1.3
Bsides Cymru 2023
bsides-cymru-2023-2022
2023-02-11
2023-02-11
1
00:05
https://pretalx.com
https://pretalx.com/media/bsides-cymru-2023-2022/img/banner_0fcfLYk.png
UTC
Track 1- Dragon Suite
Opening Speech
Pecha Kucha
2023-02-11T09:00:00+00:00
09:00
00:10
Hello and Welcome!
bsides-cymru-2023-2022-27800-opening-speech
Tom Roberts
en
Hello and Welcome!
true
https://pretalx.com/bsides-cymru-2023-2022/talk/TXUJF3/
https://pretalx.com/bsides-cymru-2023-2022/talk/TXUJF3/feedback/
Track 1- Dragon Suite
Keynote Speech
Talk
2023-02-11T09:15:00+00:00
09:15
00:30
Keynote/Opening Speech
bsides-cymru-2023-2022-27377-keynote-speech
John Shier
en
Keynote/Opening Speech
false
https://pretalx.com/bsides-cymru-2023-2022/talk/ECGZYB/
https://pretalx.com/bsides-cymru-2023-2022/talk/ECGZYB/feedback/
Track 1- Dragon Suite
Let that think in: Thought experiments and their application to cyber security
Talk - long
2023-02-11T09:50:00+00:00
09:50
00:45
Thought experiments are used in many disciplines - from theoretical physics and biology to linguistics and law - to question assumptions and generate new theories. Perhaps most prominently, they are a critical tool in philosophy, where their usage goes back thousands of years to Socrates and Plato. The insights and knowledge that rigorous, carefully considered thought experiments provide have completely revolutionized thinking in various fields. And yet, in cyber security, we haven’t made much use of them at all, and certainly not in any organized or formalized manner. This talk is an attempt to begin changing that.
In this session, I’ll provide a primer on thought experiments, covering their definitions, types, features, construction, usage, and outputs. I’ll examine some examples, discuss the drawbacks, and explore some unconventional forms which use different formats and ways of thinking.
I’ll then move on to argue a case for using thought experiments more widely in cyber security. I’ll start by focusing on how thought experiments differ from similar activities in security – such as tabletop exercises and ‘thinking like an attacker’ – and suggest several related areas in which thought experiments have proven useful previously, such as AI and cryptography, with examples.
Next, I’ll outline why we need more thought experiments in cyber security, identifying several areas in which they could be used to question common assumptions and theories, and I’ll present some thought experiments I’ve created in these areas, which I’ll invite attendees to use and build on as a starting point for further discussion and exploration.
I’ll then share a guide for creating thought experiments, as a first step towards encouraging their wider design and use in the field of security, and finish by calling for collaboration and cooperation to continue this.
bsides-cymru-2023-2022-23229-let-that-think-in-thought-experiments-and-their-application-to-cyber-security
Matt Wixey
en
Brief outline of the talk:
1. INTRODUCTION: who I am, what I do; my interest in thought experiments; aims of the talk
2. WHAT IS A THOUGHT EXPERIMENT? Competing definitions; history and examples in various fields (philosophy, physics, law); types of thought experiment (destructive, constructive, platonic); format and usage (how they're presented; unfolding of scenario; why they should be used, Kuhnian crises); outputs (models); caveats (biases, where does new knowledge come from, idealisation, imagination as a negative); unusual forms (koans, fiction)
3. APPLICATIONS TO CYBER SECURITY: Background (usage, distinction vs. tabletop exercises, scenarios, 'thinking like an attacker'); why we need thought experiments (Kuhnian crisis, challenging assumptions); examples of pre-existing thought experiments in related areas (AI, cryptography, privacy); benefits; examples (adapting pre-existing thought experiments and coming up with new ones - examples include attribution, innovation, cyberweapons)
4. HOW TO DESIGN A THOUGHT EXPERIMENT: destructive and constructive forms; outline of the process
5. CONCLUSION: Reiterate aims; first step; call for collaboration and cooperation; references, contact details, and questions.
false
https://pretalx.com/bsides-cymru-2023-2022/talk/BZQBXJ/
https://pretalx.com/bsides-cymru-2023-2022/talk/BZQBXJ/feedback/
Track 1- Dragon Suite
Fangxiao, a Chinese phishing threat actor
Talk
2023-02-11T10:40:00+00:00
10:40
00:30
Fake survey sites, dating scams, shell companies, and Chinese threat actors - oh my! A walkthrough of Fangxiao, a phishing threat actor, covering their TTPs, IOCs, and how we attributed their activities.
bsides-cymru-2023-2022-22963-fangxiao-a-chinese-phishing-threat-actor
Emily DennisonAlana Witten
en
Have you ever seen a fake survey site spready by WhatsApp? If so, you might have interacted with Fangxiao. Starting from a single phishing website, this talk will cover how we identified tens of thousands of phishing domains and de-anonymised domains behind Cloudflare. Pivoting across sites, we uncover a shady world of lead generation agencies, fake dating sites, and a frankly ridiculous number of domains. We will explain how we identified and tracked the group behind these sites and discuss their operational security failures.
false
https://pretalx.com/bsides-cymru-2023-2022/talk/YQR3J7/
https://pretalx.com/bsides-cymru-2023-2022/talk/YQR3J7/feedback/
Track 1- Dragon Suite
Electryone: In the land with no sun
Talk - long
2023-02-11T11:15:00+00:00
11:15
00:45
During this talk, we will see that many photovoltaic (PV) inverters suffer from typical "rush to market" problems that can introduce weaknesses and potentially allow a remote attacker to fully control or brick them.
bsides-cymru-2023-2022-23091-electryone-in-the-land-with-no-sun
Vangelis Stykas
en
Targeting an installer cloud means that a successful attack would give elevated access to the inverters , including functions not accessible to PV’s owners.
In this talk we are going to review how attacking a PV installer cloud could lead to taking hundreds of thousands of inverters offline and introduce instability into countries’ power grids.
All attacks are remotely exploitable and a result of logic flaws introduced by the web portals’ developers. Those logic flaws vary from simple Insecure Direct Object References (IDORs) to self-promoting your user to platform admin.
false
https://pretalx.com/bsides-cymru-2023-2022/talk/YCASUH/
https://pretalx.com/bsides-cymru-2023-2022/talk/YCASUH/feedback/
Track 1- Dragon Suite
Lunch - Click for Menu
Talk - long
2023-02-11T12:05:00+00:00
12:05
01:00
Lunch - click for menu.
bsides-cymru-2023-2022-27379-lunch-click-for-menu
Tom Roberts
en
Lunch will be a buffet and cater for a spectrum of dietary requirements:
• Salad boxes including-
• Green salads,
• Coleslaw,
• Mediterranean couscous
• Tomato salad
• With a choice of Caesar chicken, bbq chicken, teriyaki salmon, selection of cheese and then dietary appropriate options- these will be labelled for self-service and collection.
• Rustic Bread roll selection
• Assortment of sweet treats- carrot cakes, muffins, mini cakes, cookies
• Packets of crisps- assorted flavours
• Assortment of soft drinks
Any special dietary requirements provided in advance will be labelled and accessible.
true
https://pretalx.com/bsides-cymru-2023-2022/talk/EN7TT3/
https://pretalx.com/bsides-cymru-2023-2022/talk/EN7TT3/feedback/
Track 1- Dragon Suite
Bohemian IcedID - Queen of Loaders
Talk
2023-02-11T13:15:00+00:00
13:15
00:30
This talk provides an insight into Team Cymru's tracking of IcedID over the past 24 months, following its transition from banking trojan to all-round loader malware. We will demonstrate how we identify potential bot and loader C2 infrastructure through our network telemetry data, and provide confirmation of these findings through config extraction.
bsides-cymru-2023-2022-24311-bohemian-icedid-queen-of-loaders
Josh HopkinsThibault Seret
en
IcedID (also referred to as BokBot) first appeared in early 2017 as a 'traditional' banking trojan leveraging webinjects to steal financial information from victims. Since this time, it has evolved to include dropper functionality, and is now primarily used as a vehicle for the delivery of other tools, such as Cobalt Strike, and the eventual deployment of ransomware.
IcedID itself is commonly delivered in phishing (spam) campaigns, leveraging an assortment of lure types and execution processes.
IcedID has two stages to its initial command and control (C2) communications, prior to further tools being downloaded on the victim host. Patterns in the way these C2 communications are setup and appear in network telemetry data allow us to follow threat actor campaigns, often from a starting point of 'pre-spam' (before infrastructure is used actively in the wild).
We look forward to sharing more details in our talk!
true
https://pretalx.com/bsides-cymru-2023-2022/talk/VXJRWD/
https://pretalx.com/bsides-cymru-2023-2022/talk/VXJRWD/feedback/
Track 1- Dragon Suite
The Office of Danger: A Choose Your Own adventure story!
Talk
2023-02-11T13:55:00+00:00
13:55
00:30
Have you always wanted to know what type of decisions are required for a Social Engineering engagement but never get the opportunity to find out? Well look no further!
The Office of Danger: A Choose Your Own Adventure Story lets the audience make real world decisions on a social engineering engagement.
Will you be able to bypass security and reach your target? Or will your choices get your caught as soon as you enter?
The choice is in your hands!
bsides-cymru-2023-2022-23053-the-office-of-danger-a-choose-your-own-adventure-story-
Phil Eveleigh
en
The Office of Danger: A Choose Your Own adventure story! This session will put the audience in the driving seat of a real-life social engineering engagement against a high security office building in central London.
Simulating the high-pressure environment of a social engineering engagement, the slides will present the audience with a choice that must be made quickly to avoid detection, unlock new areas of the office and achieve their objective.
So, what will you do?
• Head for the stairs or the elevator?
• Sweet talk the receptionist, or try and blend in with the crowd?
• Run as quickly as you can from Security, or hide in the toilet?
You are presented with two options to take each adventure in a unique direction, with over 30 different choices to be made, resulting in a different and unique presentation each time!
This is the first of its kind talk, which puts you in the driving seat and shows the level of quick thinking that is needed to avoid detection and reach your targets!
false
https://pretalx.com/bsides-cymru-2023-2022/talk/QVMLF3/
https://pretalx.com/bsides-cymru-2023-2022/talk/QVMLF3/feedback/
Track 1- Dragon Suite
Hacking to defend: How we hacked into a Polar Orbit Satellite and managed to get a full system compromise
Talk
2023-02-11T14:30:00+00:00
14:30
00:30
Initial discovery was from a Discord message; Some people were talking about having access to a Polar Orbit Satellite due to it not having any authentication. We knew this was a risk in the wrong hands. We decided to research the Web Application shortly after, we were able to get a shell and escalate our privileges. While on the system we managed to identify privilege escalation vectors while also performing source code analysis where we found further command injection vulnerabilities. To ensure other hackers do not kill our shell and patch the bug to perform malicious activities, we created a backup shell for president access!
bsides-cymru-2023-2022-24280-hacking-to-defend-how-we-hacked-into-a-polar-orbit-satellite-and-managed-to-get-a-full-system-compromise
/media/bsides-cymru-2023-2022/submissions/8JRWD9/polar_orbit_udb1MQn.png
James (0xJay)Josh Allman
en
While researching a Polar Orbit Satellite we managed to identify a critical vulnerability allowing full system compromise, we managed to completely own the box within a time span of a few hours. The vulnerabilities were reported and patched.
false
https://pretalx.com/bsides-cymru-2023-2022/talk/8JRWD9/
https://pretalx.com/bsides-cymru-2023-2022/talk/8JRWD9/feedback/
Track 1- Dragon Suite
Bypassing Anti-Virus using BadUSB
Talk - long
2023-02-11T15:10:00+00:00
15:10
00:45
Agenda for the presentation:
- AMSI Bypass Development
- Execution Policy Bypass
- Payload Runner Development
- Deploying Attack using BadUSB
- Post-Exploitation Persistence
- DEMO
- Prevention
bsides-cymru-2023-2022-24143-bypassing-anti-virus-using-badusb
Cristian Cornea
en
During this presentation, we will take a look over how we can bypass most Anti-Virus detection using a payload embedded on a BadUSB device, resulting in a silver bullet for gaining initial access inside a victim network. Demo will be also included during the presentation.
false
https://pretalx.com/bsides-cymru-2023-2022/talk/FEPNNU/
https://pretalx.com/bsides-cymru-2023-2022/talk/FEPNNU/feedback/
Track 1- Dragon Suite
Needles Without the Thread: Threadless Process Injection
Talk
2023-02-11T16:00:00+00:00
16:00
00:30
Most process injection techniques typically involve creating remote threads within the target process. This often exposes opportunities for EDR detection engines to pick up the malicious activity. This talk will cover some of the existing methods used today followed by a novel technique that can inject and execute code into a remote process without some of these common indicators.
bsides-cymru-2023-2022-23077-needles-without-the-thread-threadless-process-injection
Ceri Coburn
en
As red teamers, we always find ourselves in a cat and mouse game with the blue team. Many Anti-virus and EDR solutions over the past 10 years have become significantly more advanced at detecting fileless malware activity in a generic way.
Process injection, a technique used for executing code from within the address space of another process is a common method within the offensive operator’s toolbox. Commonly used to mask activity within legitimate processes such as browsers and instant messaging clients already running on the target workstation.
Within the last 2 years, tools such as Sysmon have added new detections and events for process injection along with big improvements in detections within commercial EDR space.
With this in mind, a new method of injection was researched that would not fall foul to the traditional methods that are often detected today.
Throughout the talk we will cover some of these traditional process injection techniques followed by a technical dive into the novel method that was researched and release a corresponding open-source tool that leverages the technique.
false
https://pretalx.com/bsides-cymru-2023-2022/talk/BNC8W3/
https://pretalx.com/bsides-cymru-2023-2022/talk/BNC8W3/feedback/
Track 1- Dragon Suite
Closing Speech
Talk
2023-02-11T16:40:00+00:00
16:40
00:00
Thanks and details of the afterparty
bsides-cymru-2023-2022-27378-closing-speech
Tom Roberts
en
A short thanks to everyone and details of the afterparty.
false
https://pretalx.com/bsides-cymru-2023-2022/talk/VCTQJK/
https://pretalx.com/bsides-cymru-2023-2022/talk/VCTQJK/feedback/
Track 2 - Foxhunter
Robots for Complete Beginners
Talk - long
2023-02-11T09:50:00+00:00
09:50
00:45
An introduction on how to build robots. For complete beginners.
bsides-cymru-2023-2022-23493-robots-for-complete-beginners
Mark Goodwin
en
Robots look fun, right? We'd all love to build robots... but how?
This talk is about the "how". Using some tools that most of us will be familiar with (Lego!!) and some that are perhaps less familiar... but easy (Arduino) we'll examine how to turn an off-the-shelf toy into something more special.
false
https://pretalx.com/bsides-cymru-2023-2022/talk/AGYTSR/
https://pretalx.com/bsides-cymru-2023-2022/talk/AGYTSR/feedback/
Track 2 - Foxhunter
Verify, then Trust
Talk
2023-02-11T10:40:00+00:00
10:40
00:30
Dr Jennings presents a session on how to identify 'experts' using false credentials and accomplishments to establish their reputation.
bsides-cymru-2023-2022-23588-verify-then-trust
Rick Jennings
en
From dummy think tanks to false academic credentials and degree mills, Dr Jennings, author of the acclaimed book on establishing false identities 'When You're Not You', presents a fascinating session on how people claim false authority. Covering everything from the principles of influence involved, to the techniques, and how to verify the claims people make.
false
https://pretalx.com/bsides-cymru-2023-2022/talk/TXYBVN/
https://pretalx.com/bsides-cymru-2023-2022/talk/TXYBVN/feedback/
Track 2 - Foxhunter
Extending the capabilities of Dependency Modelling for Risk Identification in an ICS environment
Pecha Kucha
2023-02-11T11:15:00+00:00
11:15
00:10
Dependency modelling (DM) is a standardised approach proposed by the Open standard Institute as a methodology to manage risk and build trust between inter-dependent enterprises . This approach aligns with the National Cyber Security Centre (NCSC)’s advocacy of system-driven risk analysis. measures risk as the degree of uncertainty - uncertainty that a system will be at a required (desired) state. DM is expressed as the probability of achieving the desired state of a goal and how it is impacted by things beyond the control, predictability or understanding of the system/process owner. These probabilities of events (nodes) change when the probabilities of some other events change. However, there exist limitations in the current expressions of DM that hinder its complete adaptation for risk identification in a complex environment such as ICS. This research investigates how the capability of DM could be extended to address the identified limitations and proposes additional variables to address phenomena that are unique to ICS environments. The proposed extension is built into a system-driven, ICS dependency modeller, and we present an illustrative example using a scenario of a generic ICS environment. We reflect that the proposed technique supports an improvement in the initial user data input in the identification of areas of risk at the enterprise, business process, and technology levels.
bsides-cymru-2023-2022-24683-extending-the-capabilities-of-dependency-modelling-for-risk-identification-in-an-ics-environment
Ayo Rotibi
en
Dependency modelling (DM) is a standardised approach proposed by the Open standard Institute as a methodology to manage risk and build trust between inter-dependent enterprises . This approach aligns with the National Cyber Security Centre (NCSC)’s advocacy of system-driven risk analysis. measures risk as the degree of uncertainty - uncertainty that a system will be at a required (desired) state. DM is expressed as the probability of achieving the desired state of a goal and how it is impacted by things beyond the control, predictability or understanding of the system/process owner. These probabilities of events (nodes) change when the probabilities of some other events change. However, there exist limitations in the current expressions of DM that hinder its complete adaptation for risk identification in a complex environment such as ICS. This research investigates how the capability of DM could be extended to address the identified limitations and proposes additional variables to address phenomena that are unique to ICS environments. The proposed extension is built into a system-driven, ICS dependency modeller, and we present an illustrative example using a scenario of a generic ICS environment. We reflect that the proposed technique supports an improvement in the initial user data input in the identification of areas of risk at the enterprise, business process, and technology levels.
false
https://pretalx.com/bsides-cymru-2023-2022/talk/QKGJMM/
https://pretalx.com/bsides-cymru-2023-2022/talk/QKGJMM/feedback/
Track 2 - Foxhunter
Developing cybersecurity curriculum for secondary school
Pecha Kucha
2023-02-11T11:30:00+00:00
11:30
00:10
Nowadays, many educational providers worldwide have started teaching cyber security courses for school students due to rising interest from students. As a result, cyber security developer programs need help building a competent cyber security curriculum that is relevant and nurturing student performance throughout their leading journey.
In addition, teachers at the secondary school level need more recent and up-to-date experience and need more relevant resources.
Consequently, It is crucial to address how cyber security will be delivered within the curriculum to secondary schools. This paper analyses different computer science curricula in eight countries and the extra curriculum worldwide.
The analysis estimates that in many countries, cyber security educated was addressed inconsistently, embedded in various curriculum content areas. The existing curricula could have offered more support for teachers to educate the nature, aims, and pedagogical identifications of
Cyber security. Comparing the curricula raised some critical challenges faced by cyber security in secondary school. These challenges are discussed in the paper alongside the proposed way of addressing them.
bsides-cymru-2023-2022-24760-developing-cybersecurity-curriculum-for-secondary-school
Maha Alotaibi1
en
This study answers the following essential questions: (1) what the challenges of teaching cyber security between 12 to 15 are?
(2) How is cyber security education addressed in secondary school curricula worldwide? (3) What are the issues with the existing cyber security curricula worldwide?
false
https://pretalx.com/bsides-cymru-2023-2022/talk/GPH7YY/
https://pretalx.com/bsides-cymru-2023-2022/talk/GPH7YY/feedback/
Track 2 - Foxhunter
Trust & Blame in Self-Driving Cars Following a Cyber Attack
Pecha Kucha
2023-02-11T11:45:00+00:00
11:45
00:10
Even as our ability to counter cyber attacks improves, it is inevitable that threat actors may compromise a system through either exploited vulnerabilities and/or user error. It is therefore important to understand the factors which influence trust and blame in a self-driving car following a successful cyber attack.
bsides-cymru-2023-2022-24126-trust-blame-in-self-driving-cars-following-a-cyber-attack
Victoria Marcinkiewicz
en
One increasingly pertinent concern related to self-driving car technology (and its connected infrastructure) is the potential for it to be cyber attacked. Should (or when) an adverse experience occurs, such an event is likely to erode human trust in the technology and potentially inhibit its uptake. It is therefore important to understand who is blamed for the attack and how/when trust is affected so that appropriate cyber security measures can be implemented (pre and post attack) to mitigate its impact on users and other stakeholders.
false
https://pretalx.com/bsides-cymru-2023-2022/talk/RX87LC/
https://pretalx.com/bsides-cymru-2023-2022/talk/RX87LC/feedback/
Track 2 - Foxhunter
A Review of Intrusion Detection Systems in Large-scale IoT Systems: Challenges, Approaches, and Needs
Pecha Kucha
2023-02-11T12:00:00+00:00
12:00
00:10
Given the scale expansion of the Internet of Things, the design of an Intrusion Detection System (IDS) is critical to protect the future network infrastructure from intrusions. Traditional IDS base their operations on Machine Learning (ML) models trained centrally in the cloud and then distributed across multiple end devices. However, this centralised approach often suffers from network overhead and high latency, thereby resulting in slow detection of malicious traffic and unresponsiveness to attacks in the worst case. The specific characteristics of large-scale IoT systems bring new design challenges that need to be carefully considered. This paper provides a comprehensive review of current IDS for IoT systems to shed light on these issues, focusing on the types of deployment architecture. We show how traditional practices are unsuitable for large-scale IoT systems due to their inherent characteristics. The current research for IoT intrusion detection will need to move in a different direction to develop an optimised solution for these types of networks.
bsides-cymru-2023-2022-24406-a-review-of-intrusion-detection-systems-in-large-scale-iot-systems-challenges-approaches-and-needs
Othmane Belarbi
en
In this talk, I will present a comprehensive review of current intrusion detection systems for IoT systems to shed light on the challenges and associated solutions.
false
https://pretalx.com/bsides-cymru-2023-2022/talk/W9PAQ8/
https://pretalx.com/bsides-cymru-2023-2022/talk/W9PAQ8/feedback/
Track 2 - Foxhunter
Why critical thinking is not the answer to misinformation
Pecha Kucha
2023-02-11T12:15:00+00:00
12:15
00:10
Incorrectly assessing digital information has many repercussions for users: from downloading malicious code in open-source software repositories, to becoming a victim of misinformation. Study 1 was a systematic review (N = 63 studies) of the digital symbols and signals that communicate trust when assessing digital information. The results suggested trust signals and symbols were grouped into three themes of social proof, verification to reduce variance of risk, and expectancy violation theory. Study 2 (N = 20 participants) was a thematic analysis exploring whether expertise influences the use of trust signals and symbols in open-source software libraries. Results indicated that differences exist between expert and lay users when utilising trust cues to assess digital information. The implications for these studies are that ways in which people use trust cues create vulnerabilities for malicious actors to exploit through a range of possibilities. Researching which digital trust signals and symbols are utilised by users (when assessing the trustworthiness of digital information) may help to inform how to mitigate said vulnerabilities.
bsides-cymru-2023-2022-24423-why-critical-thinking-is-not-the-answer-to-misinformation
Rob Peace
en
This presentation focuses on how the interaction of the digital environment and a user’s psychology may lead to incorrectly evaluating the trustworthiness of online information. The two studies aim to demonstrate how asking users to critically think when assessing digital information overlooks how the digital environment may increase psychological biases to distort our ability to successfully evaluate the trustworthiness of digital information. The first study reviews the current evidence for digital trust cues that increase a user’s perception of trustworthy information. The second study focuses on how trust cues are used to make judgements over the trustworthiness of information within open-source software libraries.
false
https://pretalx.com/bsides-cymru-2023-2022/talk/WCL8S7/
https://pretalx.com/bsides-cymru-2023-2022/talk/WCL8S7/feedback/
Track 2 - Foxhunter
Vulnerability Management Sucks.
Pecha Kucha
2023-02-11T12:30:00+00:00
12:30
00:10
It seems simple enough... or at least till you start scaling. Take a dive through the wonderful world of the vulnerability management extravaganza and some examples I've faced when trying to make sense of the data soup.
bsides-cymru-2023-2022-24463-vulnerability-management-sucks-
Luke Jones
en
This talk aims to highlight some of the issues that seem to be a common headache. The task of combining the varying vulnerability management solutions you may have and presenting it back to relevant stakeholders in a neat package, all while trying to properly understand what data matters. Not forgetting the varying compliance and certification requirements that need meeting....
There is a larger focus on traditional infrastructure vulnerability management in this talk.
false
https://pretalx.com/bsides-cymru-2023-2022/talk/FHP3U9/
https://pretalx.com/bsides-cymru-2023-2022/talk/FHP3U9/feedback/
Track 2 - Foxhunter
Lunch - Click for Menu
Talk - long
2023-02-11T12:45:00+00:00
12:45
01:00
lunch - click for menu
bsides-cymru-2023-2022-27380-lunch-click-for-menu
Tom Roberts
en
Lunch will be a buffet and cater for a spectrum of dietary requirements:
• Salad boxes including-
• Green salads,
• Coleslaw,
• Mediterranean couscous
• Tomato salad
• With a choice of Caesar chicken, bbq chicken, teriyaki salmon, selection of cheese and then dietary appropriate options- these will be labelled for self-service and collection.
• Rustic Bread roll selection
• Assortment of sweet treats- carrot cakes, muffins, mini cakes, cookies
• Packets of crisps- assorted flavours
• Assortment of soft drinks
Any special dietary requirements provided in advance will be labelled and accessible.
true
https://pretalx.com/bsides-cymru-2023-2022/talk/CK9QSG/
https://pretalx.com/bsides-cymru-2023-2022/talk/CK9QSG/feedback/
Track 2 - Foxhunter
IOC What You Mean
Talk
2023-02-11T13:50:00+00:00
13:50
00:30
Using analytical techniques to build a high fidelity escalator up the pyramid of pain
bsides-cymru-2023-2022-23708-ioc-what-you-mean
Darren Kingsnorth
en
The Pyramid of Pain made by David Bianco and popularised by MITRE et al. It is ultimately a conceptual model to increase the adversaries operational cost via the effective use of Cyber Threat Intelligence.
Is the Pyramid of Pain too high to climb without very expensive vendor support? In this talk we'll slice up the pyramid of pain using analytical techniques, to reveal how you can prioritise and effectively reduce the permutations of each indicator type via the use of open-source tooling. This will result in tailored 'byte' sized high fidelity chunks for respective courses of action.
false
https://pretalx.com/bsides-cymru-2023-2022/talk/P8FVTA/
https://pretalx.com/bsides-cymru-2023-2022/talk/P8FVTA/feedback/
Track 2 - Foxhunter
When diplomats send Beacon - A retrospective view of APT29 malicious phishing campaigns
Talk
2023-02-11T14:30:00+00:00
14:30
00:30
In 2022, Mandiant identified spear-phishing activity targeting government entities, diplomatic missions, and international organizations in Europe and North America. The threat actors were using a variety of techniques and newly identified malware families that ultimately lead to disseminating BEACON malware payloads.
The extensive email phishing operations were performing covert cyber espionage, using CobaltStrike BEACON implant, which Mandiant publicly exposed in the blog “Trello From the Other Side: Tracking APT29 Phishing Campaigns” and attributed these campaigns to APT29; a Russian-nexus threat actor that’s also been attributed to the SolarWinds supply chain intrusions.
In this talk, Mathias will provide:
- A deeper overview of the various novel phishing campaigns they’ve observed since February 2021
- Any changes in APT29 phishing campaigns since the publication of findings in April 2022
- Showcase the malware utilized to gain a foothold into a victim's network.
- Provide recommendations for defenders to mitigate risks
bsides-cymru-2023-2022-23537-when-diplomats-send-beacon-a-retrospective-view-of-apt29-malicious-phishing-campaigns
Mathias Frank
en
(happy to write a description if needed)
false
https://pretalx.com/bsides-cymru-2023-2022/talk/E9HTYX/
https://pretalx.com/bsides-cymru-2023-2022/talk/E9HTYX/feedback/
Track 2 - Foxhunter
Getting In: Initial Access in 2023
Talk
2023-02-11T15:10:00+00:00
15:10
00:30
The pathway to initial access in 2023 is far from an easy one. This talk will lift the lid on all the recent TTPs we have been using to gain access, giving you techniques you can implement in your own assessment. But what about defence? For all you blue teamers out there, we will show you how to prevent all the attacks we discuss! Sit back and enjoy all the fun!
bsides-cymru-2023-2022-24342-getting-in-initial-access-in-2023
Tony Gee
en
The days of initial access being a case of sending a basic phishing email and get creds are long gone. With email filters so much more effective, end user training more frequent, corporate procedures enhanced, phishing is no longer trivial. We need to think differently, we need to be creative. That is what this talk is all about. Showing you the TTPs we ave developed over the years to evade or even bypass corporate controls and trick staff into giving us access. We will reveal less used TTPs that we have developed over time, showing how they can be leveraged. This is much more than phishing, this is full spectrum initial access, from OSINT led exploits, to in person SE, to creative remote social engineering, providing the many ways of getting in and gaining initial access in 2023.
Are you a blue teamer? Don't worry we will show you all the ways you can stop our attacks, using your defensive onion to make the bad guys cry!
true
https://pretalx.com/bsides-cymru-2023-2022/talk/CBQJRN/
https://pretalx.com/bsides-cymru-2023-2022/talk/CBQJRN/feedback/
Track 2 - Foxhunter
EVSE Ecosystems & Connected Vehicle Privacy
Talk - long
2023-02-11T15:45:00+00:00
15:45
00:45
EVSE Ecosystems & Connected Vehicle Privacy
bsides-cymru-2023-2022-27659-evse-ecosystems-connected-vehicle-privacy
en
EVSE Ecosystems & Connected Vehicle Privacy
false
https://pretalx.com/bsides-cymru-2023-2022/talk/NWWJHM/
https://pretalx.com/bsides-cymru-2023-2022/talk/NWWJHM/feedback/
Track 3 (TTT) - St David's Suite
Trans Tech Tent - (Talks begin at 10 am) Click for Schedule of talks
Village
2023-02-11T09:00:00+00:00
09:00
08:00
Hack hardware, hack software, hack social situations, hack careers, hack gender, hack biology, hack society, hack the planet, hack everything!
bsides-cymru-2023-2022-24084-trans-tech-tent-talks-begin-at-10-am-click-for-schedule-of-talks
/media/bsides-cymru-2023-2022/submissions/SSNZU8/Tech-tent_Tbim6EE.png
a[gk]i|ab+y
en
The Trans Tech Tent is a Welsh organisation that started out as a community repairs group for queer people in the Cardiff area. Two years later, we hack everything, fix everything, and have a global support community.
Come visit us for talks, chats, and workshops throughout the day on every topic we could reasonably fit into a security BSides event!
See https://pretalx.c3voc.de/trans-tech-tent-2023/schedule/ for current schedule
10:00
AM
30min
Risky Business - using risk-based analysis to detect bad things
Jaime McCallion
10:35 AM 30min
Giving you the ICK - Industrial Cyber Knowledge for n00bs
Jamie Grant
11:10 AM 45min
Biohacking in the 21st Century - A guide to transition
Abby
1:00 PM 30min
Reimplementing game servers for fun and giggles
Eva Lauren Kelly (thejsa)
1:35 PM 30min
Reversing UK mobile rail tickets
eta
2:10 PM 30min
Smart Watches are dumber than you think
June Fleetwood
2:45 PM 30min
Why Don't I Know Kung Fu Yet?
Misha Whitney
3:20 PM 30min
Wandering wombs - A History of Medical Misogyny
Raven Gough
3:55 PM 30min
it's borked - programming was a mistake
Maya
5:00 PM 15min
Closing Statement
Abby
false
https://pretalx.com/bsides-cymru-2023-2022/talk/SSNZU8/
https://pretalx.com/bsides-cymru-2023-2022/talk/SSNZU8/feedback/
Workshops - Glamorgan Suite
Introduction to GEOINT
Workshop
2023-02-11T09:30:00+00:00
09:30
03:30
GEOINT is a component of OSINT where a physical location is discovered from clues in media, from still photographs to videos and even sound. The practice requires a selection of skills and knowledge about resources which may be as diverse as power grids, architecture and physics. A successful identification of a location may seem to be almost magical and, at the same time, scary.
bsides-cymru-2023-2022-23015-introduction-to-geoint
David LodgeTony Gee
en
A workshop describing the techniques to identify important parts of an image or video that could be used to locate it (and also when location may not be possible). It will descend into the geekery of sites that can identify various aspects of an image.
It is designed to be fully interactive. It will demonstrate the art of locating through examples and practice. Common search engines and Internet resources will be used to aid in this.
Attendees are encouraged to bring their own images with them so that they can be used in the workshop to practice their own skills. They are also encouraged to share databases or knowledge that other attendees may not know about.
false
https://pretalx.com/bsides-cymru-2023-2022/talk/JMZHJM/
https://pretalx.com/bsides-cymru-2023-2022/talk/JMZHJM/feedback/
Workshops - Glamorgan Suite
Mastering Android Application Reverse Engineering
Workshop
2023-02-11T13:00:00+00:00
13:00
04:00
**Extract, reverse, and exploit Android applications.**
Come to this workshop if you're new to offensive security, want to develop your skills in reverse engineering, or if you're interested in Android application internals. During the four hours we'll dive into:
- The fundamentals of the Java programming language
- How Android applications are developed
- How to reverse Android application's and identify common security misconfigurations
- How to patch and dynamically instrument Android applications for security testing
bsides-cymru-2023-2022-23088-mastering-android-application-reverse-engineering
James Stevenson
en
# Summary
This workshop will be broken down into three sections,: an introduction and talk on the fundamentals, a guided challenge / exercise, followed by free-form challenges and activities. By the end of this workshop you'll be able to develop simple Android applications, reverse Android applications to both Java and SMALI, and apply other dynamic techniques to your reverse engineering efforts such as using Frida and Patching.
# Prerequisites
- A foundation knowledge of Linux CLI use
- A laptop that can run a virtual machine (with VMWare Player or equivalent installed)
- An Android Phone with ADB enabled or Android Studio installed with an emulator (please check the emulator works before hand).
# About James
James is a vulnerability researcher focusing on the Android system and applications. James has over five years experience in the industry and has worked in a variety of roles from startups to global organizations.
false
https://pretalx.com/bsides-cymru-2023-2022/talk/QEQ7G9/
https://pretalx.com/bsides-cymru-2023-2022/talk/QEQ7G9/feedback/
Workshops - ClockTower
ICS Village (Opens at 9.45)
Village
2023-02-11T09:00:00+00:00
09:00
08:00
Interested in seeing how industrial control systems work and how secure they are? The ICS Village run by the University of Bristol's Cyber Security Group includes live demos of various attacks against ICS devices using our mobile demonstration units.
bsides-cymru-2023-2022-24399-ics-village-opens-at-9-45-
Joe Gardiner
en
Industrial control systems, such as those controlling many aspects of critical infrastructure including energy, water and manufacturing, are increasingly the target of sophisticated cyber attacks. At the ICS village you can see practical attack demonstrations against real ICS devices, including demonstrations of attack scenarios which can cause physical processes to go wrong. Demonstrations include reconnaissance of ICS devices, the exploitation of programmable logic controllers and password cracking of human machine interfaces.
false
https://pretalx.com/bsides-cymru-2023-2022/talk/XPKMPQ/
https://pretalx.com/bsides-cymru-2023-2022/talk/XPKMPQ/feedback/
Workshops Clocktower (more)
Battle Bots (Opens at 9.45)
Village
2023-02-11T09:00:00+00:00
09:00
08:00
Mini Battle Bots!
bsides-cymru-2023-2022-27795-battle-bots-opens-at-9-45-
en
Mini Battle Bots!
false
https://pretalx.com/bsides-cymru-2023-2022/talk/CVFVFM/
https://pretalx.com/bsides-cymru-2023-2022/talk/CVFVFM/feedback/