{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2026.1.0.dev0"}, "schedule": {"url": "https://sched.securitybsides.org.uk/bsides-london-2023/schedule/", "version": "0.6", "base_url": "https://sched.securitybsides.org.uk", "conference": {"acronym": "bsides-london-2023", "title": "Bsides London 2023", "start": "2023-12-09", "end": "2023-12-09", "daysCount": 1, "timeslot_duration": "00:05", "time_zone_name": "Europe/London", "colors": {"primary": "#050404"}, "rooms": [{"name": "Track 2", "slug": "2553-track-2", "guid": "551af01a-3cf6-5520-82a7-64b419f73342", "description": null, "capacity": 250}, {"name": "Clappy Monkey Track", "slug": "2552-clappy-monkey-track", "guid": "cfd91436-b102-5803-a29e-3411729ec81f", "description": null, "capacity": 250}, {"name": "Track 3", "slug": "2554-track-3", "guid": "4c369f85-d96f-575c-991c-ae39c0669d32", "description": null, "capacity": 250}, {"name": "Rookie track", "slug": "2555-rookie-track", "guid": "37aa6814-daf9-5401-92f0-494e9d6d1069", "description": null, "capacity": 120}, {"name": "Workshop Room 1", "slug": "2556-workshop-room-1", "guid": "715a5896-7ff8-573b-a194-004d9aba041f", "description": null, "capacity": 80}, {"name": "Workshop Room 2", "slug": "2557-workshop-room-2", "guid": "461a622e-351c-52c6-b176-0d44b0990c37", "description": null, "capacity": 80}, {"name": "Workshop Room 3", "slug": "2558-workshop-room-3", "guid": "ff0892e7-0b32-5be8-abb4-5b8ddb0c32fd", "description": null, "capacity": 80}, {"name": "Workshop Room 4", "slug": "2612-workshop-room-4", "guid": "01585b0d-98d5-5079-9d09-844510c52edd", "description": null, "capacity": 50}, {"name": "Workshop Room 5", "slug": "2613-workshop-room-5", "guid": "9fd0e74f-c82f-5b70-8cd0-e7e1cb668df2", "description": null, "capacity": 50}], "tracks": [{"name": "ClappyMonkey Track (Track1)", "slug": "3968-clappymonkey-track-track1", "color": "#7C0C8A"}, {"name": "Workshops", "slug": "3969-workshops", "color": "#22BA76"}, {"name": "Track 2", "slug": "3970-track-2", "color": "#C6A42D"}, {"name": "Mentors", "slug": "3971-mentors", "color": "#4220C8"}, {"name": "Track 3", "slug": "3972-track-3", "color": "#090101"}, {"name": "Rookies", "slug": "3967-rookies", "color": "#D01515"}], "days": [{"index": 1, "date": "2023-12-09", "day_start": "2023-12-09T04:00:00+00:00", "day_end": "2023-12-10T03:59:00+00:00", "rooms": {"Clappy Monkey Track": [{"guid": "e82a9499-2410-50c2-a2a4-9e40332b8ae2", "code": "ZCYUYS", "id": 37883, "logo": null, "date": "2023-12-09T10:00:00+00:00", "start": "10:00", "duration": "00:45", "room": "Clappy Monkey Track", "slug": "bsides-london-2023-37883-unearthing-the-secrets-of-securing-a-160-year-old-railway-beyond-the-basics", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/ZCYUYS/", "title": "Unearthing the Secrets of Securing a 160-Year-Old Railway: Beyond the Basics!", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Ever wondered how to apply the NIS regulations to a 160-year-old railway? Think it's as simple as rolling out some security monitoring, deploying a few agents and crafting an incident response plan? Think again!\r\n\r\nWe will delve into the fascinating world of securing a railway infrastructure that has stood the test of time. Imagine applying modern cybersecurity principles, the technical intricacies of introducing cutting-edge security monitoring into a railway system that was conceived long before the digital age. How do you secure a system that predates the concept of cybersecurity itself? The challenges, the complexities, and the implementation - it's all here.\r\n\r\nKeeping the Wheels Turning, Safely isn't just about the past; it's about safeguarding the future. Discover how we conquer the obstacles to ensure the continued, secure operation of the railway. Your safety, our safety, and the safety of generations to come depend on it.\r\n\r\nBuckle up, because this is not your ordinary railway story. This is a thrilling expedition through time and technology, where we'll unlock the secrets of securing an icon that has been transporting us for over a century and a half.", "description": "", "recording_license": "", "do_not_record": true, "persons": [{"code": "RPMJUB", "name": "Pete G", "avatar": "https://sched.securitybsides.org.uk/media/avatars/RPMJUB_aEl8lWr.webp", "biography": "Pete G is a Principal Cyber Security Engineer heading up a Security Engineering practice for one of the largest and most famous transport networks in the world.\r\n\r\nFor over 16 years, Pete has navigated the ever-evolving IT and cybersecurity landscape. His journey has taken him through the darkest corners of the cyberworld, from chasing ransomware operators through labyrinthine networks to resurrecting Active Directory from the ashes of malicious attacks. From crafting brand-new infrastructures from the ground up to unraveling complex fraud schemes, he has done most things.\r\n\r\nA passionate advocate for knowledge sharing and community building, you can often find him at BSides conferences, where he's not just an attendee but a source of inspiration for budding cybersecurity enthusiasts. He's also the creator and guardian of the \"Cyber Railway,\" a live interactive hackable railway CTF/War Game. It's a playground where aspiring hackers can sharpen their skills.\r\n\r\nKnown for his dad jokes, loyalty and entertainment on the decks and off he's a good egg.", "public_name": "Pete G", "guid": "faf38c30-edca-592c-aaad-6ce7d7149998", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/RPMJUB/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/ZCYUYS/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/ZCYUYS/", "attachments": []}, {"guid": "f0789399-dac7-59fe-ae6c-3de86b34a5ca", "code": "TUHM7Q", "id": 37874, "logo": null, "date": "2023-12-09T10:55:00+00:00", "start": "10:55", "duration": "00:45", "room": "Clappy Monkey Track", "slug": "bsides-london-2023-37874-open-sesame-unlocking-bluetooth-padlocks-with-polite-requests", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/TUHM7Q/", "title": "\"Open, Sesame!\" - unlocking Bluetooth padlocks with polite requests", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Locks, at their core, are some of civilisation's oldest security devices; and, much like any other security product, not all of them are created equal. The current boom in IoT devices makes \"smart locks\" a tempting proposition, with many options promising affordable and robust security. But how good are they actually? How would you even find that out?\r\n\r\nIn this talk, Alex and Mi\u0142osz shine a light on a popular line of smart locks commonly recommended on major UK marketplaces. Although the build quality of the locks makes them relatively resistant to picking and common physical attacks, multiple issues with their \"smart\" functionality means that a small amount of reverse engineering of the associated smartphone app allows anyone to construct valid unlock requests without any knowledge of authorisation material, and without alerting the owner.\r\n\r\nThis talk is beginner-friendly and no prior knowledge will be assumed. We will discuss the process of discovering the vulnerabilities, explain how the manufacturer got things wrong (and how they could have done it better), and finally tempt the Demo Gods with a live demonstration of unauthorised unlocking of the devices.\r\n\r\nTopics covered will include: Bluetooth Low Energy communications, reverse-engineering of Android applications, basic API/Web security", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "RX8MWG", "name": "Mi\u0142osz Gaczkowski", "avatar": "https://sched.securitybsides.org.uk/media/avatars/RX8MWG_aeqi04A.webp", "biography": "Mi\u0142osz is a mobile security specialist at WithSecure, having previously spent entirely too much time working in academia.\r\n\r\nHis current work revolves around Mobile Device Management solutions, Android device security audits, advisory consultancy, and complaining about password managers. Outside of technical work, his primary interests are in education and the culture of education.", "public_name": "Mi\u0142osz Gaczkowski", "guid": "2bb40183-ef16-5985-bf3b-868200521801", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/RX8MWG/"}, {"code": "J8QJWW", "name": "Alex Pettifer", "avatar": "https://sched.securitybsides.org.uk/media/avatars/J8QJWW_8c7v1Aj.webp", "biography": "Cyber security enthusiast, finally free from academia, interned as a cybersecurity consultant at WithSecure, and currently filling my time picking locks and job-hunting.\r\n\r\nFavourite security areas: Mobsec, Access Control/Physical Security\r\nFavourite Padlock: Abus 72/40", "public_name": "Alex Pettifer", "guid": "aad6a4ab-a2cb-5570-8b86-857f4a4442f9", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/J8QJWW/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/TUHM7Q/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/TUHM7Q/", "attachments": []}, {"guid": "caf9a556-78a7-520b-9319-b54ae7819654", "code": "QUZNU7", "id": 37911, "logo": null, "date": "2023-12-09T11:50:00+00:00", "start": "11:50", "duration": "00:45", "room": "Clappy Monkey Track", "slug": "bsides-london-2023-37911-game-of-codes-qr-thrones-image-battles-and-the-quest-for-initial-access", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/QUZNU7/", "title": "Game of Codes: QR Thrones, Image Battles, and the Quest for Initial Access", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Email-based attacks remain at the forefront of the cybersecurity threat landscape, ever-evolving to circumvent defenses and trick unsuspecting users. In this presentation, we will discuss the nuances of the latest trending social engineering techniques including QR codes, image-as-content attacks, HTML Smuggling SVGs, and more. We will examine several real-world examples, discuss attacker objectives, and explore the tactics used to make them appear legitimate. Additionally, we will discuss methods of detection and prevention by analyzing signals unique to these attacks.\r\n\r\nThe pervasiveness of QR codes in daily life, combined with the ease of generating them, presents unique security challenges. Their quick-scan nature means users often trust and act on them without the scrutiny given to URLs. Moreover, most traditional email security systems are geared towards analyzing text-based content, making QR-encoded URLs slip through undetected.\r\n\r\nIn parallel, attackers are leveraging images to embed the text of their attacks. Since many email security scanners rely on analyzing suspicious text and URLs embedded directly in the body of messages, attackers are often able to bypass traditional detection.\r\n\r\nAttendees will come away from this talk with a better understanding of the latest email threats and the methods they can use to protect themselves and their organizations against them.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "FL3EMT", "name": "Josh Kamdjou", "avatar": "https://sched.securitybsides.org.uk/media/avatars/FL3EMT_aCSmeiz.webp", "biography": "Josh has been doing offensive security-related things for the past 12 years. He's spent most of his professional career breaking into networks via spear-phishing and other methods, and building software for both the public (Department of Defense) and private sectors. Josh is the Founder and CEO of Sublime Security, and in his private life enjoys weight lifting, Martial Arts, soccer, and spending time with his niece and nephew.", "public_name": "Josh Kamdjou", "guid": "afbbc91c-f40d-5e2f-aa61-47f7b7a93ad1", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/FL3EMT/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/QUZNU7/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/QUZNU7/", "attachments": []}, {"guid": "7ba33a74-9be0-560e-9ed1-080d89fe5f52", "code": "BA9DD3", "id": 36534, "logo": null, "date": "2023-12-09T13:55:00+00:00", "start": "13:55", "duration": "00:45", "room": "Clappy Monkey Track", "slug": "bsides-london-2023-36534-the-internet-never-forgets-osint-ing-myself-to-uncover-30-years-of-data-leakage", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/BA9DD3/", "title": "The internet never forgets: OSINT'ing myself to uncover 30 years of data leakage", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Being a similar age to the WWW, I've grown up using it and freely providing it my personal data without knowing any better. In this session we\u2019ll jump into the field of Open Source Intelligence (OSINT) and explain how it can be leveraged to understand your digital footprint on the internet. As part of the session we\u2019ll discuss the various sites, tools and learning resources that can be used when investigating the spider web of information that is publicly available about people and explore what sort of data I found in my own personal investigation. Ultimately, I hope this talk will provide a potent example of the old adage \u2018the internet never forgets\u2019.", "description": "This talk is a personal look at my journey into the world of OSINT and how I\u2019ve used it to better understand my digital footprint and reduce the findability of my personal data. I stared my journey with just a name and photo of myself and from that small set of information I set out to explore what else I could uncover. Join me as I explore and detail the techniques, tools and services that allowed me to uncover more publicly available personal data about myself than I ever expected to find. \r\n\r\nBy the end of the talk you will have learnt about a wide range of OSINT areas to explore such as: web archives, personal websites/blogs, search engines, domain names, git metadata, file metadata, data breaches, linking data sources and social networks. Hopefully, empowered with this information you\u2019ll be able to explore your own digital footprint and maybe think twice about what data you give to the internet and what data you have given historically.", "recording_license": "", "do_not_record": false, "persons": [{"code": "DECVSP", "name": "Thomas Preece", "avatar": "https://sched.securitybsides.org.uk/media/avatars/DECVSP_7Y39DqT.webp", "biography": "Thomas Preece is a Lead Architect working in the BBC handling security within the BBC\u2019s digital estate. His focus is around building security community, technical security education and giving developers the tools they need to create secure systems and ensure they continue to be secure.", "public_name": "Thomas Preece", "guid": "08b7d6b4-5a6d-54db-b2a0-663949fea58b", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/DECVSP/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/BA9DD3/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/BA9DD3/", "attachments": []}, {"guid": "e1ff2fad-31ce-5d2d-9d00-c48962b1f27f", "code": "YZ3RT7", "id": 37728, "logo": null, "date": "2023-12-09T14:50:00+00:00", "start": "14:50", "duration": "00:45", "room": "Clappy Monkey Track", "slug": "bsides-london-2023-37728-anti-forensics-techniques-used-by-threat-actors-in-the-wild", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/YZ3RT7/", "title": "Anti-forensics techniques used by Threat Actors in the Wild", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Threat Actors employ anti-forensics techniques that obscure some of their activity and make it more difficult to determine what actions their have performed on compromised systems. Investigators need to be aware of these techniques, and be equipped with solutions (or detection ideas) to defeat the anti-forensics measures they take.", "description": "In this talk I will present the topic of anti-forensic techniques used by threat actors in the wild. I will first set the stage and introduce the audience to the basics of incident response and the reasons that this topic is important. I will then go into the technical details of common anti-forensics techniques, listing the forensic artefacts that would prove these techniques have been used.\r\nThe techniques described will include:\r\n- Log and file deletion\r\n- Log collection tampering\r\n- Bring Your Own VM\r\n- Forensic artefact deletion\r\n \r\nI will conclude the talk by stating the key takeaway which is that Threat Actors are sophisticated and can try and evade forensic analysis and detection via various methods, however this presents an opportunity to defenders: each method they use gives us additional artefacts to look for, and that looking for evidence of anti-forensics is a detection opportunity in itself.", "recording_license": "", "do_not_record": false, "persons": [{"code": "GRSPQU", "name": "Hela Lucas", "avatar": null, "biography": "Hela Lucas is an Incident Response Consultant at CrowdStrike. She spends her time helping customers investigate and recover from cybersecurity incidents.", "public_name": "Hela Lucas", "guid": "7173858f-f845-5491-aafc-8c0459580d75", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/GRSPQU/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/YZ3RT7/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/YZ3RT7/", "attachments": []}, {"guid": "4802b71d-3cba-558c-9798-24322b337f23", "code": "JQLCMJ", "id": 36454, "logo": null, "date": "2023-12-09T15:45:00+00:00", "start": "15:45", "duration": "00:45", "room": "Clappy Monkey Track", "slug": "bsides-london-2023-36454-physical-intrusion-access-un-controlled", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/JQLCMJ/", "title": "Physical Intrusion - Access Un-Controlled", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Think your access control system is protecting you and your business? You might be surprised to learn that, under-the-hood, your doors are wide open.", "description": "This talk delves into how these weaknesses, when combined with social engineering tactics, can enable attackers to infiltrate buildings, penetrate sensitive and high-risk areas, then exit undetected.\r\n\r\nWe'll expose critical issues in system integration and compliance that leave businesses dangerously exposed. Our presentation includes live demonstrations of these tactics and case studies illustrating how such vulnerabilities can be exploited in coordinated attacks. Most importantly, we'll explore effective strategies to mitigate such issuess including educating businesses about these often-overlooked threats, utilising technology and heightened awareness in thwarting low-risk but high-impact security breaches", "recording_license": "", "do_not_record": false, "persons": [{"code": "WBKMA8", "name": "Iain Parkes", "avatar": "https://sched.securitybsides.org.uk/media/avatars/WBKMA8_2W9lgOK.webp", "biography": "Currently a senior security consultant at Rootshell Security. He has over 18 years experience of the fire alarm and access control/security industry moving into penetration testing and, in particular, physical intrusion engagements in 2020. Since that time he has completed a number of physical and social engineering engagements including some internationally.", "public_name": "Iain Parkes", "guid": "3368aaf3-87f5-5ee8-b33c-8e89aac46e36", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/WBKMA8/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/JQLCMJ/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/JQLCMJ/", "attachments": []}, {"guid": "fc13bd2b-1936-5623-93dc-9b7b823747b3", "code": "KPZFLK", "id": 37867, "logo": null, "date": "2023-12-09T16:40:00+00:00", "start": "16:40", "duration": "00:45", "room": "Clappy Monkey Track", "slug": "bsides-london-2023-37867-bugs-are-shallow-finding-vulnerabilities-in-top-github-projects", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/KPZFLK/", "title": "Bugs Are Shallow: Finding Vulnerabilities in Top GitHub Projects", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Linus's law posits that \"given enough eyeballs, all bugs are shallow\". I wanted to put this to the test and efficiently find security bugs in top GitHub projects. In this talk I run through various ways of running queries over a large corpus of open source repos. We'll look at the pros and cons of using the new GitHub CodeSearch, BigQuery, grep.app, and simply ripgrepping all the cloned code on your local machine. I show how this led to a finding in the #1 most starred GitHub repo, freeCodeCamp, allowing me to gain every coding certification in a single request. The conclusion investigates how open source maintainers can benefit from this work.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "EJWTCR", "name": "Laurence Tennant", "avatar": "https://sched.securitybsides.org.uk/media/avatars/EJWTCR_mPygZxQ.webp", "biography": "Laurence is an application security consultant with a broad range of interests. He is the co-founder of CryptoHack, a popular cryptography challenge platform. He got addicted to CTFs at university and has been learning as much as he can about web, cryptography, network, and infrastructure security since then. In his spare time he loves going on cycling and hiking trips.", "public_name": "Laurence Tennant", "guid": "689a3035-0cce-53dd-9e66-b6cb9add8ada", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/EJWTCR/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/KPZFLK/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/KPZFLK/", "attachments": []}], "Track 2": [{"guid": "e88dc3c0-2a22-59fb-b52f-90915e77d3c7", "code": "7KDHYN", "id": 37903, "logo": null, "date": "2023-12-09T10:00:00+00:00", "start": "10:00", "duration": "00:45", "room": "Track 2", "slug": "bsides-london-2023-37903-security-is-key-the-vulnerabilities-of-api-security", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/7KDHYN/", "title": "Security is Key: The Vulnerabilities of API Security", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "APIs are one of the most popular development tools used today, so it is no surprise they have become a significant target for threat actors. Supported by API development tools and platforms, developers can now easily make and share APIs with others in the community.\r\n\r\nThis talk will explore the core security issues facing the API security landscape, including how, through common vulnerabilities, APIs can be misused. I will also show how not only are traditional vulnerabilities an issue, but also the attitude towards security of APIs. This will be explored through my personal experience, having found a series of exposed keys on a global API development platform. I will discuss how I found these leaked API keys, and how through communication with the company themselves, extra protection measures were put in place to ensure the security of the API development community.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "LE77D9", "name": "Joe Wrieden", "avatar": "https://sched.securitybsides.org.uk/media/avatars/LE77D9_scftKlf.webp", "biography": "Joe Wrieden is a Computer Science graduate from the University of York, who has been involved in the security sector for over three years. Over this time Joe has become fascinated with how threat actors operate, and the techniques that can be used to track cybercriminal activity. He now works as an Intelligence Analyst for Cyjax, a UK-based Cyber Threat Intelligence company, where he has found a passion for writing and presenting on cyber security topics. His research specifically focuses on following threat actor activity and the security concerns in the cryptocurrency and blockchain landscape.", "public_name": "Joe Wrieden", "guid": "125e296d-ed41-539c-a78c-6b48466bf591", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/LE77D9/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/7KDHYN/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/7KDHYN/", "attachments": []}, {"guid": "562ccc31-d822-55c4-81f3-cc9d1c1e0b7a", "code": "N7GRMV", "id": 36465, "logo": null, "date": "2023-12-09T10:55:00+00:00", "start": "10:55", "duration": "00:45", "room": "Track 2", "slug": "bsides-london-2023-36465-breaking-bad-multifactor-mfa-bypasses-and-how-to-assess-the-risks", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/N7GRMV/", "title": "Breaking Bad Multifactor: \u200b MFA bypasses and how to assess the risks\u200b", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "As multifactor authentication (MFA) has continued to gain traction in mainstream information security practices criminals are not letting any grass grow under their feet. There are many ways to approach breaking into accounts protected by MFA and this talk is designed to go into the details of how the most common MFA methods work, how they may be bypassed, and the policies and tools we can use to find the appropriate level of security for each use case. The talk includes examples of real world attacks on MFA.\r\n\r\nOf course Walter White will be assisting to deliver this messaging throughout the presentation in carefully chosen pre-recorded segments.", "description": "Multifactor authentication has been held up as a holy grail for some time among IT practitioners for heading off phishing attacks at the past, but it is no magical talisman. It is just another tool to impose costs on attackers and often comes with it's own problems. This talk will explain the modern types of multifactor authentication and how they work. This will let us analyse their weaknesses and we can explore how criminals have been bypassing each technique.\r\n\r\nThe final part of the presentation will propose some possible approaches to minimising the dangers and explore policies, technologies and monitoring to most effectively use advanced identity management to secure most organisations.", "recording_license": "", "do_not_record": false, "persons": [{"code": "9NGEVP", "name": "Chester Wisniewski", "avatar": "https://sched.securitybsides.org.uk/media/avatars/9NGEVP_qCxq6mS.webp", "biography": "Chester Wisniewski is Director, Global Field CTO at Sophos. With more than 25 years of security experience, his interest in security and privacy first peaked while learning to hack from bulletin board text files in the 1980s, and has since been a lifelong pursuit.\u202f\r\n\r\nChester works with Sophos X-Ops researchers around the world to understand the latest trends, research and criminal behaviors. This perspective helps advance the industry's understanding of evolving threats, attacker behaviors and effective security defenses. Having worked in product management and sales engineering roles earlier in his career, this knowledge enables him to help organizations design enterprise-scale defense strategies and consult on security planning with some of the largest global brands.", "public_name": "Chester Wisniewski", "guid": "7e7209a7-04f7-53b4-a278-634b0a951f44", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/9NGEVP/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/N7GRMV/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/N7GRMV/", "attachments": []}, {"guid": "54bb9a9e-b57c-52ea-9c43-2d07432e55c4", "code": "LCGABU", "id": 37470, "logo": null, "date": "2023-12-09T13:55:00+00:00", "start": "13:55", "duration": "00:45", "room": "Track 2", "slug": "bsides-london-2023-37470-elevate-conquer-a-journey-into-kernel-exploitation", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/LCGABU/", "title": "Elevate & Conquer: A Journey Into Kernel Exploitation", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Bring Your Own Vulnerable Driver (BYOVD) has become an extremely popular attack technique seen in the wild. Even ransomware groups are using it to blind Endpoint Detection & Response (EDR), dump protected credentials from memory, erase their own traces, and all sorts of other juicy things you can do in the Windows kernel. But why bring your own vulnerable driver when you can use those already installed?\r\n\r\nIn this talk we\u2019ll share our journey of exploiting a critical zero-day vulnerability that we found VPN software, used by more than 40.000 organisations world-wide. After a recap on kernel drivers, we\u2019ll reveal how anyone in the audience can find vulnerabilities like these on live systems. Furthermore, we\u2019ll share our abuse path to exploit the vulnerability. We'll reveal several techniques you can use to overcome typical restrictions when exploiting kernel drivers. We\u2019ll show you how we applied these techniques to build an exploit that we use in red teaming engagements. Lastly, we demo the exploitation of the vulnerability on a target system, resulting in SYSTEM privileges.\r\n\r\nThe talk is accompanied by the first-hand public release of the exploit, in the form of a Cobalt Strike (CS) Beacon Object File (BOF). Additionally, we\u2019ll publish a blog post that includes all technical details.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "7K8KD7", "name": "Tijme Gommers", "avatar": "https://sched.securitybsides.org.uk/media/avatars/7K8KD7_oC6rvIo.webp", "biography": "Tijme is Product Lead Adversary Simulation in a red team. In his role, he facilitates red team operators with the tools needed to simulate APT\u2019s as accurately as possible. He spends most of his time on cyber security research. Over the past years, this research mainly focused on Adversary Tactics and Red Team Operations. Furthermore, with his polyglot software engineering background, he works on the development of current exploit code and malware, used to simulate APT\u2019s penetrating target organisations. One of his latest projects is KernelMii , an open-source Cobalt Strike (CS) Beacon Object File (BOF) for kernel exploitation.", "public_name": "Tijme Gommers", "guid": "6b036d7f-e26f-5248-9c3a-8acf6622c591", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/7K8KD7/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/LCGABU/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/LCGABU/", "attachments": []}, {"guid": "5924a7d2-b4cb-5958-9173-4962ed6513bb", "code": "9SWMET", "id": 37827, "logo": null, "date": "2023-12-09T14:50:00+00:00", "start": "14:50", "duration": "00:45", "room": "Track 2", "slug": "bsides-london-2023-37827-decentralization-mo-systems-mo-bridges-mo-comms-mo-problems", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/9SWMET/", "title": "Decentralization: Mo' Systems, Mo' Bridges, Mo' Comms, ... Mo' Problems?", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Over the last few years, decentralization has become an ever larger talking point. Behind the snake oil-ish veneer of many decentralization projects - as well as the significant increase in bad actors, greed and malice - still resides a foundational concept of the Internet: \"Giving people the ability to do things with more freedom\". \r\n\r\nI want to address the big question of \"Is decentralization a good thing?\", and consider how it manifests nowadays, what the major issues with it are, and how it makes our lives as security professionals just \"a little more complicated\".\r\n\r\nSpoilers: The answer is \"it depends\".", "description": "The world has recently seen several pushes for the decentralization of various core aspects of our lives, be it finance, social networks, the communication of information among many others. Decentralization is a means to build an Internet that does not rely as much on big corporations and governments.\r\n\r\nBut beyond many big and empty promises, we have to ask ourselves \"Is decentralization a good thing?\".\r\n\r\nAlthough certain projects - such as those which make the Fediverse - are a major push towards a democratic and user-controlled internet, we still regularly see Discord instances being used as wikis and filehosting, IPFS being used for file storage, cryptocurrencies being used for money loss and fraud, and more fun things (/s).\r\n\r\nAs people with an interest - professional or not - in cybersecurity and tech in general, we have to ask ourselves how much this makes our lives more complicated and how we can adjust to all these fast-paced changes... because we're already well behind the bend... and maybe we should be just a little more worried.", "recording_license": "", "do_not_record": false, "persons": [{"code": "FKDMES", "name": "Maya Boeckh", "avatar": "https://sched.securitybsides.org.uk/media/avatars/FKDMES_4BqOR53.webp", "biography": "Maya edits text files, throws some of them at interpreters and compilers, with the objective of either breaking things or fixing things... but you can't *really* be sure until it happens.\r\n\r\nThey are a cybersecurity practitioner with interest in application security as well as a software engineer, and a life-long student (just not in academia anymore... thankfully).\r\n\r\nOn the side, she helps out with communities, likes to build events and help people get their feet wet in this field we call \"cybersecurity\".", "public_name": "Maya Boeckh", "guid": "20b0b20d-d206-5bef-988a-1f46d006beca", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/FKDMES/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/9SWMET/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/9SWMET/", "attachments": []}, {"guid": "7c1503b4-aed7-544f-ae9a-7c12f70d262f", "code": "79LHJB", "id": 37898, "logo": null, "date": "2023-12-09T15:45:00+00:00", "start": "15:45", "duration": "00:45", "room": "Track 2", "slug": "bsides-london-2023-37898-scaling-detection-and-response-teams-enabling-efficient-investigations", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/79LHJB/", "title": "Scaling Detection and Response Teams - Enabling Efficient Investigations", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Help! We\u2019ve bought the latest tools, we\u2019ve got all our logs in a SIEM, we\u2019ve  tuned and tweaked our detection rules, we\u2019ve even built investigation playbooks\u2026 but we still don\u2019t have enough time to investigate all of these alerts!\r\n\r\nWith modern blue teams investigating more alerts from a wider variety of data sources than ever before, a common reason for being overwhelmed is that it just takes too long per alert for an analyst to perform a meaningful investigation. This inevitably leads to alert fatigue, lower quality investigations, missed true positives and to a detection and response service that can\u2019t scale. So, how do we combat this problem? \r\n\r\nIn this talk I\u2019ll be discussing a recent case-study of ideas and tools that were implemented in a global detection and response team to:\r\n\r\n- Empower analysts to quickly identify important contextual information during investigations\r\n- Establish shared investigative baselines between different levels of analyst experience\r\n- Automate common tasks to allow analysts to perform meaningful investigations\r\n\r\nIf you\u2019re looking for actionable takeaways that you can build into your blue team\u2019s tooling and processes to help scale your operations, then this is the talk for you!", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "VAB8KP", "name": "James Dorgan", "avatar": "https://sched.securitybsides.org.uk/media/avatars/VAB8KP_DhJzoXg.webp", "biography": "James (@FranticTyping) has over 10 years of experience working in a number of incident response, detection engineering and security engineering roles. James is currently a Principal Incident Responder within the CSIRT at Coinbase. Before joining Coinbase, James was the global continuous improvement lead in the Managed Detection and Response (MDR) team at F-Secure Countercept.", "public_name": "James Dorgan", "guid": "b1082427-2e9d-562b-a4fa-482325892801", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/VAB8KP/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/79LHJB/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/79LHJB/", "attachments": []}, {"guid": "5bed78b5-f26d-562c-a2ab-f96b23a86c5a", "code": "39V8MY", "id": 37872, "logo": null, "date": "2023-12-09T16:40:00+00:00", "start": "16:40", "duration": "00:45", "room": "Track 2", "slug": "bsides-london-2023-37872-beyond-the-code-sbom-supply-chain-security", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/39V8MY/", "title": "Beyond the Code / SBOM: Supply Chain Security", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Supply Chain security is the new buzzword of the town and everyone is gaga about it. After the executive order and SSDF / SLSA documents being released, every single vendor has added SBOM capabilities and declared the problem solved. The problem is its not solved, Supply chain security is not a new problem and sbom is not the final solution. This talk wants to throw lights on supply chain security overview and then address following points.\r\n1. How supply chain security is a age old concept.\r\n2. What has changed in last few year and how that affects this problem space\r\n3. At a broader level how SLSA / SSDF are trying to address the problem.\r\n4. What is still missing in market and what is needed to be done beyond buying tools.", "description": "We will start by exploring how software supply chain problems have existed in past already, We will then talk about sbom's what they really are and what they can do. we then focus on the shortcomings of the formats and especially where gaps occur (for example the place to record which compiler version was used to compile the code). After we have looked at sbom we will explore different scenarios where current sbom would not have helped in any ways (this includes solarwind if you are wondering)\r\nWe then explore how different bodies have attempted to tackle it from npm's trying to isolate packages, to debian trying to control central repositories, pros and cons on each side. We will then focus on how paradigm shift such as IaC and provinence tools could be of help what they can do and can't do.  \r\nwe will then conclude the talk around SSDF / SLSA as frameworks to start tackling the problems but also to give people a clear idea where tooling can help and where policies and process would be helpful. \r\n\r\nThis talk is especially useful for practitioners who want to understand what is going on and how to start looking at these frameworks to put some protection in the environment.", "recording_license": "", "do_not_record": false, "persons": [{"code": "GXZ7QS", "name": "Anant Shrivastava", "avatar": "https://sched.securitybsides.org.uk/media/avatars/GXZ7QS_qpDlkSl.webp", "biography": "Anant Shrivastava is the founder of Cyfinoid Research. He has experience in Security (both offense and defense), Development, and Operations. He has a rich history of engagement with renowned conferences as both a trainer and a speaker, including Black Hat (USA, Asia, EU), Nullcon, and c0c0n, among others. Anant leads open-source projects, notably the Tamer Platform and CodeVigilant, and curates the Hacking Archives of India. When not engaged in official work, Anant contributes to open communities with a shared goal of spreading information security knowledge, such as the null community, Garage4Hackers, hasgeek, and OWASP.", "public_name": "Anant Shrivastava", "guid": "b66dafe5-304d-5082-ac32-c5b5132c177e", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/GXZ7QS/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/39V8MY/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/39V8MY/", "attachments": []}], "Track 3": [{"guid": "b549b234-0269-51bf-8814-5f97859a6526", "code": "C39LDP", "id": 36580, "logo": null, "date": "2023-12-09T10:00:00+00:00", "start": "10:00", "duration": "00:45", "room": "Track 3", "slug": "bsides-london-2023-36580-your-friendly-neighbourhood-penguin-using-linux-and-wsl-to-stay-under-the-radar", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/C39LDP/", "title": "Your friendly neighbourhood penguin: Using Linux and WSL to stay under the radar", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Special offer, Two for one! This talk will be composed of two research topics that Mandiant conducted recently regarding evasion of EDR's. In the first talk we will go over how to bypass Linux EDRs and lessons learned during. In the second part we will discuss how Windows EDR could be bypassed using WSL.", "description": "Talk #1 - bypassing Linux EDRs \r\n\r\nEveryone is talking about Windows EDR\u2019s bypasses, but no one is talking about Linux EDR bypasses. In this talk, we will discuss the approach Mandiant took to bypass two Linux EDRs and we look into how they work, how we could identify them and tricks and tips on how to bypass them.\r\n\r\nTalk #2 -Leveraging Linux and Windows Subsystem for Linux (WSL) to avoid detection when operating in modern environments. \r\n\r\nKnowing how to use commonly available tools and platforms to avoid detection is a core skill for Red Teamers and Blue Teamers alike. This talk will focus on how to use Linux to evade detection on both Windows and Linux hosts, and will demonstrate some of the areas in which modern EDR platforms are (currently) poorly equipped to deal with this.", "recording_license": "", "do_not_record": false, "persons": [{"code": "3UY7CD", "name": "Idan Ron", "avatar": "https://sched.securitybsides.org.uk/media/avatars/3UY7CD_ZokH23W.webp", "biography": "Idan Ron is a Senior Red Team Consultant in Mandiant\u2019s U.K. office. As part of the Red Team team (also known as APT66), Idan specialises in adversary simulation, red and purple team assessments, and cloud assessments. Idan delivers proactive red team assessments to Mandiant\u2019s clients across all industries.", "public_name": "Idan Ron", "guid": "6ee4b8f8-08c8-5f90-816f-e61f7a9c7de6", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/3UY7CD/"}, {"code": "TQRCJA", "name": "Max De Lacey", "avatar": null, "biography": "Max is a security consultant within Mandiant's Red Team, regularly conducting a wide variety of Red and Purple Team operations.", "public_name": "Max De Lacey", "guid": "c0bbf450-e487-5a8a-ac05-6e37bd47499b", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/TQRCJA/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/C39LDP/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/C39LDP/", "attachments": []}, {"guid": "1a3a7c9f-5f72-503a-80cf-6f9e977a118a", "code": "8YFFBA", "id": 37567, "logo": null, "date": "2023-12-09T10:55:00+00:00", "start": "10:55", "duration": "00:45", "room": "Track 3", "slug": "bsides-london-2023-37567-connected-chaos-uncovering-router-vulnerabilities-via-cloud-api-connections", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/8YFFBA/", "title": "Connected Chaos: Uncovering Router Vulnerabilities via Cloud API Connections", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "In today's interconnected world, where routers form the backbone of our digital lives, security vulnerabilities in these devices can have far-reaching consequences. By exploring the intersection of cloud technology and router security, I will demonstrate how malicious actors can exploit these APIs to compromise home and enterprise networks.", "description": "By exploiting vulnerabilities in routers via cloud API connections, malicious actors can potentially gain unauthorized access to a company's network infrastructure. This access could enable them to eavesdrop on sensitive communications, steal valuable data, or even disrupt critical business operations. Moreover, compromising routers from the cloud can serve as a launching point for more extensive attacks, such as lateral movement within the corporate network or the deployment of ransomware. \r\n\r\nAll attacks are remotely exploitable and a result of logic flaws introduced by the web portals\u2019 developers. Those logic flaws vary from simple Insecure Direct Object References (IDORs) to self-promoting your user to platform admin.", "recording_license": "", "do_not_record": false, "persons": [{"code": "K8J3L9", "name": "Vangelis Stykas", "avatar": "https://sched.securitybsides.org.uk/media/avatars/K8J3L9_hyfh2A0.webp", "biography": "Vangelis began as a developer from Greece. Six years ago he realized that only his dog didn\u2019t have an API, so he decided to steer his focus towards security.\r\n\r\nThat led him to pursue a PhD in Web Application Security with an extra focus on machine learning. He\u2019s still actively pursuing it.\r\n\r\nHe currently applies his skills as a Chief Technology Officer at Tremau, and during his free time, Vangelis is helping start-ups secure themselves on the internet and get a leg up in security terms.\r\n\r\nHis love of a simplistic approach to hacking by exploiting vulnerable APIs led him to publish research regarding API controlling ships, smart locks, IP cameras, car alarms, EV chargers, and many other IoT devices.\r\n\r\nSince our lives are nowadays extremely cyber-dependent, his goal is to convince all companies to never neglect their API security as rush-to-market mentality is almost certain to lead to catastrophic security failure.", "public_name": "Vangelis Stykas", "guid": "78aea871-0098-591e-9630-dd644b4beca1", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/K8J3L9/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/8YFFBA/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/8YFFBA/", "attachments": []}, {"guid": "bc911406-1ba8-5c6e-aed9-86a65827ad36", "code": "JN7GE3", "id": 37796, "logo": null, "date": "2023-12-09T11:50:00+00:00", "start": "11:50", "duration": "00:45", "room": "Track 3", "slug": "bsides-london-2023-37796-oh-my-phish", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/JN7GE3/", "title": "Oh My Phish!", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Phishing remains one of the most effective attack vectors in the cybersecurity landscape. This talk sheds light on the comprehensive setup and intricacies of orchestrating a phishing campaign, dissected into distinct phases: Reconnaissance, Planning, Building, Pre-Execution, and Post-Execution. By diving deep into the attacker's mindset and methodology, participants will gain insights into how a successful phishing campaign is carried out.", "description": "Phishing is not merely sending deceptive emails; it's an art that requires meticulous planning and execution. This presentation will guide participants through the journey of a phishing campaign, emphasising each phase:\r\n\r\n1. Reconnaissance: \r\n- Dive deep into the intelligence gathering of how an attacker decodes an organisation's digital footprint.\r\n- This includes finding vital domains and subdomains, identifying third-party services in use, and pinpointing employees' email addresses and titles.\r\n- Real-world examples will demonstrate how even this information can be pieced together to form a potential attack vector.\r\n\r\n2. Planning\r\n- Move beyond mere data gathering and into the meticulous construction of a story: the pre-text.\r\n- Delve into the art of designing these narratives tailored to the target organisation's specific usage, drawing inspiration directly from the reconnaissance phase.\r\n- Discussion on how attackers gauge which pretext will be most effective based on an organisation's operations and culture.\r\n \r\n3. Building\r\n- Explore the nuances of constructing a flexible and robust infrastructure, versatile enough to capture credentials and facilitate code execution.\r\n- A walkthrough within cloud infrastructure will give participants a view of this stage, shedding light on cloud-specific ideal tools and configurations for phishing endeavours.\r\n- Discussion on how to get around modern defences in place.\r\n\r\n4. Pre-Execution\r\n- Emphasise the significance of trial runs, which can spell the difference between success and failure.\r\n- Delve into metrics that offer insights into the viability of the planned attack: are emails delivered as intended? Do they pique the recipient's interest?\r\n- Explore techniques to sidestep potential pitfalls, such as prematurely flagged domains or IP addresses.\r\n\r\n5. Post-Execution\r\n- Discover what techniques have historically been most effective, and the lessons learned from failed attempts.\r\n- Emphasise the iterative nature of phishing campaigns, and how constant feedback and adaptation are pivotal to an attacker\u2019s success.", "recording_license": "", "do_not_record": false, "persons": [{"code": "FJ7U7E", "name": "Dhruv Bisani", "avatar": "https://sched.securitybsides.org.uk/media/avatars/FJ7U7E_uek6AEx.webp", "biography": "Dhruv is an experienced cybersecurity professional with a key interest in leading & delivering Adversarial Attack (Red/Purple Team) simulations. He formerly established & served as the Head of the Red Team at Resillion and is about to start as the Head of Adversarial Simulations for a UK Bank. \r\n\r\nOver the last few years, Dhruv\u2019s core focus has been on developing the red team capability at Resillion, while focusing on testing less common environments such as MacOS. He has successfully delivered advanced attack simulations across a range of sectors including finance, healthcare, legal, and retail. Dhruv possesses extensive experience in executing projects under the UK CBEST/TBEST schemes. Dhruv\u2019s role encompasses a wide array of responsibilities such as recruitment, training, overseeing sales/finances, as well as enhancing technical methodologies and processes.", "public_name": "Dhruv Bisani", "guid": "dbb489c7-14cf-5c49-b66c-2d2c41c35600", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/FJ7U7E/"}, {"code": "ZMRF7R", "name": "Theram", "avatar": "https://sched.securitybsides.org.uk/media/avatars/ZMRF7R_gOmARw7.webp", "biography": "Theram is a red teamer at Resillion, a global cybersecurity firm, where he has orchestrated and executed a wide array of red and purple team operations. In his role, Theram specialises in crafting sophisticated phishing campaigns to target small-medium sized businesses and mature organisations alike, across industries ranging from banking and finance, to legal and healthcare. Eager to push boundaries, Theram has lately delved into researching initial access techniques, with a spotlight on mastering the intricacies of phishing. Amongst other industry certifications, Theram currently holds the OSEP, OSCP and CRTO.", "public_name": "Theram", "guid": "e6125a11-35b8-52d6-a383-13b1fa0123fd", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/ZMRF7R/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/JN7GE3/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/JN7GE3/", "attachments": []}, {"guid": "0cc84f6c-cd43-5a55-9011-1bc1b453e4f8", "code": "JQZZDG", "id": 37875, "logo": null, "date": "2023-12-09T13:55:00+00:00", "start": "13:55", "duration": "00:45", "room": "Track 3", "slug": "bsides-london-2023-37875-soc-adventurez-in-tietw", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/JQZZDG/", "title": "Soc Adventurez In TiETW", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "A golden goose of Microsoft and a secret weapon in a defenders world... Yet what is it, and how does it work? How can we use it to detect evil when my EDR does not? This talk aims to look at the practical (ab)uses, drawbacks, and considerations presented within the Microsoft Threat Intelligence Event Tracing for Windows Log provider, contextualized to a SOC environment running on Microsoft's Defender for Endpoint.", "description": "The Windows Threat Intelligence Provider is a log provider used by Microsoft and EDR vendors as part of the Microsoft Virus Initiative, providing information on APIs that are known to be potentially abused for malicious behaviour such as during process injection. Unlike in user land, monitoring of these calls takes place in the kernel, preventing any old attacker from the usual routines of patching, unhooking, and going about their business without kernel tampering.\r\n\r\nThis talk has a heavy focus on using Microsoft Defender for Endpoint with additional toolsets and related telemetry to piece together logging data returned from Defender and the TiEtw Provider, comparing them, and then writing detections that beat out default EDR analysis and thresholds by putting the data directly in the hands of those who know the environment the best, the SOC.\r\n\r\nThere will be discussion on current drawbacks and issues with both provider and MDE implementations, including cat and mouse evasion mechanisms that could be employed.", "recording_license": "", "do_not_record": false, "persons": [{"code": "MASVQA", "name": "Luke Jones", "avatar": "https://sched.securitybsides.org.uk/media/avatars/MASVQA_5CScltk.webp", "biography": "A blue security person and aspiring maker and breaker of all the things, with interests from DFIR to DevOps. Currently architecting and implementing solutions to challenges in security operations and beyond for three years.", "public_name": "Luke Jones", "guid": "7ff0cbae-ed51-57db-866a-d56e38a84c05", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/MASVQA/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/JQZZDG/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/JQZZDG/", "attachments": []}, {"guid": "2b4a67dc-f931-5e5e-bf12-8ee0cdb4658a", "code": "FU39L3", "id": 37916, "logo": null, "date": "2023-12-09T14:50:00+00:00", "start": "14:50", "duration": "00:45", "room": "Track 3", "slug": "bsides-london-2023-37916-breaking-the-cloud-a-tale-of-3-breaches", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/FU39L3/", "title": "Breaking the Cloud: A Tale of 3 Breaches!", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "It would be a surprise if most people in 2023 are either already working or about to work on securing applications hosted on Public/Private cloud providers. However, a lot are primarily working on putting CIS Benchmark, NIST mapping,  NCSC Cyber Essentials mapping,etc to their Cloud to secure them. This leaves a gap for how a malicious actor is working their way through a cloud account once compromised and how can a blue team detect them in their environment. The best way to do this is to learn from what's already happened aka cloud breaches.\r\n\r\nThis talk will start with a walkthrough of how malicious actors approach a cloud environment that has gaps which can lead to. Followed by what are the low hanging fruits that malicious attackers check for in your cloud environments for and how a lot of organisations are managing security risk in a multi-cloud world along with where the security gaps that is the responsibility of the cloud customer to manage.", "description": "This talk is for folks who want:\r\n- to see how malicious actors behave in AWS cloud environment\r\n- Understand the potential threat landscape of their cloud environment (Spoiler:It's not a Zero day)\r\n- to learn about security gaps in AWS that need to be filled by cloud customers\r\n- to ask their burning Cloud Security question to an experienced Cloud Security Practitioner and Trainer", "recording_license": "", "do_not_record": false, "persons": [{"code": "EGC9PF", "name": "Ashish Rajan", "avatar": null, "biography": "Ashish has over 13+yrs experience in the CyberSecurity industry with the last 7 focussing primarily helping Enterprise with managing security risk at scale in Cloud first world and was the CISO of a global Cloud First Tech company in his last role. Ashish is also a Keynote speaker and host of the wildly popular Cloud Security Podcast, a SANS Trainer for Cloud Security and an outspoken opinion leader on all things Cloud Security & DevSecOps. He is a frequent contributor on topics related to public cloud transformation, Cloud Security, DevSecOps, Security Leadership, Future Tech and the associated security challenges for practitioners and CISOs.", "public_name": "Ashish Rajan", "guid": "6267fd55-9807-577b-9728-4acf841a8f2f", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/EGC9PF/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/FU39L3/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/FU39L3/", "attachments": []}, {"guid": "b695d08b-6fbc-5147-8715-0f2d8678441f", "code": "KEFBBU", "id": 36494, "logo": null, "date": "2023-12-09T15:45:00+00:00", "start": "15:45", "duration": "00:45", "room": "Track 3", "slug": "bsides-london-2023-36494-slightly-sosl-ed-locating-and-testing-sosl-injection", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/KEFBBU/", "title": "Slightly SOSL'ed - Locating and Testing SOSL Injection", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "The Salesforce platform allows a platform-specific vulnerability, known as SOSL injection. While conceptually similar to SQL injection, testing and exploitation requires different payloads and different approaches.\r\nIn light of the lack of online documentation, and a distinct lack of online examples or tutorials, this talk will explain the issue and its consequences. It will illustrate some working methods for detecting and confirming the existence of the vulnerability within a website, showing different payloads useful payloads for detection and exploitation, before explaining the consequences for a vulnerable site and how to fix occurrences of the issue.", "description": "A web search for \"SOSL Injection\" typically returns one or two pages explaining that SOSL injection exists (and no other information), along with a horde of largely irrelevant results for SOQL injection.\r\nThe initial issues that I encountered when testing Salesforce applications were that SOSL injection seems to be largely invisible to web fuzzers (or at least, not noticeable) and that there were no write-ups online to show how to test for it, or what an exploit looks like, etc.\r\nI'm hoping to rectify this by making this information more widely available and providing details on how to identify and test for the issue.\r\n\r\nTalk Outline\r\n------------\r\n\r\n1. Introduction/whoami\r\n2. What is SOSL?\r\n3. What is SOSL Injection?\r\n4. Where Will I Find it?\r\n5. Testing for SOSL Injection:\r\n\ta) How and Where to Find it\r\n\tb) Investigation and Verification\r\n\tc) Exploitation\r\n6. Conclusions", "recording_license": "", "do_not_record": false, "persons": [{"code": "9K8QQD", "name": "Nick Dunn", "avatar": "https://sched.securitybsides.org.uk/media/avatars/9K8QQD_dOmtcA9.webp", "biography": "Coming from a background of software development and architecture, I spent a few years as software developer, architect, team lead, working in secure software for the financial sector\r\nI moved into security consultancy, fisrt as an in-house penetration tester and code reviewer in online gambling, before moving into security consultancy and working on code review, penetration testing, threat modelling, and automating security testing with new tools, scripts, etc.", "public_name": "Nick Dunn", "guid": "1fcaf23c-1c71-536f-b56f-1f068a414e22", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/9K8QQD/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/KEFBBU/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/KEFBBU/", "attachments": []}, {"guid": "9930d4eb-203e-58e9-afc4-27adf0ae54cf", "code": "LRML9Q", "id": 37780, "logo": null, "date": "2023-12-09T16:40:00+00:00", "start": "16:40", "duration": "00:45", "room": "Track 3", "slug": "bsides-london-2023-37780-automated-wargaming-of-a-chemical-plant", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/LRML9Q/", "title": "Automated wargaming of a Chemical Plant", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "With chemical plant contributing $5.4 trillion to the global economy annually, and the control systems having an average age of 20 years, the prospect of a full or partial breach by threat actors is of great concern to owners, customers and wider stakeholders (the latter including anyone downwind).\r\n\r\nWe cover the development of chemical plant and their control systems, some historical attacks and incidents involving chemical plant and their impacts, and what existing Laws already cover how plant safety and cybersecurity should be considered. We then delve into using Adversarial Reinforcement Learning to both develop new ways for the Red Team to attack, modelling both different threat actor capabilities and intents - with the Blue Team attempting to identify, respond to and recover from attacks. With the plant we tested, the Red Team enjoyed a decided advantage at forcing plant shutdown - particularly if given fine-grained control - leaving operators with just under three minutes to respond.", "description": "This talk is suited for engineers of all stripes. A brief amount of mathematical theory will be taught along the way, but attendees should bring own HAZMAT or HEV suit. The speaker has only been involved in an industrial lawsuit once, you'll probably be fine.", "recording_license": "", "do_not_record": false, "persons": [{"code": "7UCJKK", "name": "Martyn", "avatar": "https://sched.securitybsides.org.uk/media/avatars/7UCJKK_5zEnSKx.webp", "biography": "Now a doctoral researcher at Brunel University and security analyst at ThreatSpike Labs, martyn studied materials science and metallurgy and worked in the chemicals industry across various parts of the UK, mainly writing Excel macros, before moving into infosec.", "public_name": "Martyn", "guid": "04568525-b603-5d04-819c-074df00c68e2", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/7UCJKK/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/LRML9Q/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/LRML9Q/", "attachments": []}], "Rookie track": [{"guid": "72b181e0-3715-5a60-b24e-900a0993e6a2", "code": "KKBLFN", "id": 36450, "logo": null, "date": "2023-12-09T10:00:00+00:00", "start": "10:00", "duration": "00:15", "room": "Rookie track", "slug": "bsides-london-2023-36450-xs-leaks-client-side-attacks-in-a-post-xss-world", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/KKBLFN/", "title": "XS-Leaks: Client-Side Attacks in a Post-XSS World", "subtitle": "", "track": null, "type": "Rookies track", "language": "en", "abstract": "The web platform's openness and composability provide many benefits. Yet, the ability for websites to interact with each other has provided many opportunities for attacks that abuse the core principles of the web.\r\n\r\nWith the evolution of web frameworks and browsers, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) have become increasingly rare. In response, researchers have found new ways to reveal sensitive information about users, giving rise to a new class of vulnerabilities known as XS-Leaks.\r\n\r\nXS-Leaks abuse interactions between websites to leak sensitive information about users. Among other things, this includes leaking the user's visit history, leaking the content of a cross-site page, and leaking response status codes in order to de-anonymize a user on the web. In certain cases, this allows a cross-origin site to perform an XS-Search, where characters in a search query are brute-forced to find a query with valid results.\r\n\r\nFor example, an HTML injection without XSS can be weaponized to leak response status codes of API endpoints, and browser behaviour when approaching the browser's URL length limit can be used to leak 302 redirects.\r\n\r\nIn this talk, we will explore various XS-Leak techniques that exist in 2023, their mitigations, and some bypasses.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "ML3FN9", "name": "Zeyu (Zayne) Zhang", "avatar": "https://sched.securitybsides.org.uk/media/avatars/ML3FN9_40bC6Yh.webp", "biography": "Zayne is a Computer Science student at the University of Cambridge. He is an avid security researcher and CTF player. He holds industry certificates such as the OSWE and OSCP, and has previously worked in TikTok's security team. In his free time, he hunts for bugs on the HackerOne platform, and plays CTFs with Blue Water, one of the top global CTF teams.\r\n\r\nPrevious talks he has given include [HTTP Request Smuggling in the Multiverse of Parsing Flaws](https://infosec.zeyu2001.com/2022/http-request-smuggling-in-the-multiverse-of-parsing-flaws) at BSides Singapore 2022.", "public_name": "Zeyu (Zayne) Zhang", "guid": "e2065a76-24ff-5dd1-8575-0ad29eaa7ab5", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/ML3FN9/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/KKBLFN/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/KKBLFN/", "attachments": []}, {"guid": "d3be584f-40ac-5ae3-8590-12bdb7683251", "code": "ALENWW", "id": 37552, "logo": null, "date": "2023-12-09T10:20:00+00:00", "start": "10:20", "duration": "00:15", "room": "Rookie track", "slug": "bsides-london-2023-37552-the-simple-approach-to-security-risk-management", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/ALENWW/", "title": "The simple approach to security risk management", "subtitle": "", "track": null, "type": "Rookies track", "language": "en", "abstract": "The main aim of security risk management is to identify and describe a potential risk in such way that key stakeholders fully understand with a shared remit to either accepting or treating the risk.\r\nAll too often, this process is misunderstood and/or overcomplicated.\r\nThe premise of this rookie presentation will aim to provide a simple approach to security risk management because simple is better and this will be my first presentation.", "description": "", "recording_license": "", "do_not_record": true, "persons": [{"code": "VEUZML", "name": "Asher Selman", "avatar": null, "biography": "Senior IT Security Analyst", "public_name": "Asher Selman", "guid": "b217c311-478a-5c90-9787-63113f8d008a", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/VEUZML/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/ALENWW/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/ALENWW/", "attachments": []}, {"guid": "346f3b63-edf9-5553-a159-692fb9f3c7a0", "code": "CFFQLQ", "id": 36653, "logo": null, "date": "2023-12-09T10:40:00+00:00", "start": "10:40", "duration": "00:15", "room": "Rookie track", "slug": "bsides-london-2023-36653-exploring-the-dark-web-forums-markets-and-scam-insights", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/CFFQLQ/", "title": "Exploring the Dark Web: Forums, Markets, and Scam Insights", "subtitle": "", "track": null, "type": "Rookies track", "language": "en", "abstract": "Are you interested in learning more about the dark web? If so, this rookie track talk could be just what you're looking for! I will showcase my  findings about different dark web forums, marketplaces and talk about the scams that you can encounter there. During this talk you will learn why the dark web is still useful. You sure do not want to miss a great opportunity to learn more about the dark web.", "description": "This talk will be an introduction about dark web forums, dark web markets and scams present on the dark web 2023:\r\n- Forums - Get an insight into what dark web users are talking about on different forums available on the dark web. \r\n- Markets - I will share some of my wildest findings on marketplaces on the dark web. You will be surprised at what sort of things are for sale on the dark web.\r\n- Common Scams - Get a chance to learn more about the latest scams that are coming from the dark web. You can also get an insight into how the scam operates and catch it before it's too late.\r\nDuring this talk you will learn why dark web intelligence is increasingly being leveraged by intelligence teams, threat hunters, law enforcements, and more.", "recording_license": "", "do_not_record": false, "persons": [{"code": "3DHKCX", "name": "Stefan Bargan", "avatar": "https://sched.securitybsides.org.uk/media/avatars/3DHKCX_hgfs28u.webp", "biography": "Pursuing MSc in Cybercrime & Security | Cybersecurity Writer | Threat Intelligence Analyst Intern", "public_name": "Stefan Bargan", "guid": "7ed4661f-4ca4-52f5-924d-13d4624c382e", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/3DHKCX/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/CFFQLQ/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/CFFQLQ/", "attachments": []}, {"guid": "fa4abeff-8e4f-558a-a620-464fb3f88dd1", "code": "FSPCYT", "id": 36957, "logo": null, "date": "2023-12-09T11:00:00+00:00", "start": "11:00", "duration": "00:15", "room": "Rookie track", "slug": "bsides-london-2023-36957-a-talk-about-cross-site-scripting-xss-in-2023-the-mitigated-unmitigated-vulnerability", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/FSPCYT/", "title": "A talk about Cross-Site Scripting (XSS) in 2023? The mitigated unmitigated vulnerability.", "subtitle": "", "track": null, "type": "Rookies track", "language": "en", "abstract": "Despite the multiple mitigations available to defend against Cross-Site Scripting (XSS) attacks, it remains a common vulnerability in 2023. This presentation aims to provide testers with a few methodological considerations when examining web applications for XSS vulnerabilities. Examples will be inspired by real life security assessments. The presentation will then conclude with a suggested layered defence-in-depth approach to mitigating XSS attacks.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "GQLGSY", "name": "Val Resh", "avatar": null, "biography": "Cybersecurity professional with a background in Marketing and Software Development.", "public_name": "Val Resh", "guid": "5116d67d-f851-5394-bbd9-7a4cb03fd681", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/GQLGSY/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/FSPCYT/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/FSPCYT/", "attachments": []}, {"guid": "77f842b1-8a5c-51eb-a56e-88446259ed86", "code": "DGYXJL", "id": 37116, "logo": null, "date": "2023-12-09T11:20:00+00:00", "start": "11:20", "duration": "00:15", "room": "Rookie track", "slug": "bsides-london-2023-37116-in-space-everyone-can-hear-your-downlink", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/DGYXJL/", "title": "In space; everyone can hear your downlink", "subtitle": "", "track": null, "type": "Rookies track", "language": "en", "abstract": "Satellite eavesdropping on a budget with a further look at the current state of space hacking vectors, and actors.", "description": "Overview of earth-space communications, protocols and attacks with full instructions on creating your own ground station (on a budget). We will explore various legal methods of transmitting to satellites with HAM radio (including the ISS!) as well as a quick breakdown of where the space-cyber industry is today.", "recording_license": "", "do_not_record": false, "persons": [{"code": "YU9TEN", "name": "minus", "avatar": "https://sched.securitybsides.org.uk/media/avatars/YU9TEN_wAtkyWf.webp", "biography": "Electronics, radio, Linux and cyber", "public_name": "minus", "guid": "6f7e401d-232f-55d5-8ae5-4ff403776aa1", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/YU9TEN/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/DGYXJL/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/DGYXJL/", "attachments": []}, {"guid": "0c36d466-ae4b-5442-84a1-9e33474cccff", "code": "HGWCCE", "id": 37163, "logo": null, "date": "2023-12-09T11:40:00+00:00", "start": "11:40", "duration": "00:15", "room": "Rookie track", "slug": "bsides-london-2023-37163-red-teaming-on-critical-infrastructure", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/HGWCCE/", "title": "Red Teaming on Critical Infrastructure", "subtitle": "", "track": null, "type": "Rookies track", "language": "en", "abstract": "This presentation will delve into the critical practice of red teaming within the realm of safeguarding our critical infrastructure. As the threat of cyber attacks on these vital systems continues to escalate, their potential consequences for society and the economy are increasingly severe. Red teaming, an innovative simulation-based approach, has emerged as an indispensable tool for uncovering vulnerabilities within these systems and shoring up defenses. Through real-world examples and case studies, we will explore the practical usage and tangible benefits of red teaming exercises. By the conclusion of this presentation, attendees will not only grasp how red teaming can significantly enhance the security of critical infrastructure but also gain actionable insights into staying one step ahead of Advanced Persistent Threats (APTs).", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "WQBXUP", "name": "Granit Beka", "avatar": "https://sched.securitybsides.org.uk/media/avatars/WQBXUP_rSqu0cC.webp", "biography": "Specializing in penetration testing and red teaming, Granit has a track record of assessing and enhancing the security of complex infrastructures. His commitment to staying at the forefront of cybersecurity ensures he consistently delivers superior measures to safeguard organizations against evolving threats and vulnerabilities.\r\n\r\nIn a dynamic digital landscape, Granit's dedication to cybersecurity remains unwavering, making him a trusted guardian of critical information and systems. His career is a testament to his passion for cybersecurity and commitment to ensuring the safety of enterprises and individuals in an ever-changing world.", "public_name": "Granit Beka", "guid": "beab827b-e9db-5639-b83e-3dc953f93e3d", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/WQBXUP/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/HGWCCE/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/HGWCCE/", "attachments": []}, {"guid": "44bb447d-0b43-5f42-b14d-d5a6986e359b", "code": "7GKPWR", "id": 37193, "logo": null, "date": "2023-12-09T12:00:00+00:00", "start": "12:00", "duration": "00:15", "room": "Rookie track", "slug": "bsides-london-2023-37193-an-abridged-history-of-malware", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/7GKPWR/", "title": "An Abridged History of Malware", "subtitle": "", "track": null, "type": "Rookies track", "language": "en", "abstract": "In the immortal words of David Byrne, well... how did we get here? \r\n\r\nThis talk will be a look at 74 years of malware history, from John von Neumann's first proposals for self-replicating automata to the present day. We'll cover the ground-breaking, the destructive, the infectious, and the funniest.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "SCRQDA", "name": "Olivia Betts", "avatar": null, "biography": "A computer science student from York. They're known to enjoy Wikipedia rabbit holes and data protection standards", "public_name": "Olivia Betts", "guid": "33f88549-6a4d-5ac9-a5c7-cdd46b3b5b74", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/SCRQDA/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/7GKPWR/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/7GKPWR/", "attachments": []}, {"guid": "4a4d1395-fe4c-5dfb-a54d-6c17a3ac5008", "code": "AEBJUW", "id": 37914, "logo": null, "date": "2023-12-09T12:20:00+00:00", "start": "12:20", "duration": "00:15", "room": "Rookie track", "slug": "bsides-london-2023-37914-cloudy-with-a-chance-of-security", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/AEBJUW/", "title": "Cloudy with a chance of security", "subtitle": "", "track": null, "type": "Rookies track", "language": "en", "abstract": "In this electrifying session, we'll delve into the mystifying fog surrounding businesses' massive shift toward cloud migration. Brace yourself as we scrutinize the age-old debate: Is the cloud always the silver lining, or does on-premises have its own unique thunder? We'll navigate the treacherous storms of cloud attacks, from sneaky access control breaches to misplaced trust in cloud service providers. Discover the aftermath of these attacks: compliance nightmares, reputational tremors, and the struggle to rebuild. Fear not, for we shall also unveil the arsenal of security measures, from powerful IAM controls to vigilant resource monitoring. Join us, and let's secure the future of cloud together!", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "VYUBTD", "name": "Sascha Bharath", "avatar": "https://sched.securitybsides.org.uk/media/avatars/VYUBTD_2tCLINA.webp", "biography": "Hi I'm Sascha, a Computer Science student with a star-crossed love for Cyber Security! Besides my fondness of technology, languages and cookies, I love to learn new things and get stuck in wherever the opportunity arises!", "public_name": "Sascha Bharath", "guid": "3a5bc63e-3137-5ea1-aca6-7fd132f9e958", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/VYUBTD/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/AEBJUW/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/AEBJUW/", "attachments": []}, {"guid": "9d47c0fb-fbf5-507d-8d96-dc1579636751", "code": "J3XVKQ", "id": 37858, "logo": null, "date": "2023-12-09T12:40:00+00:00", "start": "12:40", "duration": "00:15", "room": "Rookie track", "slug": "bsides-london-2023-37858-wires-gone-rogue-iot-security-at-the-cable-level", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/J3XVKQ/", "title": "Wires gone Rogue: IoT security at the cable level", "subtitle": "", "track": null, "type": "Rookies track", "language": "en", "abstract": "Cabled IoT devices are now everywhere around us and due to the lack of regulations and standards regarding installation and cable security in the UK, many of these cables are left vulnerable...", "description": "This presentation will highlight the vulnerabilities associated with poor cabling practices for both domestic and commercial infrastructure, while offering some effective mitigations with an end goal of raising awareness to the lack of attention given to the cabling world; potentially inspiring organisations to take a second look at their own infrastructure.", "recording_license": "", "do_not_record": false, "persons": [{"code": "JQGMEK", "name": "Aunart Grajqevci", "avatar": "https://sched.securitybsides.org.uk/media/avatars/JQGMEK_n4nxOXT.webp", "biography": "Aunart Grajqevci is a third year Cyber Security student at Manchester Metropolitan University, with particular interests in network security and AI.\r\n\r\nIn his spare time, he works towards achieving the top 1% on TryHackMe and gaining industry professional qualifications such as Cisco Certified Support Technician (CCST).", "public_name": "Aunart Grajqevci", "guid": "d27db0b0-35ce-5747-a45c-37563fda08ec", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/JQGMEK/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/J3XVKQ/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/J3XVKQ/", "attachments": []}, {"guid": "cd79d9f5-1899-5b11-b058-2793c6c2aba5", "code": "NAN877", "id": 37901, "logo": null, "date": "2023-12-09T13:40:00+00:00", "start": "13:40", "duration": "00:15", "room": "Rookie track", "slug": "bsides-london-2023-37901-the-non-inclusivity-of-infosec-my-experience", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/NAN877/", "title": "The (Non)inclusivity of InfoSec - My Experience", "subtitle": "", "track": null, "type": "Rookies track", "language": "en", "abstract": "It\u2019s 2023 and we are still talking about equal opportunities and inclusion. For the best part of 12 months, I have been actively seeking my first Sales role in Cybersecurity with little success. The sector is frequently self proclaimed to be under-skilled with a talent gap in addition to it being an ever rapidly evolving industry. Despite having almost 8 years experience working in sales as an Estate Agent and a passion for InfoSec, a prejudice still exists in the industry against myself and those with no prior Cyber experience. I talk about my journey from self learning the fundamentals of Cyber at home in my own time (and expense), sitting numerous calls and interviews to recently attending the International Cyber Expo in London.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "PNPGDS", "name": "Dan Ogleby", "avatar": null, "biography": null, "public_name": "Dan Ogleby", "guid": "dd470439-bf44-5c39-aac9-9d07ff5bafec", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/PNPGDS/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/NAN877/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/NAN877/", "attachments": []}, {"guid": "2bc92063-8b4f-5321-90fc-ff6415eaa530", "code": "VR9GVA", "id": 37835, "logo": null, "date": "2023-12-09T14:00:00+00:00", "start": "14:00", "duration": "00:15", "room": "Rookie track", "slug": "bsides-london-2023-37835-exploring-retail-s-cyber-threat-landscape", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/VR9GVA/", "title": "Exploring Retail\u2019s Cyber Threat Landscape", "subtitle": "", "track": null, "type": "Rookies track", "language": "en", "abstract": "The following 15-minute presentation will discuss retail\u2019s threat landscape, taking into consideration the top cyber crime trends for 2023 (AI, ecommerce fraud, and synthetic identity manipulation for example), threat actor campaigns, and a roundup of 2024 predictions for security professionals.", "description": "From a business perspective, some of the biggest challenges facing the industry require collaboration between retailers and security professionals. It is important to consider how different regions have their own customs, for example convenience and urgence for products is currently driving behaviours in the US, while Europe focuses on experience and storytelling abilities in-store and online. \r\n\r\nRetailers are investing funds into new technologies, helping offer high-quality products in different time zones, and throughout different seasons of the year, however general customer spending has declined, due to cost-of-living shifting focus away from high-value items, and more towards promotional content. \r\n\r\nRetail is not as binary as it once was pre-pandemic, where touchpoints only included a website, app, and physical store. Retailers provide multiple sales channels through ecommerce, marketplaces, and social media. \r\n\r\nThis means retail\u2019s threat landscape has widened over the last years, heightened through connectivity, integration of technology, and recent developments in AI- data analysis. As a result, threat actors are exploiting this change to compromise retailers, to gather sensitive data, and conduct financially motivated attacks.", "recording_license": "", "do_not_record": false, "persons": [{"code": "LBWZPS", "name": "Alexandra Forsyth", "avatar": "https://sched.securitybsides.org.uk/media/avatars/LBWZPS_TNXaQpY.webp", "biography": "Alexandra Forsyth is currently a Security Delivery Senior Analyst, based within the cyber threat intelligence (CTI) team at Accenture. \r\n\r\nIn her role, Alexandra is the subject matter expert for retail and consumer goods and services industries. Alexandra is responsible for conducting strategic research, analysing data and collating evidence, to facilitate threat landscape reports for relative Accenture clients, and helping deliver presentations to stakeholders highlighting recommendations based on the industry research. \u200b\r\n\r\nPrior to Accenture, Alexandra acquired the ability and enthusiasm to deliver bespoke intelligence services to clients in the cyber security space, as part of employment with a managed service provider (MSP) specialising in cyber threat intelligence. Alexandra has experience collaborating within a team, and independently on tasks pertinent to clients, supporting business as usual (BAU) operations, on-demand investigations, and open-source data gathering. \u200b", "public_name": "Alexandra Forsyth", "guid": "df27385e-a556-5921-832a-e86712f82c17", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/LBWZPS/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/VR9GVA/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/VR9GVA/", "attachments": []}, {"guid": "b32e47fa-78d2-52e4-a64f-aa68bebbff98", "code": "EDCKFC", "id": 36536, "logo": null, "date": "2023-12-09T14:20:00+00:00", "start": "14:20", "duration": "00:15", "room": "Rookie track", "slug": "bsides-london-2023-36536-game-hackers-and-you-knowledge-extraction-from-toxic-places", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/EDCKFC/", "title": "Game hackers and you: Knowledge extraction from toxic places", "subtitle": "", "track": null, "type": "Rookies track", "language": "en", "abstract": "A Cyber Threat Intelligence (CTI) focussed look at the game-hacking community and their forums, gleaning insight into how both sides of the infosec and hacking community can gain vital knowledge from sometimes toxic places.", "description": "First, a rapid-fire overview of the underground game hacking community, \r\nthe anti-cheat arms race and their connections to more organised, and criminal hacking.\r\n\r\nExploring both historic and recent releases from the underground cheating community that have gone overlooked,\r\nfrom new UEFI bootkits, massive vulnerable driver releases, the true origins of BYOVD and even un-reported zero-days.\r\n\r\nAfter exploring these forums, We will showcase the connection many of these releases have between a tool designed to cheat in a video-game,\r\nand something capable of massive destruction, hopefully illustrating their need to be understood and tracked.\r\nAlso covering how blue-teams can learn about an adversaries trade-craft before it is exploited in the wild, catching possible threats before they leave the \"game-cheat\" stage.\r\n\r\nFinishing off by teaching you some best practices, looking at some \"bad places to start\" and show that when looking at these communities,\r\nit is very easy to get lost in the sea of toxicity many of these forums and communities provide.", "recording_license": "", "do_not_record": false, "persons": [{"code": "TM7FXJ", "name": "Morgan Brazier", "avatar": "https://sched.securitybsides.org.uk/media/avatars/TM7FXJ_cIVoaT9.webp", "biography": "Hacker, researcher, student", "public_name": "Morgan Brazier", "guid": "7ff4524a-d070-5611-b930-14e3a7fc24d7", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/TM7FXJ/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/EDCKFC/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/EDCKFC/", "attachments": []}, {"guid": "8c44d206-d7bd-5271-9ca1-61232304dc87", "code": "DBDZXB", "id": 37557, "logo": null, "date": "2023-12-09T14:40:00+00:00", "start": "14:40", "duration": "00:15", "room": "Rookie track", "slug": "bsides-london-2023-37557-abusing-rwx-s-binaries-for-post-exploitation", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/DBDZXB/", "title": "Abusing RWX-S binaries for post-exploitation", "subtitle": "", "track": null, "type": "Rookies track", "language": "en", "abstract": "PE files have interesting properties that can be manipulated to achieve a variety of goals during an offensive security exercise. In particular, manipulating the 'S' bit of a section enables memory regions to be shared among processes dynamically - serving as an effective covert channel. This session aims to introduce a homegrown tool to illustrate this concept in action.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "BC8QQ3", "name": "At0m", "avatar": "https://sched.securitybsides.org.uk/media/avatars/BC8QQ3_mGEK5f3.webp", "biography": "Alex is a Senior Incident Response Analyst supporting a multinational consulting firm in the UK. Along with extensive experience in SOC operations, Alex is a proficient coder and enjoys general coding & automation projects. When not engaged in securing organisations, Alex enjoys hanging out and sampling all varieties of food.", "public_name": "At0m", "guid": "b9897d85-dfd8-59ba-8fb5-c3da1e8eb312", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/BC8QQ3/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/DBDZXB/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/DBDZXB/", "attachments": []}, {"guid": "05e4aa11-fe28-5be9-bcc0-81a011ed3ac3", "code": "99XFQ9", "id": 37570, "logo": null, "date": "2023-12-09T15:00:00+00:00", "start": "15:00", "duration": "00:15", "room": "Rookie track", "slug": "bsides-london-2023-37570-asr-fatigue-reduction-managing-attack-surface-reduction-rules", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/99XFQ9/", "title": "ASR Fatigue Reduction - Managing Attack Surface Reduction rules", "subtitle": "", "track": null, "type": "Rookies track", "language": "en", "abstract": "Using Microsoft Sentinel and LogicApps to improve manageability of Windows ASR rules", "description": "Defender Attack Surface Reduction rules are a useful way for any organisation looking to reduce paths available to a threat actor to perform attacks. However, what do you do for rules that have an impact on legitimate use cases? Microsoft have tools and reports that help assess the impact before implementing rules and these tools can also be referred to after implementation but monitoring these ad-hoc for changes in individual teams or new users requiring access can be a full-time task in itself.\r\n\r\nWhat can be done to help? Never fear the security professionals are here.\r\n\r\nFor this solution you\u2019ll need:\r\n\r\n1)\tMicrosoft Sentinel\r\n2)\tA LogicApp\r\n3)\tAn empty Fairy Liquid bottle (not really. Everyone knows they last forever and therefore it is impossible to get an empty one)", "recording_license": "", "do_not_record": true, "persons": [{"code": "9V3NVH", "name": "James Stewart", "avatar": null, "biography": "IT Security Analyst", "public_name": "James Stewart", "guid": "e4d8972d-00c1-5ee3-b57c-f888df2a2aba", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/9V3NVH/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/99XFQ9/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/99XFQ9/", "attachments": []}, {"guid": "34653076-841e-53ef-9889-a5b29100f74e", "code": "RFMEBV", "id": 37668, "logo": null, "date": "2023-12-09T15:20:00+00:00", "start": "15:20", "duration": "00:15", "room": "Rookie track", "slug": "bsides-london-2023-37668-the-art-of-cyber-deception", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/RFMEBV/", "title": "The art of cyber deception", "subtitle": "", "track": null, "type": "Rookies track", "language": "en", "abstract": "What is cyber deception? Is it simply lying on the internet, or is it something far more sophisticated? Find out the answer to these questions and more, and by the end you might be able to deceive your attackers  too!", "description": "Cyber deception represents the next paradigm of cyber defence, where one engages with their adversary much earlier in the attack lifecycle than before. By redirecting attackers towards decoy assets (whether a VM, service, or an entire subnet!), there exists immense potential to both deter attacks and gleam considerable amounts of real-time threat intelligence against would-be adversaries, including insider threats.\r\n\r\nIn this talk, we'll briefly look at what cyber deception entails, demonstrate an example or two of cyber deception campaigns, and the prerequisites for implementing an effective cyber deception scheme.", "recording_license": "", "do_not_record": false, "persons": [{"code": "ZNK7DM", "name": "Joshua Wardle", "avatar": "https://sched.securitybsides.org.uk/media/avatars/ZNK7DM_2HpyX1L.webp", "biography": "Graduate consultant at Logiq Consulting. Particularly interested in cloud security and the application of novel cyber technologies.", "public_name": "Joshua Wardle", "guid": "296476eb-3f46-5978-8563-769cb9b6b673", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/ZNK7DM/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/RFMEBV/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/RFMEBV/", "attachments": []}, {"guid": "8a26417a-6c5e-5c21-a9fd-f7e74a147db9", "code": "TWEBME", "id": 37695, "logo": null, "date": "2023-12-09T15:40:00+00:00", "start": "15:40", "duration": "00:15", "room": "Rookie track", "slug": "bsides-london-2023-37695-off-the-hinge-dating-with-osint", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/TWEBME/", "title": "Off the Hinge: Dating with OSINT", "subtitle": "", "track": null, "type": "Rookies track", "language": "en", "abstract": "Swiper, No Swiping! Utilising OSINT Tools and Techniques before you swipe right. \r\n\r\nIn 15 minutes, we will walk through real-world examples of uncovering \u201cmatches\u201d using OSINT tools, examine the correlation between Personal and Professional data, and discuss the role of social media in the corporate world.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "LX9ZEC", "name": "Taylor Rhoades", "avatar": "https://sched.securitybsides.org.uk/media/avatars/LX9ZEC_TvmiL6m.webp", "biography": "Taylor Rhoades is a cybersecurity sales leader with the past 7 years in the SIEM industry. She is currently the Senior Sales Director at Graylog.", "public_name": "Taylor Rhoades", "guid": "cd5409d4-e7e7-5ea7-a608-7dc692d03a95", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/LX9ZEC/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/TWEBME/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/TWEBME/", "attachments": []}, {"guid": "7f4ec570-f62a-5ed0-8217-8968304295bb", "code": "WWNFUN", "id": 37789, "logo": null, "date": "2023-12-09T16:00:00+00:00", "start": "16:00", "duration": "00:15", "room": "Rookie track", "slug": "bsides-london-2023-37789-ethical-hacking-navigating-the-modern-ethical-and-moral-landscape", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/WWNFUN/", "title": "Ethical Hacking: Navigating the Modern Ethical and Moral Landscape", "subtitle": "", "track": null, "type": "Rookies track", "language": "en", "abstract": "Briefly covering the essential ethical and moral elements of ethical hacking and its importance, this short presentation will provide an insight to navigating the aforemntioned aspects.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "ET8ZDK", "name": "Muhammed Aanish Butt", "avatar": "https://sched.securitybsides.org.uk/media/avatars/ET8ZDK_98r0eqy.webp", "biography": "He/Him\r\n3rd Year BSc Cyber Security\r\nTop 1% on TryHackMe\r\nEthical Enthusiast", "public_name": "Muhammed Aanish Butt", "guid": "e4e63855-c5b9-5d44-95ed-7649395f8176", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/ET8ZDK/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/WWNFUN/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/WWNFUN/", "attachments": [{"title": "Background PowerPoint", "url": "/media/bsides-london-2023/submissions/WWNFUN/resources/Presentation_RgR29rL.pptx", "type": "related"}]}, {"guid": "e9446b5b-dd57-5315-9fa7-ea2c2bdd5f89", "code": "FMNFC8", "id": 37791, "logo": null, "date": "2023-12-09T16:30:00+00:00", "start": "16:30", "duration": "00:15", "room": "Rookie track", "slug": "bsides-london-2023-37791-cyber-resilience-in-industry-4-0-strengthening-standards-and-embracing-emerging-tech", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/FMNFC8/", "title": "Cyber Resilience in Industry 4.0: Strengthening Standards and Embracing Emerging Tech", "subtitle": "", "track": null, "type": "Rookies track", "language": "en", "abstract": "With Industry 4.0's emergence, cyber threats against Critical National Infrastructure (CNI) have surged. This includes ransomware attacks, exposing technical and policy vulnerabilities. It's time to explore how standards and other existing frameworks contribute to this and how we can reduce our threat landscape with more stringent regulations to reflect our commitment to cyber resilience as a country.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "NLLSAZ", "name": "Shaza Al-Haddad", "avatar": "https://sched.securitybsides.org.uk/media/avatars/NLLSAZ_cCWbdOr.webp", "biography": "Hi, I'm Shaza, I enjoy security and reading books- probably somewhere laughing at my own jokes", "public_name": "Shaza Al-Haddad", "guid": "eca9a7b6-7957-58d4-b973-c20e9b867ebf", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/NLLSAZ/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/FMNFC8/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/FMNFC8/", "attachments": []}, {"guid": "898faab9-7b15-5a8e-98c8-66a4758df0f9", "code": "LGYAVE", "id": 36446, "logo": null, "date": "2023-12-09T16:50:00+00:00", "start": "16:50", "duration": "00:15", "room": "Rookie track", "slug": "bsides-london-2023-36446-of-microchips-and-mammals", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/LGYAVE/", "title": "Of Microchips and Mammals", "subtitle": "", "track": null, "type": "Rookies track", "language": "en", "abstract": "In this talk I walk the audience through reverse engineering how the flipper zero decodes microchip data with the help of some fluffy friends. At the end of the talk, viewers will have gained an idea of the processes and as well as tactics for overcoming the dead ends that can come with reverse engineering.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "VFCWPW", "name": "Elliott Nash", "avatar": null, "biography": "IT help desk analyst with hopes of going into infosec in the future", "public_name": "Elliott Nash", "guid": "fb2e3908-3e1f-5a24-a015-41b00649a0b8", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/VFCWPW/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/LGYAVE/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/LGYAVE/", "attachments": []}, {"guid": "c518287e-da87-55f8-90c2-543003682174", "code": "Q7ZSZH", "id": 37809, "logo": null, "date": "2023-12-09T17:10:00+00:00", "start": "17:10", "duration": "00:15", "room": "Rookie track", "slug": "bsides-london-2023-37809-devsecops-on-a-budget-building-a-secure-development-pipeline-without-breaking-the-bank", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/Q7ZSZH/", "title": "DevSecOps on a Budget: Building a Secure Development Pipeline Without Breaking the Bank", "subtitle": "", "track": null, "type": "Rookies track", "language": "en", "abstract": "A fully fledged DevSecOps pipeline can be expensive! But it doesn\u2019t need to be\u2026.\r\n\r\nIn today\u2019s cost-conscious environment we don\u2019t all have the luxury of a bottomless security budget to drop on the top of the line SaaS solutions. Join me for this talk as I take you through the process of building a robust, scaleable, and secure pipeline to bring security to the heart of your software development process. Discover practical strategies, open-source tools, and cost-effective approaches that empower your organisation to achieve DevSecOps excellence without compromising your financial health.", "description": "In this talk, we will delve into the practical aspects of implementing a DevSecOps pipeline whilst being mindful of budget constraints. With the current financial climate, not all organisations have the ability to invest in high cost SaaS solutions. This presentations will provide you with the knowledge and tools to build a highly secure development pipeline that is both robust and cost-effective.\r\n\r\nWe will cover: \r\n* Core DevSecOps Principles: An overview of the fundamental concepts of DevSecOps and why it is critical for modern software development\r\n* Assessing Security Requirements: How to determine the security needs of your organisation and projects and how to prioritise them\r\n* Tool Selection: Evaluation of open source and affordable tools and technologies to suit your security needs\r\n* Scaling for Growth: A discussion on strategies for scaling your DevSecOps pipeline as your organisation grows", "recording_license": "", "do_not_record": false, "persons": [{"code": "SVB383", "name": "Robbie Thandi", "avatar": "https://sched.securitybsides.org.uk/media/avatars/SVB383_Gnr2mU7.webp", "biography": "From his hands on experience working in cross functional teams as a full stack engineer to his theoretical knowledge gained during his studies in computer science with a specialism in cyber security, Robbie hopes to bring a unique perspective looking at the challenges faced by security teams in the modern software development world.", "public_name": "Robbie Thandi", "guid": "ba3b706a-86ae-5cb9-90d6-937d750c1b60", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/SVB383/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/Q7ZSZH/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/Q7ZSZH/", "attachments": []}], "Workshop Room 1": [{"guid": "9de86347-07b0-5ead-9679-645074193462", "code": "CBWXBU", "id": 36500, "logo": null, "date": "2023-12-09T10:00:00+00:00", "start": "10:00", "duration": "02:00", "room": "Workshop Room 1", "slug": "bsides-london-2023-36500-bytes-of-insight-yara-in-incident-response-and-malware-hunting", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/CBWXBU/", "title": "Bytes of Insight  - YARA in Incident Response and Malware Hunting", "subtitle": "", "track": null, "type": "Workshop - Short", "language": "en", "abstract": "This workshop aims to provide insights on how leveraging YARA can significantly enhance incident response and malware hunting capabilities", "description": "In this workshop, students will learn how to leverage YARA rules and the supporting ecosystem to assist in security investigations, research, and malware analysis.", "recording_license": "", "do_not_record": false, "persons": [{"code": "PEF8VK", "name": "Jinto Antony", "avatar": "https://sched.securitybsides.org.uk/media/avatars/PEF8VK_Nb1F717.webp", "biography": "With over 17 years of experience in the field of Cyber Defense (Incident Response, Security Engineering, Threat Hunting), Jinto currently working as Senior Incident Response Consultant at WithSecure (formerly known as F-Secure Business) in London, UK.", "public_name": "Jinto Antony", "guid": "8ec735bc-0d1b-5a9e-9ddb-4144d87dfe08", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/PEF8VK/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/CBWXBU/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/CBWXBU/", "attachments": []}, {"guid": "22434519-497c-5869-8de1-7c250bfd0897", "code": "8Y3EAV", "id": 37765, "logo": null, "date": "2023-12-09T13:00:00+00:00", "start": "13:00", "duration": "04:00", "room": "Workshop Room 1", "slug": "bsides-london-2023-37765-building-a-macos-red-team-playground", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/8Y3EAV/", "title": "Building a macOS Red Team playground", "subtitle": "", "track": null, "type": "Workshop - Long", "language": "en", "abstract": "With an increasing number of companies, like start-ups and fintech firms, transitioning to macOS environments, the demand for macOS red team expertise is increasing. Setting up a comprehensive and effective macOS lab environment is a critical foundation for both offensive and defensive cybersecurity professionals. We all know how important this is, either to test payloads or create new one for the next gig. \r\n\r\nHowever, the unique nature of macOS can pose challenges while simulating an environment, for those familiar with other platforms. This workshop aims to provide a guide for attendees to setup up a organisation like macOS playground (lab environment) along with AD integration to replicated organisational setup, for red teamer to get started.", "description": "In this hands-on workshop, participants will cover the following areas:\r\n\r\n- Foundation & Infrastructure - Familiarise themselves with hardware and virtualisation options compatible with macOS. We'll highlight the essentials for creating a controlled and isolated lab.\r\n\r\n- macOS Installation & Configuration - Going through the specifics of setting a virtual macOS machine along with different macOS versions, understanding the nuances of installation and configuration tailored for red team exercises.\r\n\r\n- Setting up AD (or equivalent) - Next dive into the intricacies of building a network of remotely managed mac devices using JAMF. Attendees will learn how to integrate and configure these platforms, simulating real-world enterprise settings and paving the way for sophisticated attack simulations.\r\n\r\n- Tool Integration - Understand the must-have tools and utilities for macOS red teaming. From exploitation frameworks to post-exploitation utilities, participants will integrate and optimize essential tools within the macOS ecosystem.\r\n\r\n- Practical Simulations - Following the lab setup, attendees will engage in exercises that mirror real-world red team operations on macOS specifically targeting initial access via payload based phishing.\r\n\r\nUpon completing this workshop, attendees will possess the knowledge and expertise required to deploy their macOS red team lab, providing them with a platform to get started with macOS red teaming.\r\n\r\nWorkshop requirements:\r\n- A laptop: macOS is ideal but not necessary,\r\n- An AWS account with some credits - also not necessary, if you don't have/want to use one, you can sit and enjoy the part of the workshop that involves AWS.", "recording_license": "", "do_not_record": false, "persons": [{"code": "FJ7U7E", "name": "Dhruv Bisani", "avatar": "https://sched.securitybsides.org.uk/media/avatars/FJ7U7E_uek6AEx.webp", "biography": "Dhruv is an experienced cybersecurity professional with a key interest in leading & delivering Adversarial Attack (Red/Purple Team) simulations. He formerly established & served as the Head of the Red Team at Resillion and is about to start as the Head of Adversarial Simulations for a UK Bank. \r\n\r\nOver the last few years, Dhruv\u2019s core focus has been on developing the red team capability at Resillion, while focusing on testing less common environments such as MacOS. He has successfully delivered advanced attack simulations across a range of sectors including finance, healthcare, legal, and retail. Dhruv possesses extensive experience in executing projects under the UK CBEST/TBEST schemes. Dhruv\u2019s role encompasses a wide array of responsibilities such as recruitment, training, overseeing sales/finances, as well as enhancing technical methodologies and processes.", "public_name": "Dhruv Bisani", "guid": "dbb489c7-14cf-5c49-b66c-2d2c41c35600", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/FJ7U7E/"}, {"code": "7RRWPL", "name": "Jack McBride", "avatar": "https://sched.securitybsides.org.uk/media/avatars/7RRWPL_34Gf8HC.webp", "biography": "Jack McBride is a senior red teamer at Resillion, a global cyber security services provider. In his role, Jack has managed and delivered a multitude of red and purple team engagements in seasoned Windows environments spanning multiple industry sectors, including finance, defence and government. Seeking a new challenge, he has recently made the jump into researching and breaking into macOS-based environments. In addition to being an Offensive Security MacOS Researcher (OSMR), Jack also holds the OSEP, OSWE and OSCP.", "public_name": "Jack McBride", "guid": "e159661a-a7be-59e9-a293-99d08e3a9614", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/7RRWPL/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/8Y3EAV/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/8Y3EAV/", "attachments": []}], "Workshop Room 2": [{"guid": "56f3ba08-bafb-56f9-b5f5-cb1a2a88acf0", "code": "8XA7EY", "id": 36453, "logo": null, "date": "2023-12-09T10:00:00+00:00", "start": "10:00", "duration": "02:00", "room": "Workshop Room 2", "slug": "bsides-london-2023-36453-mobile-application-pentesting-101", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/8XA7EY/", "title": "Mobile Application Pentesting 101", "subtitle": "", "track": null, "type": "Workshop - Short", "language": "en", "abstract": "Mobile Applications are some of the most widely used pieces of technology by people. However, one side of penetration testing that isn't as well known is mobile application penetration testing. \r\n\r\nIn this workshop students will be shown how to setup and proxy an android emulator, how to reverse engineer an Android application, how to bypass certificate pinning, and some basic tests they can perform against the application.", "description": "Workshop requirements:\r\n- A laptop with Android Studio installed,\r\n- Android 12/13 emulator (this is optional, but will really save time),\r\n- Web proxy (Burp or otherwise).", "recording_license": "", "do_not_record": false, "persons": [{"code": "ZRFZAY", "name": "Niall Caffrey", "avatar": "https://sched.securitybsides.org.uk/media/avatars/ZRFZAY_WOZ7jIw.webp", "biography": "Niall Caffrey is a Senior Security Consultant at Edgescan for over eight years. Specialising in a comprehensive array of security services, Niall routinely performs in-depth auditing, assessments, consulting, and penetration tests. His expertise spans a broad range of technologies, including networks, cloud infrastructure, web and mobile applications, and more. Trusted by blue-chip companies across diverse sectors - from fintech and government to insurance and medical - Niall's proficiency ensures that these organisations remain safeguarded against ever-evolving cyber threats. With a deep understanding of the nuances and intricacies of digital security, he is a pivotal asset to the Edgescan team.", "public_name": "Niall Caffrey", "guid": "dccd400b-607b-53ba-9e37-a871aa5884cb", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/ZRFZAY/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/8XA7EY/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/8XA7EY/", "attachments": []}, {"guid": "6076ed6e-8cb7-54da-beb4-b5e4a5e3e516", "code": "PKU9JY", "id": 37786, "logo": null, "date": "2023-12-09T13:00:00+00:00", "start": "13:00", "duration": "04:00", "room": "Workshop Room 2", "slug": "bsides-london-2023-37786-offensive-payment-security-101", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/PKU9JY/", "title": "Offensive Payment Security 101", "subtitle": "", "track": null, "type": "Workshop - Long", "language": "en", "abstract": "This workshop covers payment vulnerability research, issues, and attacks related to payments. We help our audience gain a better understanding of how to find vulnerabilities in payment systems while staying within the law, what are necessary skills and equipment and how to get both.", "description": "History of payments \r\nBackground \r\nPayment system\u2019 definition \r\nDeep dive into card payments \r\n- CNP and online \r\n- Magstripe \r\n- EMV and NFC \r\n- Mobile Wallets \r\n\r\nFinding vulnerabilities \r\n- Top three OTP issues \r\n- Cryptogram replay for online and CNP payments \r\n- Magstripe attacks \r\n- PIN OK attack \r\n- EMV cryptogram replay attacks \r\n- Transaction stream attacks \r\n- Cryptogram confusion\r\n\r\nPractical recommendations (bug bounty, ethics, setting up the lab for tests).\r\n\r\nWorkshop requirements:\r\n- A laptop with Linux or Windows as a host OS,\r\n- VMWare Player 17 (participants will be asked to download a VM image, this will be shared over email),\r\n- Android phone with NFC (not necessary, but a good to have),\r\n- Payment cards - preferably your own :)", "recording_license": "", "do_not_record": false, "persons": [{"code": "BTEUFM", "name": "Timur Yunusov", "avatar": "https://sched.securitybsides.org.uk/media/avatars/BTEUFM_zppTMNL.webp", "biography": "Timur Yunusov has twelve years of experience in practical security assessment and security research. Specializing in the security assessment of financial systems: online, core, and mobile banking, ATM, POS, and card processing. Expert in banking application security. One of the DEF CON Payment Village organizers.", "public_name": "Timur Yunusov", "guid": "181c6b20-60ef-5e4c-b58b-0db4c788bee7", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/BTEUFM/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/PKU9JY/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/PKU9JY/", "attachments": []}], "Workshop Room 3": [{"guid": "ef07e574-ece3-5357-9c3e-dadc71d0c4a3", "code": "MJJFXH", "id": 36514, "logo": null, "date": "2023-12-09T10:00:00+00:00", "start": "10:00", "duration": "02:00", "room": "Workshop Room 3", "slug": "bsides-london-2023-36514-purple-teaming-with-detection-as-code-for-modern-siem", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/MJJFXH/", "title": "Purple Teaming with Detection-as-Code for Modern SIEM", "subtitle": "", "track": null, "type": "Workshop - Short", "language": "en", "abstract": "One of the challenges for security teams is writing and deploying detections that generate actionable alerts with rich context while also reducing noisy alerts. This hands-on workshop will teach the fundamentals of Purple Teaming and detection-as-code to help build new detections.\r\n\r\nThis session will show how to leverage Purple team techniques to develop hypotheses for new detections and strengthen their defenses against future attacks.\r\n\r\nI will show how to use open-source offensive security tools to simulate attacks against lab infrastructure and use an investigative approach to learn and build new detections & manage them using detection-as-code principles to eliminate noise and false positives.\r\n\r\nWho should attend?\r\nThis hands-on virtual workshop is perfect for detection & security teams who are expected to develop and write detections to support new log sources, threat models, and vulnerabilities that are exploited in the wild.", "description": "One of the challenges for security teams is writing and deploying detections that generate actionable alerts with rich context while also reducing noisy alerts. This hands-on workshop will teach the fundamentals of Purple Teaming and detection-as-code to help build new detections.\r\n\r\nThis session will show how to leverage Purple team techniques to develop hypotheses for new detections and strengthen their defenses against future attacks.\r\n\r\nI will show how to use open-source offensive security tools to simulate attacks against lab infrastructure and use an investigative approach to learn and build new detections & manage them using detection-as-code principles to eliminate noise and false positives.\r\n\r\nWho should attend?\r\nThis hands-on virtual workshop is perfect for detection & security teams who are expected to develop and write detections to support new log sources, threat models, and vulnerabilities that are exploited in the wild.", "recording_license": "", "do_not_record": false, "persons": [{"code": "DFPTCB", "name": "Ken Westin", "avatar": "https://sched.securitybsides.org.uk/media/avatars/DFPTCB_DDfKcyO.webp", "biography": "Ken Westin is currently Field CISO at Panther and has been in the cybersecurity field for over 15 years, working with companies to improve their security posture through threat hunting, insider threat programs, and vulnerability research. In the past, he has worked closely with law enforcement helping to unveil organized crime groups. His work has been featured in Wired, Forbes, New York Times, Good Morning America, and others, and is regularly reached out to as an expert in cybersecurity, cybercrime, and surveillance.\r\n\r\nKen lives in Oregon in the United States and  splits his time between a house in the woods near Portland and a beach shack on the Coast with his wife, son, and two dogs. He holds a BA from Lewis & Clark College, a graduate degree from the University of Portsmouth UK, and several security certifications. He is a self-professed guitar and record hoarder and amateur musician.", "public_name": "Ken Westin", "guid": "7c1e283e-d83d-5981-99c8-c9f66974cb38", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/DFPTCB/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/MJJFXH/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/MJJFXH/", "attachments": []}, {"guid": "115b7bc4-487e-519d-bde8-62cf21233dad", "code": "RWJLZD", "id": 36572, "logo": null, "date": "2023-12-09T13:00:00+00:00", "start": "13:00", "duration": "04:00", "room": "Workshop Room 3", "slug": "bsides-london-2023-36572-container-security-and-hacking-with-docker-and-kubernetes", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/RWJLZD/", "title": "Container Security and Hacking with Docker and Kubernetes", "subtitle": "", "track": null, "type": "Workshop - Long", "language": "en", "abstract": "This hands-on workshop aims to give you an understanding of the security features and pitfalls of modern containerization tools like Docker and Kubernetes. We\u2019ll cover a range of topics to build up a picture of the security options available and show practical examples of attack and defence on containerized systems.\r\n\r\nThere will be hands-on labs covering common attacks on Docker, Docker containers and Kubernetes clusters.\r\n\r\nPrerequisites \u2013 Familiarity with basic Docker commands and Linux command line use will be helpful, but we\u2019ll provide step-by-step instructions for people who are less familiar with them.", "description": "Workshop requirements:\r\n- A laptop with a web browser that does not have strict filtering in place (e.g. no white-list only corporate proxies) and an SSH client.", "recording_license": "", "do_not_record": false, "persons": [{"code": "QRKASG", "name": "Rory McCune", "avatar": "https://sched.securitybsides.org.uk/media/avatars/QRKASG_ohc24Sd.webp", "biography": "Rory has worked in the Information and IT Security arena for the last 23 years in a variety of roles in information security and penetration testing. These days he spends his work time on container and cloud native security. He is an active member of the container security community having delivered presentations at a variety of IT and Information security conferences. He has also presented at major containerization conferences and is an author of the CIS Benchmarks for Docker and Kubernetes and main author of the Mastering Container Security training course which has been delivered at numerous industry conferences including Blackhat USA. When he's not working, Rory can generally be found out walking and enjoying the scenery of the Scottish highlands.", "public_name": "Rory McCune", "guid": "932130e0-eda6-5fff-8661-5e8540b58106", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/QRKASG/"}, {"code": "SSGHQV", "name": "Iain Smart", "avatar": "https://sched.securitybsides.org.uk/media/avatars/SSGHQV_rIbDCsK.webp", "biography": "Iain Smart is a Principal Consultant with ControlPlane, where he performed offsec engagements against cloud-native deployments. He enjoys playing with new technologies, and if he's not hacking a Kubernetes cluster or attacking a build pipeline he can probably be found writing new home automations to annoy his family.", "public_name": "Iain Smart", "guid": "bce00314-be8a-5276-986b-a02fd689e8b8", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/SSGHQV/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/RWJLZD/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/RWJLZD/", "attachments": []}], "Workshop Room 4": [{"guid": "308d9827-8dab-5a8c-9862-922f00da87ba", "code": "D7PWXN", "id": 37383, "logo": null, "date": "2023-12-09T10:00:00+00:00", "start": "10:00", "duration": "02:00", "room": "Workshop Room 4", "slug": "bsides-london-2023-37383-mastering-recon-mapping-the-external-perimeter", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/D7PWXN/", "title": "Mastering Recon: Mapping the External Perimeter", "subtitle": "", "track": null, "type": "Workshop - Short", "language": "en", "abstract": "In the rapidly evolving landscape of cybersecurity, the first step to secure or penetrate any network is reconnaissance. A poorly executed recon phase can leave you blindsided, either missing critical vulnerabilities or wasting time on irrelevant leads. This 90-minute workshop is designed to give you the tools and techniques you need for an effective reconnaissance strategy, using a real-world target for your learning.", "description": "What You Will Learn:\r\nAsset Discovery: Gain insights into different methods for identifying the critical assets of an organization, from publicly accessible host to internal assets.\r\n\r\nAttack Surface Mapping: Learn how to extend the attack surface by uncovering additional leads that could give you a significant advantage.\r\n\r\nContent Discovery: Master the art of discovering exploitable assets or endpoints by scanning through OSINT sources, scrapping web archives, GitHub and more.\r\n\r\nKey Takeaways:\r\nStrategic Approaches to Reconnaissance: Not all reconnaissance techniques are created equal. Learn how to choose the right approach for the right problem.\r\n\r\nReal-World Application: Practice what you learn in a controlled environment using a real-world target as your playground.\r\n\r\nOperational Efficiency: Improve the effectiveness of your reconnaissance, saving time and resources in your future engagements.\r\n\r\nWho Should Attend:\r\nThis workshop is ideal for security researchers, penetration testers, and network administrators interested in understanding the crucial first phase of any security assessment or engagement.\r\n\r\nPre-requisites:\r\nBasic knowledge of cybersecurity concepts and common tools used in reconnaissance is recommended but not mandatory.\r\n\r\nPerquisite \r\n- Laptop with internet access\r\n- Any modern web browser\r\n- Understanding of OWASP Top 10 Vulnerabilities", "recording_license": "", "do_not_record": false, "persons": [{"code": "MKK9JF", "name": "Ben Sadeghipour", "avatar": "https://sched.securitybsides.org.uk/media/avatars/MKK9JF_2SRyL2a.webp", "biography": "Ben Sadeghipour AKA NahamSec is a security researcher and content creator. He\u2019s currently in the top 100 for both HackerOne(25) and Bugcrowd\u2019s (95) leaderboards. He has helped identify over a thousand vulnerabilities in companies like Amazon, Apple, Airbnb, Lyft, Snapchat and more. Prior to doing content creation full time, he worked as a research and community education executive at Hadrian and HackerOne. Ben has presented many talks and workshops at cons such DEFCON, BSides, OWASP AppSec, RSA, Red Team Village, and more. He also enjoys hosting and organizing hacker meetups or virtual conferences such as NahamCon and Hacktivitycon!", "public_name": "Ben Sadeghipour", "guid": "2762f1e7-ee17-5d9e-8bce-6187b36f6a9f", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/MKK9JF/"}, {"code": "8X7YSC", "name": "Adam Langley", "avatar": "https://sched.securitybsides.org.uk/media/avatars/8X7YSC_H1nA8cE.webp", "biography": "Worked in the realms of web development and web application security for the past 20 years. I create educational content such as interactive labs, Capture The Flag (CTF) Events and gamified learning experiences.", "public_name": "Adam Langley", "guid": "548f4587-d6ae-5702-97a4-2106fd04438e", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/8X7YSC/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/D7PWXN/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/D7PWXN/", "attachments": []}, {"guid": "f7bfb959-5b8c-56f3-9bbf-95c289c96287", "code": "FCEMTW", "id": 37023, "logo": null, "date": "2023-12-09T13:00:00+00:00", "start": "13:00", "duration": "04:00", "room": "Workshop Room 4", "slug": "bsides-london-2023-37023-scaling-your-appsec-program-with-secure-defaults", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/FCEMTW/", "title": "Scaling your AppSec Program with Secure Defaults", "subtitle": "", "track": null, "type": "Workshop - Long", "language": "en", "abstract": "The software security industry is shifting left. Traditional security tools have failed to address the challenges of modern engineering teams as they often are too slow, overwhelm users with false positives, and do not provide sufficient remediation help. As a result, they do not ultimately raise a company\u2019s security bar.\r\n\r\nIn this workshop we will focus on hands-on exercises, supported by research results to teach participants how to use Semgrep by taking a different approach to security, called paved road or secure defaults.", "description": "### Content overview\r\n- Why code scanning is useful\r\n- Intro to Semgrep\r\n- Rule writing (Hands on)\r\n- Code scanning best practices\r\n- Adding Semgrep to CI (Hands on)\r\n- Semgrep CLI (Hands on)\r\n- Advanced Semgrep features\r\n- Taint mode (Hands on)\r\n- Secure Defaults\r\n- Guardrail rules (Hands on)\r\n- Remediation guidance research\r\n- Autofix rules (Hands on)\r\n- Bring your own code (Hands on)\r\n- Q&A\r\n\r\nWorkshop requirements:\r\n- A laptop with a web browser,\r\n- Not required, but may be helpful to have Semgrep installed locally (see https://semgrep.dev/docs/getting-started/#installing-and-running-semgrep-locally).", "recording_license": "", "do_not_record": false, "persons": [{"code": "RWFC9Y", "name": "Claudio Merloni", "avatar": "https://sched.securitybsides.org.uk/media/avatars/RWFC9Y_TLFV8vM.webp", "biography": "Claudio is a veteran security expert. After completing his Master in Computer Engineering at the Politecnico di Milano University, he started a now more than 15 years long journey in the security space. Security consultant first, then moving through different roles, from technical sales engineering to security research and product engineering. This has allowed him to experience application security from a variety of perspectives.\r\nHe fell in love with static source code analysis early on and spent most of his career working with, and on, the leading static analysis solutions.\r\nHe\u2019s now leading the security research team at Semgrep and trying to make the world a safer place, one rule at a time.\r\nIn his free time he enjoys doing way too many things. If he had to pick up four: synthesizer nerd, avid runner, beginner Go player, foreign languages enthusiast.", "public_name": "Claudio Merloni", "guid": "e422e873-0400-5957-9330-ebc05dd32835", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/RWFC9Y/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/FCEMTW/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/FCEMTW/", "attachments": []}], "Workshop Room 5": [{"guid": "767ab968-7890-51e4-a743-746f6a79d4af", "code": "QHLC73", "id": 36511, "logo": null, "date": "2023-12-09T10:00:00+00:00", "start": "10:00", "duration": "02:00", "room": "Workshop Room 5", "slug": "bsides-london-2023-36511-keep-your-enemies-closer-how-to-profile-and-track-threat-actors", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/QHLC73/", "title": "Keep Your Enemies Closer: How to Profile and Track Threat Actors", "subtitle": "", "track": null, "type": "Workshop - Short", "language": "en", "abstract": "Have you ever wanted to learn more about cyber threat intelligence and hunting threat actors? In this workshop, Will Thomas, a professional CTI researcher who hunts threat actors for a living, will walk participants through the fundamentals of creating threat actor profiles. This workshop will involve using a template developed by Will Thomas and Freddy M called the \u2018Threat Actor Profile Guide for CTI Analysts\u2019. The guide was originally created for the Curated Intelligence trust group, an international community of over 150 CTI analysts and is used by many on a daily basis.", "description": "This is a 2 hour workshop that will include a brief welcome introduction talk to cyber threat intelligence and threat actor profiling. \r\n\r\nFor the rest of the workshop's duration, participants will then be introduced to each section of the threat actor profile template and advised on how best to fill that part out given various sources of intelligence.\r\n\r\nThe final result will be a completed threat actor profile of a real-world adversary attacking organizations. The best threat actor profiles created by participants will be featured in the workshop's GitHub repo.\r\n\r\nWorkshop requirements:\r\n- A laptop and a Discord account - a Discord server will be set up for the duration of the workshop.", "recording_license": "", "do_not_record": true, "persons": [{"code": "7JVEPQ", "name": "Will Thomas", "avatar": "https://sched.securitybsides.org.uk/media/avatars/7JVEPQ_DW8YYXx.webp", "biography": "Will Thomas (aka @BushidoToken) has been a security researcher for over 4 years and has had his work featured by several well-known publications such as The Telegraph, VICE Motherboard, CyberScoop, BleepingComputer, TheRecord, TheRegister, and InfosecurityMag, among others. He is currently a CTI researcher and threat hunter at the Equinix Threat Analysis Center (ETAC) and is the co-author of the SANS FOR589: Cybercrime Intelligence course. He has previously appeared on Darknet Diaries (Ep 126) and has spoken at multiple conferences, such as NCSC Response22, DTX Europe, BSides Cheltenham, and BSides Basingstoke.", "public_name": "Will Thomas", "guid": "6a5e4ec3-e6fc-5b4b-b3de-f64ff8d4e30c", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/7JVEPQ/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/QHLC73/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/QHLC73/", "attachments": []}, {"guid": "7172f305-690e-5629-8237-be839f22f4a7", "code": "R9M9BG", "id": 36798, "logo": null, "date": "2023-12-09T13:00:00+00:00", "start": "13:00", "duration": "04:00", "room": "Workshop Room 5", "slug": "bsides-london-2023-36798-email-detection-engineering-and-threat-hunting", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/R9M9BG/", "title": "Email Detection Engineering and Threat Hunting", "subtitle": "", "track": null, "type": "Workshop - Long", "language": "en", "abstract": "Email remains the #1 initial access vector for commodity malware and nation state actors. Historically, tackling email-based threats has been considered the purview of black-box vendor solutions, with defenders having limited scope (or tooling!) to swiftly and effectively respond to novel offensive tradecraft.\r\n\r\nIn this training, attendees will be given detailed insight into the latest techniques used to deliver prevalent malware strains, including QakBot and Emotet, and will hunt through email data to identify this malicious activity, developing rules to detect and block these attacks.\r\n\r\nInitially attendees will be introduced to the foundational technologies that enable threat hunting and detection engineering in the email domain, before being given access to the email data of a fictitious company seeded with benign and real-world attack data.\r\n\r\nAttendees will be guided through the rule creation process, utilizing free and open detection engines including Sublime and Yara, and will be introduced to the signals that can be used to craft high-fidelity rules, including sentiment analysis, domain age, and attachment analysis. Having completed the training, attendees will have a strong understanding of the tools and techniques at their disposal to defend their organizations from all manor of email threats.", "description": "Email remains the #1 initial access vector for commodity malware and nation state actors. Historically, tackling email-based threats has been considered the purview of black-box vendor solutions, with defenders having limited scope (or tooling!) to swiftly and effectively respond to emerging attacker activity and novel offensive tradecraft.\r\n\r\nIn this training, attendees will be given detailed insight into the latest techniques used to deliver prevalent malware strains, including QakBot and Emotet, and will hunt through email data to identify this malicious activity, developing rules to detect and block these attacks.\r\n\r\nInitially attendees will be introduced to the foundational technologies that enable threat hunting, detection engineering, and response in the email domain, before being given access to the email data of a fictitious company seeded with benign and real-world attack data. Throughout the day, participants will learn to hunt common phishing techniques including:\r\n\r\n    - VIP Impersonations\r\n    - HTML smuggling via links/attachments\r\n    - Malicious VBA macros\r\n    - Lookalike / homoglyph attacks\r\n    - Credential phishing\r\n    - Password protected archives\r\n    - Exploits (e.g. CVE-2023-23397, CVE-2021-40444)\r\n    - Fake invoices (Geek Squad)\r\n\r\nAttendees will be guided through the rule creation process, utilizing free and open detection engines including Sublime and Yara, and will be introduced to the signals and email attributes that can be used to craft high-fidelity rules, including targeted user groups, sentiment analysis, sender domain age, and attachment analysis. Having completed the training, attendees will have a strong understanding of the tools and techniques at their disposal to defend their organizations from all manor of email threats.\r\n\r\nWorkshop requirements:\r\n- A laptop with a browser.", "recording_license": "", "do_not_record": false, "persons": [{"code": "FL3EMT", "name": "Josh Kamdjou", "avatar": "https://sched.securitybsides.org.uk/media/avatars/FL3EMT_aCSmeiz.webp", "biography": "Josh has been doing offensive security-related things for the past 12 years. He's spent most of his professional career breaking into networks via spear-phishing and other methods, and building software for both the public (Department of Defense) and private sectors. Josh is the Founder and CEO of Sublime Security, and in his private life enjoys weight lifting, Martial Arts, soccer, and spending time with his niece and nephew.", "public_name": "Josh Kamdjou", "guid": "afbbc91c-f40d-5e2f-aa61-47f7b7a93ad1", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/FL3EMT/"}, {"code": "UWHEFR", "name": "Alfie Champion", "avatar": "https://sched.securitybsides.org.uk/media/avatars/UWHEFR_eAW4CHH.webp", "biography": "Alfie is a founder of delivr.to and specialises in the delivery of attack detection and adversary emulation services. He actively contributes educational content, tooling and blogs to further the industry. He has previously worked with organisations across multiple industry verticals to uplift and validate their detective capability through red or purple team engagements, and now leads the global adversary emulation function at a FTSE 250 company. He has previously spoken at BlackHat, DEF CON, RSA and Blue Team Con.", "public_name": "Alfie Champion", "guid": "f85a4230-be3d-58a0-9af1-3974e4bda1c1", "url": "https://sched.securitybsides.org.uk/bsides-london-2023/speaker/UWHEFR/"}], "links": [], "feedback_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/R9M9BG/feedback/", "origin_url": "https://sched.securitybsides.org.uk/bsides-london-2023/talk/R9M9BG/", "attachments": []}]}}]}}}