2.0 -//Pentabarf//Schedule//EN PUBLISH 3P7UCW@@pretalx.com -3P7UCW Opening en en 20240720T090000 20240720T093000 003000

Opening

Opening talk of BSides Joburg 2024 PUBLIC CONFIRMED Event Session https://pretalx.com/bsides-joburg-2024/talk/3P7UCW/ Track 1 PUBLISH RJ8DYV@@pretalx.com -RJ8DYV Could ZA be 1337? What if we cast off the dark and lead the way to a new dawn en en 20240720T093000 20240720T101500 004500

Could ZA be 1337? What if we cast off the dark and lead the way to a new dawn

I’m not a futurist, but I’ve gotten ok at seeing what’s coming - and South Africa’s cyber security is in a state. With barely 4% of those who write Matrix graduating with some sort of technical qualification a few years later - and few places willing to take on and train new entrants, we have a pipeline problem. With mid-level skills emigrating - we have too few replacement, and too few people to train the newbies. The remaining seniors are expensive, and need to deploy their skills towards commercial activity to sustain that expense. This creates a market where only the biggest/richest companies can afford cyber security skills. The top 100 are over-serviced, while the middle 1000 are under serviced. But BigCo’s aren’t always there to help - some use their purchasing power to push for the lowest price - only willing to pay top dollar for international skills or when poaching. The latter, combined with emigration serving to drive double digit salary growth in cyber year on year, while price increase are low single digits. This creates a race to the bottom where those supplying the skills are squeezed to find more and more cost savings - turning to employing people outside South Africa, or selling their skills outside the country - further exacerbating the skills available in country. Then, the people who do best in a race to the bottom are criminals, the corrupt and the dishonest. And with security often a market for lemons - the buyers can’t always discern. This leaves little opportunity for new startups to enter a market occupying either extremes - with few with the skills to train, let alone able to afford to train. But what could it look like instead? A country renowned for cyber, with a thriving community, numerous top-tier researchers and companies. New entrants would be excited to join because they could accelerate into a scare skills niche with worldwide employability. Companies would have growing cyber teams able to provide well paid careers for these people. The market would be better able to discern and afford top tier skills, while also having better options at the mid-level, avoiding charlatans. South Africa’s renown for cyber would earn more opportunity outside the country, serviced remotely from within ZA. The forex would benefit the economy more generally. The work would further serve to give our people more and varied experience - driving more innovative research contributions and pioneering companies. How could we get there?

We need to fix a few things: * The community * The market * The training pipeline * The research * The support for entrepreneurs But it’s doable. Cyber is still small enough to have an outsized impact. We don’t need to fix all of South Africa’s problems to do it. And some of where we’re at are opportunities. Will you try dent the world with me? PUBLIC CONFIRMED Keynote https://pretalx.com/bsides-joburg-2024/talk/RJ8DYV/ Track 1 singe PUBLISH 37JJQD@@pretalx.com -37JJQD Terribly Layered Security - The common security failings of cryptography implementations for mobile en en 20240720T103000 20240720T111500 004500

Terribly Layered Security - The common security failings of cryptography implementations for mobile

1. Introduction to Transport Layer Security - Brief overview of TLS - Impact and severity of exploitation 2. Host Name Validation - Detailed look at the process of host name validation - Tools and techniques for detection - Demonstrating real-world attacks against improper host name validation 2. Certificate Chain Validation - Detailed look at the process of certificate chain validation - Tools and techniques for detection - Demonstrating real-world attacks against improper chain validation. 3. Certificate Pinning - Explanation of certificate pinning and its importance - Tools and techniques for detection - How to implement certificate pinning with OkHTTP - Demonstrating real-world attacks against certificate pinning 4. Custom Cryptography * What does custom cryptography on top of TLS look like * Does it provide any security benefits * Does it pose any risk * Examples of real-world attacks against custom cryptography implementations 5. Live Demonstrations - Recorded demonstrations of all of the above, and combinations of the controls - Interactive session with audience participation - Demonstrating real-world attacks against improper host name validation PUBLIC CONFIRMED Standard Talk https://pretalx.com/bsides-joburg-2024/talk/37JJQD/ Track 1 Connor du Plooy Andre Lopes PUBLISH 9BAXW9@@pretalx.com -9BAXW9 Doppelgänger Devices: Investigating Fake iPhones & Security Implications en en 20240720T112000 20240720T120500 004500

Doppelgänger Devices: Investigating Fake iPhones & Security Implications

Counterfeit electronic devices, particularly fake iPhones, have become increasingly prevalent in global markets. These devices mimic the appearance and functionality of authentic iPhones but are often of inferior quality and pose significant security risks to users. This proposal seeks to investigate the phenomenon of doppelgänger devices, focusing on counterfeit iPhones, and analyse their security implications. Furthermore, the proposal aims to investigate the security vulnerabilities inherent in fake iPhones. Counterfeit devices may contain malicious hardware or pre-installed malware, posing threats such as data theft, financial fraud, and surveillance. By conducting penetration testing and forensic analysis, we will identify potential security weaknesses in doppelgänger devices and assess their implications for end-users, enterprises, and cybersecurity professionals. The findings of this research will contribute to the understanding of counterfeit electronics and their security risks, providing valuable insights for cyber security specialist and end-users. Moreover, the study will propose strategies for mitigating the impact of fake iPhones on consumer safety and cybersecurity, including consumer education initiatives, and technical solutions where applicable. I have managed to procure a counterfeit device and intend to show off its capabilities. My proposal seeks to delve into the acquired counterfeit iPhone, aiming to address the following inquiries: How can users swiftly and accurately discern the authenticity of an iPhone, especially when counterfeit versions have circumvented standard online verification checks? Does the counterfeit device engage in the harvesting of user credentials? Is there evidence of communication with a remote server? What operating system and methodologies were employed in its fabrication? Are there any backdoor access points or hidden functionalities within the counterfeit iPhone that could compromise user privacy or security? What security vulnerabilities are present in the counterfeit iPhone, and how do they compare to those found in authentic devices? In summary, this proposal seeks to investigate doppelgänger devices, with a focus on counterfeit iPhones, and analyse their security implications. By uncovering the hidden dangers of fake electronics, this research aims to safeguard users and promote a more secure digital ecosystem. PUBLIC CONFIRMED Standard Talk https://pretalx.com/bsides-joburg-2024/talk/9BAXW9/ Track 1 Ansie Brough Williamson PUBLISH ZCCRWX@@pretalx.com -ZCCRWX Certpinning, OpenSSL and Memory Patching. Sounds fun right? en en 20240720T121000 20240720T125500 004500

Certpinning, OpenSSL and Memory Patching. Sounds fun right?

This approach differs from the usual approach of using function hooking by being more difficult, less practical and far less reliable. This is a novel technique for bypassing a security control, rather than being a vulnerability. The following section will be covered by the talk: - Introduction to what certificate pinning is. - The different methods typically employed to implement certificate pinning. - How certificate pinning is typically bypassed. - Using memory patching to bypass certpinning. - Future research and understanding where OpenSSL fits in. (Hint: everywhere) PUBLIC CONFIRMED Standard Talk https://pretalx.com/bsides-joburg-2024/talk/ZCCRWX/ Track 1 Isak van der Walt PUBLISH KXAYZT@@pretalx.com -KXAYZT The CISO's Field Guide to GenAI en en 20240720T134500 20240720T140000 001500

The CISO's Field Guide to GenAI

The talk will cover: 1. GenAI overview - key pillars and context 2. Security issues in the GenAI landscape 3. Strategies to manage and mitigate (some of) the risks. PUBLIC CONFIRMED Lightning Talk https://pretalx.com/bsides-joburg-2024/talk/KXAYZT/ Track 1 Samresh Ramjith PUBLISH CDAUVR@@pretalx.com -CDAUVR I've seen you get hacked! (AI Real-Time Attack Simulation) en en 20240720T140000 20240720T141500 001500

I've seen you get hacked! (AI Real-Time Attack Simulation)

Attack simulation, emulation and modelling offer defenders insights into the potential for a risk to be realised. We can understand threats, vulnerabilities and impact helping us prioritise our remediation efforts. In a world where we are required to defend against asymmetric cyber-attack; how we use and focus limited security resources is an essential part of artful defence. Most defenders use physical simulation (such as penetration testing) or emulation (such as virtual twins). Attack modelling require less resource, making it cost-effective and easy to scale. However, it is a point-in-time, desktop exercise, where risk is in the eye of the beholder. Therefore it produces a lower fidelity output. The question we asked ourselves: How can we improve modelling fidelity to perform continuous real-time cyber risk assessment? In this talk we will demonstrate an AI-based platform developed to run simulations, in real-time, on network and internet data at scale. Classifying and prioritising threat and vulnerability incident response in a dynamic asset landscape. Could this empower you to have a predictive and proactive posture? Join the talk and demonstration to find out! PUBLIC CONFIRMED Lightning Talk https://pretalx.com/bsides-joburg-2024/talk/CDAUVR/ Track 1 nithen PUBLISH WVBZZL@@pretalx.com -WVBZZL Is ChatGPT a friend of foe to CTF competitions? en en 20240720T141500 20240720T143000 001500

Is ChatGPT a friend of foe to CTF competitions?

CTF competitions offer an interactive environment to promote cybersecurity education, allowing students to gain hands-on experience solving cybersecurity challenges in a fun but controlled environment. One such initiative is the Cyber Security Challenge (CSC), first introduced in 2017 and organised by the South African National Research Network (SANReN). However, the emergence of ChatGPT has raised concerns regarding the possible influence of technology on the learning ability offered by CTF events. ChatGPT presents the capability to instantly respond to various text-based questions following a conversational approach. The typical style of CTF challenges usually follows a question-answer format, which offers students the ideal opportunity to enlist the assistance of ChatGPT. This talk will briefly discuss the ability of ChatGPT to solve CTF challenges. Questions to consider: - Are structural changes required to CTF challenges? - Should ChatGPT be permitted or even encouraged? PUBLIC CONFIRMED Lightning Talk https://pretalx.com/bsides-joburg-2024/talk/WVBZZL/ Track 1 Heloise Meyer PUBLISH WCRBRA@@pretalx.com -WCRBRA Cybersecurity in the Boardroom: From Risk to Strategic Advantage en en 20240720T144000 20240720T152500 004500

Cybersecurity in the Boardroom: From Risk to Strategic Advantage

I'll explore key areas for board oversight, including: - Understanding cyber risks in business terms - Translating technical jargon into actionable insights - Building a culture of security awareness across the organization - Developing a proactive cybersecurity strategy aligned with business goals The talk will showcase successful strategies for board engagement and provide practical steps for directors to transform cybersecurity from a burden to a strategic advantage. PUBLIC CONFIRMED Standard Talk https://pretalx.com/bsides-joburg-2024/talk/WCRBRA/ Track 1 Sandika Daya PUBLISH XSCSJG@@pretalx.com -XSCSJG Hacking The Airwaves! en en 20240720T154000 20240720T162500 004500

Hacking The Airwaves!

1. Introduction An introduction to radio frequency hacking and the topics that are going to be covered during the talk. The talk will mostly cover the types of attacks that already exist, with less focus on defence. The main aim of the talk is to raise security awareness surrounding radio frequency hacking. 2. Tooling Introduction on the tooling that is going to be used during the talk and what attackers might use. Quick demonstration of how it works and to show the attacker's mindset when it comes to radio hacking. (Demo 1). 3. Automotive attacks An explanation of how car keyfobs work with rolling codes and how they prevent replay attacks. Following the rolling code explanation, there will be a short demo to illustrate how an attacker can capture these signals. This explanation will aid in understanding potential weaknesses of rolling code communication and how attackers could exploit this to perform various actions, such as unlocking or starting the car. This will be followed by a demo of how an attacker could analyse the 2012-2017 Kia Rio's rolling code communication and use it to brute force or predict rolling codes to unlock the car (Demo 2). With this knowledge we will also go through some of the security considerations of the rolling code communication, ending with how encryption can be a good mitigation, but not a complete fix. This will include an explaination of how attackers could break the cryptography, extracting information from the keyfob itself on a hardware level. For more practical examples, a conceptual explanation of the Roll Back Attack and demonstrations of how the attack is performed on a Mazda CX-5 and Hyundai i20 to unlock or start the car will be shown. (Demo 3) Understanding how keyless entry and start works and what an attacker might want to target to exploit it will form the final part of the automotive component of the talk. We will go through a conceptual explanation of the Relay attack and have a demonstration of how the attack is performed on a Mazda CX-5 to unlock and start the car. (Demo 4). Emphasising the dangers of this attack, as it leverages the principles of radio communication and not a flaw within the technology itself as well as going through potential defenses for this attack will allow us to further understand the core issues. This will also focus on how attacker techniques had to evolve to perform this attack due to different living environments around the world. 4. Access Control Due to similarities between automotive attacks and how access control cards work, we will use the knowledge developed from the previous part to understand how basic access control cards work. (Demo 5) This will highlight the potential shortfalls of physical access control with access cards such as Access Card Cloning and cracking with a quick demonstration. It will also contain a conceptual explanation of how the Relay Attack used on cars can also be used with access control as well as potential defenses for the attack. 5. More RF Attacks Basic jamming concepts, explaining how jamming can be used against cars and exploring attacks such as jamming keyless start or jamming the car tracker will be discussed. We will also take a brief dive into how jamming can be used to bring down services in corporations (WiFi), mining, and hospitals, which will include a demonstration of how a jamming attack can work (Demo 6). We will also discuss some potential defenses against jamming. 6. Closing remarks Quick recap on some of the topics that we covered, then explaining the overall impact RF attacks could have and why it should matter to us as security professionals. Demos in presentation: Demo 1: How the tooling works Demo 2: Demonstration of how attackers can capture and analyse Kia Rio rolling codes to perform a brute force attack to unlock the car Demo 3: Demonstration of the Rollback Attack on Mazda CX-5 and Hyundai i20 to unlock the car Demo 4: Demonstration of the Relay Attack on Mazda CX-5 keyless start Demo 5: Demonstration of how access cards could be cloned/cracked Demo 6: Demonstration of how a jamming attack can jam car trackers, keyless start, and wifi PUBLIC CONFIRMED Standard Talk https://pretalx.com/bsides-joburg-2024/talk/XSCSJG/ Track 1 Robin Roodt PUBLISH 9KAXBT@@pretalx.com -9KAXBT From Overheating to Overachieving: A Comedic Tale of Hacking My Car en en 20240720T163000 20240720T171500 004500

From Overheating to Overachieving: A Comedic Tale of Hacking My Car

I. Introduction (5 minutes) A. Briefly introduce the topic and the speaker's personal journey B. Set the stage for an entertaining and educational adventure II. The Overheating Odyssey (5 minutes) A. Share the speaker's initial car troubles B. Describe the frustrating visits to multiple repair shops C. Tease the idea of taking matters into one's own hands III. The Curious Curiosity (10 minutes) A. Introduce the OBD connector and its role B. Explain the decision to hack the car and the motivation behind it C. Highlight the essence of curiosity as the driving force IV. Electronics 101: A Crash Course (10 minutes) A. Provide a basic overview of electronics principles B. Explain the role of logic probes in analyzing data C. Prepare the audience for the upcoming hacking journey V. Hacking with Humor (15 minutes) A. Share funny and light-hearted misadventures during the hacking process B. Describe the experience of intercepting initial data on the car's CAN bus C. Explain the use of Arduino in decoding and translating signals D. Emphasize the importance of embracing humor and learning from mistakes VI. The World of Possibilities (10 minutes) A. Discuss the broader potential of car hacking B. Share a specific example of converting a gasoline car into an electric vehicle C. Inspire the audience to think creatively and explore new horizons VII. Conclusion (5 minutes) A. Summarize key takeaways from the talk B. Encourage the audience to embark on their own hacking adventures C. End on a light-hearted note, emphasizing the joy of curiosity and learning VIII. Q&A Session (15 minutes) A. Engage with the audience, answer questions, and share additional insights PUBLIC CONFIRMED Standard Talk https://pretalx.com/bsides-joburg-2024/talk/9KAXBT/ Track 1 Rudi Grobler PUBLISH AAGTQQ@@pretalx.com -AAGTQQ Closing en en 20240720T171500 20240720T174500 003000

Closing

Closing of BSides Joburg by organizing team PUBLIC CONFIRMED Event Session https://pretalx.com/bsides-joburg-2024/talk/AAGTQQ/ Track 1 PUBLISH BNV9XG@@pretalx.com -BNV9XG The Hidden War: Navigating the Threats of Corporate Espionage en en 20240720T103000 20240720T111500 004500

The Hidden War: Navigating the Threats of Corporate Espionage

The following are the main points that will be covered during the presentation: The Landscape of Corporate Espionage: 1. Differentiating between legal intelligence and illegal espionage. 2. Exploring vulnerable industries with real-life cases such as Uber and the global electric car market. 3. Assessing the value and risk of obtained information across sectors. The Dark Sides: Methods of Espionage: 1. Examining illicit methodologies including hacking, social engineering, and insider threats, along with real-life examples. 2. Investigating potential involvement of ransomware groups, APTs, and nation-states in espionage for ransom or data brokering. 3. Discussing the involvement of well-known forensic and private intelligence companies in the prevalence of spying and espionage. Legal and Ethical Considerations: 1. Understanding legal frameworks distinguishing espionage from market research. 2. Unveiling forensic approaches for identifying what constitutes intellectual property theft. 3. Contemplating the necessity and implications of private intelligence units in organizations. 4. Discussing strategies for effective and legal intelligence gathering. Weighing the Risks and Rewards: 1. Analyzing benefits of legal intelligence gathering and risks associated with both legal and illegal espionage. Countering Espionage: Protecting Your Business: 1. Discussing proactive measures to safeguard against espionage threats. PUBLIC CONFIRMED Standard Talk https://pretalx.com/bsides-joburg-2024/talk/BNV9XG/ Track 2 Kitso Moema PUBLISH WJA9K8@@pretalx.com -WJA9K8 The evolution/revolution of Cryptography and Quantum Computing in Cyber Security en en 20240720T112000 20240720T120500 004500

The evolution/revolution of Cryptography and Quantum Computing in Cyber Security

This talk covers the RSA and Elliptic curve cryptographic algorithms, their implementation and where they are used. Then we discuss common weakness that may occur during the implementation phase of these algorithms. We present the basics of quantum computing and why it posses a risk to current asymmetric cryptographic keys. Shor's prime factorization algorithm will be explained with relevant examples to illustrate the factorization process. Then using Quantum Fourier Transforms we will show how quantum principles are used to reliably factorize large primes. We conclude the talk with an overview of quantum resistant cryptographic algorithms and how quantum cryptography can be used to encrypt data in the future. PUBLIC CONFIRMED Standard Talk https://pretalx.com/bsides-joburg-2024/talk/WJA9K8/ Track 2 Ivan Burke Sa'ad Kari Vimilan Naiker PUBLISH KV7WZA@@pretalx.com -KV7WZA Reverse-Shell Fallacy: An introduction into defence evasion techniques en en 20240720T121000 20240720T125500 004500

Reverse-Shell Fallacy: An introduction into defence evasion techniques

A brief overview of the topics: Classic vs Modern defences, a move towards detection engineering and threat hunting, individual offensive research vs multimillion-dollar research teams - Microsoft's attempts to aid in security Driver Signing Enforcement, Smartscreen, User Account Control, Protected Process Light, etc (They are trying their best.) - Talking about AMSI, AV, and EDR and touching on their Architecture, Design, and Bypass techniques, then going one step further to see what trails these attacks leave behind. PUBLIC CONFIRMED Standard Talk https://pretalx.com/bsides-joburg-2024/talk/KV7WZA/ Track 2 Gerhard Botha PUBLISH 9HQGGW@@pretalx.com -9HQGGW AV Evasion - How Adversaries Aim to Bypass Antivirus Tools en en 20240720T134500 20240720T143000 004500

AV Evasion - How Adversaries Aim to Bypass Antivirus Tools

The ever-evolving nature of cyber threats requires continuous adaptation and innovation in defense strategies. By understanding and anticipating the tactics used by malicious actors to evade antivirus tools, security personnel can better protect their organizations against these sophisticated threats. Join this talk for an in-depth look at antivirus evasion techniques and discover how to fortify your defenses in an increasingly hostile cat-n-mouse cyber environment. Key highlights: Understanding Antivirus Mechanisms: The talk will start by exploring how antivirus software operates, including signature-based detection, heuristic analysis, and behavioral monitoring. Understanding these mechanisms is crucial to comprehending how they can be circumvented. Common Evasion Techniques: Obfuscation Packers and Crypters Fileless Malware Living off the Land (LotL) Advanced Techniques and Real-World Examples: Reflective DLL Injection Command and Control (C2) Evasion Case Studies + demo: The talk will analyze recent high-profile attacks where AV evasion played a critical role. These case studies will illustrate the practical application of the techniques discussed and highlight lessons learned from these incidents. The demo will then show how legitimate software can be abused to evade AV. Defensive Strategies and Best Practices: Finally, there will be actionable recommendations for enhancing detection and response capabilities. This includes adopting advanced threat detection tools, employing behavioral analytics, and integrating threat intelligence to stay ahead of evolving evasion techniques. PUBLIC CONFIRMED Standard Talk https://pretalx.com/bsides-joburg-2024/talk/9HQGGW/ Track 2 Marvin Ngoma PUBLISH BPMDTW@@pretalx.com -BPMDTW BlindSQLi falls on deaf ears en en 20240720T144000 20240720T145500 001500

BlindSQLi falls on deaf ears

This proposal presents a captivating narrative of a cybersecurity enthusiast's journey into uncovering a blind SQL injection vulnerability within a prominent electronics distributor's e-commerce platform. With meticulous detail, the speaker elucidates the techniques employed to identify and exploit this vulnerability, showcasing the potential ramifications it poses for website security. Attendees will glean actionable insights into bolstering their security practices through real-world examples and best practices. PUBLIC CONFIRMED Lightning Talk https://pretalx.com/bsides-joburg-2024/talk/BPMDTW/ Track 2 Rohan Dayaram PUBLISH 3QBBEM@@pretalx.com -3QBBEM Your Own Worst Enemy - Beating Imposter Syndrome en en 20240720T145500 20240720T151000 001500

Your Own Worst Enemy - Beating Imposter Syndrome

I want to cover what imposter syndrome is, and some methods to overcome it, hoping to inspire and provide help to people coming to learn and get into Cybersecurity. PUBLIC CONFIRMED Lightning Talk https://pretalx.com/bsides-joburg-2024/talk/3QBBEM/ Track 2 Roberto Arico PUBLISH SFNTMT@@pretalx.com -SFNTMT Developing a cybersecurity framework for commercial banks in South Africa en en 20240720T154000 20240720T162500 004500

Developing a cybersecurity framework for commercial banks in South Africa

Cybersecurity has emerged as a significant concern for organisations and the Information Communication Technology (ICT) domain during recent decades. An increase in the number of cyber threats and cyber-attacks has been observed recently, and an even sharper increase was noticed during the worldwide coronavirus (COVID-19) pandemic outbreak. Simultaneously, the complexity of the cyber-attacks being executed by threat actors has increased, and the scope and geographical location of the targets of threat actors have also widened to include critical infrastructure in all corners of the world. Commercial banks in South Africa have not been spared. This is because financial institutions are seen as valuable targets by cybercriminals and communicators of advanced persistent threats (APT) due to the nature of their business and the vast amounts of data they store. The study proposed a conceptual Cybersecurity Framework for Commercial Banks in South Africa. It proposed this by identifying the factors impeding commercial banks from developing their frameworks due to the challenges faced by the banks regarding cybersecurity from a South African perspective. The factors were identified using a mixed methods approach, with qualitative data collection facilitated through interviews with professionals within the banking domain in South Africa and quantitative data collected using a survey distributed to IT, risk, compliance, and governance professionals in commercial banks. The study identified seven factors contributing to establishing a cybersecurity framework for commercial banks. By addressing these factors, some of the challenges experienced by commercial banks regarding cybersecurity in the country can be addressed, which will improve the security posture of the organisations, internally and externally. The study proposed that the stronger the coherence among the identified factors, the better commercial banks can defend themselves from cybercriminals. The findings further highlighted that for commercial banks to address the challenges posed by cybersecurity adequately, they would have to address cybersecurity holistically, placing equal emphasis on people, processes, and technology. They would also have to implement better security education, training, and awareness programmes for their employees and customers. In addition, commercial banks would have to bolster their capabilities for detecting and responding to cyber-attacks and collaborate more through establishing a national information sharing and analysis centre (ISAC). Furthermore, the study reinforced the need for commercial banks to invest in improving their cybersecurity detection, response, and remediation capabilities. Given the global shortage of skilled cybersecurity professionals, organisations should focus on developing talent internally through upskilling and breaking down barriers to entry into the cybersecurity domain. Given the nature of cybersecurity and the sensitivity of the information associated with cybersecurity, the key limitation the researcher faced when conducting the study was a failure to obtain the necessary permissions to carry out the survey within the banks and to get first-hand accounts of previous incidents and how they were dealt with. During the study, it became evident that cybersecurity is a field that commercial banks and the South African government are still in the process of coming to grips with. Future research could investigate how well the cabinet's new laws and regulations have had the desired impact on cybercrimes and cyber threats within the country. Additionally, to gather a more comprehensive picture of the threats and patterns of bank attacks, further studies could focus on obtaining the necessary permissions and clearance to study cyber-attacks and threat actors within the banks. Due to its sensitivity, this will enable better data collection and access to information that is not publicly available. In addition, an investigation into how the frameworks within banks are developed to support cybersecurity may also be carried out. PUBLIC CONFIRMED Standard Talk https://pretalx.com/bsides-joburg-2024/talk/SFNTMT/ Track 2 Tlhologelo Mphahlele