Speakers 2014
After a lot of deliberation we’ve made our speaker choices, we are waiting for confirmation from a few people who will hopefully be added to the list later but here is the selection so far.
If you submitted and haven’t heard from us, please get in touch, we forgot to ask for email addresses on the CFP form so are having trouble tracking a few people down.
Keynote – Javvad and Girl Cynic – 7 steps to unleashing the creative hacker
Children make the best hackers because their brains are not conditioned like most adults. Unfortunately, the education and societal system at large does not nurture or reward these skills. Father and daughter duo Girl Cynic and J4vv4D will share their story on how they combined forces to become an unstoppable creative hacking machine and why these are the skills that will empower future (and current) generations more than anything else.
Grab your popcorn as all will be revealed in a multimedia extravaganza (rated PG) as you’re taken down the 7 steps to tapping into the inner creative hacker for the whole family.
Campbell Murray – Pen tester? Looking to learn a language? Already an experienced coder?
The majority of offensive (and defensive) IT security professionals code to a greater or lesser degree and for a variety of reasons. But which language is the best for the job?
This talk is a four way comparison involving C, Java, Ruby and Python. Based on metrics collected from tool analysis across a variety of common pen testing tasks such as web site spidering and high volume proxy functions this talk presents data analysis and the experiences of the speaker while developing the same tools in multiple languages.
We will also take into account real world functional parameters, such as ease of learning, available training and documentation as well as cross platform environment issues.
If you are a pen tester or looking to learn a coding language this is the talk for you.
This talk presents this information suitable for both a technical and non-technical audience.
freakyclown – Digital Image Forensics
A talk for everyone at every level about what can be found from the photos you post online. It is meant as a scary but light hearted talk on the dangers of posting selfies and fake images onto the internet.
Arron “f1nux” Finon – Finux’s Historical Tour Of IDS Evasion, Insertions, and Other Oddities
Roll up, Roll up, my Lords, Ladies and Gentleman, come see the bizarre and wondrous marvels that the Cirque de Vendeurs Sécurité has to offer. Tales of miracle machines that can see into the future and tell their masters of all the dangers they face. Devices so wise that they can see the very threats of tyrants and evil doers before they’ve even been thought of. Contraptions that possess a mystical sixth sense that can see every footstep and action a would be assailant takes before any deadly blow is delivered. These miracle machines that give defenders a suit of armour that mean the wearer needs no warrior skills in defending their castles. Come see for yourself, and purchase one of the miracle wondrous machines!
Although the above sounds ludicrous and out of place, it isn’t that far fetched from a lot of the literature produced by Network Intrusion Prevention/Detection System vendors. This talk looks at the very long and fruitful history the world of network detection systems has to offer (you’ll be surprised they’re nearly 4 decades old). With a overview of just some of the failings these systems have had over the years, and how these failures shaped their development. At places this talk will be cynical and it won’t win any friends from vendors, but attendees will be given enough background information to understand why detection systems like IDS/IPS can work, but why they’re set to fail all at the same time.
Poor testing and the general acceptance by nearly everyone within the security industry that these systems can’t deliver is only the beginning of their history of fail. I intend to discuss why certain evasion techniques worked, and why they will continue to work until we understand the inherent problems. Consider this talk a historical journey with one eye fixed on the future.
George Nicolaou – Forensics automation
Mobile forensics has been a subject of numerous talks throughout the last few years. There are many proprietary and open-source tools out there that can assist in forensic investigations, but no tool (at least open source) that assists and guides you through the entire process. This presentation is about a new open source toolset, enclosed on a Raspberry Pi device (but not limited to it), dedicated to the forensic acquisition and analysis of mobile devices. The tools that we’ll be releasing on the day of the presentation include a USIM forensic acquisition software, an Android process memory extractor and an initial version of an easy-to-use web based environment that automates acquisition and analysis.
Craig Bird – Network Forensics: the importance of network visibility for security operations.
Industry “best practice” for network security is focused around traditional controls designed to identity and block known threats; this session focuses on the importance of gaining visibility behind existing security controls to provide security analysts with the actionable information required for network security.
This journey will provide an insight to advanced defensive strategies implemented in the most advanced SOC environments and walk through a real world example identifying a previously undetected security breach.
Steve Armstrong – Avoiding the Noob’s pitfalls of Incident Response
With over 8 years in Incident Response (supporting some of the worlds biggest companies), there are few mistakes we have not seen. In this presentation we will look at some of the common ones to prevent you having that #facepalm moment; all examples are based upon real world events.
To help these new IR teams, Logically Secure have developed a FREE Cyber Incident Response Management tool (Cyber Crisis Planning Room or CyberCPR) that will help prevent you repeating many of these mistakes. We will show the latest developments and capabilities of this tool made for Incident Responders by Incident Responders. We will show how the tool can save the IR team time by processing digital evidence automatically. Not just for big enterprises, we will demonstrate how we designed a scalable platform that the ‘sole trader’ security consultant can deploy and look professional from the word go.
Jessica Barker – Never complain, always explain: why we’re leaving users behind
This talk explores some ideas for the cyber security industry to further engage users and improve general awareness and behaviours. Based on primary research and borrowing from sociology and psychology, the talk will cover some traps we often seem to fall into when trying to communicate information security messages.
There is a huge amount of expertise and technical knowledge in the industry and yet we’re failing to change user behaviour in a widespread and meaningful way. Maybe we need to change how we frame the message if we want users to ‘get it’.
Mark Goodwin – Making CSP work for you
CSP is a valuable defence against XSS and other attacks on web applications. This talk provides an introduction to the technology and some hints on overcoming the challenges of using CSP in the real world.
Adam Boulton – The Security Jigsaw
Achieving top quality product security on an international level is a complex and expensive task. Product security is a diverse field which demands a whole host of tactics if you want to continually strive to secure a platform. From identifying issues, all the way to getting them fixed, whilst always driving down security debt is a mammoth task. So, when given a strategic objective of “remain a market leader in security”, and supporting the business to get products out on time, what are you going to do?
David Day – A journey from LulzSec to GoZeus
This is a semi-technical narrative, starting with my involvement performing digital forensics in the LulzSec case (operation Westphalian) with the Police Central eCrime Unit, through to how the National Crime Agency helped disrupt GoZeus (operation Tovar) while I was working as an NCA special. I’ll be discussing some of the digital forensic and network manipulation techniques used, as well as explaining what it’s been like being involved, including both interviewing and being interviewed, by ex LulzSec hacker Mustafa Al-Bassam in a surreal subterranean studio for BBC News Night.
Darren “infodox” Martyn – Python and process injection for everyone!
This talk (Python and process injection for everyone!) is intended to walk the audience through the steps involved in creating a process-injection tool in Python.
It is intended for both programmers and non programmers, and will go through how process injection works, use-cases for process injection for both penetration testing, malware development, and other areas, and hopefully provide a solid basis and some example code for the participants to create their own tools for process memory manipulation. The talk is ideally interactive, with audience participation (be it heckling, calling-out-mistakes, or questions) heavily encouraged, and is suitable for all audiences.