BSides London 2021 BSides London 2021

Not Recorded

Saturday, November 13, 2021

- GMT
How to avoid facial recognition software

Recently facial recognition software has been in the news more often than not, but do you know how it works and where it's specifically used? If your answer is no, fret not! For I shall go over all the core concepts on how the most commonly used software works, such as OpenCv and DeepFace (no, not DeepFake). This talk will then go into who is implementing facial recognition software worldwide and why. Finally, I'll be discussing some current evasion techniques that have been developed and the following questions will be answered; how do these techniques work, what do they look like, what algorithms do they fool and are they practical for everyday use?

- GMT
Defeating AV and EDR solutions in user-land by chaining well-known deception techniques

<Not Recorded>
In the current Cybersecurity world, both Anti-Virus (AV) and Endpoint Detection and Response (EDR) solutions are becoming more and more successful in blocking emerging threats. External attackers need to develop highly sophisticated payloads to circumvent all these security controls, raising the bar for defenders to detect them as well as for threat emulators to emulate them. Although useful, are these controls enough to block more complex malwares? This talk will go over the most successful techniques used to bypass AV and EDR controls, and the tradecraft theory used in malwares to evade EDRs and other endpoint controls. This will primarily focus on general techniques to ensure malwares and other payloads can evade signature-based detection, behavioural analysis, and user-land hooking. This talk will then present Inceptor, a recent AV and EDR bypass framework I’ve developed and open-sourced, highlighting some of its features, implemented to aid red teamers and Pentesters during operations. By the end of this talk, the audience should get a detailed overview about how to use Inceptor, along with other tricks and opsec considerations useful to develop payloads which can run undetected.

- GMT
Audit and compliance headaches - can data you already have provide the answer?

<Not Recorded>
For security teams and security managers, there are more and more tools, in more and more places than ever before. At the same time, we have increased interest from management, investors and auditors about the security posture, operations and risk.
 
 For real teams on the ground, answering the questions that stem from this, and providing the data is increasingly time consuming, often manual and quite frankly, frustrating. I didn't sign up as a security analyst to be pasting data from McAfee AV! This talk describes some common challenges, how the author has approached them in the past, what works/doesn't work, and explores some really useful data sources that you probably have, but probably haven't exploited yet.
 
 The good news, is that oftentimes, there is good hard data available which demonstrates the value of all your hard work; it just needs to be brought out.

- GMT
Practicing Safe Sex(t) - with xxxtra content

<Not Recorded>
Nudes, Dirties, Pics, whatever you call them, you’ve probably sent them or know someone who has. But how can we protect ourselves and our opsec when we’re sexting, producing sexual content of ourselves or even watching and buying sexual content online?

 This talk will discuss how we can protect our physical bits online, how to practice safe sexting properly, how sex workers have better opsec than us all and looking into the weird, wonderful and sometimes scary world of sex online.

 This talk has been delivered before, but has been updated to include new content about sex toys and how the pandemic affected sex online.

 CONTENT WARNING - There will be sensitive content such as sexual/domestic abuse and suicide."

- GMT
Forensics as a Service: Building automated, scaleable, and accessible analysis environments

<Not Recorded>
DFIR providers all over the world right now are facing the same demand: deliver services faster, cheaper, and better. That's an immense challenge when we're faced with a severe skills shortage, increasingly vast client data sets, and a daunting array of manual tasks and processes.

  So, what's the solution? By incorporating techniques from DevOps (automation pipelines, microservices), IaC (infrastructure as code), and wrapping everything within intuitive GUIs, we can build environments that facilitate incredibly fast forensic triage and generate timely findings even when faced with terabytes of inbound data.

 Throughout my talk I will walk you through how we've designed this ""Forensics as a Service"" model, discuss the core technical design principles, the challenges and lessons learned, and end with some recommendations on how the DFIR community can take this model forward with an open-source and collaborative spirit."