BSides London 2021 BSides London 2021


Saturday, November 13, 2021

How to avoid facial recognition software

Recently facial recognition software has been in the news more often than not, but do you know how it works and where it's specifically used? If your answer is no, fret not! For I shall go over all the core concepts on how the most commonly used software works, such as OpenCv and DeepFace (no, not DeepFake). This talk will then go into who is implementing facial recognition software worldwide and why. Finally, I'll be discussing some current evasion techniques that have been developed and the following questions will be answered; how do these techniques work, what do they look like, what algorithms do they fool and are they practical for everyday use?

Chaos Engineering: Break It On Purpose

This talk will cover an introduction to chaos engineering, including the benefits it provides to system availability, operational resilience and incident management. It will include a quick case study of chaos engineering projects at well-known organisations, and a high-level roadmap to implementing chaos engineering.

Making Big Datasets Searchable

This talk covers the process of making Rapid7's Project Sonar dataset searchable. Starting with the initial naive approach taken to achieving this goal, and then moving onto the next iteration which took a more sophisticated approach in order to achieve microsecond lookup times for entries in a 180GB dataset with O(1) time complexity.

X-Com - Editing save game files is still strategy

An exploration of the original xcom save games to make so I can finally finish it ... Specifically terror from the deep (from 1994)

Tokyo Takedown reviewed: A international tour to Japan.

Ben Ellis plans to take you on an international tour to Japan, known by many as the land of anime, weird TV game shows, amazing food and wacky futuristic technology. However, what do you find when you pull back the curtains on the world's busiest metropolis, the neon wonderland of Tokyo? You discover weaknesses and challenges that have been hindering Japan's cyber security scene from the start. So come and join Ben on a journey of a Sarariman on their daily routine whilst Ben disassembles their world to highlight the challenges that Japan is facing on top of growing concerns about their neighbours. Tokyo, and Japan, are now slowly waking up to realise there is a need to secure Nihon.

When Encryption Fails

Strong encryption does not guarantee strong security.  

Hackers are lazy. After all, why dedicate thousands of hours decrypting messages when you can exploit an outdated service, steal a secret key, and bypass encryption altogether?  

This talk explores the life cycle of an encryption service, and how the stages, and the links between them, can be exploited.  

To satisfy the mathematical requirements of a post-quantum world, academics are developing more and more advanced encryption methods (a hesitant shout-out here to elliptic curve and post-quantum Cryptography – which I still don’t understand despite years of study). But this increasing complexity introduces as many drawbacks as benefits.  

The technical world may seem to complex for any of us to fully understand - and that’s okay, it doesn’t mean we’re doomed.

To pwd or not to pwd

Based upon my dissertation on identifying users by bash commands history. I will present some interesting findings from the dataset of bash_histories I have collected, as well as showing the most useful features for the identification (who would have thought some people have a trailing space at the end of just 3 of their 20k commands, while some people have dozens, if not hundreds?)

Getting started with CTF’s

Capture The Flag challenges (CTF’s) are an excellent way to learn some cyber skills, and the good news is that there are loads of free ones online. This is the story about how one newbie started off with some of the less-frequently talked about CTF’s. I’ll provide a walkthrough for one or two example challenges, probably from either the UK Cyber Security Challenge PoD (play on demand) or the Sans Holiday Hack Challenge.

OS Fingerprinting From Scratch (or) Offensive Scapy

Passive and automated methods of performing OS fingerprinting using Wireshark and the Python Scapy library. Some discussion around networking basics to coincide with this. Alternatively, talking through weaponizing Scapy for network analysis/reconnaissance.

Decoding PEM Keys

PEM, RSA and SSH keys are something we use everyday, both as developers and security professionals. There are plenty of tools out there that will decode a PEM key for you, but very few resources on what is actually going on. In building my own PEM decoder I learnt a lot about how some of the most important numbers in digital cryptography are transported across the web.


We all know ATT&CK, but now MITRE have two brand new frameworks. What are they, and how can we use them?

Becoming The Enemy: A Transition from Blue to Red

An overview of the path to red from the perspective of blue. How I started in the blue team and am starting my transition to the darkside to learn the dark arts of penetration testing.

Introduction to Red team tooling and opsec

Going over the basic phases of a red team, the new tools and procedures/opsec considerations of the past year and near future

DFIR - Don't forget your roots!

The first few years of my IT experience was as a Sysadmin, probably a very distinctly average one at best. These skills did however drive forward and have assisted me in my DFIR career. This talk will go into the skills that can be driven forward from my time as a Sysadmin - from lab building, to artefact collection, network redesigns and more!

Big data lake, big data leak

AWS has a service for data scientists called Elastic MapReduce (EMR) which runs a Hadoop cluster. A company I used to work at received an email from AWS saying our account was performing DDoS. From there we discovered that our data scientists had opened ports to certain EMR services which besides showing information also allow RCE as a service. I decided to look for other victims. Shodan isn't great for this so I built a scanner over a few iterations to exploit YARN, Livy and Zeppelin. I get RCE on some random cluster but so what... I'm not into cryptomining or DDoSing. I need to figure out who owns this AWS account I now have access to so I can report it.

Think Zero Days are Your Biggest Risk - Think Again

What is good Cyber Hygiene? Why you should worry more about the old vulnerabilities and less about the Zero days? Stop wasting your team’s time. Attackers continue to exploit known vulnerabilities. In July CISA and FBI teamed up with UK NCSC to issue a joint Cybersecurity Advisory on the top vulnerabilities routinely exploited by threat actors in 2020 and the first half of 2021.

The challenges of remediation during a cyber incident

There are many challenges faced during remediation, often involving strategic and technical perspectives, as well as inconsistent, and sometimes unsuccessful, approaches. I will be looking at why remediation goes wrong during a cyber incident. The talk will include: - Introduction on what remediation is and why it is important. - Analysis on the challenges of remediation from both a strategic and a technical perspective. - Analysis on the different types of remediation strategy and when they may differ (due to different types of incident). - Reference to real world examples of where remediation has gone wrong, examining the remediation strategy used and the challenges faced.

Stealing Hearts, Securing Minds: Gamifying Pentesting Methodology

While playing the video game Persona 5, I began to draw parallels with the way that the flow of the gameplay actually mirrored the 7 stages of a Penetration Test to an accurate degree. I then became fascinated with how you could potentially gamify the process of pen testing to use as a teaching aid or to help make people more aware of Security.

Are you a Cloud Security personnel?

How to transition from a trading Security role to a Cloud Security expert. Many organization especially in some non development countries have their infrastructures on a local data centre (in-house data centre). Some people mihht want to progress on their career to an organisation that operates fully on cloud and transitioning into a Cloud Security profession seems not to be a clearer path for them.

Security for techies

This talk will present current security threats and preventive measures for individuals. Technical guys people are little over confident that they are safe in Cyberpeace and no one can hack or breach their privacy. This talk will share few tips to check your security measures.

JWTs and why they suck

Explanation of common pitfalls of JWTs, some unique problems they face, common implementation issues, etc. Long live the cookie!