BSides Cape Town

To see our schedule with full functionality, like timezone conversion and personal scheduling, please enable JavaScript and go here.
09:00
09:00
30min
BSides Staff - Opening Address

BSides Organisers will open the day with an address to attendees.

Track 1
09:30
09:30
15min
Obscure Tech - Introduction and Welcome

Brief introduction from Obscure, our Platinum Sponsor where they will be welcoming everyone to BSides Cape Town 2023.

Track 1
09:45
09:45
45min
Keynote Track 1
Track 2
09:45
45min
Keynote Track 1
Track 3
09:45
45min
Impose Cost: Our defences eventually fail and we need to take the the fight to the criminals
singe

The best defence is a good offence - except in cybersecurity where we send people to the battlefield with armour and radios. The most active defence gets is evicting attackers from their network. We've leaned in so hard into defence as an industry we're lying on the floor, and it's time to look up. But, how can we take the fight to the criminals, without crossing legal and ethical boundaries?

Track 1
10:30
10:30
15min
Tea break
Track 1
10:30
15min
Tea break
Track 2
10:30
20min
Tea break
Track 3
10:45
10:45
45min
Fun with GPON
Denver Abrey

You may think FTTH is fairly safe and isolated, but there may be other's watching (and..we don't mean your ISP :)

Track 1
10:45
45min
Securing A Derivatives Platform With Over $25b Volume
Kyle Riley

How would you approach exploiting a derivatives market? We’ll explore how we secured a perpetuals market averaging north of $100m in daily volume. It’ll be a technical deep dive beyond traditional pentesting concerns, focusing on abusing game theory and economic models for profit. In the high-stakes world of smart contracts, a single overlooked flaw could result in an instantaneous multi-million dollar loss.

Track 2
10:50
10:50
90min
Avoiding the API security apocalypse
Colin Domoney

In 2023, APIs are the favorite attack vector for adversaries. Simultaneously, their growth continues at a near-exponential pace. In this talk, learn how to avoid the API security apocalypse by understanding the unique challenges of securing APIs, the risks lurking in the OWASP API Security Top 10, and quick wins in securing your APIs. Finally, we will review some of the most significant API breaches in the last few years.

Workshop 1
10:50
45min
Outsmarting cyber villains on a shoestring budget
Roshan Harneker

This presentation covers the most common cyber threats affecting South Africa and how to combat them by building your own cyber threat intelligence platform on a budget.

Track 3
11:30
11:30
5min
Break
Track 1
11:30
5min
Break
Track 2
11:35
11:35
5min
Break
Track 3
11:35
45min
Embracing Dystopia: Building Secure Web Applications in the Age of Fast Development + Vulnerabilities
Jessie Auguste

A journey to explore the dystopian possibilities of neglecting web application security and discover how we can collectively build a brighter, more secure future. Together, we can turn the tide against the cyber threats that loom on the horizon.

Track 2
11:35
45min
How to sink a UBoot : Understanding bootloader attack surface
Keith Makan

Uboot is arguably the defacto standard for providing adaptable bootloader environments for a plethora of infrastructures. Unfortunately some of the configuration options may expose vulnerabilities which compromise environments and may allow attackers to take control during privileged contexts. The talk included here will cover some of the Uboot basics, detail some architectural aspects of modern bootloaders as well as ways an eager hacker can exploit Uboot in order to drop a shell and take control.

Track 1
11:40
11:40
40min
LPE in enterprise software
Reino Mostert

I found a local privilege escalation bug in a popular enterprise teleconferencing software on Windows, and would like to share my journey, and the technique I discovered that prevented Defender from blocking the exploitation of it.

Track 3
12:20
12:20
30min
Lunch
Track 1
12:20
30min
Lunch
Track 2
12:20
30min
Lunch
Track 3
12:20
30min
Lunch
Workshop 1
12:50
12:50
45min
Attacking Microsoft Exchange: Fusing LightNeuron with Cobalt Strike
Leon

Known for hacking many industries as well as developing their own custom tooling, the Russian-based threat actor known as Turla uses a stealthy Microsoft Exchange backdoor called LightNeuron. Using standard mail protocols, steganography and an unconventional mail rule engine (to name a few), in this talk I’ll demonstrate a re-imagination of this complex backdoor while extending it to be used with Cobalt Strike. All this while asking, what does this mean for detection engineering?

Track 2
12:50
120min
Defenders' Den: Building a Reproducible Environment to Verify Cyber Defense Skills
Mikhail

I present a workshop focused on building an environment that will be hacked and deploying an open-source SIEM (either elastic or ZincObserve) for threat detection and analysis.

Workshop 1
12:50
30min
Hacking "AAA" Unreal Engine Games with... Python?
Ross Simpson

A quick look at an open source Python framework with a novel approach for making undetectable "ESP" hacks for big retail games, and maybe some real world output with the help of an Arduino.

Track 1
12:50
45min
The Wide World of Consent
Jonathon Everatt

The advent and adoption of cloud-based technologies by businesses and users has introduced new attack vectors that malicious actors can try to abuse. One of these attack vectors is a new type of phishing, called consent phishing. In Consent Phishing, an attacker-controlled application requests dangerous or sensitive permissions over a user's account or organisation's tenant. The talk will focus on both the offensive and defensive perspective of the attack and its relevant indicators of compromise.

Track 3
13:20
13:20
10min
New Break
Track 1
13:30
13:30
45min
Dystopian much: The Rise of the Influence Machines
Nea Paw

Delving into AI-powered influence, we'll analyze a proof-of-concept system called CounterCloud, an autonomous system built for mass social engineering. We'll live demo it's operation, content creation, and the seismic societal shifts it may trigger. We'll also address critical questions of responsibility and safeguards in this novel territory.

Track 1
13:35
13:35
15min
Break
Track 2
13:35
15min
Break
Track 3
13:50
13:50
45min
A Practical Supply Chain Hack: Blinking RGBs for fun & profit.
Dale Nunns

A Practical Supply Chain Hack: Blinking RGBs for fun & profit.

Do you trust your computer hardware?
How much damage could someone do if they just switched out the firmware on a cheap hardware purchase?

Come join me as we do just that, buy a cheap device, reverse engineer it, replace the firmware, plug it into a computer, blink lights and cause chaos.

Track 2
13:50
45min
Let the Children play - Leveraging AD CS for persistence and profit in Parent-Child configured forests.
Tinus

In 2021, Active Directory Certificate Services came under scrutiny because of the opportunities it provides attackers for credential theft, domain escalation, and persistence. It has become a household name for red and blue teams. This talk will cover new discoveries from two perspectives:

  • Lateral Movement - Noisy compromises of the Parent domain to get to other Child domains are a thing of the past
  • Cross-Domain Escalation - A newly discovered default permission misconfiguration allowing forest-wide persistence from any Child domain
Track 3
14:15
14:15
15min
Break
Track 1
14:30
14:30
45min
Performance Hacking - how to hack your tools to go faster
singe

Rust, hacking, and password cracking - how I built a password cracker faster than hashcat on CPU, but also a large file reading approach faster than ripgrep.

Track 1
14:35
14:35
10min
Break
Track 2
14:35
10min
Break
Track 3
14:45
14:45
45min
Forging Chains: The Java Blacksmith
Fabian Yamaguchi, David Baker Effendi

We present a tool to automatically extract gadget chains from arbitrary combinations of classes on the Java class path - outside the lab environment. The aim is to demonstrate that patching chains makes no sense: deserializing arbitrary attacker-controlled objects is the vulnerability, not the chain.

Track 2
14:45
45min
Noooooooooo touch!
Michael Rodger

“No touch” sensors, the COVID-friendly access control. You don’t touch them, they open. But from how far can you not touch them? Through a glass door perhaps? Join me on a hardware dissection and research journey to see how these things work, determine whether they’re vulnerable to attack, and hopefully defeat them.

Track 3
14:50
14:50
20min
New Break
Workshop 1
15:10
15:10
120min
Elastic Security Capture The Flag
Marvin Ngoma

This interactive session will allow you to get hands-on in security analytics and detections - competing against fellow security practitioners in the hunt for threats.

Workshop 1
15:15
15:15
15min
Tea Break
Track 1
15:30
15:30
20min
Tea Break
Track 2
15:30
20min
Tea Break
Track 3
15:30
45min
2023 Year in Review: Threads of nation-state dystopia
Jared Naude

Looking back at past events is crucial for gaining insight into past mistakes and making informed decisions about the future. 2023 had a lot of nation-state shenanigans from ransomware response to disingenuous laws that are being proposed. In this talk, we look back at the major cyber security events over the past year and what we can learn from them.

Track 1
15:50
15:50
10min
Oops!!... did I reveal something?
Javan Mnjama

Protect your Azure infrastructure from insecure secrets in deployment templates with deployment grazor - an Azure PowerShell script that detects potential misconfigurations and leaked secrets.

Track 2
16:00
16:00
10min
ed2root - how ancient IPC mechanisms can benefit you today
Connor

This talk will detail a vulnerability identified in a text editor on macOS that could be used to obtain root privileges, this specific vulnerability has gone unnoticed for +- 8 years. The vulnerability was also identified in other packages and will include a short discussion on how it can be identified and exploited.

Track 2
16:10
16:10
20min
Break
Track 2
16:15
16:15
15min
Break
Track 1
16:30
16:30
45min
Hack South: Home of the ubiquitous South
Charles "AngusRed" Wroth

Hack South has become a staple of the ZA Hacker community. Hack South has come a long way since lockdown, but what does the future hold, and where can you get involved?

Track 1
16:30
45min
The cyber-pirate's guide to C2 development
Gerhard Botha

A beginner-friendly and somewhat technical talk about C2 development. It will go over the basics of what is a C2, why, and where you might want to use it. Then we'll dive into the madness behind developing one!

Track 2
17:15
17:15
10min
Threat Con Intro
Track 1
17:25
17:25
5min
Break
Track 1
17:30
17:30
30min
BSides Staff - Closing Address

BSides Organisers will round off the day with a closing talk, thanking all speakers, sponsors, volunteers and staff members.

Track 1