Authored by Emil Tan, Co-Founder, Infosec In the City. 2 Years In: The Story The idea of Infosec In the City (IIC) was born 3 years ago (2017) by Adrian Mahieu—serial entrepreneur and Co-Founder of 44CON. Expanding on what he has given the UK cybersecurity community, he envisioned an international brand that organises training and events to plug the capability and capacity gap of cities around the world. He had his eye set on Singapore as the first IIC city. I've known Adrian

#IICSG2018 Conference Workshop Track Day 2 (25 May 2018) 9.30am—11.15am @ Bras Basah Room [#IICSG2018 Conference Full Schedule] Abstract In this talk, Ron Munitz will discuss the building blocks of modern ARM-based products [read: Mobile, IoT, (and coming very soon): Servers and Desktop] based products, and give an in-depth introduction and concept translation from the x86/x86_64 security research world, into the (very rich world) of ARM security research. We will start our d

#IICSG2018 Conference Workshop Track Day 2 (25 May 2018) 11.30am—3.15pm @ Bras Basah Room [#IICSG2018 Conference Full Schedule] Abstract YARA is a tool used for malware analysis and incident response. This workshop is geared towards beginners who have heard of the tool and would like to learn more. Exercises range from writing the first signature as a group to getting creative and "solving puzzles" over a large malware repository. Requirements Participants should be comfortab

#IICSG2018 Conference Workshop Track Day 2 (25 May 2018) 3.30pm—4.15pm @ Bras Basah Room [#IICSG2018 Conference Full Schedule] Abstract There are lots of pieces that come together to make a hardware hack possible — finding a target, learning about it, choosing your tools, observing it, and interacting with it. Instead of focusing on any one of those steps in detail, I'll do a live walkthrough of the whole process on an off-the-shelf consumer electronics device. Instead of the

#IICSG2018 Conference Workshop Track Day 1 (24 May 2018) 1.00pm—4.00pm @ Bras Basah Room [#IICSG2018 Conference Full Schedule] Abstract We will take an in-depth look at the security challenges of wireless technologies, exposing you to wireless security threats through the eyes of an attacker. Knowing how to attack will help us to establish the appropriate protection strategy. This workshop will instruct attendees on how to carry out wireless pentest against personal and enter

#IICSG2018 Conference Workshop Track Day 1 (24 May 2018) 4.30pm—6.15pm @ Bras Basah Room [#IICSG2018 Conference Full Schedule] Abstract Taking existing SDLC and building into it a threat-based approach to ensuring the initial design and build account for today's threat landscape. Enhancing existing projects and systems management to use threat modelling to add context to vulnerability management in new and existing systems and applications to produce tailored prioritisation a

#IICSG2018 Conference Insights Track Day 2 (25 May 2018) 1.30pm—2.15pm @ Stamford Ballroom (Sophia) [#IICSG2018 Conference Full Schedule] Abstract Human bias influences a great deal of behaviour when it comes to technology and cyber security. In this talk, Dr Jessica Barker draws on sociology, psychology and behavioural economics to explore the human nature of cyber security. Covering fear, social engineering, language and more, this is a call-to-arms for the industry to cons

#IICSG2018 Conference Insights Track Day 1 (24 May 2018) 4.30pm—5.15pm @ Stamford Ballroom (Sophia) [#IICSG2018 Conference Full Schedule] Abstract Windows is a complex operating system which can make finding security vulnerabilities difficult as it’s hard to know where to start. This presentation will give a quick introduction to all the interesting areas of Windows into which you can look. It will also introduce some of the tools and techniques I use for finding new security

#IICSG2018 Conference Insights Track Day 1 (24 May 2018) 5.30pm—6.15pm @ Stamford Ballroom (Sophia) [#IICSG2018 Conference Full Schedule] Abstract A light-hearted trip through security failures both physical and electronic that has enabled me over the years to circumvent the security of most of the worlds largest banks. Through the use of tales from the front line and useful illustrative slides, I will attempt to take you through the lessons to be learned from an ethical hack

#IICSG2018 Conference Insights Track Day 2 (25 May 2018) 9.30am—10.15am @ Stamford Ballroom (Sophia) [#IICSG2018 Conference Full Schedule] Abstract Security programs that are "democratic" or "equal" when dealing with different business units, especially in a decentralized organization are bound to fail. Security, just like other forms of risk, should be applied in a way that maximizes the effectiveness of the program. In this session, we'll discuss some of the decision-making

#IICSG2018 Conference Insights Track Day 2 (25 May 2018) 10.30am—11.15am @ Stamford Ballroom (Sophia) [#IICSG2018 Conference Full Schedule] Abstract In this session, we will explore a number of commonly used and highly effective tactics to prepare for a social engineering exercise. Knowledge was once considered to be power and the birth of the Internet has shifted the power base in a different direction. The biggest challenge now is locating the useful information in the sea

#IICSG2018 Conference Insights Track Day 2 (25 May 2018) 11.30am—12.15pm @ Stamford Ballroom (Sophia) [#IICSG2018 Conference Full Schedule] Abstract Typical cybersecurity controls — like malware prevention and detection — are falling short. Attackers still manage to compromise organisations that have invested millions of dollars in cybersecurity. What are the factors allowing these attackers to be so successful?  This talk will focus on lessons learnt from years of observat

#IICSG2018 Conference Insights Track Day 1 (24 May 2018) 3.30pm—4.15pm @ Stamford Ballroom (Sophia) [#IICSG2018 Conference Full Schedule] Abstract Organisations today are starting to explore using machine learning to discover patterns and anomalies. By doing so, they may derive security insights that may help them uncover malicious activities in their environment. In this talk, Eugene will discuss how we can apply machine learning to catch bad guys, and what we should take no

#IICSG2018 Conference Insights Track Day 2 (25 May 2018) 3.30pm—4.15pm @ Stamford Ballroom (Sophia) [#IICSG2018 Conference Full Schedule] Abstract Why the security industry is failing our user base and what can we do to stop failing? As we get better at identifying threats and vulnerabilities at scale, we forget that ultimately we are constrained by the people doing the implementation. In the past, security program implementation was often hampered by poor tooling that did no

#IICSG2018 Conference Insights Track Day 2 (25 May 2018) 2.30pm—3.15pm @ Stamford Ballroom (Sophia) [#IICSG2018 Conference Full Schedule] Abstract Organisations have spent a large amount of money on cybersecurity systems to ensure employee laptop are secured. With the advent of BYOD (Bring Your Own Device) and teleworking, many employees are bringing their office laptop to work from home network. In this talk, Christopher will discuss the potential risk of employee connecting

#IICSG2018 Conference Insights Track Day 1 (24 May 2018) 1.00pm—1.45pm @ Stamford Ballroom (Sophia) [#IICSG2018 Conference Full Schedule] Abstract This presentation is intended to help prepare students and others who are wanting to embark or further develop an IT/Info/Cyber-security career by breaking down the news-and-marketing-driven hype and myths surrounding the IT-sec industry and offers practical advice on what they need to develop in order to become a well-rounded prac

#IICSG2018 Conference Insights Track Day 1 (24 May 2018) 2.00pm—2.45pm @ Stamford Ballroom (Sophia) [#IICSG2018 Conference Full Schedule] Abstract This talk aims to demystify the approach used for analyzing and breaking IoT devices. In this talk, I will explain the thought process and learning journey when covering IoT. The talk will cover how to do background research, evaluate tools, how to build threat models, analyzing different attack vectors and cover the BLE protocol a

#IICSG2018 Conference Deep-Tech Track Day 2 (25 May 2018) 9.30am—10.15am @ Stamford Ballroom (Olivia) [#IICSG2018 Conference Full Schedule] Abstract Internet of Things (IoT) attacks on the rise. In this session, I would like to share interesting stories about observing IoT botnets attacks with a single home-based honeypot. At the beginning of 2017, I started to study telnet traffics with a honeypot. With the open-source honeypot Glutton, I emulated a handful of telnet command

#IICSG2018 Conference Deep-Tech Track Day 1 (24 May 2018) 2.00pm—2.45pm @ Stamford Ballroom (Olivia) [#IICSG2018 Conference Full Schedule] Abstract Full Disk Encryption (FDE) may be rather useful as a defense mechanism against potential theft of a computer system. However, when the system is compromised and requires careful forensic analysis, FDE can be quite painful to forensic analysts. Unless you deal with standard and widely supported encryption such as LUKS, Bitlocker, T

#IICSG2018 Conference Deep-Tech Track Day 2 (25 May 2018) 10.30am—11.15am @ Stamford Ballroom (Olivia) [#IICSG2018 Conference Full Schedule] Abstract In Windows 10 Anniversary Edition, Microsoft introduced Desktop Bridge, originally known as Project Centennial. This technology allows normal Win32 applications to be converted to run as self-contained Windows Store applications, redirecting file and registry access to allow the application to easily be uninstalled leaving no re