Loading…
BSides Cymru has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Saturday, September 28
 

8:30am

Registration - Coffee and Donuts
Arrive and collect your badge, swag and warm welcome. 

Saturday September 28, 2019 8:30am - 9:00am
Track 2 - Tramshed Tech Workspace Tramshed Tech, Cardiff CF11, UK

9:00am

Welcome
Welcome by Craig Jones

Speakers

Saturday September 28, 2019 9:00am - 9:10am
Track 1 - Main Hall Tramshed Clare Rd Cardiff CF11 6QP

9:10am

Keynote - Apple Apostles to Google Groupies: Why We Need To Stop Security Tribalism
Keynote
As people who live and breathe security technology, most of us come to the table with pretty strong opinions on the issues at hand. We also have a tendency to strive for perfection based on what we know is possible, sometimes to the detriment of what's probable. In this talk, John and Chet will dissect some of the most contentious advice and discuss ways we as a community can work together to deliver practical, practiceable advice to our friends, families and organisations that will result in positive secure improvements rather than fanning the flames of our favourite fights.

Speakers
avatar for John Shier

John Shier

Senior Security Advisor, Sophos
John Shier is a Senior Security Advisor working in the office of the CTO doing research into all manner of threats and security issues. John is passionate about communicating and popularizing security concepts and technologies to customers, partners, and the public at large in an... Read More →
avatar for Chester Wisniewski

Chester Wisniewski

Principal Research Scientist, Sophos
Chester Wisniewski has been involved in the information security space since the late 1980s. He is currently a Principal Research Scientist in the Office of the CTO. Chet divides his time between research, public speaking, writing and attempting to communicate the complexities of... Read More →


Saturday September 28, 2019 9:10am - 10:00am
Track 1 - Main Hall Tramshed Clare Rd Cardiff CF11 6QP

10:05am

Bypassing Vehicle Infotainment Security
Security of devices is of paramount importance to individual security as well as national security. The ability to access protected or deleted data from embedded memory puts the security of sensitive data at risk. This talk will demonstrate the bleeding-edge of what is possible in overcoming embedded hardware security in the most common forms of NAND flash storage. A case study will be presented on a digital device that we commonly use to store sensitive data relating to our daily lives.

The presentation will include elements of:

- Embedded Memory Types & Hardware Security
- NAND Memory Interface and Internal Structure
- Physical Image Extraction
- Data Reconstruction Obstacles and Challenges
- Reverse Operations
- Logical Image Reconstruction Process
- Uncommon Filesystem Analysis
- SQL Scraping
- Data Stored on Modern Vehicles (Recovered Protected Data)



Speakers
avatar for Gareth Davies

Gareth Davies

Senior Lecturer in Digital Forensics at the University of South Wales.Chairman of the First Forensic Forum (F3).


Saturday September 28, 2019 10:05am - 10:35am
Track 1 - Main Hall Tramshed Clare Rd Cardiff CF11 6QP

10:05am

Experience of Phishing in W(h)ales
Phishing is the number one cause of cyber security breaches. It is linked to 90% of security breaches and incidents over the last twelve months. Typically, a Phishing awareness program with a simulation and exercise platform can cost several thousands of pounds, and many small/medium scale businesses are simply unable to cover these costs. The idea behind developing a similar and effective free alternative, that not only identifies those employees at risk of clicking phishing emails, but also offering an industry standard interactive training package (with English/Welsh narration) to enhance their awareness of Phishing attacks and protect against them. The solution offers an online phishing awareness training with quizzes and reporting tailored to specific organisations, as well as a simulation feature with real world-based scenarios.  This is a free service offering to small and medium scale organisation in Wales, funded by the Welsh Government and powered by the TARIAN and University of South Wales.  
During this presentation we are going to talk about the interesting findings that we have gathered and the challenges we have identified running this program for small and medium scale organisations in Wales.



Speakers
avatar for Amila Perera

Amila Perera

Amila Perera is working as a senior lecturer in information security and forensics at University of South Wales. He is a researcher and a practitioner in information security area with over eight years of industrial and academic experience. He is an information security professional/digital... Read More →


Saturday September 28, 2019 10:05am - 10:35am
Track 2 - Tramshed Tech Workspace Tramshed Tech, Cardiff CF11, UK

10:05am

“Things which are alike...” - Malware analysis: scaling, failing and climbing the Pyramid of Pain.
A talk about an open source tool (kathe) we've made to be able to do quick and dirty malware correlation on  large sample sets. The talk will focus on the what, why, how and the how not to of developing kathe.
I'll include some results around Vault7, emotet and DreamBot I stumbled across along the way.

Speakers
avatar for Bouke van Laethem

Bouke van Laethem

Blue teamer, former red teamer. Running a CERT and building stuff.


Saturday September 28, 2019 10:05am - 10:35am
Track 3 - Cinema Tramshed Clare Rd Cardiff CF11 6QP

10:35am

Will Language Protect Us From The Machines
With the rise of home assistants we are guilty of homogenising out language use to be understood by the device but what if you lived in North Wales and felt most comfortable in Welsh? Many people want to be understood and home devices don't account for that but sometimes for safety reasons, people speak in a different language around the device. This is an idea played with it the Welsh classic "Y dydd Olaf" and an idea that is becoming more common now. Will language protect us from machines and how long do we have until we start running out of languages?  

Speakers
avatar for Leena Sarah Farhat

Leena Sarah Farhat

An incoming 3rd year student at Aberystwyth university, Leena has a passion for Wales and Computer Science. She enjoys algorithms and theoretical computer science as well as dialect detection and languages.


Saturday September 28, 2019 10:35am - 11:10am
Track 1 - Main Hall Tramshed Clare Rd Cardiff CF11 6QP

10:35am

PARASITE: Can An Open Internet Fight Extremism?
It’s no secret that people are more interconnected than ever: not only is it incredibly convenient to contact old friends and distant family, but thanks to the open internet we can engage with strangers all over the world at the press of a button. A single tweet can gain thousands of interactions from strangers seemingly at random: what could possibly go wrong?

In this talk, I touch on a wide variety of subjects related to the complex relationship between extremism & the internet: among these, I will be exploring the various “stages” of how extremism manifests itself online and the methods that they will employ to achieve their goal: whether that be recruitment, intimidation or simply to organise amongst themselves.

Can we combat this threat while still keeping the internet open? Is the burden too much for service providers like Google & Facebook alone? What is the role of governments, and how do we collaborate? What is censorship? When does it become negligence? And most importantly, will I have to talk about machine learning?

Expect a healthy mix of technical and soft content. This talk is beginner friendly and no prior knowledge will be assumed, so strap in!

Speakers
avatar for Dan Nash

Dan Nash

Security Engineer, Sophos
Dan is a security engineer with a love for Splunk who spends his time looking into why we’ve ended up in this mess: he loves public speaking, capture-the-flags and lie ins.


Saturday September 28, 2019 10:35am - 11:10am
Track 2 - Tramshed Tech Workspace Tramshed Tech, Cardiff CF11, UK

10:35am

Cyber Security - A Teenagers Perspective
Throughout my presentation I will talk about areas of cyber bullying on social networks, I will also discuss how it has been affecting my life as a teenager using social networks knowing cyber bullying is happening at this present time. This is tailored towards the advantages and disadvantages of the cyber domain being used to intimidate people who are using it today. I will discuss key tools, techniques and processes that could be used to help individuals stay safe online.

The impact I aim to deliver with my presentation is by creating awareness to the wider community on cyber bullying from a teenagers perspective. But also how the field of cyber can be used to protect an individual when they are online.

Speakers
RN

Rosie Nash

I am a teenager who is beginning her journey in to the world of cyber security. I aim to provide a teenagers perspective on some key issues that many people face at my age with the aim of understanding how security and forensics could help people stay protected and safe online.


Saturday September 28, 2019 10:35am - 11:10am
Track 3 - Cinema Tramshed Clare Rd Cardiff CF11 6QP

11:10am

Break
Tea, Coffee, Snacks and traditional Bara Brith. 

Saturday September 28, 2019 11:10am - 11:30am

11:30am

Know Your Worth – Are You Earning Enough and How To Progress Your Career
BeecherMadden undertake annual salary surveys and this would present the findings on that report. Salaries by level, role and location if relevant. We would also have new data in September on the pay difference between men and women. How to improve your salary or benefits package and progress your career, based on industry trends. The talk is designed to be informative on industry trends that are not widely publicised. As a recruitment company, I realise it is quite unattractive to make this a big pitch for changing jobs or for using us a company at all. The talk has no pitch element.

Speakers
avatar for Karla Reffold

Karla Reffold

Experienced and passionate recruiter and business owner. Karla has experience running businesses in recruitment, staffing and ecommerce. Experience recruiting up to CXO level and across a variety of industries.Karla has 10 years experience as a recruiter and business leader. She is... Read More →


Saturday September 28, 2019 11:30am - 12:00pm
Track 2 - Tramshed Tech Workspace Tramshed Tech, Cardiff CF11, UK

11:30am

Getting ready for the Quantum World
Getting ready for the Quantum World. My talk with cover the basics of Quantum Encryption and how this both poses issues and solves problems when it comes to Information Security, with some fun references to Sci Fi thrown in.

Speakers
JP

Jenny Potts

Information Security specialist and Software Engineer in the making.


Saturday September 28, 2019 11:30am - 12:30pm
Track 1 - Main Hall Tramshed Clare Rd Cardiff CF11 6QP

11:30am

How I Breached Your Organisation
Stories from the front lines of a red team

Anthony is the head of Adversary Services at BlackBerry Cylance. He has over a decade of experience in conducting offensive operations and simulated attacks against entities across the globe, from every industry vertical. His alumni includes Mandiant/FireEye, MWR InfoSecurity and NCC Group. Anthony obtained h a BSc/PgD Computer Systems Security at University of Glamorgan before beginning his career and currently resides in Swansea.

Speakers
avatar for Anthony Paimany

Anthony Paimany

Anthony is the head of Adversary Services at BlackBerry Cylance. He has over a decade of experience in conducting offensive operations and simulated attacks against entities across the globe, from every industry vertical. His alumni includes Mandiant/FireEye, MWR InfoSecurity and... Read More →


Saturday September 28, 2019 11:30am - 12:30pm
Track 3 - Cinema Tramshed Clare Rd Cardiff CF11 6QP

12:00pm

I Spy With My Little Eye
How would you feel if you knew it was possible to view every single camera feed of several major DVR Smart camera platforms. You know, the camera you use in your house.

Sometimes it feels we are going backwards in IoT security, we are moving to the age of the "central platform" to avoid opening ports and handling all the connection stuff for ease and extra security. But this approach can and will backfire majorly, if a vulnerability is found on the platform itself. And exploitatopm of that kind of vulnerability means gaining access to a large number of devices.

In this talk we will look at connected smart cameras and show example of multiple simple logic flaws that are found on multiple portals. We will show how manufacturers and developers fall short in different places and how they are practically are giving access to all their cameras to an attacker.

Speakers
avatar for Mike Polydorou

Mike Polydorou

Security Consultant, Pen Test Partners
Mike holds an BSc and M.Eng in Network Management & Security. He is a CHECK Team Leader (infra) and a holds a hand full of Cisco certs. He now works on various hardware engagements and research projects for Pen Test Partners. his hobbies include entering beard contests and hoping... Read More →
avatar for Vangelis Stykas

Vangelis Stykas

Security Consultant, Pen Test Partners
Vangelis Stykas is a backend engineer turned into a pentester. Playing around with bits and bytes for the past 30 years , he has hacked ships,cars and locks. He has a weak spot for breaking APIs and web stuff but hates building them.


Saturday September 28, 2019 12:00pm - 12:30pm
Track 2 - Tramshed Tech Workspace Tramshed Tech, Cardiff CF11, UK

12:30pm

Lunch
Lunch

Saturday September 28, 2019 12:30pm - 1:30pm

1:30pm

Innovation In The Area of Cyber Security Analytics
We will talk about innovation in the area of cyber security analytics - developing machine learning methods to detect and block cyber attacks (e.g. detecting ransomware within 4 seconds of execution and killing the underlying processes). Rather than just focusing on this as a 'black box', I'll pull it apart and talk about how we can use these methods to enable security practitioners (SOC/CIRT etc) to ask and answer questions about 'what' and 'why' these methods are flagging attacks. I'll also talk about resilience of machine learning methods to manipulation and adversarial attacks - how stable these approaches are to diversity and evolution of malware for example. It will be a joint presentation with Matilda Rhode, a cyber security researcher at Cardiff University

Speakers
avatar for Pete Burnap

Pete Burnap

Pete Burnap is Professor of Data Science & Cybersecurity at Cardiff University. He is Director of Cardiff’s NCSC/EPSRC Academic Centre of Excellence in Cyber Security Research (ACE-CSR). He leads AI for cybersecurity research at Airbus DTO on a part-time secondment basis. He has... Read More →


Saturday September 28, 2019 1:30pm - 2:00pm
Track 1 - Main Hall Tramshed Clare Rd Cardiff CF11 6QP

1:30pm

Closed for Business: Taking Down Darknet Markets
Darknet markets come and go for various reasons. Over the last several years we've seen law enforcement take down several of the largest darknet markets to ever exist on the dark web. In a story that involves multi-national cooperation, death and deception, this talk will look at the fascinating story behind Operation Bayonet and the seizure and subsequent takedown of AlphaBay and Hansa. It will also cover the subsequent closure, in April 2019, of the leading darknet market, Dream.

Speakers
avatar for John Shier

John Shier

Senior Security Advisor, Sophos
John Shier is a Senior Security Advisor working in the office of the CTO doing research into all manner of threats and security issues. John is passionate about communicating and popularizing security concepts and technologies to customers, partners, and the public at large in an... Read More →


Saturday September 28, 2019 1:30pm - 2:30pm
Track 2 - Tramshed Tech Workspace Tramshed Tech, Cardiff CF11, UK

1:30pm

GPS Technology Underpins Much of Modern Life
GPS technology underpins much of modern life - it's in every smartphone, modern cars, aeroplanes, ships etc. etc. It's relied upon for navigation, but also timing information to help keep things like mobile networks in sync. Being able to trust what your receiver is telling you is key for logistics, rescue and more importantly pokemon go.

It has long been known that GPS is easy to jam, however it's also been believed to be hard to spoof. With the development of low-cost SDR equipment, spoofing GPS has become feasible for non state-sponsored actors, and reports of spoofed GPS signals have been increasing.

This talk will delve into the detail of how GPS and its competitors Galileo, GLONASS and 北斗卫星导航系统 (BeiDou) work, and how a tiny signal broadcast from a satellite 12,550 miles away can be used to derive accurate position and timing information. I'll review the ways in which this signal can be spoofed to cause equipment to think it's in the wrong place, and possibly at the wrong time. I'll outline some of the things that equipment manufacturers have done to try and counter this, but note there's a lot more to do before advanced attacks stop being practical.

Speakers
avatar for Joel Snape

Joel Snape

I am a security researcher at Nettitude, with a focus on maritime system security. I am fascinated by communication technologies, and the ways they can be broken. In my spare time I sail, cycle and automate my house.


Saturday September 28, 2019 1:30pm - 2:30pm
Track 3 - Cinema Tramshed Clare Rd Cardiff CF11 6QP

2:00pm

A Journey Through MITRE Evaluation
In 2017 MITRE began publicly evaluating Endpoint Detection and Response (EDR) solutions against the ATT&CK Framework to help bring greater transparency to the endpoint security product space. The evaluation process involved simulating real world attacker activity (Empire/Cobalt Strike) performed by APT3 and then measuring the telemetry/alerts generated by each EDR solution.

In this talk I'll share lessons learned from F-Secure Countercept's journey through the evaluation process. I'll discuss the MITRE methodology, internal purple testing for blue teams and the code/rule updates we made to pick up APT3. I'll also discuss how organisations should interpret MITRE results, ways vendors have tried to bend the truth and some of the major limitations of the current evaluation process.

Speakers
avatar for Alex Davies

Alex Davies

Alex is a Senior Security Researcher with over a decade of experience in cyber security and is one of the founding members of the Countercept team. An attacker turned defender, Alex spends his days leading real-world investigations, researching the latest malware and nation state... Read More →


Saturday September 28, 2019 2:00pm - 2:30pm
Track 1 - Main Hall Tramshed Clare Rd Cardiff CF11 6QP

2:30pm

Break
Tea, Coffee and  locally made Welshcakes.
(also, the bar opens - if anyone is interested)

Saturday September 28, 2019 2:30pm - 2:50pm

2:50pm

How To Be A Hardware Criminal - HID Attacks Made With Spit And Tape
HID attacks have been around ever since we started seeing USB keyboards and mice - and that was a long time ago. Mounting a real attack does require some skill, both in hardware and software, or does it? In my experience more, often than not a sophisticated, cyber-laser level attack is a great thing to marvel on, yet criminals tend to prefer simple solutions that just work or a complicated solutions – but not the ones you can buy on the open Internet.

In this talk I give a brief overview of what is a HID, what is a HID a attack, why it is so bad and how we have almost no means of protecting against it, proceed with presenting a working (and unique) malicious keyboard (and a writeup of it, at some point!) and wrap the presentation up with an overview of possible solutions for it. The keyboard part will be a live demo (fingers crossed!).



Speakers
avatar for Meadow Ellis

Meadow Ellis

"Meadow is a next-generation machine-assisted nation-state-sponsored hardware security engineer whose speciality lies in looking at real-life uses of common and not-so-common hardware attack vectors - and the ways we can defend against them. Day to day she gets given black-box devices... Read More →


Saturday September 28, 2019 2:50pm - 3:50pm
Track 1 - Main Hall Tramshed Clare Rd Cardiff CF11 6QP

2:50pm

An overview of Project Ava - Can machine learning be used to complement web penetration testing?
This talk will provide an overview of Project Ava – a 400 day research project that we performed to explore whether machine learning could ever be used to complement web application penetration testing. The research began from ground zero with very little prior knowledge to machine learning and the various techniques that it offers. Over the course of the research we developed four different proofs of concept using different machine learning techniques, each with their own signs of promise and limitation. In addition to exploring neural networks and anomaly detection to uncover SQL injection flaws, we also explored reinforcement learning and use of expert systems to uncover XSS vulnerabilities. During the research we also went off on a brief yet curious tangent exploring use of machine learning in social engineering situations, leveraging the power of Natural Language Processing (NLP) and personality trait analysis in this regard.

This talk will walk through the various phases of our research, what we did, what we learned with some demos along the way. We hope that the talk will help stimulate thought and discussion on the role of machine learning in penetration testing.



Speakers
ML

Matt Lewis

Matt is an experienced Technical Research Director with almost 17 years of experience in cyber security. His specialisms include general security consultancy, scenario-based penetration testing, vulnerability research and development of security testing tools. He studied Computer... Read More →


Saturday September 28, 2019 2:50pm - 3:50pm
Track 2 - Tramshed Tech Workspace Tramshed Tech, Cardiff CF11, UK

3:50pm

Closing
Speakers
avatar for Jack Whitter-Jones

Jack Whitter-Jones

PhD Student, University of South Wales
PhD student in the field of Security Operations and Hourly Paid Lecturer at the University of South Wales.


Saturday September 28, 2019 3:50pm - 4:00pm
Track 1 - Main Hall Tramshed Clare Rd Cardiff CF11 6QP

4:00pm

After Party - CwrwCon
Meet us from 4:15pm at the Tramshed Tech to unwind after a full
day of talks, and drink locally sourced Welsh beer and drinks!
Drop by our stand during the day to chat to the team, solve
puzzles, win prizes and get your pin badge for after-party access!

Sponsors
avatar for F-Secure

F-Secure

F-Secure Consulting is a global, research-led cyber security consultancy. We partner with enterprise organizations to build resilience into their security strategy.We strive to be the easiest cyber security company to work with, delivering exceptional results without fuss. We help... Read More →


Saturday September 28, 2019 4:00pm - 8:00pm
Track 2 - Tramshed Tech Workspace Tramshed Tech, Cardiff CF11, UK

4:00pm

CTF
In partnership with BSides Cymru, Trace Labs will be onsite at the event running the OSINT CTF for Missing Persons. Please note that you must be onsite at BSides Cymru Conference as a conference attendee to participate.
Trace Labs is a Not-For-Profit organization whose mission is to crowdsource the collection of Open Source Intelligence (OSINT) to generate new leads on active missing persons investigations.
The missing persons issue is getting worse and requires modern and scalable solutions at various levels to help mitigate risk to society. These CTF events allow missing persons to receive the attention that is needed early in the search process.
Contestants will be given the opportunity to participate in the CTF as individuals or teams up to 4 people. This CTF is special as it is non theoretical and involves real missing persons. Contestants fo this OSINT CTF will be learning and practising their OSINT skills in the real world with real people. Their efforts will then be submitted to the respective law enforcement whose looking for the subjects.

Exhibitors


Saturday September 28, 2019 4:00pm - 8:00pm
Track 2 - Tramshed Tech Workspace Tramshed Tech, Cardiff CF11, UK