Authored by Emil Tan, Co-Founder, Infosec In the City. 2 Years In: The Story The idea of Infosec In the City (IIC) was born 3 years ago (2017) by Adrian Mahieu—serial entrepreneur and Co-Founder of 44CON. Expanding on what he has given the UK cybersecurity community, he envisioned an international brand that organises training and events to plug the capability and capacity gap of cities around the world. He had his eye set on Singapore as the first IIC city. I've known Adrian

#IICSG2019 Conference Workshop Track Day 1 (19 Jun 2019) 3.00pm—4.45pm @ Breakout Room 3 [#IICSG2019 Conference Full Schedule] Overview This workshop will help improve both red and blue skillsets through a series of live hacks, where you as an attendee will have to identify malicious activities on a series of targets. The trainer (Red Team) will perform a series of attacks on the hosts within the in.security LAB, running commands, tools and utilising techniques used in the fi

#IICSG2019 Conference Workshop Track Day 2 (20 Jun 2019) 10.30am—12.15pm @ Breakout Room 3 [#IICSG2019 Conference Full Schedule] Abstract This workshop will cover different attacks on popular GSM-devices: alarms, smart home systems, access control systems and smartwatches for kids. GSM-devices are popular and easy for use: for example, you just need to insert SIM-card in GSM-alarm, and the system is ready for use. But the security of these devices is questionable. Common alar

#IICSG2019 Conference Workshop Track Day 1 (19 Jun 2019) 1.00pm—2.45pm @ Breakout Room 3 [#IICSG2019 Conference Full Schedule] Abstract SAP is a core part of the business-critical infrastructure of 95% of the biggest companies in the world. These companies rely on SAP to perform their most sensitive daily operations such as processing employees payroll and benefits, managing logistics, managing suppliers/customers, material management, releasing payments to providers, credit

#IICSG2019 Conference Workshop Track Day 1 (19 Jun 2019) 5.00pm—6.45pm @ Breakout Room 3 [#IICSG2019 Conference Full Schedule] Abstract In this workshop, we will give you the tools, and invaluable tips to start your Linux kernel research. ​ The Linux kernel is as you can probably imagine huge, and open-source. This has the advantage that you don't need to reverse engineer the entire universe to get to know what is going on (with the exception of binary blobs, customizations,

#IICSG2019 Conference Workshop Track Day 2 (20 Jun 2019) 3.30pm—4.15pm @ Breakout Room 3 [#IICSG2019 Conference Full Schedule] Hands-on time of Joe FitzPatrick talk — "Real Hardware Hacking for S$30 or Less".

#IICSG2019 Conference Workshop Track Day 2 (20 Jun 2019) 1.30pm—3.15pm @ Breakout Room 3 [#IICSG2019 Conference Full Schedule] Abstract Making & Breaking Machine Learning Systems is a fast-paced session on machine learning from the Infosec professional’s point of view. The workshop is designed with the goal of providing students with a hands-on introduction to machine learning concepts and systems, as well as making and breaking security applications powered by machine learni

#IICSG2019 Conference Fix It Track Day 2 (20 Jun 2019) 1.30pm—2.15pm @ Breakout Room 2 [#IICSG2019 Conference Full Schedule] Abstract Many people know about the threats that home IoT can pose but many aren’t even aware that the office already harbours IoT. Whilst your smart fridge may leak secrets from your kitchen some office IoT can leak your entire companies data. By being aware of the issues and the opportunities that this technology can give you can turn a threat into an

#IICSG2019 Conference Fix It Track Day 2 (20 Jun 2019) 2.30pm—3.15pm @ Breakout Room 2 [#IICSG2019 Conference Full Schedule] Abstract At a certain point in an organization’s life, Internet-facing assets become difficult to account for. Marketing departments spin up infrastructure for campaigns – and forget about them – developers deploy test machines outside ITs purview, legacy systems are pushed to the side, and cloud deployments become commonplace. All the while the organiz

#IICSG2019 Conference Fix It Track Day 2 (20 Jun 2019) 3.30pm—4.15pm @ Breakout Room 2 [#IICSG2019 Conference Full Schedule] Abstract We all understand the importance of password security. We’ve all been told to use all the character sets, adhere to a minimum length and not to reuse our passwords. Recent guidance from NIST now promotes the importance of length over complexity, but are we getting more efficient and secure in our selections for the keys to our kingdoms? After a

#IICSG2019 Conference Insights Track Day 1 (19 Jun 2019) 1.00pm—1.45pm @ Breakout Room 2 [#IICSG2019 Conference Full Schedule] Abstract Social Engineering has many different faces from using open-source intelligence (OSINT), phishing, vishing, smishing and all the other '-ishings', dropping weaponized USB flash drives to eventually getting right in the middle of your target's own office! As there are many tools and described ways of all the -ishings and almost all of them do

#IICSG2019 Conference Insights Track Day 1 (19 Jun 2019) 2.00pm—2.45pm @ Breakout Room 2 [#IICSG2019 Conference Full Schedule] Abstract In this talk, Quentyn Taylor will take a light-hearted view on how infosec has developed over the years and what non-technical skills the modern CISO needs in order to survive and thrive.

#IICSG2019 Conference Insights Track Day 2 (20 Jun 2019) 11.30am—12.15pm @ Breakout Room 2 [#IICSG2019 Conference Full Schedule] Abstract We are going to talk about how to automate 95% of the actions that need to be carried out during the exploration process for bug bounty or pentest, as well as some of the vulnerabilities that for some reason are not checked by modern scanners or require the use of one-check utilities. We also made a single interface to manage this process.

#IICSG2019 Conference Insights Track Day 2 (20 Jun 2019) 10.30am—11.15am @ Breakout Room 2 [#IICSG2019 Conference Full Schedule] Abstract Offense is the new defense. In Cybersecurity, you can only defend against your adversaries when you understand how they think so you can determine, with a greater degree of accuracy, what they are targeting. You need to understand their attack methods, techniques, and tools in a perspective that provides a clear view of the what, why and ho

#IICSG2019 Conference Insights Track Day 1 (19 Jun 2019) 5.00pm—5.45pm @ Breakout Room 2 [#IICSG2019 Conference Full Schedule] Abstract What if we could get developers to apply threat modeling techniques, and embed secure design right in the product from the beginning? Threat Modeling is a great method to identify potential security weaknesses and can enable architects and developers to efficiently prioritize their security investment, thus mitigating and preventing those vul

#IICSG2019 Conference Insights Track Day 1 (19 Jun 2019) 4.00pm—4.45pm @ Breakout Room 2 [#IICSG2019 Conference Full Schedule] Abstract Fuzzing and program analysis are a security professional’s bread and butter. The faster we are able to find bugs in software, the more effectively we are able to secure systems. However, system and code complexity has been exponentially increasing over time, and exhaustively analyzing programs is becoming an intractable task. In this talk, I

#IICSG2019 Conference Insights Track Day 1 (19 Jun 2019) 3.00pm—3.45pm @ Breakout Room 2 [#IICSG2019 Conference Full Schedule] Abstract Often defenders worry about the intangible security problems. Defenders need to concentrate their efforts defending the enterprise by focusing on the fundamentals. Too often issues such as patching or system configuration failures lead to system compromise. These along with issues such as SQL injection are preventable problems. Defenders can

#IICSG2019 Conference Deep-Tech Track Day 2 (20 Jun 2019) 10.30am—11.15am @ Breakout Room 1 [#IICSG2019 Conference Full Schedule] Abstract For years, we have seen adversaries across the threat pyramid make use of PowerShell toolkits for lateral movement, data exfiltration and persistence over different environments. As defenders, we have done a pretty good job – PowerShell is a fading threat in time. Mimikatz execution through PowerShell? AMSI and PowerShell logging can handl

#IICSG2019 Conference Deep-Tech Track Day 2 (20 Jun 2019) 11.30am—12.15pm @ Breakout Room 1 [#IICSG2019 Conference Full Schedule] Abstract Red Teams often come up with new ideas and create tools on the fly during operations or as part of on-going cybersecurity research. This talk will discuss some of the case studies of tools developed as a result of research, as well as some of the processes and techniques used to develop basic tools. Other areas of research will also be tou

#IICSG2019 Conference Deep-Tech Track Day 1 (19 Jun 2019) 1.00pm—1.45pm @ Breakout Room 1 [#IICSG2019 Conference Full Schedule] Abstract One of the big changes in Windows Vista was the introduction of UAC. Many Windows applications were written assuming they had complete control over all file and registry locations, by separating our administrators UAC created an application compatibility nightmare. These existing applications would try and write to the Windows folder or HKEY