It's time...


Securi-Tay is an information Security conference held by the Ethical Hacking Society at Abertay University. After the sell-out success of Securi-Tay IV this year’s event will run over two days, Friday 26th and Saturday 27th of February. The conference will be held in Abertay University, benefiting from the fantastic transport links to Dundee. As well as transport, Dundee benefits from affordable accommodation in the city centre, as well as a thriving technology community and the reputation for being Scotland’s sunniest city.

The conference is aimed at anyone with an interest in Hacking and Information Security. You don’t need to be a l33t h4x0r to attend and enjoy the event: Securi-Tay V promises to provide a fantastic, worthwhile experience for everyone, new to the scene and conference veteran alike. Both days will feature talks from industry professionals and students as well as some workshops. Lunch will be provided both days and an evening buffet will be provided in the bar after the event on day one.

Sponsors


NCC Group
Tenable
Portcullis
Pentest Limited
BT
Context IS

Schedule


We're happy to announce the schedule for both days of the conference is now available!

The talk schedule is now available as an .ics file!

9-00

Welcome!

Meet us in the foyer of Abertay University and sign in!
There's also free stuff!

The first 100 people to arrive will get a free bacon roll! (or veggie alternative)

60 mins

Foyer

10-00

With worldwide iPhone sales hitting 700 million units worldwide they form 40% of the smartphone market and are the most used phone in the enterprise. Due to the large number of people using Smart phones there is a growing need for mobile forensics. Forensic Analysts are increasingly finding mobile phones to contain a wealth of digital information that includes phone call metadata, Geo locations, SMS messages, digital messages, social media data and much more. This talk will guide you through the process of device acquisition, removing data with and without a user’s pin and the use of the Lockdown certificate. This talk will also cover how data stored locally and in the cloud can be used to gain a full image of a device and data removed for investigation. Details of how to protect IOS devices from this will also be provided. It is becoming increasingly difficult for security services to extract data from devices so they are now employing methods used by forensics in addition to their own in order to retrieve the necessary information.

60 mins

Lecture Theatre 1 (2516)


About Derek Price

Bio coming soon!

nccgroup.trust

11-00

The leaks of Edward Snowden made clear, that intelligence agencies like the NSA are interested in our private conversations. Many people switched to so called “secure messengers” which provide end-to- end encrypted messages which nobody except the sender and the receiver can read. This talk will focus on the security of state of the art secure messengers like Signal, Telegram and Line. We will present theoretical attack vectors as well as practical attacks on some of them like a man-in- the-middle attack on Signal (without SSL certificate pinning). Other attacks will be about attacking local storage, account hijacking possibilities and user enumeration. This talk also covers a comparison between those secure messengers and other messengers like WhatsApp. Elaborating better ways to implement countermeasures against such theoretical and practical attacks, which sometimes are still working, was also part of this research.

60 mins

Lecture Theatre 1 (2516)


About David Wind & Christoph Rottermanner

We are from Austria and we are currently studying in the first Semester Master Information Security at the University of Applied Science in St. Pölten. Before starting the master study, we finished the bachelor at the same university in IT Security. Since one year we work for a company called XSEC (Cross-Sec) in Vienna and mainly perform security audits (penetration tests) of web-applications. David wrote a thesis about man-in-the-middle attacks on TextSecure while Christoph wrote a thesis about secure messaging in general. We both gave a talk about secure messengers this year on international conferences. We are both interested in cryptography and we care about privacy. Thats why we like to encrypt all the things.

We are surrounded by card payments as a part of buying groceries or paying our monthly bills. As much as we hope these payment methods are safe, their inherent complexity as a result of decades of backwards compatibility leads to insecurity instead.

60 mins

Lecture Theatre 2 (2517)


About Henri Watson

Born in California and raised in the Dominican Republic, Henri is a backend web developer who was pushed to payments technologies after observing electronic payments slowly regain a major role in a developing nation that had previously been affected by wide-scale corruption across the finance industry.

12-00

Hop over the road to Abertay Student Union for a bite to eat before the afternoon talks.
Oh, lunch is provided as well by the way!

45 mins

Foyer

12-45

Abstract coming soon...

60 mins

Lecture Theatre 1 (2516)


About Grigorios Fragkos

Dr. Grigorios Fragkos (VP CyberSecurity at Sysnet Global Solutions) is responsible for the ensuring the security of mission critical systems offered by Sysnet to a wide range of high profile clients. Grigorios (aka Greg) has the challenging task of looking towards the emerging Cyber Threats and the future challenges of CyberSecurity by contributing his combined hands-on experience from advanced security services, penetration testing and security research. He has a number of publications in the area of Computer Security and Computer Forensics with active research in CyberSecurity and CyberDefence. His R&D background in Information Security, along with his experience in the CyberDefense department of the military, is invaluable when it comes to safeguarding critical infrastructures and especially for the PCI DSS. Grigorios has been invited to present in a number of security conferences, workshops and summits over the years. Thinking ahead and outside-the-box when dealing with information security challenges is one the key characteristics of his talks.

drgfragkos

Memory forensics has become a cornerstone of security investigations - whether it be Police running forensics on a confiscated machine or an organisation launching a response to a security incident, an image of a suspect device’s hard drive is normally taken as a matter of course.
There is now malware out in the wild which is present only in volatile memory for much of it's lifespan. This presents a whole new set of problems to the forensic process, not least of which are the security systems in place within an OS to control memory access.
This talk covers a project investigating the potential for live monitoring of RAM while a system is running normally. An overview of the challenges of volatile memory analysis will be given, along with the ways these can be overcome. We'll also have a look at any interesting data I've come across during the project which it shouldn't be possible to see normally.

60 mins

Lecture Theatre 2 (2517)


About Peter Cowman

I am a 3rd year Ethical Hacking student at Abertay. I find particular interest where the cyber and real worlds meet, having previously done projects on Industrial Control Systems and Engine Control Units within the remit available without building a power station. I am also a keen programmer.

13-45

In an informal engaging collaborative approach this is Police Scotland highlighting the threat of Serious and Organised Crime gangs (SOCG’s) who are principally eastern European based attacking UK and Scottish industry. This will include DDOS, malware proliferation, ransomware, radicalisation on line Cyber terrorism and social media abuse.

60 mins

Lecture Theatre 1 (2516)


About Eamonn Keane

Detective Inspector Eamonn Keane has worked with the Irish and Scottish Police for 31 years principally in the investigation of terrorism, serious crime, criminal investigation, public protection and community partnership policing. He has served and led on many high profile national cases and in all aspects of criminal enquiries particularly serious and sexual crime investigation, sex offender management and public protection. His current portfolio with the Specialist Crime Division, Cybercrime, Police Scotland, investigates all aspects of serious and organised crime across Scotland with particular emphasis on technology facilitated crime to include malware proliferation, child sexual exploitation, drug supply, paedophilia, cybercrime, ICT facilitated fraud and social network abuse.

The talk will cover three main areas.

  • Looking at the issues with current user oriented access controls (ACL's), and discussing the added benefit of application oriented access controls (PACL's). This is to prevent applications inheritting the privileges of the user that runs them.

  • The Linux Security Module (LSM) framework and how it allows development of additional kernel level security. Current Mandatory Access Controls (MAC) solutions, such as SELinux, use this framework.

  • AppCL LSM - Linux kernel security module built using the LSM framework. I will discuss how AppCL uses the LSM framework to implement an application oriented access control proof of concept. This is the subject of my final year project at Leeds Beckett University, studying BSc (Hons) Computer Forensics and Security.

60 mins

Lecture Theatre 2 (2517)


About James Johnson

Bio coming soon

14-45

Take five! ... or fifteen.

15 mins

Wherever you want!

15-00

Time and time again we hear people (in the community) saying they want to be a network intrusion analyst, incident handler, or work in a SOC with the end goal of working up to being a pen tester in a few years. When you consider the traditional image of defensive security: a SOC, full of analysts staring at screens and answering phones, responding to alerts and not truly understanding the full situation; it quickly becomes clear why people have the mind-set that defensive security is easy and plain straight boring. But is there more to it than that?
In this talk we’ll try to clear up the distinguishable differences between offensive and defensive security, and explore some of the different roles that exist in each. Furthermore, we’ll try to highlight how important different skills are to both offensive and defensive security, but also how they can actually be used to complement each other too. (Improving your offensive skills may just improve your defensive capability too, and vice versa) Most importantly however, we’ll discuss a different image of defensive security, one that attracts people to join, with interesting opportunities, and doesn’t act as a stepping stone into offensive roles as it currently does.

60 mins

Lecture Theatre 1 (2516)


About Matt Watkins & Hamza Beghal

Matt Watkins is a Network Intrusion Analyst at Countercept, and has an interest in both offensive and defensive security. Matt has been involved in the Cyber Security Challenge UK for a number of years, and is a founding member of the alumni group: the Whitehatters Academy. When not at his computer, he’s AFK.
Hamza Beghal is also a Network Intrusion Analyst at Countercept. He graduated a year ago with a degree in Computer Security & Forensics.

BGP is pretty old. It’s also very (very) trusting! This talk examines the current state of the BGP routing protocol and analyses different attack vectors against it. Looking at real life examples of recent BGP attacks, I will be attempting to replicate and demonstrate these attacks inside a virtual network, live, in real-time. Please make a sacrifice to the Demo Gods on your way in!

60 mins

Lecture Theatre 2 (2517)


About Adam Rapley

Ethical Hacker, Web Designer, Artist & Musician.
Spends time hopping on and off planes or playing collections of various sounds. Climbed a couple of hills once. Also built the website you're looking at.

16-00

Virtual machines, jails, and other sandboxing solutions have become a common tool in the malware analysis field. But what happens when malware writers catch on to this trend, and start behaving differently on virtual and bare-metal systems? This talk explores the world of anti-VM tricks, ranging from the common and mundane to some new and novel ideas.

60 mins

Lecture Theatre 1 (2516)


About Graham Sutherland

Graham Sutherland is a penetration tester at Portcullis Computer Security, which was recently acquired by Cisco. He primarily focuses on Windows internals and applications, protocol analysis, and cryptography. Despite succumbing to the Borg, he has returned to Securi-Tay for yet another year. And yes, he still has both of his shoes (for now).

How many times have you been asked to switch your device off and then on again by IT? Well maybe it’s about time we took some of our own medicine. The University on Dundee has been on a journey in pursuit of putting people at the heart of our information security defences. This meant switching off the old perceptions that security was there to hinder the organisation and reinventing information security not only as a discipline, but its meaning and relevance to the people who work and learn at out institution. Graham will guide you through that change, identifying how this has been achieved and the benefits that are being realised as a result both for the organisation but more importantly the personal benefit derived for students and staff.

60 mins

Lecture Theatre 2 (2517)


About Graham McKay

Graham has a strong interest in the human aspects of information security. His belief that the disciplines in which he specialises are people focused establishes 3 key principles which define his consulting engagements:

  • Experience how people operate;
  • Understand how people learn; and
  • Influence their behaviour positively.

Graham leverages his 15 years of information security leadership experience to advise clients on appropriate security postures and resilience capabilities in line with their risk appetites, focusing on business value. A blend of technical skills and business acumen with a deep knowledge of information law including privacy, data protection and information rights, Graham holds the certifications CISM, CRISC, MBCI and PCIP in addition to being a qualified accountant. He has recently graduated from Northumbria University with an LLM in Information Rights Law and Practice where he his dissertation on the application of data protection regulations in the cloud computing landscape including cross jurisdictional boundary challenges received a distinction.

17-00

8 security lessons from 8bit games

What can Space Invaders teach us about understanding attack path? Mario about defending your users that are the weakest link? Even Pac Man about focusing on the right goals? Join Gavin Millard, EMEA Technical Director of Tenable, who will explore the lessons to be learned from the games many of us played years ago that are still valid in the reduction of security risks within all of our infrastructures.

Key takeaways from the speech will include:

  • How to game the system to get a high score in security.
  • How to gain insight into the attack path used by hackers to gain access to your data.
  • What cheats can be used to reduce the risk of data loss.

60 mins

Lecture Theatre 1 (2516)


About Gavin Millard

Bio coming soon!

tenable.com

18-00

Just a couple of words before the...

30 mins

Lecture Theatre 1 (2516)

18-30

Sponsored by Portcullis, join us in the union for a few(?) drinks and lots of awesome chat!

???

Abertay Student Union

11-30

Day two... Let's go!

30 minutes

Abertay Student Union

12-00

Over the last 12 months, phishing attacks have become a significant part of the testing landscape. As part of Portcullis’ efforts in this space, Tim has spent the last 12 months building out a phishing infrastructure capable of supporting multiple simultaneous campaigns and enabling Portcullis’ CBEST testers to accurately recreate the threat models so often exploited by our adversaries. This talk takes in our discoveries along the way, from the “0day” tricks we’ve found to successfully deliver successful campaigns to some of the tools we currently use to implement them. #ansible #containers #redis

60 mins

Lecture Theatre 1 (2516)


About Tim Brown

Tim Brown has been working as an senior information security consultant at Portcullis for over 10 years, having previously worked in financial institutions and telcos. He has well over 100 vulnerabilities credited to his name having broken all manner of interesting technologies. He likes Perl

My talk will begin with a brief review of the basics of non-quantum computers, then move on to how a QC works and the differences between the 2 types of machine. There will be a (VERY brief) look at the maths behind QM in general and QCs in particular. I'll talk about the basic logic gates of a QC, along with an idea behind how they function in terms of the density-matrix and operations on the qubit space. We'll then move on a rundown of RSA, why it's safe (assuming the NSA haven't broken it) and why it may not be if we get a proper QC up and running (Shor's algorithm/integer factorisation). We'll see how we can use a QC to securely exchange information, with the additional advantage of knowing whether anyone's tried to break the encryption.We'll also look at the current real world attempts at building a QC, and the limitations of them.

My research for this talk is mainly from standard physics textbooks/articles. It's supposed to be an introduction for those who haven't studied maths/physics in any significant detail but still think a quantum computer is a cool idea.

60 mins

Lecture Theatre 2 (2517)


About Will Dixon

I'm a 4th year physicist at Durham University. While my degree isn't directly related to computers/computer security, I've cultivated a strong side interest. I care more about the mathsy/theoretical end of infosec, so stuff like cryptography (and clever ways around it). Quantum computing and information theory has been a burgeoning interest of mine since I started studying it last year, and I'm hoping I can get across how cool it is without resorting to pretty maths (though it is pretty I swear!).

13-00

DLLs have been the spine of the Windows architecture since the early 90s, so it's no surprise that vulnerabilities have been found in their implementation. DLL Hijacking, or preloading attacks are severe vulnerabilities which have reared their heads many times over the last 18 years.

This talk will (hopefully) explain the mechanics of the attack, examples of its use in the wild, and a review of the countermeasures created for them - and more importantly, their limitations.

60 mins

Lecture Theatre 1 (2516)


About Keith Learmonth

Bio coming soon...

Following the success of last year’s Lightning Track, we’re bringing it back again this year. Only this time it’s bigger and better!

Starting from 1300 on the second day, there will be the oportunity to present lightning talks on Track Two in the hour slots before and after lunch.

Talks can be as long as you like (up to a maximum of 15 minutes).

Submissions for lightning talks will be open until the end of day one and signup will be available in the foyer!
See you there!

60 mins

Lecture Theatre 2 (2517)

14-00

Hop over the road to Abertay Student Union for a bite to eat before the afternoon talks.
Oh, lunch is provided as well by the way!

45 mins

Abertay Student Union

14-45

GreatFET is a new open source hardware hacking platform. With all the usual interfaces such as SPI, JTAG, I2C, UART, USB, etc and the ability to implement more in firmware, GreatFET is a versatile tool for anyone who enjoys voiding warranties.

GreatFET can also be expanded using add-on boards known as "neighbors". With plenty of I/O, there are near limitless possibilities to build security related USB devices - inline ethernet packet sniffers, USB MITM devices, IoT radio dongles, SDR peripherals, etc

This presentation will focus on the GreatFET hardware, firmware and tools for using the low level interfaces; including live demos. I'll also show some of the neighbour boards that we've already begun to design.

60 mins

Lecture Theatre 1 (2516)


About Dominic Spill

Dominic has been building packet sniffers and open source tools since 2007. He works for Great Scott Gadgets writing software and firmware for open hardware platforms such as Ubertooth, HackRF and Daisho. He also works on personal projects such as USBProxy and FCC.io, and helps to organise EMF Camp.

The lightning track continues after lunch!

60 mins

Lecture Theatre 2 (2517)

15-45

You can't have helped seeing the rise of containerization in general and Docker specifically in the last year’s tech press. From reading articles on the subject it's easy to be left confused about whether Docker is the greatest thing since sliced bread or a pile of buzzwords that doesn't solve any real problems. This talk will take you through what docker actually means from a security perspective, how it can be used and misused and how it might be useful to make your life a bit easier.

60 mins

Lecture Theatre 1 (2516)


About Rory McCune

Rory is currently a managing consultant with NCC Group. He has worked in the Information and IT Security arena for the last 15 years with roles in consultancy and financial services. His current role focuses on technical security testing and application security specifically. He is an active member of the Information security community in Scotland and regularly presents at IT and Security related conferences.

Over the years SCADA systems has been a rich target for attackers due to flaws in its design as well as implementations. It is a tempting target because if compromised, it can put lifes in danger. In this talk, I will demonstrate how electrical SCADA grid is built, what kind of vulnerabilities can be expected and what is the future of it. We will explore various protocols stacks, network deamons and how it is all connected. Some bugs will be mentioned and some simple exploits shown.

60 mins

Lecture Theatre 2 (2517)


About Jerzy Kramarz

Jerzy Kramarz is a managing security consultant at Portcullis Computer Security. He has over 5 years of experience in the security, pentesting and brave client management. He enjoys protocol fuzzing and playing with python code.

_op7ic_

op7ic

16-45

Just a couple of shorter words before the...

15 mins

Lecture Theatre 1 (2516)

17-00

Join us again in the union for a few more drinks and more awesome chat!

???

Abertay Student Union

Tickets


Tickets are now sold out!
More may become available if anyone refunds their ticket, however no more will be made available from us. Any refunded tickets will be instantly available to purchase from EventBrite.

EventBrite Page