolific Ransomware (BlackCat).
This is not all about bad news. It also equips you with the knowledge and tools to detect, prevent, and defend against these sophisticated techniques.
Whether you’re a cybersecurity veteran or a curious newcomer, this talk promises to deepen your understanding of Windows Internal and elevate your defense strategies against UAC Elevated COM-Bypass exploits.
Key Takeaways:
1. Intersection of COM and UAC: COM objects are used by various applications in Windows to perform tasks. Some of these objects run with elevated privileges. UAC is designed to prevent unauthorized elevation, but if a COM object is improperly configured, it can be exploited to bypass UAC.
2. Exploitation Method: This bypass typically involves identifying a vulnerable COM object that does not trigger a UAC prompt when instantiated. An attacker can execute their payload through this object, gaining elevated privileges without user consent.
3. Live Demo: Examples from prolific Ransomware, BlackCat, and skeleton code.
4. Threat Hunt Use Case: Detection Logic/Tools and actionable IOCs for UAC Bypass.
In recent years, healthcare institutions have become prime targets for cyber attackers. The sector, suffering from a lack of resources and limited knowledge of the specific protocols related to its operations, remains particularly vulnerable despite advancements in detection systems. This reality raises crucial challenges in a field where protecting data is as vital as patient care.
This presentation focuses on the DICOM protocol, its functionality, and its use in medical imaging. We will explain why it has become a prime target for cyber attackers and reveal an offensive tool capable of extracting data from a DICOM server.
Finally, we will discuss current protection methods, their limitations, and present concrete measures to strengthen the security of these critical infrastructures.
By attending this conference, you will gain a deep understanding of the DICOM protocol, its vulnerabilities, and the best ways to prepare for emerging threats and future risks.
This talk examines the expanding role of artificial intelligence (AI) in social engineering, focusing on how AI-driven tools are used to shape public opinion and influence group behaviour on a large scale.
Indirect Prompt Injection (IPI) is a fascinating exploit. As organizations race to capitalize on the hype surrounding AI, Large Language Models are being increasingly integrated with existing back-end services. In theory, many of these implementations are vulnerable to Indirect Prompt Injection, allowing cunning attackers to execute arbitrary malicious actions in the context of a victim user. In practice, IPI is poorly understood outside of academia, with few real-world findings and even fewer practical explanations.
This presentation seeks to bridge the gap between academia and industry by introducing the Indirect Prompt Injection Methodology - a structured approach to finding and exploiting IPI vulnerabilities. By analyzing each step, examining sample prompts, and breaking down case studies, participants will gain insights into constructing Indirect Prompt Injection attacks and reproducing similar findings in other applications.
Finally, the talk will cover IPI mitigations, elaborating on why this vulnerability is so difficult to defend against. The presentation will provide practical knowledge on securing LLM applications against IPI and highlight how this exploit poses a major roadblock to the future of advanced AI implementations.
In cybersecurity, Black Swan events are seen as rare, high impact threats or attacks from unknown or neglected vectors, that post event are rationalised as predictable in hindsight despite being unforeseen at the time. Our role in Cybersecurity is to help organisations prepare for the worst but how can we prepare for unpredictable, rare, high impact events? This talk will examine some real-world Black Swan breaches and then discuss approaches company's can take to prepare for them.
This engaging presentation highlights the unique journey of a non-technical professional – a lawyer turned cybersecurity enthusiast – breaking into the field. Drawing from personal experiences including founding the Women in Cybersecurity (WiCyS) Surrey Chapter, winning a social engineering competition sponsored by the Cybersecurity Infrastructure Security Agency (CISA), and gaining hands-on experience in Cyber Threat Intelligence (CTI) as an MSc student, she offers actionable insights for those looking to transition into cybersecurity. This session aims to simplify the path to cybersecurity for individuals without a traditional tech background, emphasising the importance of networking, community organisations, and hands-on experience in facilitating this transition while highlighting the common challenges faced and strategic approaches to overcome them. Whether you're contemplating a career change or looking to diversify your security team, this session offers valuable insights into the power of non-traditional backgrounds in strengthening the cybersecurity workforce.
The use of Generative Artificial Intelligence (AI), particularly Large Language Models (LLMs), is rapidly increasing across various sectors, bringing significant advancements in automating tasks, enhancing decision-making, and improving user interactions. However, this growing reliance on LLMs also introduces substantial security challenges, as these models are vulnerable to various cyber threats, including adversarial attacks, data breaches, and misinformation propagation. Ensuring the security of LLMs is essential to maintain the integrity of their outputs, protect sensitive information, and build trust in AI technologies.
This talk will examine the security vulnerabilities that are inherent in Large Language Models (LLMs), with a particular focus on injection techniques, client-side attacks such as Cross-Site Scripting (XSS) and HTML injection, and Denial of Service (DoS) attacks. Through the simulation of these attack vectors, the study assesses the responses of various pre-trained models like GPT-3.5 Turbo and GPT-4, revealing their susceptibility to different forms of manipulation.
The talk will also underscore the critical risk of these vulnerabilities, especially when exploited in a real-time corporate environment, where they can lead to significant disruptions, unauthorized access, data theft, and compromised system integrity.
After introducing the Bsides audience to the Fligistan Intelligence Bureau at Bsides Cymru 2024, we wanted to expand that for the London audience by diving deep into the world of Cyber HUMINT. This talk will delve into how Fligistan deploys tactics, technologies, people and processes, and then pivot to how we can use that knowledge, as cyber practitioners, to gain insight for our own defenses and offensive security.
There are thirteen pillars upholding the critical national infrastructure (CNI) that allows for the every day running of our society. These pillars are sectors that rely on four generations of operational technology (OT) systems with the oldest generation being pre-Internet. What are these industrial control systems (ICS) that we rely on, and how are they vulnerable? This talk will outline a generic ICS from the hardware to the protocols that allow the complex systems to speak with one another. Research into these systems is often done on physical testbeds and digital twins (I don't know about you, but I wouldn't want to try hack an actual nuclear reactor). The talk will discuss the testbeds that I'm lucky enough to play with day-to-day. How are these industrial control systems vulnerable, and what can we do to protect these systems from malicious actors? Finally, how are these thirteen pillars connected? If we knock one down, will the others fall like dominos?
Malicious domains are part of the landscape of the internet but are becoming more prevalent and more dangerous to both companies and individuals. Tracking, blocking and detecting such domains is complex, and very often involves complex allow or deny list management or SIEM integration with open-source TLS fingerprinting techniques. Many fingerprint techniques such as JARM and JA3 are used by threat hunters to determine domain classification, but with the increase in TLS similarity, particularly in CDNs, they are becoming less useful. This presentation demonstrates how we can adapt and evolve open-source TLS fingerprinting techniques with increased features to enhance granularity, and to produce a similarity mapping system that enables the tracking and detection of previously unknown malicious domains. This is done by enriching TLS fingerprints with HTTP header data and producing a fine grain similarity visualisation that represented high dimensional data using MinHash and local sensitivity hashing. Influence was taken from the Chemistry domain, where the problem of high dimensional similarity in chemical fingerprints is often encountered.
Exploring real world stories of physical security tests and the relationship between my obsession with the 1992 film sneakers and my chosen line of work.
Ever wondered how your smart toothbrush or connected garden rock stays secure in our digital world? As the Internet of Things (IoT) brings connectivity to everyday objects—from cars to clothing—it's more important than ever to keep these devices safe from cyber threats. But here's the challenge: many IoT gadgets run on tiny chips called Systems on Chip (SoCs) that don't have the power of full-sized computers, making them uniquely vulnerable.
In this presentation, I'll guide you through the fascinating world of hardware/software binding—a key technique that ensures only authorized software runs on specific hardware. We'll explore how this practice helps protect IoT devices by linking software tightly to the hardware it runs on, preventing unauthorized code from sneaking in.
We'll look at different SoCs used in IoT devices, discuss SoC architecture, review the security methods provided (or not) by manufacturers, and dive into some cool techniques from research and industry. Don't worry if you're new to this—I'll break down the jargon and share practical insights from my own experiences in software development and security.
Plus, I'll introduce a handy questionnaire you can use when choosing SoCs for new products, helping you evaluate their security features with confidence. Whether you're just starting out in cybersecurity or simply curious about how to keep our connected world safe, this talk will give you the understanding and tools to make a real difference.
Distroless containers only contain your application and its dependencies. In theory, they’re a great security best-practice.
Alan used to participate in global OSINT CTFs until they suddenly stopped. Now they speak about their experience to help people make an informed decision when it comes to participating in future event
In Malware Village, we will host various contests and workshops focused on malware analysis. Participants can experiment with and analyze malware under the guidance of professionals.
The full Malware Village* currently features three contests:
MARC I (Malware Analysis Report Competition)
BOMBE (Battle of Malware Bypass EDR)
EMYAC (Efficient Malware YARA Analysis Competition)
*In BSides London, we only have 4 hours, so we will host a subset of Malware Village.
In the cyber security world there are many challenges faced by numerous different people. One of those groups are those who are disabled, there is 16.1 million people (24% of the population) in the UK who are considered disabled and yet they are rarely taken into account when new policies are being made.
I want to bring to light this issue specifically when it comes to passwords, for able bodied people they are already a pain but for those of us who are disabled they are a nightmare and even new technologies like MFA can be more of a burden than they set out to be.
I'm proposing some solutions to this like the wonderful world of password managers and even physical storage for passwords and shining light on some outdated views like the dreaded password expiry that in fact only makes accounts less secure.
Now, you may wonder who am I to be speaking on such a sensitive topic, I am a Cyber Security student from Manchester Metropolitan University and I have been disabled since the age of 4. I have seen first hand the struggles that those with different disabilities to me face and I also have first hand experience with some of those struggles.
My intention is to hopefully get you all thinking about how you can make your workplace more accessible and implementing some ideas to make everyone's life easier but especially for those who already struggle.
Quantum Computing and Quantum Safe Cryptography seem to be buzzing up hype on all platforms. While no one is seemingly refuting the potential for Quantum Computers, the general sentiment seems to be that Quantum Computers won't be available for some time.
If we stop thinking about Quantum Computers for a minute and just focus on Cryptography it self and how deeply it is embedded into our every day lives, perhaps the problem will become more evident.
This hands-on workshop aims to give you an understanding of the security features and pitfalls of modern containerization tools like Docker and Kubernetes. We’ll cover a range of topics to build up a picture of the security options available and show practical examples of attack and defence on containerized systems.
There will be hands-on labs covering common attacks on Docker, Docker containers and Kubernetes clusters.
Prerequisites – Familiarity with basic Docker commands and Linux command line use will be helpful, but we’ll provide step-by-step instructions for people who are less familiar with them.
Workshop requirements:
- A laptop with a web browser that does not have strict filtering in place (e.g. no white-list only corporate proxies) and an SSH client.
A* CV
Server-Side Request Forgery (SSRF) vulnerabilities offer a range of attack possibilities, but their impact often depends on the nature of the vulnerability. While some SSRFs directly expose data from requested URLs, blind SSRFs typically result in more limited insights, such as basic reconnaissance or port scanning.
In this talk, I’ll unveil a powerful technique for amplifying the impact of blind SSRFs by leveraging internal DNS records discovered through known components. This innovative approach focuses on effectively pivoting from external SSRF attacks—where access is constrained—to exploiting internal endpoints with minimal fuzzing or guessing.
I will demonstrate practical methods for identifying and utilizing internal DNS records, which can be revealed through components such as Kubernetes services, microservices, or internal APIs. By uncovering these internal DNS entries, you can bypass traditional application mitigations and firewall rules, significantly enhancing your SSRF attacks.
Through real-world examples and hands-on demonstrations, you'll learn how to transition from limited external SSRF access to effectively exploiting internal endpoints, revealing the true potential of blind SSRFs. Join me to discover how harnessing internal DNS records can transform the effectiveness and impact of your SSRF findings, making them more actionable and insightful.
This talk examines how 96 threat actors disclosed their systems, logs, and tools in open directories, providing unique insights into their tactics and operations in real-time.
In the evolving landscape of cybersecurity, maintaining up-to-date threat models is a critical yet challenging task for security teams. Traditionally, architecture diagrams have served as the basis for initial threat modelling. However, as application features rapidly evolve, these static models often become outdated, leaving organisations vulnerable to emerging threats.
Software Reverse-Engineering (SRE) is often considered black magic, but with the right tools and knowledge, its processes can be significantly accelerated. Unicorn Engine is a powerful framework that allows you to execute code platform-independently, which can greatly enhance your SRE skills.
Applications, binaries, and frameworks often contain complex functionalities like encryption and decryption methods that are hidden from the user. Reverse-engineering these can be difficult and time-consuming, especially when they involve non-standard, proprietary or non-documented cryptographic functions. This is where Unicorn Engine comes in. It enables us to execute code dynamically without the need for the proper environment or hardware. By emulating the execution, we can analyse and understand the underlying operations, making the reverse-engineering process more effective.
In this session, I will present my research on disrupting drone operations by targeting their command-and-control (C2) channels and analyzing the forensic evidence left behind. My work explores various disruption techniques, such as Wi-Fi de-authentication, man-in-the-middle (MITM) attacks, video stealing, and drone disabling using tools like Flipper Zero, ESP32 microcontrollers, and Linux command-line utilities. I will also delve into the forensic analysis conducted post-attack to identify digital footprints and network anomalies left by these disruptions. If live demonstrations are not feasible at the conference, I have recorded videos of all the attacks on the drone to showcase them, and some of the attacks can be performed without flying the drone. Alternatively, I can use simulations to demonstrate the techniques. This research provides a framework for detecting and documenting evidence of drone attacks, significantly contributing to the field of drone forensics and cyber-physical security.
Open-source tools offer a powerful, cost-effective solution for securing modern applications from development through deployment. This workshop will walk through key tools that help protect your entire stack—from securing your codebase, to monitoring cloud environments, and automating vulnerability detection. We’ll also discuss the strengths and limitations of open-source security tools, showing when they can be the perfect fit for your needs, and when proprietary or custom solutions may be more appropriate.
Attendees will get habnds on with tools like OWASP ZAP, Trivy, Bandit, and Checkov to help them understand how to effectively incorporate these solutions. You'll leave with practical knowledge of the best tools for various security tasks and guidance on integrating them to protect your applications at every level.
Game Securely. Research of recent security vulnerabilities within the Gaming industry. Understanding the details of the Gaming security vulnerabilities, the potential impact if exploited, and learning ways to mitigate and prevent them. Some of the researched vulnerabilities include Valorant's Anti-Cheat Bypass, Counter-Strike Source Code Leak, Grand Theft Auto Remote Execution, Fortnite Account Takeover, Apex Legends DDoS Attacks, Minecraft Realms Exploit, and Roblox Script Exploit.
Everybody loves a good story and within our industry we encounter some fascinating stories! However, the ability to convey often complex and technical details to a varied and multi-disciplinary audience can be an overlooked - but incredibly valuable - skill for cybersecurity professionals, especially in technical roles. Storytelling can be a critical part of effective cybersecurity incident and threat intelligence reporting; it provides necessary context to the threats we face, as well as the mitigations, remediation steps and other actions we need to take to protect our data, environments, and organisations. This presentation outlines key tips and tricks for leveraging technical writing skills to produce effective, impactful and actionable investigation notes and reports. By mastering the power of storytelling and effective technical writing, security professionals have the opportunity to make the threats we face and incidents we encounter more relatable to non-technical readers, therefore improving the accessibility, understanding and impact of our work.
The tale of stumbling across the registry key which reverts MS08-068, permitting SMB reflection attacks.
Let’s face it: ransomware operators are the digital villains we all love to hate. But what if I told you there's a way to outsmart these cybercriminals by using their own tools against them? Join me in taking the red pill, to find out about the "Ransomware Tool Matrix," your new secret weapon in the fight against cyber extortionists.
With CI/CD pipelines driving modern DevSecOps, ensuring they don't become attack vectors is a shared concern across organisations. This talk introduces a new perspective focusing on provable CI/CD security, while steering away from securing pipelines directly. Maintain compliance, ensure visibility, and prevent potential threats from compromising critical systems by focusing on what really matters.
In this talk, Andy Smith will demystify the real threat that quantum computers pose to our current cryptography, what you can do about it, and what specific actions you should look to take in 2025.
This talk examines how the crisis management principles of aviation "Aviate, Navigate, Communicate" can be effectively applied to cybersecurity. It highlights promoting a no-blame culture, empowering security culture across an organisation and preparing for unforeseen events, drawing on aviation’s century of safety advancements.
Do you use Raspberry Pi as a Home Assistant to manage remote devices via Bluetooth? Or your phone with wireless devices?
That's extremely convenient, but did you know that it can be easily compromised - and that some devices may still be unpatched?
This talk delves into the post-compromise tactics employed by threat actors following Business Email Compromise (BEC) incidents, drawing from our experience as a Managed Security Service Provider (MSSP).
We will discuss how some legitimate OAuth applications are used in post compromise for persistence and data exfiltration.
In today's rapidly evolving digital landscape, cybersecurity professionals are constantly seeking innovative strategies to protect their systems. Surprisingly, some of the most powerful lessons can be found in a place often overlooked—the garden. This talk, "From Garden to Grid," draws thought-provoking parallels between gardening practices and cybersecurity strategies, offering a fresh perspective on how we can cultivate a more resilient and adaptive approach to protecting our digital environments.
By exploring key principles such as nurturing growth, pruning for efficiency, building resilience, and harvesting success, this presentation will highlight actionable insights that cybersecurity professionals can apply to their daily work. The talk will delve into topics such as continuous learning and innovation, streamlining security processes, safeguarding systems against threats, and celebrating wins by measuring key performance metrics. Attendees will leave with a deeper understanding of how these natural principles can inspire a sustainable, secure, and forward-thinking cybersecurity strategy.
This session will benefit cybersecurity professionals seeking to enhance their strategic approach by embracing a mindset that encourages adaptability, efficiency, and resilience—qualities essential for thriving in both the digital and natural worlds.
Embedded systems are everywhere, automating more and more of our everyday lives. Our cars, phones, games consoles, industrial controllers and IoT devices increasingly require security mechanisms to protect their security configurations, and in some cases, stored secrets, such as cryptographic keys, debug/flash protection access mechanisms, firmware images, and AI models. For a long time, local, physical attacks on general purpose microcontrollers were considered out of scope during threat analysis, but the increase in value of breaking the device security protections, the decrease in cost of the attacks, and the increase in awareness of such attacks, means that we’re in a transitional state regarding protection against fault-injection.
As IoT devices increasingly rely on real-time decision-making, generative AI offers immense potential to enhance these processes by predicting complex data patterns. However, this raises important questions about trust: Can AI be relied upon to make autonomous decisions, and how can we ensure its transparency and ethical integrity? This talk will explore the trustworthiness of generative AI in real-time IoT, covering technical challenges, best practices for ensuring accuracy and reliability, and the role of explainable AI (XAI). We will also address ethical and privacy concerns, providing insights on balancing innovation with responsible AI development.
Deepfakes have become an increasing source of concern as AI advances. These extremely lifelike, digitally made videos can be used to propagate falsehoods, harm reputations, and even commit financial crimes. This talk would go into the complexities of deepfake technology, discussing how it is made and the potential repercussions. We will talk about effective detection techniques, preventive measures, and the role of legislation in tackling this increasing problem.
Understanding the issues offered by deepfakes allows us to better navigate the digital realm and protect ourselves from their negative consequences.
This presentation explores the advanced use of minifilters in offensive security operations, focusing on their application in bypassing and disabling EDRs. We will delve into the architecture of EDR systems and common offensive uses of mini filters, such as bypassing file system monitoring.
We will then introduce a novel technique to entirely disable EDRs via the abuse of minifilters.
The talk will also cover the implications for defensive security and potential countermeasures, aiming to provide valuable insights for both offensive and defensive security professionals.
As a paranoid tech-head, I find cache extremely suspicious. Specifically, cache on modern CPUs.
In this talk, I will explain why!
In this process, we can explore the idea that we need more systems that are as memoryless as possible, and where there is memory, the data is always well encrypted.
I have been, in my own time now for a few months, working with digital logic design to realise some hardware proof of concepts while building in this philosophy.
AI models trained specifically for security are here, why should devs have all the fun? Pair hacking with tools like WhiteRabbitNeo speeds up your process and reduces tedium inherent in most security roles. WhiteRabbitNeo is an uncensored, open-source LLM that has been trained on red team data. Learn how WhiteRabbitNeo can help you harden your source code and improve configuration security while reducing hours of DevSecOps tedium to minutes. WhiteRabbitNeo will research vulnerabilities, propose exploits, and help package malware payloads while you focus on the creative side of cybersecurity: crafting the perfect delivery method for the exploit.
In this two-hour hands-on workshop we will show attendees how to build their own EDR/XDR/MDR platform leveraging open-source tools. Attendees will learn to deploy cross-platform EDR sensors, how to use sigma detection rules, write custom detection rules, and leverage open source adversary emulation tools ( Atomic Red Team) to test new them. We will then discuss how to extend these capabilities for investigations and threat hunting by integrating additional open source or free tools to gather additional telemetry such as Sysmon and Velociraptor.
This Talk is Important—very important—for the cybersecurity industry, hackers, and policymakers from the Boardroom to the Halls of Government.
A long time ago, on June 27, 1991, Winn testified before the US Congress and was asked, “Mr. Schwartau: Why would the bad guys ever want to use the internet?”
Today, our cognitive infrastructure is under attack, and humanity needs cybersecurity professionals more than ever. Reality is only a keystroke away.
Metawar is the art and science of manipulating your reality. It is the battle for control over one’s belief systems, identity, and sense of reality outside one’s conscious awareness. Reason and emotion are incompatible operating systems.
Big Tech is digitally terraforming the planet’s future cognitive infrastructure, Web 3.0, with little concern for the downsides. The metaverse is an evolving, immersive storytelling environment designed to be the most powerful and addictive reality distortion machine ever conceived. It will also predict and anticipate your every desire and every move!
On the global stage, metawar represents the sixth domain of warfare. They who control the technology control the narrative. We have no choice but to learn how to coexist with the reality-distorting technologies we have created by implementing technical, policy, and cognitive defenses to protect our sense of truth, reality, and self-identity.
Winn’s keynote is a call to action.
The cybersecurity community is among the best problem solvers the planet has ever seen. It acts as a team, a collective of like-minded individuals with an amazing array of skills who stop at nothing to achieve their aims—against all odds. Winn challenges us with a new goal: Strengthen and defend the human mental immune system. Our brains, sensory nervous systems, and minds are the new attack surfaces. Will the cybersecurity community rise to the challenge of solving the most existential threat it has ever faced? Or not.
To survive, humanity must adapt to and Coexist with technology.
Criminal groups rely on phishing web panels to manage their campaigns and interactions against ordinary people. Due to its nature, information showing the details and complexity of these platforms is not widely available. In this presentation, we will delve into the strategies and methodologies for infiltrating and commandeering the web panels used by phishing groups to manage their campaigns against ordinary people.
There are thousands of scamming and phishing attacks performed every day. It is one of the most lucrative and profitable forms of hacking, involving the manipulation of humans. But how do criminals reach their victims? What are their techniques? And can anyone be hacked? The answer is yes, and I will show you the process of how to achieve that.
As incident responders in the insurance space, we often respond to incidents where critical evidence is no longer available for analysis. This presentation will demonstrate how incident responders can use offensive security techniques to determine likely root causes and inform effective containment strategies.
For application security engineers, managing CVEs has become an overwhelming task due to the rising number of CVEs, inaccurate vulnerability scanners, and user demands for zero CVEs in dependencies. My talk aims to demonstrate how VEX documents can eliminate the time-consuming spreadsheet back-and-forths by programmatically expressing vulnerability applicability information. By showcasing a workflow and tools introduced for Cilium, I will illustrate how VEX documents enable automatic exclusion of non-applicable CVEs from scanners, distribute triage workload to knowledgeable teams, and generate documentation on vulnerability applicability. Real examples from Isovalent's use of VEX documents in our security workflow will support these points. I hope attendees will leave convinced of the benefits of generating and using VEX documentation to focus more on addressing real vulnerabilities.
We've been in the wrong place at the right time between us for between 30-40 years, in just about every sector imaginable.
We're seeing both mid-sized organisations and enterprises in the situation where they have all the consultancy recommendations - Managed Security Service Provider, Endpoint Detection And Response, Network Detection & Response, extended Detection & Response, Managed Detection & Response, but IR still isn't solved.
There's frustration from both the MSSPs and Detection & Response providers, and from customers.
This talk explores:
The difference between Incident Management and Incident Response
The history of how people get into Security, and Incident Response
Enterprise Architecture View of these
The changes that have introduced a wicked problem:
Non-Technical or Non-Security Incident Managers attempting Incident Response
Technical Incident Responders attempting IR without the business link of Incident management
The frustrations from MSSPs and Detection & Response Providers
Customer Frustrations
Potential ways of solving this within the security community
With the growth of robotics and IoT, embedded devices are vital but often vulnerable. This talk explores security challenges in embedded systems, highlights real-world attacks, and provides practical defense strategies. Engineers and cybersecurity professionals will gain insights into protecting devices in robotics and IoT from design to deployment.
ATT&CK is a game changer and where it works, it can enable both blue and red teams to co-exist and work effectively together. However, what do attackers on Linux do when bitcoin miners aren't their motivation? This talk looks at how the linux-malware repo came to take shape and how I've used it to inform both MITRE and Cisco's view on adversarial behaviour over the last three years.
Due to the technological advancements in the world, using web applications to securely access shared data has become a popular choice. However, the downside to that is personal sensitive data is exposed. Around 74 % of personal data all over the internet is vulnerable to known web application attacks. Moreover, 90% of global cyberattacks happen through web applications. Keeping up with the attack vectors has become a challenge because of the ever-changing security landscape. This increase in attack surge for web applications needs a proactive and extensive solution. Cyber defenders are constantly facing new challenges in the identification of threats as cyberattacks are becoming more sophisticated hence there is a need to monitor, analyse, and mitigate these threats with priority. To address this gap, research is needed to enhance the security of web applications using honeypots, threat intelligence, and automation. This research aims to provide web developers with a solid foundation to protect against the growing range of cyber risks.
For nearly three decades, SIEM tools have been the cornerstone of the SOC, centralising threat detection, alerting, and commonly used for ticketing, case management, and SOC metrics. But what if this essential tool could be bypassed, evaded, or even directly attacked?
Having both several years experience working directly for various SIEM vendors, we shall discuss and explore these possibilities in more depth, as well as emphasise the importance of continuous control testing.
We will aim to give some ideas to offensive teams, and also give defenders some things to think about!
Cloud-native has revolutionised how we build and deploy applications, but let's face it - we've made our share of mistakes along the way. From the early days of on-prem to today's massive cloud-native deployments, this has not only transformed application development but also dramatically reshaped the infrastructure, DevOps practices, and the overall security landscape. This talk takes a look at the evolution of cloud-native security, highlighting the real-world incidents and attack techniques that have evolved alongside our technologies.
We'll trace the threat landscape from on-prem to hybrid cloud to cloud-first, then dive deep into the current cloud-native risks: identity breaches, misconfigured cloud services, vulnerable CI/CD pipelines, and the long-standing threat of supply chain. We'll look ahead, exploring the emerging technologies that will shape the future of both attacks and defenses.
Wrapping up the session, actionable strategies to secure your cloud-native environment will be discussed, highlighting tools which can be used to proactively mitigate risks, enhance runtime visibility and automate security.