You are here: Home » Talks

Keynote: Gavin Millard, Tenable Network Security

The Five Stages of Security Grief
To help aid in establishing where different people are in the process of identifying the issues of information security and dealing with the problem, parallels to the famous Kübler-Ross model of grief introduced by Elisabeth Kübler-Ross in 1969 can be used. The model shows that when people deal with death, they move through a series of emotions, starting with denial and progressing through anger, bargaining, depression and acceptance. The model is used to understand how people deal with a significant negative life event, but it can also be applied to the grief and anxiety of not knowing what to do in order to protect an organization from highly motivated threat actors.

Join Gavin Millard, EMEA Technical Director of Tenable Network Security, who will guide you through the five stages of security grief, identifying indicators of each stage and advice on how to move organizations through to the acceptance.

Talk length: 60 minutes


Keynote: Stephen Tomkinson, NCC Group PLC

Abusing Blu-ray Players
Blu-ray players can do a lot more than simply play videos, and the consumer arms race between manufactures has opened up a varied attack surface. This talk takes a look at that surface from the perspective of the network and the inserted disc.

We will demonstrate a new tool released to support your own investigation of embedded network devices then go on to describe novel uses for the network exposed features on a common Blu-ray player. We’ll also look at how a Blu-ray disc can circumvent the imposed sandboxes to grant an attacker control of the underlying systems for both hardware and software players.

Talk length: 60 minutes


Alan Henderson, Abertay University

Avoid Detection: Techniques to Hide Malware
A talk which will cover how anti-virus has improved over the past 10 years, how the software detects malware using signature based detection, heuristic based detection, behavioural based detection and cloud based detection. It will then outline various techniques attackers can use to alter malware in order to bypass anti-virus products and how these techniques can be implemented. It will also briefly touch on the future of how malware could be written and also a brief section on the future of secure coding.

Talk length: 30 minutes


Dr. Jessica Barker, J L Barker ltd

Social Security
A whistle-stop tour of some of the sociological, psychological and philosophical aspects of information security. This talk uses theory, experience and funny videos to look at how individuals do (or don’t) learn and change their behaviours and what this means when it comes to one of the most pressing problems in our industry: human beings.

Talk length: 30 minutes


Adam Rapley, Abertay University

Targeted spear phishing using traditional blanket phishing methods

So, traditional blanket phishing methods are becoming fairly ineffective what with increased user knowledge about these types of attack. The things banks tell you to look for in an email is that it is addressed to you with your full name. What if we were to update all blanket phishing attacks to include personal details. You can trawl twitter for these, pastebin dumps, etc. And have it all automated.

So it takes hardly any more time than a traditional blanket phishing attack, but will likely have a greater click-through rate.

Talk length: 30 minutes


Rory McCune, NCC Group PLC

Security and “Modern” Software Deployment.

Software deployment has moved a long way from the “walk to a shop and buy a physical disk” model that was prevalent in the 90’s. These days entire systems are deployed in the blink of an eye directly from a bewildering array of sources.

This talk will look at why that might cause a problem or two from a security standpoint, where the next wave of pwnage may come from and what you can do to avoid being part of it.

Talk length: 30 minutes


Freaky Clown, Portcullis Computer Security

Robbing banks and other fun tales
An hour or so ramble through how I rob banks for a living using penetration testing techniques and social engineering.

Talk length: 60 minutes


Michael Jack, Abertay University

Comey Crypto

This talk will examine the spread of and subsequent resistance of cryptography by governments, in particular the United States. I will briefly discuss the origins of modern cryptography and follow with the events and actors of the first ‘crypto wars’ before examining the more recent revelations regarding government mass surveillance. In particular we will examine the efforts by intelligence agencies to weaken and subvert public cryptography. The talk will conclude on a slightly more positive note; how can we make mass surveillance harder and some of the mitigations we can employ.

Talk length: 60 minutes


Thom Langford, Sapient

Flushing Away Preconceptions of Risk
Risk is often seen as a dirty word in business. It is a thing that needs to be reduced to nothing, and has no possible good use in an organization, especially a security programme.

This couldn’t be further from the truth. Risk is an inherent part of any business, and yet it is often poorly recognized and leveraged in the security organisation. In this presentation Thom will look at three areas of the risk conundrum to open the veil on the elusive art of understanding and ultimately measuring risk:

The initial interpretation of risk and how it is often misunderstood.
The measurement of risk, and how some systems work and other don’t.
The effective treatment of risk, and how sometimes the obvious thing to do can be the wrong thing to do.

With the use of analogies and examples, the audience will appreciate that risk assessment, measurement and management is not always as straightforward as it might first seem. The audience will leave with a new appreciation of how risk can be leveraged for good, and not just perceived as bad

Talk length: 60 minutes


Javvad Malik, J4vv4D + Senior Analyst 451 Research

Guest to Root – How to hack your own career path and stand out
Let’s start from the beginning – I used to be a security professional, but even my boss didn’t remember my name. My brilliant ideas weren’t listened to, I was never invited to speak at conferences and not even my mother visited my blog.

In this talk, I will take you down a journey of self-discovery that helped me change over 3 years and went from another faceless security dude, to being slightly less faceless. What worked, what didn’t work and all the behind-the-curtain magic exposed. I’ll also unpick some of the strategies utilised by some of the leading security professionals in the world.

As you finish your academic lives, you want to be the person that will be sought after in the industry and make your voice heard amongst the 100s of so called rockstars and dinosaurs who get all the attention – and simply being skilled in your job is not enough.

Talk length: 60 minutes


Steve Lord, 44CON

Anonaflops: It’s part in my downfall
August Germar had an idea. What if someone took Tor and put it on a tiny pocket router device, then sold it for $50? Maybe he could sell around $10,000 worth of routers, so it’d cover the costs. Wouldn’t that be great? So off he went to kickstarter and set up a project, but it turns out that there’s a large demand for a turnkey anonymity solution. There’s only one problem. It won’t work. In the subsequent slow motion train wreck that was the project’s self-destruction, the Internet hate machine turned on Germar. Kickstarter froze the project, and poor August never got to build his router.

In this talk I discuss the issues surrounding the Anonabox project, the problems and issues that ultimately led to it’s downfall. I also walk through the process of evaluating the supplied ‘source code’, projected hardware analysis and in order to fill up the remaining time with the polar opposite of padding take people through the process of evaluating a device, through the medium of evaluating a device in front of everyone.

There will be bugs…

Talk length: 60 minutes


Graham Sutherland, Portcullis Computer Security

We don’t take kindly to your types around here!
Object Oriented Programming has been a staple part of programming for decades. From C++ to PHP, classes and objects have become a core part of the modern development paradigm. As systems have become more distributed, and as the requirement for low-complexity permanence of data has increased, serialisation has proven to be an extremely useful practice for the storage and transmission of data. However, as with all language constructs and features, there are pitfalls – many of which are practically unknown to the development community. This talk aims to explain and discuss the most common security issues relating to serialisation and deserialisation of objects in a range of modern languages, including PHP and C#. We will look at the language implementations, some common vulnerable development patterns, and some real-world examples of exploits. By the time we’re done, you’ll be all set for finding all sorts of fun bugs.

Talk length: 60 minutes


Lewis Ardern, Leeds Beckett University

Creating vulnerable systems containing dynamically allocated vulnerabilities
When students and enthusiasts start to learn security concepts; they generally learn from static boxes such as Metasploitable2, OWASP BWA, and others. These are great virtual machines that are vulnerable by design; the problem is that they are always the same, and once the vulnerabilities have been exploited, a lot of the time they won’t resurface to exploit it again. Students may also attempt to bypass the learning process by finding ‘walkthroughs’.

As part of an undergraduate final year project, working with Dr. Z. Cliffe Schreuders as supervisor, a project was proposed to create vulnerable systems containing dynamically allocated vulnerabilities. A few months later; the Security Simulator was created. Security Simulator is a Ruby application that creates customisable vulnerable virtual machines based upon a pool of allocatable vulnerabilities. This project will be used to help build the systems we are giving to our second year students to learn security concepts.

This talk will focus on explaining the technology behind Security Simulator, how it works, and the plans for the future which we will be releasing soon named Security Generator (SecGen).

Talk length: 60 minutes


Josh Harrison, Abertay University/Corax Cyber Security

Forensic Investigation of the Hadoop Distributed File System in a Simulated Data Breach Scenario
Apache Hadoop is an open source distributed architecture that allows for the storage and processing of large data sets. Distributed file systems (such as Hadoop’s HDFS) play a vital role in the Internet age as data storage demands have increased exponentially in the last decade, however the forensic procedures for data breachs in such environments are currently underdeveloped. Hadoop is designed to store large datasets (typically TB to PBs of data) across multi-node clusters in data centres. Hadoop has become a front runner both for privately run data centres (with giants such as Yahoo! running clusters with ~10,000 data nodes) and through the cloud (with companies such as Cloudera and Amazon’s EC2 offering commercial solutions for SMEs). However, the developments in distributed file systems and cloud computing have left behind digital forensics practices. There is currently no recognised forensic procedure which can be applied to Hadoop, or distributed file systems in general in such data breach scenarios.

One of the main roadblocks for a forensic examination of a distributed file system is the potential for multi-tenancy within the cloud (i.e. many company’s data being physically located on the same data node in a cluster.) This leads to legal and ethical constraints as the imaging process involved at the start of an investigation may result in the downtime of data node that leads to a loss of business not just to the affected company, but also those sharing the node. These legal concerns are a key factor and need to be stringently observed when conducting a forensic examination.

This talk will present the results of a forensic investigation into a small multi-node Hadoop cluster set up in the university. The investigation uses primarily ‘live’ acquisition techniques in order to avoid unnecessary downtime of the data nodes within the cluster. The findings and their relevance to ‘in’ cloud forensic investigations shall be discussed, with a view to recommending a suggested ‘best practice’ forensic procedure for such situations.

Talk length: 60 minutes


Jahmel Harris and Owen Evans, MWR InfoSecurity

Watch you lookin’ at?
Smart watches allow us to view notifications and other important information at a glance, removing the need to interact directly with with our smart phones. Android wearables build on top of Android, but how does it work and is our data really safe? In the talk, we’ll discuss how wearables and smartphones share information and the implications of wearing our data on our sleeves (or wrists).

Talk length: 60 minutes


Kevin Sheldrake and Steve Wilson

Embedded Tool Kit v0.1
Embedded hacking has become quite popular lately, what with the ‘Internet of Things’ capturing media attention and hackers looking for low-hanging fruit for easy wins. For a lot of the time, penetration testing of embedded devices is like hacking in the 90s because the OS often lacks modern protections such as ASLR and usually the running services were written in-house without a code review. The other significant issue with embedded devices is that they usually lack the tools required to test them and, because they aren’t running on x86, suitable versions aren’t just laying around waiting to be used. In order to do an effective and timely job, we think that a decent tool kit is required. In this presentation we will discuss the tool kit we have been building and will show off some of the tools we have written.

Talk length: 60 minutes


Barry Myles

Software radio for security testers
We are surrounded by radio systems. Some of them are big and famous, like Wifi, bluetooth or LTE. Other less famous radio systems control air handling, backup generators and door entry systems. Software radio allows attackers to cheaply interact and misuse these devices remotely. As testers we need to be able to assess the security of radio systems, so we need to be able to effectively and quickly use software radio too.

Many of these radio systems, particularly older ones, rely entirely on radio hardware being difficult to make. It is now only a python program away.

This will be an introductory level talk, explaining the basics of software radio and how to get started. It will show the steps needed to exploit a simple consumer radio device.

Talk length: 60 minutes


Dr. Grigorios Fragkos, Sysnet Global Solutions

Virtual Terminals and POS Security; How I had the chance to become a billionaire.
Very few people use cash nowadays, as most use a debit or a credit card for their everyday needs. These transactions are performed through a Point-of-Sale (POS) device or through a Virtual Terminal. All the certified POS devices and Virtual Terminal applications, make use of strong encryption and secure communication channels in order to connect to the authorisation servers, and complete the transactions. Equally, in 2014 we saw the evolution of POS-affecting malware, where some large/global organizations like Target, Home Depot, and UPS were targeted by the BlackPOS, FrameworkPOS, and Backoff respectively, ending up in millions of card details being stolen, and millions of customers being affected from identity theft and financial fraud.
Following on the above, during the presentation, a number of features (provided in POS devices as standard functionality) and the ability to misuse them during a transaction will be demonstrated. But the main focus will be on a Threat Modelling engagement, undertaken against Virtual Terminals, to explain how I could have ended up with billions in my account, without having to steal a single card number. Dr. Grigorios Fragkos, follow: @drgfragkos

Talk length: 60 minutes