top of page

Infosec In the City (IIC) — 2 Years In & the Future

Authored by Emil Tan, Co-Founder, Infosec In the City. 2 Years In: The Story The idea of Infosec In the City (IIC) was born 3 years ago (2017) by Adrian Mahieu—serial entrepreneur and Co-Founder of 44CON. Expanding on what he has given the UK cybersecurity community, he envisioned an international brand that organises training and events to plug the capability and capacity gap of cities around the world. He had his eye set on Singapore as the first IIC city. I've known Adrian

Catch Me If You Can — Seeing the Red Through the Blue — by Owen Shearing & Will Hunt

#IICSG2019 Conference Workshop Track Day 1 (19 Jun 2019) 3.00pm—4.45pm @ Breakout Room 3 [#IICSG2019 Conference Full Schedule] Overview This workshop will help improve both red and blue skillsets through a series of live hacks, where you as an attendee will have to identify malicious activities on a series of targets. The trainer (Red Team) will perform a series of attacks on the hosts within the in.security LAB, running commands, tools and utilising techniques used in the fi

Attacks On GSM — Alarms, Smart Homes & Smartwatches For Kids — by Aleksandr Kolchanov

#IICSG2019 Conference Workshop Track Day 2 (20 Jun 2019) 10.30am—12.15pm @ Breakout Room 3 [#IICSG2019 Conference Full Schedule] Abstract This workshop will cover different attacks on popular GSM-devices: alarms, smart home systems, access control systems and smartwatches for kids. GSM-devices are popular and easy for use: for example, you just need to insert SIM-card in GSM-alarm, and the system is ready for use. But the security of these devices is questionable. Common alar

An Introduction to SAP Forensics — by Jordan Santarsieri

#IICSG2019 Conference Workshop Track Day 1 (19 Jun 2019) 1.00pm—2.45pm @ Breakout Room 3 [#IICSG2019 Conference Full Schedule] Abstract SAP is a core part of the business-critical infrastructure of 95% of the biggest companies in the world. These companies rely on SAP to perform their most sensitive daily operations such as processing employees payroll and benefits, managing logistics, managing suppliers/customers, material management, releasing payments to providers, credit

Linux-Kernel Research For Kernel-Newcomers: Where To Start From? — by Ron Munitz

#IICSG2019 Conference Workshop Track Day 1 (19 Jun 2019) 5.00pm—6.45pm @ Breakout Room 3 [#IICSG2019 Conference Full Schedule] Abstract In this workshop, we will give you the tools, and invaluable tips to start your Linux kernel research. ​ The Linux kernel is as you can probably imagine huge, and open-source. This has the advantage that you don't need to reverse engineer the entire universe to get to know what is going on (with the exception of binary blobs, customizations,

Making & Breaking Machine Learning — by Clarence Chio

#IICSG2019 Conference Workshop Track Day 2 (20 Jun 2019) 1.30pm—3.15pm @ Breakout Room 3 [#IICSG2019 Conference Full Schedule] Abstract Making & Breaking Machine Learning Systems is a fast-paced session on machine learning from the Infosec professional’s point of view. The workshop is designed with the goal of providing students with a hands-on introduction to machine learning concepts and systems, as well as making and breaking security applications powered by machine learni

Office IoT: The Elephant In the Room — by Quentyn Taylor

#IICSG2019 Conference Fix It Track Day 2 (20 Jun 2019) 1.30pm—2.15pm @ Breakout Room 2 [#IICSG2019 Conference Full Schedule] Abstract Many people know about the threats that home IoT can pose but many aren’t even aware that the office already harbours IoT. Whilst your smart fridge may leak secrets from your kitchen some office IoT can leak your entire companies data. By being aware of the issues and the opportunities that this technology can give you can turn a threat into an

Do You See What They See? Asset Discovery In the Age of Security Automation — by Isaac Dawson

#IICSG2019 Conference Fix It Track Day 2 (20 Jun 2019) 2.30pm—3.15pm @ Breakout Room 2 [#IICSG2019 Conference Full Schedule] Abstract At a certain point in an organization’s life, Internet-facing assets become difficult to account for. Marketing departments spin up infrastructure for campaigns – and forget about them – developers deploy test machines outside ITs purview, legacy systems are pushed to the side, and cloud deployments become commonplace. All the while the organiz

P@ssword Making & Breaking — by Will Hunt

#IICSG2019 Conference Fix It Track Day 2 (20 Jun 2019) 3.30pm—4.15pm @ Breakout Room 2 [#IICSG2019 Conference Full Schedule] Abstract We all understand the importance of password security. We’ve all been told to use all the character sets, adhere to a minimum length and not to reuse our passwords. Recent guidance from NIST now promotes the importance of length over complexity, but are we getting more efficient and secure in our selections for the keys to our kingdoms? After a

Body Language Behind Social Engineering Attacks — by Sarka Pekarova

#IICSG2019 Conference Insights Track Day 1 (19 Jun 2019) 1.00pm—1.45pm @ Breakout Room 2 [#IICSG2019 Conference Full Schedule] Abstract Social Engineering has many different faces from using open-source intelligence (OSINT), phishing, vishing, smishing and all the other '-ishings', dropping weaponized USB flash drives to eventually getting right in the middle of your target's own office! As there are many tools and described ways of all the -ishings and almost all of them do

Speed-Up Recon & Pwn On Bug Bounty? Build Your Own Tool! — by Igor Lyrchikov & Egor Saltykov

#IICSG2019 Conference Insights Track Day 2 (20 Jun 2019) 11.30am—12.15pm @ Breakout Room 2 [#IICSG2019 Conference Full Schedule] Abstract We are going to talk about how to automate 95% of the actions that need to be carried out during the exploration process for bug bounty or pentest, as well as some of the vulnerabilities that for some reason are not checked by modern scanners or require the use of one-check utilities. We also made a single interface to manage this process.

Attacking Offensively For Defense — by Keith Rayle

#IICSG2019 Conference Insights Track Day 2 (20 Jun 2019) 10.30am—11.15am @ Breakout Room 2 [#IICSG2019 Conference Full Schedule] Abstract Offense is the new defense. In Cybersecurity, you can only defend against your adversaries when you understand how they think so you can determine, with a greater degree of accuracy, what they are targeting. You need to understand their attack methods, techniques, and tools in a perspective that provides a clear view of the what, why and ho

Designing Secure Systems: Value-Driven Threat Modeling — by Avi Douglen

#IICSG2019 Conference Insights Track Day 1 (19 Jun 2019) 5.00pm—5.45pm @ Breakout Room 2 [#IICSG2019 Conference Full Schedule] Abstract What if we could get developers to apply threat modeling techniques, and embed secure design right in the product from the beginning? Threat Modeling is a great method to identify potential security weaknesses and can enable architects and developers to efficiently prioritize their security investment, thus mitigating and preventing those vul

The State of AI-Assisted Fuzzing & Program Analysis — by Clarence Chio

#IICSG2019 Conference Insights Track Day 1 (19 Jun 2019) 4.00pm—4.45pm @ Breakout Room 2 [#IICSG2019 Conference Full Schedule] Abstract Fuzzing and program analysis are a security professional’s bread and butter. The faster we are able to find bugs in software, the more effectively we are able to secure systems. However, system and code complexity has been exponentially increasing over time, and exhaustively analyzing programs is becoming an intractable task. In this talk, I

Data Breaches: Barbarians In the Throne Room — by Dave Lewis

#IICSG2019 Conference Insights Track Day 1 (19 Jun 2019) 3.00pm—3.45pm @ Breakout Room 2 [#IICSG2019 Conference Full Schedule] Abstract Often defenders worry about the intangible security problems. Defenders need to concentrate their efforts defending the enterprise by focusing on the fundamentals. Too often issues such as patching or system configuration failures lead to system compromise. These along with issues such as SQL injection are preventable problems. Defenders can

You Are Not Hiding From Me .NET! — by Aden Chung

#IICSG2019 Conference Deep-Tech Track Day 2 (20 Jun 2019) 10.30am—11.15am @ Breakout Room 1 [#IICSG2019 Conference Full Schedule] Abstract For years, we have seen adversaries across the threat pyramid make use of PowerShell toolkits for lateral movement, data exfiltration and persistence over different environments. As defenders, we have done a pretty good job – PowerShell is a fading threat in time. Mimikatz execution through PowerShell? AMSI and PowerShell logging can handl

A Red Team Perspective To Research — by Vincent Yiu

#IICSG2019 Conference Deep-Tech Track Day 2 (20 Jun 2019) 11.30am—12.15pm @ Breakout Room 1 [#IICSG2019 Conference Full Schedule] Abstract Red Teams often come up with new ideas and create tools on the fly during operations or as part of on-going cybersecurity research. This talk will discuss some of the case studies of tools developed as a result of research, as well as some of the processes and techniques used to develop basic tools. Other areas of research will also be tou

Exploiting Windows Vista Resource Virtualization — by James Forshaw

#IICSG2019 Conference Deep-Tech Track Day 1 (19 Jun 2019) 1.00pm—1.45pm @ Breakout Room 1 [#IICSG2019 Conference Full Schedule] Abstract One of the big changes in Windows Vista was the introduction of UAC. Many Windows applications were written assuming they had complete control over all file and registry locations, by separating our administrators UAC created an application compatibility nightmare. These existing applications would try and write to the Windows folder or HKEY

POSTS: Blog2
bottom of page