BSides Cambridge Programme

Page 1

DOMAINNAMESTUPIDITY

THISTALKDEMONSTRATESALARGEHOLEININTERNALSECURITY,BASEDONTESTSPERFORMEDONAWIDE VARIETYOFCLIENTS.TOOOFTEN,DNSISOVERLOOKED,ANDIMPROPERLOGGINGANDMONITORINGLEADSTOA

PLETHORAOFATTACKVECTORS.THISTALKWILLALSODEMOANEWTOOL,WHICHABUSESDNSLOOKUPSOF ARBITRARY(NONEATTACKERCONTROLLED)DOMAINSTOPROVEDANGEROUSEXFILTRATIONATTACKSARE

POSSIBLEAGAINSTEVENTHEMOSTSECUREOFNETWORKS.BETTER,ITALSOSHOWSSOMENOVELWAYSOF

FIXINGTHISISSUEONLARGESCALENETWORKS.HOPEFULLYUSEFULLYFORREDANDBLUEALIKE.

THEOSINTKILLCHAIN

WEWILLINGLYSHAREIMMENSEPERSONALINFORMATIONABOUTOURSELVESONLINEDISREGARDINGTHE CONSEQUENCESOFSUCHACTIONS.PRIVACYISNOWAWORDWEBOUNDAROUNDWHILSTSIMULTANEOUSLY SHARINGWITHTHEWORLDEVERYASPECTOFOURLIVESWITHNOSECONDTHOUGHT.SOCIALMEDIA,PUBLIC DATABASESANDBREACHDUMPSAREATREASURETROVEOFINFORMATION.FROMACCOUNTTAKEOVERS, TARGETEDPHISHINGCAMPAIGNS,FRAUD,STALKINGANDBLACKMAILWE’LLSEEHOWTHREATACTORSCAN PUTTHEJIGSAWPIECESABOUTUSTOGETHERTOCREATEADETAILEDATTACKPROFILE.

THISISATHOUGHTPROVOKINGLOOKATHOWMUCHPERSONALINFORMATIONWESHAREANDEXPLORATORY LOOKATHOWTHISCANBEUSEDINTARGETEDCAMPAIGNS.DURINGTHETALKATTENDEESWILLLEARNWHAT TYPEOFPERSONALINFORMATIONISATTAINABLEBYOSINT.WORKFLOWOFANINVESTIGATIONINTOATARGET (USINGMYSELFASANEXAMPLE)SCENARIOSOFHOWTHREATACTORSCOULDUTILISETHISDATAWITHREAL WORLDEXAMPLES.

LIAMFOLLIN SECURITYCONSULTANT
SAMMACDONALD SECURITYCONSULTANT 10:30AM-11:00AM
9:30AM-10:30AM

DUDECHECKYOURPRIVILEGE!:PRIVILEGEDACCOUNTMANAGEMENTSOLUTIONSAND

HOWTHEYCOULDEITHERBECOMEYOURBESTIEORTOTALLYRUINYOURDAY.

ALTHOUGHPAMSOLUTIONSAREUNABLETOPROTECTANORGANIZATIONJUSTBYTHEMSELVES,THEYDEFINITELYPLAYAN IMPORTANTPARTWHENITCOMESTOSECURITYCONTROLS.ADISCUSSIONOFHOWBESTPRACTICESCANPROVIDEADEFENSEIN DEPTHLAYERORHANDATTACKERSTHEKEYSTOTHEKINGDOMONASILVERPLATTER.INTHISTALK,IWILLDISCUSSBEST PRACTICESFORUTILIZINGPAMSOLUTIONSTOENHANCEOVERALLSECURITYANDAVOIDINADVERTENTLYEXPOSINGSENSITIVE ASSETSTOATTACKERS.OUTLINE:-WHOAMI-THEBOOKOFSAND(SHORTSTORYTOBREAKTHEICE.WHENSOMETHINGCOULDBE HARMFUL,YOUHAVETOKEEPITSAFESOITCAN’TBEMISUSED).-WHAT’SAPAM-WHATDOWENEEDTHEMFOR?-CLOUDVSON PREM-ADDITIONALFEATURES-COMMONUSECASES-HOWAPAMPLAYEDAROLEINTHEUBERHACK.-CORECOMPONENTSOFA PAM-DOSANDDONT'S-ONECOMMONMISCONCEPTIONABOUTPAMSFINALNOTES:ENUMERATEYOURASSETS:MOREASSETS= BIGGERTARGETBIGGERTARGET=BIGGERCHANCESOFYOUGETTINGCOMPROMISEDNO,SERIOUSLY.ENUMERATEYOURASSETS (HARDCODEDPASSWORDSDISASTER).ESTABLISHAGOODROTATIONPOLICY(EXPLAINWHYTHISISIMPORTANTANDWHYLACKOF THISPRACTICEISAPENTESTER’STEENAGEDREAMCOMETRUE).REVIEWPERMISSIONS(EVERYORGANIZATIONISDIFFERENT).DON’T EXCLUSIVELYRELYONYOURPAMSOLUTIONTOSAVETHEDAY(DEFENSEINDEPTH,PROVIDEEXAMPLES).

11:00AM-12:00PM

ARETHOSELASTHIGHPRIVILEGEHASHESSTILLELUDINGYOUAFTERYOU’VEEXHAUSTEDYOURUSUAL ATTACKS?INTHISTALKWE’LLLOOKATSOMECREATIVEANDUNORTHODOXPASSWORDCRACKING TECHNIQUESANDATTACKCHAINSTHAT’LLENABLEYOUTOATTACKLONGERPASSWORDS,DELIMITED PASSPHRASES,EMOJISANDEVENUSINGHASHESTOCRACKHASHES!WE’LLALSOEXPLORESOMELESSER KNOWNRULEINSERTIONTECHNIQUES,ASWELLASWAYSTOIDENTIFYREDUNDANTANDNON-EXECUTING RULESTHATWILLHELPOPTIMISEYOURATTACKS.

13:00PM-13:55PM

PWNINGFORPLAINTEXT:AHASHCAT2.0ADVENTURE
WILLHUNT CO-FOUNDERATIN,SECURITY
MELINAPHILLIPS OFFENSIVESECURITYENGINEER IIIATGCI

CVSSHASABADREPUTATION.BUTIFEELDIFFERENTLY.WHENUSEDCORRECTLYITCANBECOMEAN INCREDIBLYHELPFULTOOL.INTHISTALKIWILLDISCUSSSOMEOFTHECOMMONMISTAKESORGANISATIONSDO WHENITCOMESTOCVSS,SOMEOFTHETHINGSTHATORGANISATIONSSHOULDDOASWELL.IWILLALSOCOVER THENEWCVSSVERSION(VERSION4)THATISDUETOWARDSTHEENDOFTHEYEAR.FINALLYIWILLALSOCOVER OTHERSOURCESTHATCANBEUSEDINCONJUNCTIONWITHCVSSSCORINGTOHELPFORMABETTERPICTUREOF

THEACTUALRISKTHATAVULNERABILITYPOSESTOANORGANISATION.

SEANWRIGHT

PRINCIPALAPPLICATION

SECURITYENGINEERAT

FEATURESPACE

14:00PM-15:00PM

SLIPPINGTHENET:QAKBOT,EMOTETANDDEFENSEEVASION

QAKBOTANDEMOTETHAVEACLEARWAYONTOSYSTEMSVIAEMAILANDAGOALINMINDONCETHEYARE THERE,BUTTHEYARECONSTANTLYTWEAKINGTHESTEPSINBETWEEN.WEWILLLOOKATABRIEFHISTORYOF BOTHGROUPSANDRECENTEXAMPLESOFHOWTHEYIMPLEMENTDEFENSEEVASIONINTHEIRATTACK CHAINS.

CIANHEASLEY

THREATTEAMLEADAT

ADARMASECURITY

15:05PM-16:00PM

CVSSISSH*T!ORISIT?

HARNESSINGTHEPOWEROFCOLLABORATION:BUILDINGASTRONGER

CYBERSECURITYCOMMUNITYFORASAFERDIGITALFUTURE

THISTALKISTOEMPHASISETHECRITICALIMPORTANCEOFCOMMUNITYANDCOLLABORATIONONAGLOBAL SCALEFORTHREATINTELLIGENCEANDTHECYBERSECURITYCOMMUNITY.ITHIGHLIGHTSTHEESCALATING CYBERTHREATSWEFACEANDEMPHASISESTHENEEDFORUNITYANDTEAMWORKTOCOMBATTHESE CHALLENGESEFFECTIVELY.THETALKEXPLORESTHEBENEFITSOFCOMMUNITYANDCOLLABORATION, INCLUDINGENHANCEDTHREATINTELLIGENCECAPABILITIES,FOSTERINGINNOVATION,BUILDINGRESILIENCE, ANDPROMOTINGSHAREDRESPONSIBILITY.THEAUDIENCEWILLGAININSIGHTSINTOTHEPOWEROFWORKING

TOGETHERTOCREATEASAFERDIGITALFUTURE.

BSIDESCAMBRIDGE:CHOOSEYOUROWNTALK

CAREERADVICE,WARSTORIES,OPINIONSANDINTERACTION.THISTALKGIVESTHEAUDIENCETHEABILITYTO CHOOSEFROMSEVERALTOPICS(9+)FORANINTERACTIVETALKONTHOSETOPICS:WILLAISTEALMYJOB? WHATTOWEARTOWORK,WORSTINCIDENTEVER,WHATTHEHELLISRISKANDWHYDOPEOPLEKEEPGOING ONABOUTIT,,REDTEAMORBLUETEAMDEGREESANDCERTS-AHIRINGMANAGERSPERSPECTIVE,FAVOURITE TOOL,INCIDENTRESPONSEPLANS-HOWMANYDOINEED,WHATMAKESAGOODSOCANALYSTHOWDOI MAKEITLIKEMEPROFITINGFROMFEARANDMISERYANDMORE(IFTHEREAREANYTHEMESORLINKSYOU’D LIKETOBEDISCUSSEDDROPMEALINE).

DAVEMCKENZIE CYBERSECURITYOPERATIONS DIRECTORATNATIONALGAS TRANSMISSION
NIKKIWEBB GLOBALCHANNELMANAGER FORCUSTODIAN360
9:45AM-10:30AM
9:30AM-9:45AM

THEDOOR'SOPEN

THERE'SALOTOFTALKABOUT'BREAKINGIN'TOCYBERSECURITY.DOZENSOFINFLUENCERS(SOMEWELL INTENTIONED,SOME...LESSSO)TALKABOUTHOWTOSTARTACAREER.THEREAREREAMSOFUNFILTEREDTIPS ANDADVICE.NEWCERTIFICATESCOMEOUTEVERYWEEK.WEEVENHAVEPEOPLECHARGINGFORMENTORING.

THISTALKISN'TPURELYACRITICALLOOKATALOTOFTHEADVICEOUTTHEREABOUTBREAKINGIN,IT'SMORE USEFULLYALOOKATHOWPEOPLEREALLYSTARTTHEIRCYBERSECURITYCAREER.THEHONESTFACTISTHAT IT'SNEITHERASHARD,NORASEASY,ASMOSTOFTHELINKEDINFLUENCERSCHASINGCLOUTCLAIM.WE'LLLOOK ATANUMBEROFPROVENMETHODS,THESHEERSCOPEOFTHECYBERSECURITYFIELD(ANDWHY,JUSTMAYBE, YOUSHOULDBELOOKINGMOREATSECURITYTHANCHASINGTHECYBERDREAM),ANDASKSOMETOUGH QUESTIONSABOUTTHEADVICEGIVENBYLINKEDINFLUENCERS.

JAMESBORE

10:45AM-11:15AM

LEVELLINGTHEEMPLOYMENTPLAYINGFIELDWITHTECHNOLOGY

MYTALKWILLBEABOUTUSINGTECHNOLOGYTOEQUALISETHEPLAYINGFIELDINTECH.WHETHERITBEAT THERECRUITMENTSTAGESORREASONABLEADJUSTMENTSFORADISADVANTAGEDEMPLOYEE.WHAT TECHNOLOGYISOUTTHERE,READYFORUSE,THATWECANTAKEADVANTAGEOFINORDERTOENSURETHE THEREARENOINEQUITIESINTECH?IT'SONETHINGTOSAYWEWANTDIVERSITYBUTWHATAREWEDOINGTO ENSURETHATOURDIVERSECANDIDATESA.BECOMEEMPLOYEES,ANDB.BECOMESUCCESSFULINTHEIR ROLE.

11:15AM-12:15PM

JENNIFERCOX SECURITYENGINEERING MANAGER,TENABLE

WHYCYBERSUCKS

FROMTERRIBLEHIRINGPRACTICES,TOUNREALISTICJDS,TOHIGHBARRIERSTOENTRYFORASPIRINGCYB PROFESSIONALS,THEFIELDOFCYBERSECURITYCANREALLYSUCK!IWANTTOHAVEAREALDISCUSSIO AROUNDSOMEOFTHEPITFALLSOFGETTINGINTOTHEINDUSTRYANDTHENDISCUSSWITHTHEAUDIENCET PERSPECTIVESANDEXPERIENCES.SLIGHTLYSARCASTIC,IRREVERENT,ANDTONGUEINCHEEK,IAMKNOW

KEITHPRICE

SECURITYLEADER

13:15PM-14:00PM

YOUDON'TNEEDACALENDARTOTELLYOUWHENTOTEST ASSETSCHANGEFARMORETHANONCEAYEAR,SOIT'STIMETODETACHSECURITYVULNERABILITIESFROM EARTH'SCELESTIALMOTIONSANDTOBREAKFREEFROMTRADITIONAL,PERIODICTESTING.THISSESSION EXPLORESTHEIMPERATIVESHIFTTOWARDSCONTINUOUSTESTING,SEVERINGTIESWITHOUTDATEDANNUAL POINT-IN-TIMEASSESSMENTS,SOYOUCANFOCUSONTESTINGTHEONLYTHINGTHATREALLYMATTERS: CHANGES.

THOMASBALLIN

CO-FOUNDERATCYTIX

14:15PM-14:30PM

WHYYOUSHOULDSTAY

AFTER10YEARSATCOALFIRE,AND20+YEARSINTHEINDUSTRY.ITSIMPORTANTTOUNDERSTANDHOWTOGET INTOTHECYBERSECURITYCOMMUNITY.HOWEVERFORMANYITSASIMPORTANTTOUNDERSTANDHOWTO STAY.THEINDUSTRYISAWASHWITHBURNOUTANDFATIGUE,CYNICSANDBOXCHECKERS.I'LLSHARESOME TIPSWITHHANGINGON,BUILDINGSOMERESILIENCE-ANDCAREERMANAGEMENTONCETHESHINEISLESS SHINY:)PIVOTINGTOLEADERSHIPANDUNDERSTANDINGPLAYINGTOYOURSTRENGTHSASASECURITY PROFESSIONAL.

AVOIDINGTHEPITFALLS:HOWNOTTOBEAREDTEAMER REDTEAMINGISANESSENTIALCOMPONENTOFMODERNCYBERSECURITY,WHERETEAMSSIMULATEATTACKS

ONANORGANISATIONTOIDENTIFYVULNERABILITIESANDSTRENGTHENDEFENCES.HOWEVER,THERED TEAMINGAPPROACHCANBEMISUSEDORCAUSEUNINTENDEDHARMIFNOTCONDUCTEDPROPERLY.INTHIS TALK,IWILLDISCUSSTHECOMMONPITFALLSTHATREDTEAMERSFACE,ANDHOWTOAVOIDTHEM.IWILL DELVEINTOTOPICSSUCHASETHICALCONSIDERATIONS,EFFECTIVECOMMUNICATION,ANDAPPROPRIATE SCOPEDEFINITION.ATTENDEESWILLGAINABETTERUNDERSTANDINGOFHOWTOCONDUCTREDTEAMING EXERCISESWITHCAREANDRESPONSIBILITY,WITHOUTCOMPROMISINGTHEINTEGRITYOFTHEORGANISATION THEYAREWORKINGWITH.

16:05PM-17:00PM

HANIMOMENINIA FOUNDEROFINVESTCYBER
ANDYBARRATT VPCYBERASSURANCE ATCOALFIRE
15:00PM-16:00PM

EXPLORINGHOWAICANHELPWITHREVERSEENGINEERINGOF APPLICATIONBINARIES

THISTALKCONSIDERSHOWAICANBELEVERAGEDTOIMPROVEREVERSEENGINEERING(ORSTATICANALYSIS)

WORKFLOWSONSTRIPPEDAND/OROBFUSCATEDBINARIES.WEBEGINWITHAGENTLEINTRODUCTIONTOA COMMONREWORKFLOW,DISCUSSHOWDIFFERENTAI/MLARCHITECTURESCANBEUSEDTOASSISTOUR ANALYSIS,ANDFINISHWITHAWORKEDEXAMPLEOFHOWTHESETECHNIQUESCANBEUSEDFORTASKSLIKE BINARYFUNCTIONIDENTIFICATION.

AIVS.HACKERS:UNMASKINGTHECYBERBATTLEOFTHEFUTURE

JOINMEATBSIDESCAMBRIDGEFORAMIND-BLOWING10-MINUTEJOURNEYINTOTHECAPTIVATINGWORLD OF"AIVS.HACKERS:UNMASKINGTHECYBERBATTLEOFTHEFUTURE."GETREADYTOBETHRILLED, ENTERTAINED,ANDENLIGHTENEDASWEEXPLORETHEINTRIGUINGINTERSECTIONOFARTIFICIAL INTELLIGENCEANDTHEMISCHIEVOUSANTICSOFHACKERS.TOGETHER,WE'LLUNRAVELTHESECRETS,UNVEIL THELATESTCYBERTRICKS,ANDDISCOVERHOWWECANTRIUMPHINTHISEXHILARATINGDIGITAL SHOWDOWN.DON'TMISSOUTONTHISELECTRIFYINGADVENTUREOFWIT,HUMOR,ANDCUTTING-EDGE CYBERSECURITY.SECUREYOURSPOTNOWANDBEPARTOFTHEFUTURE-DEFININGBATTLETHATLEAVESNO ROOMFORSECONDPLACE.

TIMONJOHNSON SECURITYCONSULTANTAT 2SECCONSULTING 9:45AM-10:00AM NATHAN SECURITYRESEARCHER 9:30AM-9:45PM

THISTALKOFFERSAUNIQUEPERSPECTIVEONTHEINTERSECTIONOFCRITICALTHINKING,AI,AND CYBERSECURITYINNOVATION,FOCUSINGONADVANCEDPERSISTENTTHREATS(APTS)CASESTUDY.IT

SHOWCASESTHEPOTENTIALOFAIANDTHEIMPORTANCEOFCRITICALTHINKINGINSHAPINGTHEFUTUREOF CYBERSECURITYRESEARCH.

ALSATIBBIT

ASSOCIATELECTURERAT

SHEFFIELDHALLAMUNIVERSITY

10:15AM-10:45AM

AIINTHESHELL:AUTOMATINGNETWORKSCANNING&REPORTINGWITHLLMS

MATTADAMS

SECURITYARCHITECT, SANTANDERUK

10:50AM-11:20AM

INTHISTALK,WEWILLEXPLORETHEINNOVATIVEINTERSECTIONOFARTIFICIALINTELLIGENCEAND CYBERSECURITY,DEMONSTRATINGHOWLANGUAGEMODELS(LLMS)CANBEHARNESSEDTOAUTOMATETHE TRADITIONALLYLABOR-INTENSIVETASKSOFNETWORKSCANNINGANDREPORTGENERATION.WEWILLDELVE INTOTHEFUNCTIONALITYOFANOVELTOOL,SCAN2REPORT,WHICHUSESLLMSTOINTERPRETNATURAL LANGUAGEDESCRIPTIONSOFDESIREDSCANS,EXECUTETHESESCANSUSINGTOOLSLIKENMAPANDNIKTO, ANDSUBSEQUENTLYGENERATECOMPREHENSIVE,HUMAN-READABLEREPORTSOFTHERESULTS.THE DISCUSSIONWILLENCOMPASSBOTHAHIGH-LEVELOVERVIEWOFHOWAI,SPECIFICALLYLLMS,CANBE APPLIEDTOCYBERSECURITYTASKS,ANDADEEPDIVEINTOTHEPRACTICALWORKINGSOFTHESCAN2REPORT TOOL.WEWILLDEMONSTRATEALIVEDEMOOFSCAN2REPORT,ILLUSTRATINGHOWITSIMPLIFIESNETWORK SCANNINGANDREPORTING,WHILEALSOPROVIDINGVALUABLEINSIGHTSFROMTHESCANS.THISTALKIS DESIGNEDFORCYBERSECURITYPROFESSIONALS,AIENTHUSIASTS,ANDANYONEINTERESTEDINTHEFUSION OFTHESETWODYNAMICFIELDS.PRIORKNOWLEDGEOFAIORCYBERSECURITYTOOLSISHELPFUL,BUTNOT REQUIRED,ASTHETALKWILLPROVIDEANUNDERSTANDINGOFTHECORECONCEPTSINVOLVED.

"DINOSAURCODESANDAIBONES:ALIGHT-HEARTEDEXPEDITIONINTO CYBER-PALEONTOLOGYFORNEXT-GENCYBERSECURITYINNOVATION"

DETECTINGNETWORKBEACONINGWITHCONVOLUTIONALNETWORKS ANDZEEKLOGS

WEWILLINTRODUCEAROBUSTAPPROACHTODETECTNETWORKBEACONINGACROSSDNS,SSL,ANDHTTP USINGZEEKLOGS.WEWILLSTARTBYANALYZINGPATTERNSEXHIBITEDBYC2FRAMEWORKSSUCHAS METERPRETER,EMPIRE,SLIVER,ORCALDERA.THEWIDERANGEOFOBSERVEDBEHAVIORSWILLMOTIVATEA MACHINELEARNINGAPPROACHTHATCONSISTSINA)GENERATINGSYNTHETICDATATHATACCOUNTSFOR DIFFERENTBEACONINGFREQUENCIES,JITTERING,ANDLATENCIES,ANDB)TRAININGACONVOLUTIONALNEURAL NETWORKTHATANALYZESTHEINTERVALSBETWEENACTIVITIES.FINALLY,WEWILLSHOWCASEREAL-WORLD DETECTIONSANDEQUIPTHEAUDIENCEWITHALLTHETOOLSNEEDEDTOAPPLYTHEAPPROACHTOTHEIRDATA.

IGNACIOARNALDO(NACHO)

DATASCIENTISTATCORELIGHT

11:30PM-12:15PM

Q&ATHEPITFALLSANDPOSSIBILITYWITHAIINCYBERSECURITY

ANOPENASKMEANYTHINGABOUTTHEIMPLICATIONSOFAIFORCYBERSECURITY

BRINGYOURQUESTIONSFORTHISINTERACTIVESESSION

CRAIGNICHOLSON CISOATCAMBRIDGEUNIVERSITY PRESSANDASSESSMENT 13:15PM-13:45PM

IKNOWU:SNIFFINGAIRTAGPROTOCOLINTOWN

LEVERAGINGOPENSOURCEHARDWAREFORBLESNIFFINGTOIDENTIFYTHEPRESENCEOFAIRTAGPROTOCOL, ANDTOENUMERATEAPPLES’SBLEUSAGE.THINKWARDRIVINGFORIOSDEVICES.

DIEGOPORRAS

13:55PM-14:30PM

CHAOSCREATEDBYDLLBEHAVIOUR-UNDERTHELENSOFASOCANALYST DLLHIJACKINGTECHNIQUESENABLETHEEXECUTIONOFMALICIOUSCODEBYMISUSINGTHETRUSTCHAINOF THEWINDOWSOPERATINGSYSTEM.USER-SPACEEXPLOITDETECTIONANDDEFENSIVEMEASURESPROVIDED BYAVANDEDRSOLUTIONSMAYNOTALWAYSBEEFFECTIVEATDETECTINGSUCHACTIVITYRIGHTOUTOFTHE BOXANDMAYNOTIMMEDIATELYSTOPTHEEXECUTIONOFUNTRUSTEDCODE.THEREARENUMEROUS EXAMPLESOFTHREATACTORSTHATHAVEBEENSEENTOLEVERAGEDLLHIJACKINGTOACHIEVETHEIR OBJECTIVES.DURINGTHESESSION,WEAREGOINGTOEXPLORESEVERALEXAMPLESTHATCHALLENGEDTHE SOCANALYST'SDECISION-MAKINGABILITYWHENVERIFYINGTHELEGITIMACYOFADLLFILE.

AMILLAPERERA SENIORSOCANALYSTATPWC 14:30PM-15:00PM

ARBITRARYCODE&FILEEXECUTIONINR/OFS–AMIWRITE?

INCONTAINERIZEDENVIRONMENTS,SUCHASKUBERNETESCLUSTERS,READ-ONLYFILESYSTEMSAREVIEWED

ASANADDITIONALLAYEROFDEFENSE,ASTHEYALLOWFORBETTERCONTROLANDMANAGEMENTOF CONTAINERIZEDAPPLICATIONS.IMMUTABLECONTAINERSARECONSISTENTANDPREDICTABLE,MAKING COMPLIANCEANDAUDITINGSIMPLER,ANDALLOWINGFORMOREACCURATETHREATDETECTION.THEYARE ALSOEASILYREPLICATEDTOENSUREHIGHAVAILABILITYANDCANBEROLLEDBACKWITHEASEWHEN NECESSARY.INTHISTALKIWILLPRESENTMYRESEARCHONBYPASSINGWRITEANDEXECUTIONRESTRICTIONS

TOULTIMATELYEXECUTEARBITRARYCODEANDEXECUTABLEFILESINREAD-ONLYFILESYSTEMS.THETHREE

METHODSIUSEDTOSUCCESSFULLYEXECUTEARBITRARYCODEWILLBECOVEREDANDDEMONSTRATEDLIVE.

WEWILLTHENCOVERWAYSTOREMEDIATETHESEATTACKSWHEREPOSSIBLEANDMONITOR&ALERTWHERE THEYARENOT.

GOLANMYERS

15:00PM-15:30PM

METHODSOFLATERALMOVEMENTUSINGWINDOWSOPENSSH

WINDOWS'RECENTPORTSOFOPENSSHALLOWSADMINSTOACCESSTHEIRWINDOWSESTATEWITHTHE SAMETOOLSASTHEIRLINUXESTATE.THISTALKWILLSHOWHOWAMISCONFIGUREDWINDOWSSSHSERVICE COMBINESTHEWORSTCASESCENARIOSOFBOTHADANDSSHANDCANEVENALLOWTHETHEFTOF PLAINTEXTDOMAINCREDENTIALS.THOSEWELL-VERSEDINACTIVEDIRECTORYEXPLOITATIONWILLSEEHOW AFEWOLDFAVOURITETECHNIQUESCANBEWEAPONISEDINANEWCONTEXT,ANDHOWTHEPARTICULAR QUIRKSOFWINDOWSOPENSSHCANMAKETHEMEVENMOREPOTENT.

SECURITYCONSULTANT, WITHSECURE
MATTLUCAS
WITHSECURE
SECURITYCONSULTANT,
15:30PM-16:00PM

DEMONSTRATINGNOVELMETHODSOFFINDINGANDEXPLOITINGEXPOSEDCLOUD

ASSETSATSCALE

THISTALKWALKSTHROUGHTHEPROCESSITOOKTOIDENTIFYMISCONFIGUREDINSTANCESOFAWSCOGNITOAT SCALE.ITALSOTALKSTHROUGHTHEIMPACTOFTHESEMISCONFIGURATIONS,WHICHCANINCLUDE UNAUTHORIZEDACCESSTOAPPLICATIONSANDTHEAWSACCOUNT.ITISAIMEDATTHOSEINTERESTEDIN ATTACKSURFACEMANAGEMENT(ASM)ANDCLOUDRESEARCHBUTISDESIGNEDTOBEACCESSIBLETOALL SKILLLEVELS.ITBEGINSWITHMYEXPERIENCELEARNINGABOUTAWSCOGNITOANDHOWITCANBE MISCONFIGURED.ITHENGOONTODESCRIBEMYTHOUGHTPROCESSBEHINDFINDINGNOVELWAYSOF ENUMERATINGCLOUDSERVICES,ANDMYFINDINGSFROMRUNNINGAUTOMATEDTOOLSBASEDONTHESE METHODS.IUTILISESEOTOOLINGANDCERTIFICATETRANSPARENCYLOGSTOPERFORMASSETDISCOVERYINA COMPLETELYNOVELWAY.IDEMONSTRATEITSEFFICACYTHROUGHACASESTUDYIDIDBYIDENTIFYING EXPLOITABLEINSTANCESOFAWSCOGNITO.THISTALKAIMSTOINCREASEINTERESTINCLOUDSECURITY RESEARCH,PARTICULARLYWITHHOWITLINKSTOASMASITPRESENTSADIFFERENTATTACKSURFACEWHICH PROVIDESRESEARCHERSNEWOPPORTUNITIESTOINNOVATE.

SHAHNOORKIANI(SN0ARLAX)
WITHSECURE
SECURITYCONSULTANT,
16:05PM-17:00PM

THEANATOMYOFATHREATHUNT:FROMARTICLETOINCIDENT. USINGTHEEXAMPLEOFASINGLETHREATWEWILLGOONAJOURNEYFROMHOWYOUFINDNEW VULNERABILITIES/IOCSBYUSINGFEEDLYANDOTHERSOURCESEFFICIENTLY,THOUGHUSINGELASTICSTACKTO SEARCHENVIRONMENTSTOFINDVULNERABILITIESWITHINACUSTOMERBASETORAISINGTHISWITHTHE CUSTOMEREFFECTIVELY.ATTENDEESWILLGETABETTERUNDERSTANDINGOFTHETHREATHUNTPROCESSAND THOSECONSIDERINGGOINGINTOTHEFIELDWILLGAINPOINTERSTOHONETHEIRSKILLS.

LORITALIESIN TSX(THREATSECURITYEXPERT) @FORTA'SALERTLOGIC 14:00PM-14:30PM

ELVISMAYNOTHAVELEFTTHEBUILDING…AIANDTHEFUTUREOF TRUSTRELATIONSHIPS,WHEREDOWEGOFROMHERE?

IGOTALLSHOOKUPWATCHINGANELVISIMPERSONATOR,ONAMERICA’SGOTTALENTANDREALISING ADVANCESINAIMEANWENEEDTOSTARTPLANNINGWHATOURTRUSTVERIFICATIONPROCESSESWILLLOOK LIKEINTHEFUTURE.IDON’THAVETHEANSWERSBUTAMPREPAREDTOASKTHEQUESTIONAREDEEPFAKE TECHNOLOGIESTHEFUTUREORJUSTTHEDEVILINDISGUISE?

JANETTEBONARLAW SENIORSPECIALISTPEOPLE CYBERRISKMANAGEMENT,THE COVENTRYBUILDINGSOCIETY
10:45AM-11:15AM

MINDTHEGOOP!

ASPEOPLEENTERTHEINDUSTRYTHEREISAWEALTHOFINFORMATIONANDGUIDANCEAVAILABLE.WHILSTTHIS ISPOSITIVEITCANBEEXTREMELYOVERWHELMING;HOWDOWEPRIORITISEWHERETOFOCUSOURATTENTION SOTHATTHEINFORMATIONSERVESUSRATHERTHANDISTRACTINGUSFROMOURJOURNEY.THISTALKWILL EXPLORETHEIMPORTANCEOFSHOWINGUPWITHAUTHENTICITYANDTRUSTINGYOURJOURNEYRATHERTHAN TRYINGTOLIVEUPTOEXPECTATIONSANDOPINIONSOFOTHERS.ITWILLALSOADDRESSWHYSAYINGNO INSTEADOFDEFAULTINGTOYESISOKANDNECESSARYFORYOURONGOINGDEVELOPMENTANDWELLBEING.

CO-FOUNDERATSHIFT

KEYCYBER

11:30AM-12:00PM

ANINTRODUCTIONTOASSEMBLYANDREVERSEENGINEERING

THISTALKWOULDBEANOVERVIEWOFHOWBASICASSEMBLYANDMEMORYWORKS,THESTRUCTUREOF PROGRAMSCOMPILEDINCANDHOWTOFOLLOWTHELOGICOFDISASSEMBLEDPROGRAMS.I’DALSOCOVER HOWTOUSETOOLSSUCHASGHIDRATODECOMPILECODEANDTOMAKETHEREVERSEENGINEERING PROCESSMOREEFFICIENT,ANDTHINGSSUCHASBUFFEROVERFLOWS,PATCHINGCODEANDRETURN ORIENTEDPROGRAMMING.

TOMBLUE

13:00PM-14:00PM

DAWNO'CONNOR

THEBALLADOFBUSTERSCRUGGSALEXPEDERSEN,AJOURNEYOF COMPLIANCEASATECHIE

“THEWILDWEST,COMPLIANCE,ANDAJOURNEYOFGETTINGANAUDITCOMPLETED.IT’SSOMETHINGMANYOF USHAVETOGOTHROUGH,BUTHOPEFULLYTHISWILLHELPGETYOUPREPARED.”

EDUCATIONVSEXPERIENCE,WHYNOTBOTH?

DEGREEAPPRENTICESHIPS.THISWOULDINCLUDEBUTNOTLIMITEDTO:HOWTHEYWORK?'EARNWHILEYOU LEARN?'WHY?ENTRYPOINTS.SUCCESSES&LOSSES.NEXTSTEPS...

CHARLIEDELLER SECURITYOPERATIONS

15:45PM-16:00PM

ALEXPEDERSEN SENIORPLATFORMSECURITY ENGINEERATFEATURESPACE
15:00PM-15:15PM
ANALYSTATFEATURESPACE
THEBALLADOFBUSTERSCRUGGSALEXPEDERSEN,AJOURNEYOF COMPLIANCEASATECHIE “THEWILDWEST,COMPLIANCE,ANDAJOURNEYOFGETTINGANAUDITCOMPLETED.IT’SSOMETHINGMANYOF USHAVETOGOTHROUGH,BUTHOPEFULLYTHISWILLHELPGETYOUPREPARED.” MOLLYELLIOTT THREATINTELLIGENCEANALYST, BAESYSTEMSDIGITAL INTELLIGENCE 16:05PM-17:00PM
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.