Bsides Cymru 2024

To see our schedule with full functionality, like timezone conversion and personal scheduling, please enable JavaScript and go here.
09:00
09:00
30min
Opening Speeches + Keynote
Craig Jones, Clare Johnson + Stuart Criddle

Keynote Speaker

Main Room (Ballroom) - Track 1
09:25
09:25
45min
Decoding Neurodiversity: Spectrums aren't just for RF
Illyana M

An educational but fun myth-busting session talking about all things neurodiversity. Illyana will talk about her journey through diagnosis and her journey in industry, as well as share insights on how everyone can be more inclusive.

Sophia Room - Track 2
09:30
09:30
420min
BattleBots
Craig Jones, Clare Johnson + Stuart Criddle

BattleBots

Mezzanine
09:30
240min
Exploring the socio-technical challenge: What even are human factors?! and why should I care?
Rob Peace, Oishee Kundu, Alicia Cork, Victoria Marcinkiewicz

Although technical measures have played a vital role in enhancing cybersecurity, the changing landscape has shifted towards exploiting human vulnerabilities. Most recorded attacks now target behavioural vulnerabilities, highlighting the need to comprehend and encourage positive security behaviours. However, securing human behaviour poses a significant challenge, with individual motivations, environmental influences, and cognitive biases amongst a myriad of factors contributing to the complexity of the challenge. This village seeks to shed light on the complexity of the human challenge in cybersecurity. First, through a series of talks featuring academic and industry experts, we aim to showcase the diverse range of influences on human behaviour. From psychological biases to organisational culture and geopolitics, our speakers will explore the multifaceted nature of human factors and their implications for increasing positive security behaviours. In addition to the talks, attendees can participate in various human factors related interactive sessions, including a novel board game that simulates the development of a digital healthcare start-up, challenging players to make strategic product and cybersecurity decisions as board members. Finally, our village will facilitate an expert panel discussion on pressing questions surrounding human factors, including “How do we know interventions are working?” and ”What even are human factors?!”.

Roath Room
09:30
30min
Home Renewables Security Or: How I forgot to RTFM and got Pwned by my 12 year old
Jon Renshaw

An exploration of the threats against home renewable technologies such as solar panels, EV chargers and smart heating systems with inspiration from real world vulnerabilities.

Main Room (Ballroom) - Track 1
09:30
420min
ICS Village
Joe Gardiner

Interested in seeing how industrial control systems work and how secure they are? The ICS Village run by the University of Bristol's Cyber Security Group includes live demos of various attacks against ICS devices using our mobile demonstration units.

Sponsors Hall
09:30
420min
Lockpicking Village
Rik Kershaw-Moore

The combined TOOOL UK and UKLOCKSPORT.CO.UK are asking permission to run a lockpicking village.

Bute Room - Lockpicking village
10:05
10:05
45min
Hurr Durr, He Wrote: That awesome time I trolled the stupidest scammer in the world
Matt Wixey

What do you get when you cross a bored security researcher with a gullible scammer? You get this talk, of course – an epic dive into weeks of trolling, lulz, and horrendous OPSEC.

I’ve been trolling scammers as a hobby for a while now, amusing myself by replying to their email lures with deliberately outrageous scenarios and turns-of-phrase. Usually, the scammers figure out I’m on the wind-up and disengage pretty quickly.

Not this time.

Join me as we walk through a complex, long-term email scam from start to finish – a journey featuring a ‘solicitor’ who out of the goodness of his heart wanted to help me claim an inheritance worth millions, and a ‘bank’ which was only too willing to facilitate this.

Along the way we’ll meet my slightly unhinged alter ego (the intended victim of this scam), and his fictional, put-upon, and possibly kidnapped roommate, Tarquin Fortitude. Together they turned a simple phishing lure into a litany of trolling involving increasingly ludicrous personal details, the most amateurishly-fabricated library card ever, a fake bank transfer, a giant purple envelope, and hilarious misunderstandings. Every time I thought I’d gone too far – like when I asked the scammer to send ME money – the scammer continued to reply, even laying the groundwork for a follow-up scam by telling me their son was undergoing cancer treatment.

But it wasn’t all just for the lulz. As I trolled, I also documented every domain, snippet of information, and attachment, which provided a useful insight into how modern email scammers operate and the techniques and tactics they use. It also eventually resulted in me obtaining some very interesting details about the scammer…

In this talk I’ll tell you the story in all its gory detail, explore some practical learning points, and share the IOCs and TTPs I collected.

Main Room (Ballroom) - Track 1
10:15
10:15
30min
Whatever you do, don't pull the plug!
Pete G

Whatever you do, don't pull the plug!

A ticket has been logged, users are unable to open files and then you discover the ransom notes, and start seeing files changing before your eyes - what next? Isolate the hosts, pull the power, pray or go and make a cuppa?

This talk will cover a real life experience when someone did exactly that and pulled the power out of a storage array - with the best of intentions to prevent further damage, unbeknown that this would actually cripple the network!

From stopping the attack, uncovering the lack of DR and backups, to reconstructing the environment and travelling across London with a server in the back of a black cab and then rebuilding. This is a real life tale about how a lack of incident response planning and knee jerk reactions can make things worse!

Sophia Room - Track 2
10:50
10:50
30min
SOC Analyst’s Arsenal: Essential Tools, Tips and Tricks for Effective Investigations
Samuel Kavaler

In the ever-evolving landscape of cybersecurity threats, SOC analysts play a vital role in detecting, investigating, and responding to incidents. To excel in their mission, SOC analysts need to leverage a comprehensive arsenal of tools, along with proven tips and tricks, to conduct efficient and effective investigations.

In this talk, we will dive deep into the SOC analyst's world, exploring the essential tools, invaluable tips, and time-saving tricks that can supercharge investigations. Join us for an engaging session that will empower SOC analysts of all skill levels with the tools, tips, and tricks necessary for effective investigations.

Sophia Room - Track 2
10:55
10:55
30min
Everything online can be faked. Here's how and here's how to spot it.
Wayne May

How everything can be faked and simple ways to debunk them as fakes.

Main Room (Ballroom) - Track 1
11:25
11:25
45min
Practical security challenges posed by AI adoption: Code Quality and Threat Modeling
Balazs Greksza

Both LLMs as application components and code generation has security challenges. The goal of the talk is to demystify the complexities of securing applications.
We discuss AI security and software engineering challenges according to recent research.
Highlighting three popular AI use cases: Code Completion, Code Generation and Code Quality tools. We discuss how they fit in modern development environments and CI/CD, and what their implications are.
We seek to resolve conflicting interests of Product Management, Security and Software Development.
The talk will build on well-known security knowledge, extend it by looking at frameworks, such as MITRE ATLAS and OWASP Top 10 for LLMs.
With a quick intro to some of the key attack techniques, we look at where prevention should occur, and how to prioritize defenses.
The presentation will have a demo including one potential workflow.
The goal is to overcome the obstacles of securing software by decomposing it. The typical challenges are: specialised tooling, lots of moving parts, unclarity of the components.
We discuss the approaches to deal with securing software with high Go to Market pressure including.

Sophia Room - Track 2
11:30
11:30
30min
So you want to be a spy - reality is a slap in the face
Tony Gee, Hugo Page-Turner

Navigate the Spectrum of Intelligence with us, our talk unveils the intricate world of intelligence gathering. Explore the mysterious intricacies of CYBINT, HUMINT, and other intelligence domains, each revealing a piece of the global espionage puzzle. Witness how the integration of TECHINT, SIGINT, FININT, and more, forms a complex tapestry of data analysis and insight. This presentation is a gateway into the secretive realms of intelligence, where each detail and discovery brings you a step closer to understanding the hidden forces that shape our world.

Main Room (Ballroom) - Track 1
12:05
12:05
45min
Admiral Community CTF

Admiral CTF which will be accessible via phone and open to all.

Main Room (Ballroom) - Track 1
12:15
12:15
30min
Automating Binary Analysis With Machine Learning… and a bunch of scripts
James Stevenson

Reverse engineering, vulnerability research, binary analysis - all of these approaches and disciplines require skill and take time. This talk dives into supporting the latter, by covering what we can do to automate and accelerate approaches to binary analysis and in getting results, identifying findings, and spotting bugs and vulnerabilities quicker.

Sophia Room - Track 2
12:50
12:50
40min
Lunch
Main Room (Ballroom) - Track 1
12:50
40min
Lunch
Sophia Room - Track 2
13:30
13:30
30min
I Don't Care about Domain Admin
Dan Cannon

Achieving domain admin status may showcase l33t hacking skills, but does it resonate with clients? This presentation challenges the traditional focus on system compromise by shedding light on the often-overlooked consequence: the compromise of client and user trust. While penetration testers traditionally strive for system vulnerability identification, threat actors are evolving to exploit novel ways to impact victims.
In a notable incident from November 2023, the ransomware group Alphv/BlackCat filed a complaint with the US Securities and Exchange Commission (SEC) against a victim who failed to disclose the data breach they caused. This incident may signal a potential shift towards hacking groups leveraging laws and regulations to pressure victims into making payments, adding a new layer to cyber threats.
Exploring the European landscape, where the protection of Personally Identifiable Information (PII) is paramount, is it possible for penetration testers to leverage regulatory frameworks. By highlighting the business and regulatory impacts that clients may suffer due to lax security practices, we aim to encourage better security adoption. Can we turn regulatory compliance into a powerful tool for enhancing cybersecurity and fostering client trust?

Main Room (Ballroom) - Track 1
13:30
30min
Securing Online Transactions: How to Keep Your Money Safe about IDOR vulnerability
Ilkin Javadov

I will explain how IDOR vulnerabilities occur in the context of online transactions.
I will be doing a demonstration showing real world examples and results of IDOR attacks.
I will also explain statistics or case studies highlighting the financial impact of IDOR attacks, and I will also conduct extensive research on how to eliminate the defensive vulnerability.

To prevent IDOR vulnerabilities, secure coding practices are required at least a little. Therefore, what important points should we pay attention to, etc.

Securing all endpoints via IDOR
These will all be LIVE DEMO or LIVE HACK. I will make my own configuration on the server.

Sophia Room - Track 2
14:05
14:05
30min
Dr. Strangequeries or: How I Learned to Stop Worrying and Write Better BloodHound Queries
Harry Williams

This talk will take a closer look at BloodHound's Cypher queries, delving into how complex queries can be built in order to build and extract better datasets for use in offensive and defensive AD security. The basics of the language, its syntax, potential use cases and advantages over BloodHound GUI alone will be discussed in detail. Examples will be drawn from the field and pros and cons of utilising raw queries will be illustrated.

This topic was chosen out of a frustration for the sometimes slow process of enumerating targets in BloodHound using prebuilt queries, or the worry of missing key targets and paths due to an incorrect query.

Sophia Room - Track 2
14:05
30min
Out of the Frying Pan Into the Cloud: A Red Teamer's View of Your Cloud Estate
Max Corbridge

Azure, AWS, GCP...Pick your poison. We are in the midst of a digital revolution as organisations are putting an unearthly (pardon the pun) amount of their business operations and data in the cloud. Responsibility has become a grey area, storage is being left exposed to the internet, and MFA may be the first and last line of defence. Join Max, Head of Adversarial Simulation and a Red Teamer who has become mildly obsessed with hacking the cloud, as he walks you through how his perspective and methodology has shifted when targeting cloud environments.

Main Room (Ballroom) - Track 1
14:40
14:40
30min
Client-Side Attacks in a Post-XSS World
Zeyu (Zayne) Zhang

The web platform's openness and composability provide many benefits. Yet, the ability for websites to interact with each other has provided many opportunities for attacks that abuse the core principles of the web. With advancements in web technologies, it might seem like we are entering a post-XSS world. But modern client-side security is so much more than just traditional XSS and CSRF!

Sophia Room - Track 2
14:40
45min
Navigating Cloud Frontiers: A War Story of Cloud Purple Teaming
Hani Momeninia

Embark on a gripping journey into the realm of Cloud Purple Teaming through a real-world war story. This talk will unfold the challenges, victories, and invaluable lessons learned during a Cloud Purple Teaming engagement. Gain insights into the unique strategies and collaborative efforts that shaped the defense of cloud-based assets, providing actionable takeaways for enhancing your organization's cloud security posture.

Main Room (Ballroom) - Track 1
15:15
15:15
30min
I Know What You Did Last Summer
Sam Macdonald

We willingly share immense personal information about ourselves online disregarding the consequences of such actions. Privacy is now a word we bound around whilst simultaneously sharing with the world every aspect of our lives with no second thought. Social media, public databases and breach dumps are a treasure trove of information. From account takeovers, targeted phishing campaigns, fraud, stalking and blackmail we’ll see how threat actors can put the jigsaw pieces about us together to create a detailed attack profile.

Sophia Room - Track 2
15:35
15:35
30min
Ohhhh365 - How to (Quite) Reliably Hack into Microsoft 365, And What to Do Afterwards
Sunny Chau

An employee's M365 account has become a pivotal asset, guarding business-critical data such as internal emails and SharePoint data. In this talk, we dive into modern tradecraft used by JUMPSEC to compromise M365 in our adversary simulation engagements, some of which were recently used by an advanced threat group to successfully breach Microsoft. The talk will outline our methodologies in obtaining unauthorised access, followed by strategies for post-compromise actions.

Main Room (Ballroom) - Track 1
15:50
15:50
15min
Is the biggest cyber security risk the lack of diversity?
Becky MacBride

How lack of diversity can blinker teams so much that they can create more than just security vulnerabilities. Learn how I break mould to help security teams that I work with, as well as external teams understand if they widen their sights they can see more than just security risks.

Sophia Room - Track 2
16:10
16:10
10min
Modern Vehicle Sabotage
Muhammad Yusuf Bambang

In modern vehicles, many functions that enhance convenience rely on the Controller Area Network (CAN-bus), which serves as an in-vehicle network connecting sensors and actuators. Despite being a three-decade-old technology, the CAN-bus remains prevalent due to its effectiveness and efficiency. However, it lacks essential security features for confidentiality, integrity, and availability, making it vulnerable in today's connected vehicle landscape. While a majority of research has been done to address the security features, there is a lack of attention given to the effects of these additional security features to other parts of the vehicle, such as the Event Data Recorder. If detrimental effects are present, then the security features fitted to combat CAN-bus vulnerabilities needs to be evaluated.

Sophia Room - Track 2
16:10
30min
Okta Terrify - Persistence in a Passwordless World
Ceri Coburn

With passwordless solutions becoming more prevalent within the enterprise, the goal of becoming a phish proof organisation are becoming ever closer. But what risks are introduced with these kinds of solutions?

Main Room (Ballroom) - Track 1
16:30
16:30
15min
Pocket-Sized Powerhouses: Exploring IDSs on Microcontrollers
Vasilis Ieropoulos

Security remains a paramount concern in the rapidly evolving Internet of Things landscape. Traditional Intrusion Detection Systems often fall short in the face of unique challenges posed by IoT networks, such as resource constraints and device heterogeneity. By creating an IDS which lives on the microcontroller it allows it to have autonomy over its security without relying on external devices. We have a look at the challenges of implementing this solution on the device and how it performs compared to traditional solutions.

Sophia Room - Track 2
16:45
16:45
30min
Closing Speeches

Closing speeches and prize giving

Main Room (Ballroom) - Track 1
17:30
17:30
180min
After Party
Main Room (Ballroom) - Track 1