These brave souls are popping their InfoSec Con cherry.. be gentle with them
How Much Are You Worth? by Kurtis Brown Abstract: A look into how I went from having $440,000 in my bank account to scoping out the cyber underworld into the late hours. I will be answering the question "How much are you worth to a cyber criminal and what do they want from you"
Run-time tools to aid application security assessments by Sasha Zivojinovic Abstract: Sasha Zivojinovic will walk you through common tracing tools and their use in day-to-day application security assessments. This talk will guide you through run-time tracing concepts and their practical applications in real world testing scenarios.
Copenhagen and Becks for Cybersecurity by Kristo Helasvuo Abstract: This talk is to introduce Copenhagen School of Security Research and Ulrich Beck in the light and for the understanding of the contemporary concept of Cybersecurity. It might also consider approaches to research the balance of cyberpower.
The Joy of Passwords by Joseph Gwynne-Jones Abstract: About the use of password, its weakness and how to improve on.
Using Configuration Management to Pivot and Persist by Robert Wallace Abstract: While configuration management tools remove the repetition and pain of updating systems, they also provide a valuable target to hackers. Using configuration management tools, a hacker can guarantee permanent access to a system and expand his control of the network. This talk will cover installing backdoors, adding users and reintroducing vulnerabilities via CFEngine and Puppet.
InfoSec is a Board responsibility by Scott MacKenzie Abstract: InfoSec as a governance issue, not just a function of an IT department. Focus on selling InfoSec to senior management. Speaking 'board talk' not 'tech talk'. Dealing with objections; these can be positives, it means your audience paid attention. Tailoring InfoSec proposals for approval by focusing on measurable benefits, highlighting risk mitigation, cost reduction, compliance with corporate objectives.
Probe to Pwn by Cam Buchanan Abstract: The aim of the talk will be to cover mobile and wireless attack methods from target identification to device compromise and everything in between. The end goal is to make the audience aware of the various attacks possible and the mitigation methods that can be put in place. Topics to be covered: - Mobile device traffic sniffing - Rogue Access Point attacks - State surveillance - Corporate Network Pivoting"
Why information security should be important to all of us by Beverley A MacKenzie Abstract: "The talk will be a brief over view of how information security as an impact on all of our lives. From the stay at home mum, who does all her shopping on line, to the business person who runs an e-tailer. The talk will try to show how information security should be an important part of all of our lives. Our passwords, our identity, a companies repetition are all require good information security management, on an individual level.
When a noob becomes aware - What I have learned (so far) trying to build/develop a security awareness program by Herbie Zimmerman Abstract: This talk is about my experiences trying to build/develop a security awareness program and what I have learned doing it thus far.
Zero-Day Surprises via your Supply Chain!!! by Vivian Nwoji Abstract: My talk is about third party threats such as suppliers, contractors, temporary workers e.t.c, exploiting vulnerabilities within a company's supply chain and the approach that can be taken in implementing a Supplier management programme to better manage third party relationships and mitigate third party security risks.
SIEM - Making the White Elephant Dance by Vinayak Ram Abstract: A lot of organizations have invested significant amounts of money in procuring a SIEM solution. While the initial trigger of meeting the compliance check box has been met, most organizations typically use less than 15-20% of the functionality provided by a SIEM tool. I intend to demonstrate some examples on how small changes can result in a singing/dancing SIEM solution covering a large number of use cases.
Is privacy still a thing? by Georgi Boiko Abstract: It seems that security agencies around the world want to spy on you anywhere you go. Not just them, private marketing companies are also doing it and who does it better is a good question. This talk will cover the methods of tracking you on the internet. You will also learn about some popular countermeasures that you can employ to stay off the radar.
A Multidisciplinary Perspective on Cybersecurity by Emil Tan Abstract: Is there an explanation as to why Internet users open unsolicited emails and fall victim to phishing campaigns? This presentation aims to introduce studies done by human geographers, psychologists and behavioural economists, and how we can improve the cyberspace from a multidisciplinary approach.
Privacy Through Choice: Something for the Masses by Fraser Scott Abstract: An independent, community-driven and open source project that aims to allow users to make informed choices when it comes to the privacy and security of their online data.
Game-Based CTFs - Engaging University Students in InfoSec by Joseph Greenwood Abstract: Current Computer Science and Engineering courses do not develop or introduce Information Security as a career field, if at all. In addition, the focus is on 'getting root', with no emphasis on what comes after. This talk details development efforts by a team of students at the University of Bristol to create novel Game-based Capture the Flag Competitions. The aim of these competitions is to introduce students to practical Information Security in addition to providing visible feedback following successful post-exploitation. This talk will feature white water kayaking, pictures of students looking at computers seriously, and of course; USB controlled missile launchers.
RFID Hacking - An Introduction by d3sre Abstract: Always wanted to play around with RFID as it is everywhere these days? Here are a few tips to help you get started.
CSP Analysis - Attacking XSS Mitigation by Frederic Mohr Abstract: This talk will give a short introduction into the "Content Security Policy" HTTP header. We will take a look at the known attack types and find out if implementing it is really worth the hassle.
The Secret Life of iOS Apps by Malcolm Buchanan Abstract: In the past, a number of popular iOS apps have come under scrutiny for leaking various items of private data through network connections. This presentation briefly outlines what and how this happens, the potential risks involved and why this matters. A small selection of popular and well known iOS apps underwent network traffic monitoring and the latter part of this presentation outlines the results and their implications.
Social Engineering | Phishing Stories by Shaun Jones Abstract: The talk will be about phishing, touching on the basics and types of attacks. It will mainly include some of the phishing stories from jobs that I've done and the effectiveness of phishing being used on larger social engineering engagements.
Introducing Opabinia (SSLAuditor4) by Aman Hardikar M Abstract: Checking for SSL issues form part of most infrastructure and web application assessments. However, these checks often aren't detailed enough and can miss important issues. This is often due to a perception of being of less importance than other tests and the need to combine manual checks against multiple tools. This talk will introduce SSLAuditor4/Opabinia, a tool that I have developed to automate SSL checks, making the task easier for the tester, while improving the accuracy and level of output. Opabina will also perform an in-depth assessment of SSL and RDP services irrespective of the size of scope and can be used by administrators to identify expired and expiring certs on their servers.
Teaching Kids Programming and Cyber Security by Dalian Terry & Sam Sanoop The UK is currently experiencing a shortage of skilled cyber security professionals and plans are afoot to teach children cyber security from a much younger age. ECPC (Early Computer Programming Club) has been doing this for the past 6 months in primary schools across South Yorkshire. The aim is to help and develop schools and the students to deliver and teach programming from a young age with resources such as Scratch (MIT), Espresso coding and Code.org. Our talk will be based on the efforts we have taken into schools carrying out talks and after-school clubs to teach programming and additionally incorporate cyber security into their learning. The aim is to ensure cyber security is an area of the UK IT industry that is equipped long term for future generations and the country as a whole for long-term enonomic growth.
Crawling Metadata with Recon-ng by Grant Willcox Abstract: This talk will discuss my plugin for Recon-ng, metadamn.py, that aims to use Bing's API to scrape target sites for documents and download and extract metadata from them. Along the way I will discuss what metadata is, some of the difficulties I experienced, and my future plans for the project.
A look at modern warfare by Kaitlyn Garratley Abstract: A look at the overall costs of modern warfare. Comparing different vectors of cyber warfare to the costs involved with regular warfare.