Securi-Tay is an information Security conference held by the Ethical Hacking Society at Abertay University. After the sell-out success of Securi-Tay IV this year’s event will run over two days, Friday 26th and Saturday 27th of February. The conference will be held in Abertay University, benefiting from the fantastic transport links to Dundee. As well as transport, Dundee benefits from affordable accommodation in the city centre, as well as a thriving technology community and the reputation for being Scotland’s sunniest city.
The conference is aimed at anyone with an interest in Hacking and Information Security. You don’t need to be a l33t h4x0r to attend and enjoy the event: Securi-Tay V promises to provide a fantastic, worthwhile experience for everyone, new to the scene and conference veteran alike. Both days will feature talks from industry professionals and students as well as some workshops. Lunch will be provided both days and an evening buffet will be provided in the bar after the event on day one.
We're happy to announce the schedule for both days of the conference is now available!
The talk schedule is now available as an .ics file!
9-00
Welcome!
Meet us in the foyer of Abertay University and sign in!
There's also free stuff!
The first 100 people to arrive will get a free bacon roll! (or veggie alternative)
60 mins
Foyer
10-00
With worldwide iPhone sales hitting 700 million units worldwide they form 40% of the smartphone market and are the most used phone in the enterprise. Due to the large number of people using Smart phones there is a growing need for mobile forensics. Forensic Analysts are increasingly finding mobile phones to contain a wealth of digital information that includes phone call metadata, Geo locations, SMS messages, digital messages, social media data and much more. This talk will guide you through the process of device acquisition, removing data with and without a user’s pin and the use of the Lockdown certificate. This talk will also cover how data stored locally and in the cloud can be used to gain a full image of a device and data removed for investigation. Details of how to protect IOS devices from this will also be provided. It is becoming increasingly difficult for security services to extract data from devices so they are now employing methods used by forensics in addition to their own in order to retrieve the necessary information.
60 mins
Lecture Theatre 1 (2516)
11-00
The leaks of Edward Snowden made clear, that intelligence agencies like the NSA are interested in our private conversations. Many people switched to so called “secure messengers” which provide end-to- end encrypted messages which nobody except the sender and the receiver can read. This talk will focus on the security of state of the art secure messengers like Signal, Telegram and Line. We will present theoretical attack vectors as well as practical attacks on some of them like a man-in- the-middle attack on Signal (without SSL certificate pinning). Other attacks will be about attacking local storage, account hijacking possibilities and user enumeration. This talk also covers a comparison between those secure messengers and other messengers like WhatsApp. Elaborating better ways to implement countermeasures against such theoretical and practical attacks, which sometimes are still working, was also part of this research.
60 mins
Lecture Theatre 1 (2516)
We are from Austria and we are currently studying in the first Semester Master Information Security at the University of Applied Science in St. Pölten. Before starting the master study, we finished the bachelor at the same university in IT Security. Since one year we work for a company called XSEC (Cross-Sec) in Vienna and mainly perform security audits (penetration tests) of web-applications. David wrote a thesis about man-in-the-middle attacks on TextSecure while Christoph wrote a thesis about secure messaging in general. We both gave a talk about secure messengers this year on international conferences. We are both interested in cryptography and we care about privacy. Thats why we like to encrypt all the things.
We are surrounded by card payments as a part of buying groceries or paying our monthly bills. As much as we hope these payment methods are safe, their inherent complexity as a result of decades of backwards compatibility leads to insecurity instead.
60 mins
Lecture Theatre 2 (2517)
Born in California and raised in the Dominican Republic, Henri is a backend web developer who was pushed to payments technologies after observing electronic payments slowly regain a major role in a developing nation that had previously been affected by wide-scale corruption across the finance industry.
12-00
Hop over the road to Abertay Student Union for a bite to eat before the afternoon talks.
Oh, lunch is provided as well by the way!
45 mins
Foyer
12-45
Abstract coming soon...
60 mins
Lecture Theatre 1 (2516)
Dr. Grigorios Fragkos (VP CyberSecurity at Sysnet Global Solutions) is responsible for the ensuring the security of mission critical systems offered by Sysnet to a wide range of high profile clients. Grigorios (aka Greg) has the challenging task of looking towards the emerging Cyber Threats and the future challenges of CyberSecurity by contributing his combined hands-on experience from advanced security services, penetration testing and security research. He has a number of publications in the area of Computer Security and Computer Forensics with active research in CyberSecurity and CyberDefence. His R&D background in Information Security, along with his experience in the CyberDefense department of the military, is invaluable when it comes to safeguarding critical infrastructures and especially for the PCI DSS. Grigorios has been invited to present in a number of security conferences, workshops and summits over the years. Thinking ahead and outside-the-box when dealing with information security challenges is one the key characteristics of his talks.
drgfragkos
Memory forensics has become a cornerstone of security investigations - whether it be Police running forensics on a confiscated machine or an organisation launching a response to a security incident, an image of a suspect device’s hard drive is normally taken as a matter of course.
There is now malware out in the wild which is present only in volatile memory for much of it's lifespan. This presents a whole new set of problems to the forensic process, not least of which are the security systems in place within an OS to control memory access.
This talk covers a project investigating the potential for live monitoring of RAM while a system is running normally. An overview of the challenges of volatile memory analysis will be given, along with the ways these can be overcome. We'll also have a look at any interesting data I've come across during the project which it shouldn't be possible to see normally.
60 mins
Lecture Theatre 2 (2517)
I am a 3rd year Ethical Hacking student at Abertay. I find particular interest where the cyber and real worlds meet, having previously done projects on Industrial Control Systems and Engine Control Units within the remit available without building a power station. I am also a keen programmer.
13-45
In an informal engaging collaborative approach this is Police Scotland highlighting the threat of Serious and Organised Crime gangs (SOCG’s) who are principally eastern European based attacking UK and Scottish industry. This will include DDOS, malware proliferation, ransomware, radicalisation on line Cyber terrorism and social media abuse.
60 mins
Lecture Theatre 1 (2516)
Detective Inspector Eamonn Keane has worked with the Irish and Scottish Police for 31 years principally in the investigation of terrorism, serious crime, criminal investigation, public protection and community partnership policing. He has served and led on many high profile national cases and in all aspects of criminal enquiries particularly serious and sexual crime investigation, sex offender management and public protection. His current portfolio with the Specialist Crime Division, Cybercrime, Police Scotland, investigates all aspects of serious and organised crime across Scotland with particular emphasis on technology facilitated crime to include malware proliferation, child sexual exploitation, drug supply, paedophilia, cybercrime, ICT facilitated fraud and social network abuse.
The talk will cover three main areas.
60 mins
Lecture Theatre 2 (2517)
Bio coming soon
14-45
Take five! ... or fifteen.
15 mins
Wherever you want!
15-00
Time and time again we hear people (in the community) saying they want to be a network intrusion analyst, incident handler, or work in a SOC with the end goal of working up to being a pen tester in a few years. When you consider the traditional image of defensive security: a SOC, full of analysts staring at screens and answering phones, responding to alerts and not truly understanding the full situation; it quickly becomes clear why people have the mind-set that defensive security is easy and plain straight boring. But is there more to it than that?
In this talk we’ll try to clear up the distinguishable differences between offensive and defensive security, and explore some of the different roles that exist in each. Furthermore, we’ll try to highlight how important different skills are to both offensive and defensive security, but also how they can actually be used to complement each other too. (Improving your offensive skills may just improve your defensive capability too, and vice versa) Most importantly however, we’ll discuss a different image of defensive security, one that attracts people to join, with interesting opportunities, and doesn’t act as a stepping stone into offensive roles as it currently does.
60 mins
Lecture Theatre 1 (2516)
Matt Watkins is a Network Intrusion Analyst at Countercept, and has an interest in both offensive and defensive security. Matt has been involved in the Cyber Security Challenge UK for a number of years, and is a founding member of the alumni group: the Whitehatters Academy. When not at his computer, he’s AFK.
Hamza Beghal is also a Network Intrusion Analyst at Countercept. He graduated a year ago with a degree in Computer Security & Forensics.
BGP is pretty old. It’s also very (very) trusting! This talk examines the current state of the BGP routing protocol and analyses different attack vectors against it. Looking at real life examples of recent BGP attacks, I will be attempting to replicate and demonstrate these attacks inside a virtual network, live, in real-time. Please make a sacrifice to the Demo Gods on your way in!
60 mins
Lecture Theatre 2 (2517)
Ethical Hacker, Web Designer, Artist & Musician.
Spends time hopping on and off planes or playing collections of various sounds.
Climbed a couple of hills once. Also built the website you're looking at.
16-00
Virtual machines, jails, and other sandboxing solutions have become a common tool in the malware analysis field. But what happens when malware writers catch on to this trend, and start behaving differently on virtual and bare-metal systems? This talk explores the world of anti-VM tricks, ranging from the common and mundane to some new and novel ideas.
60 mins
Lecture Theatre 1 (2516)
Graham Sutherland is a penetration tester at Portcullis Computer Security, which was recently acquired by Cisco. He primarily focuses on Windows internals and applications, protocol analysis, and cryptography. Despite succumbing to the Borg, he has returned to Securi-Tay for yet another year. And yes, he still has both of his shoes (for now).
How many times have you been asked to switch your device off and then on again by IT? Well maybe it’s about time we took some of our own medicine. The University on Dundee has been on a journey in pursuit of putting people at the heart of our information security defences. This meant switching off the old perceptions that security was there to hinder the organisation and reinventing information security not only as a discipline, but its meaning and relevance to the people who work and learn at out institution. Graham will guide you through that change, identifying how this has been achieved and the benefits that are being realised as a result both for the organisation but more importantly the personal benefit derived for students and staff.
60 mins
Lecture Theatre 2 (2517)
Graham has a strong interest in the human aspects of information security. His belief that the disciplines in which he specialises are people focused establishes 3 key principles which define his consulting engagements:
Graham leverages his 15 years of information security leadership experience to advise clients on appropriate security postures and resilience capabilities in line with their risk appetites, focusing on business value. A blend of technical skills and business acumen with a deep knowledge of information law including privacy, data protection and information rights, Graham holds the certifications CISM, CRISC, MBCI and PCIP in addition to being a qualified accountant. He has recently graduated from Northumbria University with an LLM in Information Rights Law and Practice where he his dissertation on the application of data protection regulations in the cloud computing landscape including cross jurisdictional boundary challenges received a distinction.
17-00
What can Space Invaders teach us about understanding attack path? Mario about defending your users that are the weakest link? Even Pac Man about focusing on the right goals? Join Gavin Millard, EMEA Technical Director of Tenable, who will explore the lessons to be learned from the games many of us played years ago that are still valid in the reduction of security risks within all of our infrastructures.
Key takeaways from the speech will include:
60 mins
Lecture Theatre 1 (2516)
18-00
Just a couple of words before the...
30 mins
Lecture Theatre 1 (2516)
18-30
Sponsored by Portcullis, join us in the union for a few(?) drinks and lots of awesome chat!
???
Abertay Student Union
11-30
Day two... Let's go!
30 minutes
Abertay Student Union
12-00
Over the last 12 months, phishing attacks have become a significant part of the testing landscape. As part of Portcullis’ efforts in this space, Tim has spent the last 12 months building out a phishing infrastructure capable of supporting multiple simultaneous campaigns and enabling Portcullis’ CBEST testers to accurately recreate the threat models so often exploited by our adversaries. This talk takes in our discoveries along the way, from the “0day” tricks we’ve found to successfully deliver successful campaigns to some of the tools we currently use to implement them. #ansible #containers #redis
60 mins
Lecture Theatre 1 (2516)
Tim Brown has been working as an senior information security consultant at Portcullis for over 10 years, having previously worked in financial institutions and telcos. He has well over 100 vulnerabilities credited to his name having broken all manner of interesting technologies. He likes Perl
My talk will begin with a brief review of the basics of non-quantum computers, then move on to how a QC works and the differences between the 2 types of machine. There will be a (VERY brief) look at the maths behind QM in general and QCs in particular. I'll talk about the basic logic gates of a QC, along with an idea behind how they function in terms of the density-matrix and operations on the qubit space. We'll then move on a rundown of RSA, why it's safe (assuming the NSA haven't broken it) and why it may not be if we get a proper QC up and running (Shor's algorithm/integer factorisation). We'll see how we can use a QC to securely exchange information, with the additional advantage of knowing whether anyone's tried to break the encryption.We'll also look at the current real world attempts at building a QC, and the limitations of them.
My research for this talk is mainly from standard physics textbooks/articles. It's supposed to be an introduction for those who haven't studied maths/physics in any significant detail but still think a quantum computer is a cool idea.
60 mins
Lecture Theatre 2 (2517)
I'm a 4th year physicist at Durham University. While my degree isn't directly related to computers/computer security, I've cultivated a strong side interest. I care more about the mathsy/theoretical end of infosec, so stuff like cryptography (and clever ways around it). Quantum computing and information theory has been a burgeoning interest of mine since I started studying it last year, and I'm hoping I can get across how cool it is without resorting to pretty maths (though it is pretty I swear!).
13-00
DLLs have been the spine of the Windows architecture since the early 90s, so it's no surprise that vulnerabilities have been found in their implementation. DLL Hijacking, or preloading attacks are severe vulnerabilities which have reared their heads many times over the last 18 years.
This talk will (hopefully) explain the mechanics of the attack, examples of its use in the wild, and a review of the countermeasures created for them - and more importantly, their limitations.
60 mins
Lecture Theatre 1 (2516)
Bio coming soon...
Following the success of last year’s Lightning Track, we’re bringing it back again this year. Only this time it’s bigger and better!
Starting from 1300 on the second day, there will be the oportunity to present lightning talks on Track Two in the hour slots before and after lunch.
Talks can be as long as you like (up to a maximum of 15 minutes).
Submissions for lightning talks will be open until the end of day one and signup will be available in the foyer!
See you there!
60 mins
Lecture Theatre 2 (2517)
14-00
Hop over the road to Abertay Student Union for a bite to eat before the afternoon talks.
Oh, lunch is provided as well by the way!
45 mins
Abertay Student Union
14-45
GreatFET is a new open source hardware hacking platform. With all the usual
interfaces such as SPI, JTAG, I2C, UART, USB, etc and the ability to implement
more in firmware, GreatFET is a versatile tool for anyone who enjoys voiding
warranties.
GreatFET can also be expanded using add-on boards known as "neighbors". With
plenty of I/O, there are near limitless possibilities to build security related
USB devices - inline ethernet packet sniffers, USB MITM devices, IoT radio
dongles, SDR peripherals, etc
This presentation will focus on the GreatFET hardware, firmware and tools for
using the low level interfaces; including live demos. I'll also show some of the
neighbour boards that we've already begun to design.
60 mins
Lecture Theatre 1 (2516)
Dominic has been building packet sniffers and open source tools since 2007. He works for Great Scott Gadgets writing software and firmware for open hardware platforms such as Ubertooth, HackRF and Daisho. He also works on personal projects such as USBProxy and FCC.io, and helps to organise EMF Camp.
The lightning track continues after lunch!
60 mins
Lecture Theatre 2 (2517)
15-45
You can't have helped seeing the rise of containerization in general and Docker specifically in the last year’s tech press. From reading articles on the subject it's easy to be left confused about whether Docker is the greatest thing since sliced bread or a pile of buzzwords that doesn't solve any real problems. This talk will take you through what docker actually means from a security perspective, how it can be used and misused and how it might be useful to make your life a bit easier.
60 mins
Lecture Theatre 1 (2516)
Rory is currently a managing consultant with NCC Group. He has worked in the Information and IT Security arena for the last 15 years with roles in consultancy and financial services. His current role focuses on technical security testing and application security specifically. He is an active member of the Information security community in Scotland and regularly presents at IT and Security related conferences.
Over the years SCADA systems has been a rich target for attackers due to flaws in its design as well as implementations. It is a tempting target because if compromised, it can put lifes in danger. In this talk, I will demonstrate how electrical SCADA grid is built, what kind of vulnerabilities can be expected and what is the future of it. We will explore various protocols stacks, network deamons and how it is all connected. Some bugs will be mentioned and some simple exploits shown.
60 mins
Lecture Theatre 2 (2517)
Jerzy Kramarz is a managing security consultant at Portcullis Computer Security. He has over 5 years of experience in the security, pentesting and brave client management. He enjoys protocol fuzzing and playing with python code.
_op7ic_
op7ic
16-45
Just a couple of shorter words before the...
15 mins
Lecture Theatre 1 (2516)
17-00
Join us again in the union for a few more drinks and more awesome chat!
???
Abertay Student Union
Tickets are now sold out!
More may become available if anyone refunds their ticket, however no more will be made available from us. Any refunded tickets will be instantly available to purchase from EventBrite.