BSides Basingstoke 2023

Too many phishing training programmes focus on the wrong thing. Marketing metrics, celebrating tricking users, and telling them not to do their job. Traditional phishing simulations can make your staff less secure. Why are we penalising staff for doing their jobs? Why are we undermining trust in security teams? I'll dive into the behaviours we want our staff to have and why there is a mismatch between these and how most people run phishing simulations. This talk seeks to help you reconsider how you view phishing awareness so you can truly help protect your staff.

—————————

Rebecca has spent over a decade designing and delivering training. Her experience in complex behavioural training allows for an innovative approach to designing security awareness programmes and accompanying metrics. Using her varied experience she is able to identify and track areas of high human risk and design suitable mitigations and metrics to measure efficacy in order to reduce these risks. One of her key areas of interest is phishing and how best to protect the everyday user from attack.

The pesky CL0P ransomware group have done it again. They've attacked hundreds of organizations using another File Transfer System exploit. It's time to analyze what this group has been up to recently and why they've decided to ditch encryption in favour of data-theft-extortion.

—————————

Will Thomas is a prominent cybersecurity researcher who has had his work featured by several well known publications such as The Telegraph, VICE, CyberScoop, BleepingComputer, TheRegister, Mircrosoft, VirusTotal, and more. Currently a CTI researcher and threat hunter at the Equinix Threat Analysis Center (ETAC), he has previously appeared on Darknet Diaries, spoken at multiple conferences, contributor to the MITRE ATT&CK framework, and is the co-author of the SANS FOR589: Cybercrime Intelligence course.

This talk is about reverse engineering the end of life Cisco SPA112 device (and its friends) in order to figure out how to exploit CVE-2023-20126 and develop a reliable remote exploit, payload, and toolkit for remotely flashing its firmware to achieve a permanent foothold on target networks.

—————————

Darren is a hacker based on a damp rock in the atlantic who spends their time looking after an extremely good looking cat and finding bugs.

We will introduce a robust approach to detect network beaconing across DNS, SSL, and HTTP using Zeek logs. We will start by analyzing patterns exhibited by C2 frameworks such as Meterpreter, Empire, Sliver, or Caldera. The wide range of observed behaviors will motivate a machine learning approach that consists in a) generating synthetic data that accounts for different beaconing frequencies, jittering, and latencies, and b) training a Convolutional Neural Network that analyzes the intervals between activities. Finally, we will showcase real-world detections and equip the audience with all the tools needed to apply the approach to their data.

—————————

I am lucky to work as a data scientist at Corelight with the creators and maintainers of Zeek, the open source network security monitoring tool. My focus is to use machine learning to solve network security challenges (and there are quite a few!). I am interested in building systems that can put machine learning to use, threat detection and pentesting. Before Corelight, I worked at PatternEx, an early stage AI startup focused on threat detection. In another life, I was a researcher at CSAIL, MIT and received my PhD in computer science from Universidad Complutense in 2013.

The Defence Science and Technology Laboratory are finally out in force to support our local BSides. We’re bringing a little piece of WWII history to show off as a celebration of all things crypto and cyber – the story of breaking the Enigma code is the starting point for so much of the infosec and reverse engineering industries today. But who are Dstl? What do we do? Why do we have an Enigma machine? How does it work? Listen in and all will be revealed.

—————————

Ben is a Principal Engineer at Dstl with 15 years’ experience delivering the best of science and technology research into bespoke engineering solutions for the Defence and Security of the UK. As the Group Principal for the Cyber Solutions Group with a remit of building and stewarding the cyber engineering capability, Ben has previously worked in digital forensics, penetration testing, vulnerability research, software development, systems engineering, and still hasn’t entirely decided what to be when he grows up.

For the 2022 Pwn2Own contest Interrupt Labs exploited an office printer and even made it play our favourite film Hackers. We'll share the complete process so you get an inside view on how P2O contest entries work, from extracting and reverse engineering of the firmware through to exploitation and having some fun streaming videos with shellcode.

—————————

Toby (he/him) is a senior vulnerability researcher at Interrupt Labs where he leads a small team finding bugs in difficult but interesting targets. In the past he both has and hasn't found bugs in a range of targets like webservers, phones, antivirus, hypervisors, banking software, network hardware and things that go bang really loud.

A breakdown of the process of identifying, understanding, and exploiting a vulnerability in Half Life.

—————————

Ryan is a cyber security consultant working for JUMPSEC, with a keen interest in vulnerability research and exploit development.

Red Teaming is a popular cybersecurity concept that involves simulating a real-world attack against an organization in order to demonstrate the potential attack chains malicious actors may use as part of an attack. While many security testers are eager to engage in this kind of work, the reality is that not all companies need, or are ready, for a Red Team assessment. Instead, companies should focus on security basics and hygiene to improve their overall security posture.

—————————

An enthusiastic and determined individual, Dan has spent over a decade working in the cyber security industry. When not delivering security consultancy services or training, Dan enjoys focussing on community outreach programs that teach students the skills needed to join the industry as well as working with military veterans transitioning into a civilian career in cyber security.

At DefCon in 2018 I was convinced to quit my job and head up security at a new company. We are the worlds leading anti-piracy company for broadcasters. My job is to protect companies against highly motivated threat actors. This talk is about a range of security incidents and what we can learn from them.

—————————

Pete Neve is a hacker with a strong background in information security. Currently serving as the Head of Information Security at Synamedia in the United Kingdom, Pete holds multiple certifications including CISSP, CEH, and SABSA Chartered Business Security Architect. With over a decade of experience, he has held key leadership positions, including Information Security Manager at Synamedia and Information Security Consultant at Arqiva. Pete's experience includes collaborating with the NCSC as part of the NSIE group protecting Critical National Infrastructure, and working with prominent organizations such as Cisco, Vodafone, and BT. His technical proficiency spans various domains, including system architecture, network security, ethical hacking, and data protection.