It's time...


Securi-Tay is an information Security conference held by the Ethical Hacking Society at Abertay University. After the sell-out success of Securi-Tay V this year’s event will run on Friday 24th of February. The conference will be held in Abertay University, benefiting from the fantastic transport links to Dundee. As well as transport, Dundee benefits from affordable accommodation in the city centre, as well as a thriving technology community and the reputation for being Scotland’s sunniest city.

The conference is aimed at anyone with an interest in Hacking and Information Security. You don’t need to be a l33t h4x0r to attend and enjoy the event: Securi-Tay promises to provide a fantastic, worthwhile experience for everyone, new to the scene and conference veteran alike. The conference will feature talks from industry professionals and students as well as some workshops. Lunch and an evening buffet will be provided in the bar across the street.

Sponsors


MWR InfoSecurity
NCC Group
Pentest Limited

Call For Sponsors


Securi-Tay wouldn't be possible without the help of our sponsors. If you're interested in sponsoring Securi-Tay, please contact us at securitay-sponsors@hacksoc.co.uk.

Speakers


Ksenia Dmitrieva-Peguero

Peter Cowman

Schedule


We're happy to announce the schedule for the conference is now available!

9-00

Welcome!

Meet us in the foyer of Abertay University and sign in!
There's also free stuff!

The first 100 people to arrive will get a free bacon roll! (or veggie alternative)

60 mins

Foyer

10-00

Adventures – Pentesting Windows Estates (What I wish I’d known before I got a job)

In a world of IoT vulnerabilities and exploits so devastating they have their own marketing teams , it could be very easy to forget the daily threats that organisations really face. Desktop estates, endpoint security and the ever-present threat of users opening attachments.

Whilst not as obviously engaging as Mirai bot, shadow brokers or fuzzy bears, Active Directory security is an often-undervalued area for personal learning by those just starting out in the industry. In a talk aimed squarely at students and those new to security, Gavin will cover the basics of active directory; Domains, forests, trusts, users, computers, organisational units and group policy objects. Once the basics are covered, the talk will dive into some scenarios encountered in the wild by Gavin and his NCC Group colleagues, where simple misconfigurations can have severe consequences. Finally, the talk will cover some of the offensive techniques commonly employed against windows estates, to give budding pen testers, graduates and security enthusiasts some ideas for personal learning to take away from the talk.

60 mins

Lecture Theatre 1 (2516)


About Gavin Holt

Gavin Holt is a Senior Security Consultant from the Technical Security Consultancy division of NCC Group. After graduating, Gavin joined NCC Group as a junior consultant where he spent six months on research and learning from more experienced consultants. A 2014 Abertay University graduate and former VP of the Abertay Ethical Hacking Society, Gavin spends his time using what he learned at Abertay and in the NCC Group graduate scheme to help clients secure their infrastructure and applications from a wide range of threats.. Having previously presented research on Big Data security, Gavin is currently focussed on scaling out the automated gathering of Active Directory information to better allow people to understand the security posture of their estate.

nccgroup.trust

11-00

Registry keys, hidden processes, known strings and other indicators residing in memory can all help with the early identification of malware infections, especially fileless varieties. This talk will look at how relevant structures are stored in memory, along with a high level look at Windows memory management and a discussion of the pros/cons of some possible methods for searching RAM.

60 mins

Lecture Theatre 1 (2516)


About Peter Cowman

Final year Ethical Hacking student at Abertay University. Interested in malware and memory analysis.

Client-side JavaScript frameworks bring a lot of functionality and logic to the front-end. With all this code running in the browser, do they impose extra risks to the applications? Frameworks like AngularJS incorporate many security features like context-aware encoding and CSRF protection, but they also leave gaps and traps in which developers may fall when putting too much trust into client side code. In this presentation we will look at the security controls provided by the AngularJS framework out of the box and the security defects that still reside in the Angular code and available plugins. Attendees will see demonstrations of several attacks, such as a DOM-XSS, a template injection, and a sandbox bypass.

60 mins

Lecture Theatre 2 (2517)


About Ksenia Dmitrieva-Peguero

Ksenia Dmitrieva-Peguero is a Principal Consultant at Cigital with seven years of experience in application security and five years of software development experience. She performed numerous penetration tests, code reviews, and architecture analysis engagements for clients in financial services, entertainment, telecommunications, energy, and enterprise security industries. Her current concentration is on analyzing JavaScript frameworks and HTML5 technologies, researching their security implications, vulnerability discovery and remediation. Ms. Dmitrieva-Peguero has delivered presentations and trainings at conferences around the world, including BSides Security in London, Nullcon in India, AppSec California in the USA, RSA Asia Pacific & Japan in Singapore, and AppSec Europe in Italy.

Ksenia holds a M.S. in Computer Science and is currently pursuing her Ph.D. at George Washington University.

12-00

Hop over the road to Abertay Student Union for a bite to eat before the afternoon talks.
Oh, lunch is provided as well by the way!

45 mins

Bar One

12-45

We hear about advancements in the offensive security realm all the time, with new attack techniques being published, new tools released and high profile breaches of major organisations reported in the news. With a whole bunch of technical certifications, training and frameworks available, the offensive security industry is very well represented and fairly well understood, at least in comparison to defensive security. But what do these attacks actually look like, how can we defend against them, and what techniques are there for detecting them?

In this talk, we’ll explain some of the technical concepts of threat hunting. We will be looking at what is beyond traditional signature detection – the likes of AV, IPS/IDS and SIEMs, which in our experience are ineffective – and detailing some of the ways you can catch real attackers in the act. As a case study, we’ll look at some of the specifics of common attack frameworks - the likes of Metasploit and Powershell Empire - walking through an example attack, and showing how they can be detected. From large-scale process monitoring to live memory analysis and anomaly detection techniques, we will cover some of the technical quirks when it comes to effective attack detection.

60 mins

Lecture Theatre 1 (2516)


About William Burgess & Matt Watkins

This presentation will be given by myself and a colleague, Matt Watkins, from Countercept, MWR Info Security. Our interests are in the nitty gritty of Windows Internals, detecting bad guys, memory forensics and threat hunting, and this talk will outline our experiences of doing this at scale.

Security researchers focus a lot on the Internet of Things and the vulnerabilities that exist within it, and rightly so! In this talk, I'll use my experience as the main technical contact for a UK smart plug manufacturer to try and share an insight of how we're trying to fix things in the industry from the other side of the coin. I'll also cover major IoT vulnerabilities, their key learnings points, and how some big players enforce security for companies that use their platform.

60 mins

Lecture Theatre 2 (2517)


About Jamie Hoyle

I'm a software developer from Manchester who specialises in building software for connected devices. I'm currently working as a software consultant for a UK-based Internet of Things company, as well as building a transportation startup. Aside from technology, I watch Bury FC lose every week and run around forests with a map for fun.

13-45

Have you ever wanted to know how a tool or application that you frequently use works? In the case of open source software, you can simply look at the code. But with proprietary software it's not quite that simple, but it's defininitely dooable.

This talk will explain the basics of reverse engineering, and specifically how to reverse engineer iOS and Mac applications. The talk will go through explaining and demonstrating inspecting an apps network traffic, injecting code into running apps, pulling application binaries, and static/dynamic analysis.

60 mins

Lecture Theatre 1 (2516)


About Danielle Tomlinson

Danielle has been shipping bugs for over a decade. She has worked with a variety of technologies and spent 8 years as an iOS engineer. As a Core Team member of CocoaPods, Fastlane Core Contributor, and as a Software Engineer at CircleCI she can mostly be found building and breaking developer tools. She is also an avid traveller and nomad who despite falling in love with Berlin is usually on a aeroplane.

A lot of fantastic work has gone into the discovery, analysis, and (on occasion) marketing of SSL/TLS vulnerabilities. Some, such as BEAST and LUCKY13, are issues in the protocol itself. Other bugs, however, affect individual implementations of this complicated and nuanced protocol. This talk will discuss an approach for identifying security bugs in SSL/TLS server implementations, outside the mainstream well-publicised issues that we all know so well.

60 mins

Lecture Theatre 2 (2517)


About Graham Sutherland

Pentester, crypto nerd, hardware tinkerer, veteran Securi-Tay'er.

14-45

Take five! ... or fifteen.

15 mins

Wherever you want!

15-00

Secure messaging became very popular over the last years. People started to switch to WhatsApp alternatives like Signal, Threema and Telegram. At SecuritayV we talked about the security of some of those alternatives in our talk “Post Snowden Communication”. This year our talk focuses on the usability of Signal mobile and the security of the desktop variants “WhatsApp-Web” and “Signal Desktop”.

The first part of this talk will cover a usability study on the Signal mobile application. During this study we determined how easy/difficult it is to verify a chat partner, send encrypted messages as well as the usability of the application overall. The results were worse than expected …

The second part will be about the security of WhatsApp-Web and Signal-Desktop. We will explain the process of linking new devices as well as certain attack vectors on both – Signal-Desktop and WhatsApp-Web. Possibilities and attack vectors for the browser to compromise the communication were also part of this research. Finally, problems with storing data on the local device will be discussed as well as information leakage issues with the exchange of certain information like groups or contacts will be explained.

60 mins

Lecture Theatre 1 (2516)


About David Wind & Christoph Rottermanner

Our names are David Wind and Christoph Rottermanner. We are from Austria and we are currently studying in the third Semester Master “Information Security” at the University of Applied Sciences in St. Pölten - Austria. Before starting the master studies, we graduated with a bachelors degree at the same university in IT Security. We work for a company called XSEC in Vienna since two years, with the primary focus on penetration testing, code-auditing and social engineering. We both break stuff for work and fun, we love cryptography and to encrypt all the things. Also privacy is important to us, because we have something to hide!

More details to be announced!

60 mins

Lecture Theatre 2 (2517)

16-00

With the rise of sandboxes and locked down user accounts attackers are increasingly resorting to attacking kernel mode code to gain full access to compromised systems. This talk aims to provide an overview of the Windows kernel mode attack surface and how to interact with it. This talk will demonstrate the tools available for finding bugs in Windows kernel mode code and drivers together with highlighting some of the lower hanging fruit, common mistakes and the steps being taken (or lack of steps being taken) to mitigate the risks posed. The talk will then cover common exploitation techniques to gather information about the state of kernel mode memory and to gain code execution as SYSTEM using examples from publicly known exploits.

60 mins

Lecture Theatre 1 (2516)


About Sam Brown

Sam is a consultant at MWR interested in reverse engineering, software security and general low-level weirdness.

The statistics about ransomware show that payments continue to be made, that all sorts of business verticals continue to fall victim to this malware and that there is very little in the way of prevention which appears to be working. In this talk I will look at the factors (encryption, phishing, user fallibility, immediacy) that have contributed to ransomware being a successful vector, what the industry has done and should be doing to ensure that people do not fall victim anymore, and how if nothing more is done, this will be a "battle we will not win".

60 mins

Lecture Theatre 2 (2517)


About Dan Raywood

Contributing Editor of Infosecurity Magazine, I've been writing about IT security for over 8 years and have presented at 44CON, Infosecurity Europe and SC Congress. Enjoy (almost) all areas of security, and craft beer and Spurs outside of the day job.

17-00

Take five! ... or fifteen.

15 mins

Wherever you want!

17-15

A walk in Bear country

In this talk we’ll cover the inside story on two years of tracking and investigating a nation-state level threat group. From the phishing of US politicians to the hacking of TV stations and how it’s still very possible to defend against these types of attacks.

60 mins

Lecture Theatre 1 (2516)


About Rafe Pilling

Rafe Pilling is a Sr. Security Researcher working in the SecureWorks Counter Threat Unit (CTU). He has extensive experience in threat intelligence research, malware analysis, penetration testing, DFIR, SOC operations and compliance from over a decade of delivering pragmatic security solutions and advice to clients. His current role in the CTU focuses on tracking EMEA focused threat groups, developing intelligence based countermeasures to protect client networks and investigating complex incidents.

secureworks.co.uk

18-15

Just a couple of words before the...

15 mins

Lecture Theatre 1 (2516)

18-30

Sponsored by MWR, join us in the union for a few(?) drinks and lots of awesome chat!

???

Abertay Student Union

Tickets


Tickets are available through Eventbrite. Standard tickets are £20, student tickets £15.

Buy Tickets!