BSides London 2015

Posted on Posted in SecConf

Launched in mid-2009, Security B-Sides is a community-driven event built for and by information security community members.

The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is where conversations for the next-big-thing are happening and the Security B-Sides London team is bringing this back to London.

The volunteers for Security B-Sides London were inspired by the framework of the original Security B-Sides event in the USA, and have worked together to bring this to the UK.

Security B-Sides events are free, community events organised by local individuals, with the express goal of enabling a platform for information dissemination.


As cyber-attacks become have become sophisticated and prevalent, it is key that penetration testing evolves accordingly to continue to add value to the organisations that use it as a key security control. Utilising threat intelligence and OSINT as the scoping tools to make a penetration test bespoke, relevant and realistic to our clients is something that BAE Systems is currently focussing on. Part of our approach involves collecting, repurposing and mimicking real attack toolkits and techniques that are attributed to threat actors that we have collected through our Threat intelligence and incident response work. The focus of this presentation is how to use both general threat intelligence and recovered attack toolkits to define and deliver this type of highly focussed testing. It will use references to examples of tool repositories we have access to, malware we have reverse engineered and tools we have written to replicate real attacks. The audience should leave the presentation with an understanding of the process of turning a threat intelligence report into a set of actionable tests, that emulate the behaviour of distinct attack groups and tools and how they might apply this to future STAR and intelligence led penetration testing assignments.

To truly make a difference in infosec, our industry needs to better understand the people using technology and systems: what they’re worried about and scared of, and what motivates their behaviours. Combining primary research which explores how the average user feels about cyber security and how this drives their behaviour, with sociological and psychological theory, this talk addresses the most crucial, and weakest, link in infosec: the human factor. This analysis allows us to better understand why behaviours aren’t improving, despite far greater media reporting, and general awareness, of online threats. The talk outlines what we can do to engage with users in a more effective and positive way to change behaviours for the better.

WiFi networks are commonly plagued by two serious issues: i) management frames can be easily forged and ii) wireless devices tend to automatically connect to the Access Point with the best signal. The Evil Twin and Karma attacks exploit the above issues, allowing attackers to perform man-in-the-middle and phishing attacks. This presentation will introduce wifiphisher (, an open-source tool that automates the process of launching WiFi phishing attacks. Wifiphisher comes with a set of community-built templates for different phishing scenarios. The presentation will explain in detail how WiFi phishing attacks work. It will also explain the reasons behind the success rate of these attacks, showing how different Operating Systems (and users in different environments) react during these attacks. Finally, countermeasures will be discussed that could limit the exposure to such attacks for individuals and organizations.

The engineering industry has been traditionally slow to adopt security, with the woeful state of ICS/SCADA systems as a prime example. This talk will discuss glaring holes in the Automated Dependant Surveillance – Broadcast system on aircraft, and how these can be used to cause aerial mayhem. Mitigations and defenses will also be discussed.

Elliptic Curve Cryptography (ECC) is hot. Far better scalable than traditional encryption, more and more data and networks are being protected using ECC. Not many people know the gory details of ECC though, which given its increasing prevalence is a very bad thing. In this presentation I will turn all members of the audience into ECC experts who will be able to implement the relevant algorithms and also audit existing implementations to find weaknesses or backdoors. Actually, I won’t. To fully understand ECC to a point where you could use it in practice, you would need to spend years inside university lecture rooms to study number theory, geometry and software engineering. And then you can probably still be fooled by a backdoored implementation. What I will do, however, is explain the basics of ECC. I’ll skip over the gory maths (it will help if you can add up, but that’s about the extent of it) and explain how this funny thing referred to as “point addition on curves” can be used to exchange a secret code between two entities over a public connection. I will also explain how the infamous backdoor in Dual_EC_DRGB (a random number generator that uses the same kind of maths) worked. At the end of the presentation, you’ll still not be able to find such backdoors yourselves and you probably realise you never will. But you will be able to understand articles about ECC a little better. And, hopefully, you will be convinced it is important that we educate more people to become ECC-experts.

When speed and latency counts, there is no place for standard HTTP/SSL stack and a wise head comes up with a proprietary network protocol. How to deal with embedded software or thick clients using protocols with no documentation at all? Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. However, when you dive inside this traffic and reverse-engineer the communication inside, you are there. Welcome to the world full of own cryptography, revertible hash algorithms and no access control at all. We would like to present our approach and a short guideline how to reverse engineer proprietary protocols. To demonstrate, we will show you few case-studies, which in our opinion are a quintessence of “”security by obscurity”” – the most interesting examples from real-life financial industry software, which is a particularly risky business regarding security.

DarkComet is A Remote Access Trojan that has been around for a while. It has been used by script kiddies and nation states alike. It is no longer in active development and It is well documented and understood. So why would you be interested in me talking to you about this bit of malware? Because it has an vulnerability and a public exploit that can tell you a lot about the attackers campaign. How many machines has he infected, where are the infected hosts, what information has he stolen from these machines? Taking the exploit one step further and adding a little imagination and forensics knowledge we can start to identify the attacker himself. Identifying the IP and domain is easy and will give you some info. But what if you could get his daily email address, Facebook details, favourite coffee shop, local library, copy of his CV and if you are really lucky a txt file containing all the credentials for his remote exploit sites and FTP dumps. This presentation is not going to look at the deep technical aspects of the exploit instead it will start with the defensive posture against dark comet and extract some key information from an attack against you. Finishing with a case study showing what information can be extracted from the attacker.

Security has been trying to catch up with technology all this time, but the gap may well be increasing, particularly with the growth of consumer devices and the Internet of Things. The reason has to do with delegation and proxy activities online. Current IAM models are no match for the real world of legal, fiduciary and minor representation. In this keynote, we’ll talk about what needs to change so that both security and privacy are truly available to all members of society.

Quelle: BSides London