Wednesday, June 8, 2016 2 years ago London, United Kingdom
Launched in mid-2009, Security BSides is a community-driven event built for and by information security community members.
The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is where conversations for the next-big-thing are happening and the Security BSides London team is bringing this back to London.
The volunteers for Security BSides London were inspired by the framework of the original Security BSides event in the USA, and have worked together to bring this to the UK.
Security BSides events are free, community events organised by local individuals, with the express goal of enabling a platform for information dissemination.
We believe evil genius Max Pwnage may be planning something of great and terrible significance and it is vital we get hold of his plans! He is a known recluse and all we have to go on is this picture, but we believe he may have made an opsec fail with it. See if you can use it to find his plans for your chance to win a Yard Stick One!
You'll have to think logically to solve this challenge to increase your chances of winning the Makeblock IR Robot Kit! You'll have to place blocks of gates in available slots in order to generate a match for sequence provided. How many can you solve in the allocated time?
Come and visit our stand to chat to us at BSides London for further details on the day!
Topic: Bug Hunting with Static Code Analysis
Speaker: Nick Jones
How do we make application security assessments more efficient? Finding and fixing security issues just before a release, when testing is often done, is time consuming and expensive when compared to finding issues earlier in the development cycle. In addition, paying security consultants to find basic buffer overflows and SQL injection can be time consuming and inefficient on large codebases. This talk covers a number of automated analysis techniques for spotting bugs and security flaws in applications at the source code level, ranging from quick and dirty bash scripts through open source and commercial analysers to custom implementations. After reviewing how these can be used as part of bug hunting and application security assessments, it then discusses how these techniques can be baked into continuous integration systems to catch bugs as early in the development cycle as possible.
Topic: Honeypots and Deceptive Operations: Can You Catch More Spies with Honey(pots)?
Speaker: David Chismon
Detecting advanced (or just effective) attackers on internal networks is the subject of much research and marketing. Various technologies go through the cycle of being offered as solutions to this problem, from "Threat Intelligence" a few years ago to Behavioural Learning currently. Honeypots have lingered around the fringes but more honeypot products are being offered and stand a good chance of being one of the next technologies to ascend the hype curve. This talk will look at honeypots and how they work, their benefits and their failings. It will cover a number of honey things such as honey creds, honey files, honey tokens, etc. It will debate where such things may play a role in an organisation's defensive strategy and how an organisation can best implement them should they choose to. The talk will also briefly cover the wider idea where honeypots sit, that of deceptive operations whereby you attempt to deceive an attacker in order to detect or dissuade attacks.
Topic: LoRa the Explorer - Attacking and Defending LoRa systems
Speaker: Robert Miller
LoRa is a Low Powered Wide Area Network (LPWAN) solution designed to enable smart city and IoT devices to communicate securely across cities. It is being rolled out in major cities across the world and being used for everything from Industrial Control Systems, through to domestic alarm systems. This talk aims to dive into the security of LoRa and the LoRaWAN protocol, to demonstrate its limitations, and to show how developers can build secure LoRa solutions.
Topic: Glitch Attacks Against Embedded Systems
Speakers: Rob Miller and Joel Clark
Clock glitches allow attackers to attack applications through the hardware they are running on, letting them skip instructions and introducing vulnerabilities. This workshop will cover the theory and application of clock glitching attacks.
Participants will learn where clock glitch attacks can be used, how they work, use tools to generate clock glitches, and apply them to vulnerable hardware to generate proof of concept exploits.