Tuesday, April 29, 2014 5 years ago ,
As a company we invest heavily in knowledge sharing and believe that events such as BSides London are invaluable to the community, providing a platform for discussion on the latest thinking and research in the InfoSec arena.
Talks spread across two tracks, attendees can also expect workshops, challenges, a rookie track as well as the legendary MWR after party!
Try your hand at Mission 3: The Geo-Cracker, developed by MWR’s Rob Miller.
Enemy spies are broadcasting encrypted coordinates of our key agents and installations! Analyse the enemy’s encryption algorithm and develop an efficient decryptor that will allow us to determine agents at risk in the field.
The competition has now closed – for results please see the Bsides Website
We are also proud to announce that Jon Butler and Rob Miller will be presenting at BSides, below are details of their presentations.
Poor Man’s Static Analysis – Jon Butler
When you’re hunting for bugs, let’s face it – grepping for strcpy just doesn’t cut it anymore. Instead of waiting for unsafe memory management functions to come back into fashion like moustaches or mustard coloured corduroys, I decided to check in with ""the future"", and see what it had to offer me.
What I found was a sea of similarly puzzled individuals, bizarre terminology, and a number of code snippets that would only compile on specific, different versions of libraries. So I set about piecing together what I could, and ended up producing a working tool in a fairly short period of time.
This talk shows what can be achieved if you want to build static analysis tools, and you don’t want to spend a load of money or upload all your precious code to “the cloud”. I will be making sense of the complex terminology surrounding this field, and detailing my struggles and conquests building a fast, flexible, and most importantly usable static analysis tool, all for free.
If you’re interested, but you wouldn’t know a TranslationUnit from a bar of soap, this is the talk for you!
Insecure out of the box: Leveraging Android manufacturer’s mistakes to attack corporate networks – Rob MIller
We have long known that Android can be affected by malware. Most users are now aware that they need to take care about what they install on their phones. But what about a brand new device that’s fresh out of the box? We will show that for two flagship Android devices, they are not as secure as people might suppose.
Android has been through a security revolution in the last year in response to an avalanche of malware designed to take advantage of its permissive behaviour. We will talk through the latest advances in what is by far the world quickest selling mobile platform. We will then look at how the race for new features and functionality is undermining security in the latest Android devices.
Finally we will look at how attackers can use these weaknesses to go beyond the realm of a person’s personal device and into their employer’s corporate network.