BSides Joburg 2024
Opening of BSides Joburg 2024 by the organizing team
What if South Africa weren’t just consumers, but renowned in the global cyber community; known for our innovative people, groundbreaking contributions, and pioneering companies? What would that look like, how could we get there, and would it be worth it?
Prevailing winds suggest we are at the start of a decline: a dwindling pool of entrants, an erosion of skills, and a market too narrow to sustain or inspire greatness. This slow death spiral threatens to undermine what we could be.
In this keynote, I want to warn us away from the dark path, and towards a future where South Africa is propelled from an increasingly tenuous periphery to the centre of all things cyber.
This talk will delve into the intricate world of transport security, specifically within mobile applications, highlighting the terrifying vulnerabilities that can be introduced into your applications unknowingly. We will explore how these security flaws can be exploited by threat actors, compromising data integrity and user privacy. The presentation will cover critical aspects such as host name validation, certificate chain validation, certificate/public key pinning and even the use of custom cr
Explore the hidden world of corporate and industrial espionage, where adversaries aim to steal trade secrets and intellectual property for competitive advantage. This presentation delves deep into the legalities, impacts, and methodologies of espionage activities, including the darker aspects, shedding light on the complex landscape while unraveling the mechanisms employed behind these covert operations.
In this presentation, I delve into the world of counterfeit iPhones, examining their security risks and offering practical methods for distinguishing fake devices. Through thorough forensic analysis and penetration testing, I aim to uncover vulnerabilities and provide strategies to enhance user security. Join me as we explore the implications of doppelgänger devices and how to navigate the counterfeit landscape in today's digital world.
In this talk we provide a brief introduction to common cryptographic algorithms and weaknesses within their implementation. We show how quantum computing trivializes the exploitation of these weaknesses and how modern quantum resistant cryptographic algorithms seek to overcome these issues.
This is a technical and theoretical talk on an alternative approach to bypassing certificate pinning by using Frida to change values in memory. It will cover my research on certificate pinning over the last few months, mainly within an Android mobile context.
The session will go over different techniques to bypass different types of defences you may encounter during engagements. We'll also do a brief discussion about the architecture, design, and flaws present in these defences, and why a successful reverse shell isn't always a measurement of success.
Malicious actors continually refine their techniques to evade detection by antivirus (AV) software. In this session, we will delve into the sophisticated methods cybercriminals use to circumvent traditional AV defenses, showcasing the ongoing battle between attackers and defenders. This talk aims to provide a detailed understanding of contemporary AV evasion tactics and practical strategies for strengthening security postures against these advanced threats.
The aim of the talk is to equip cybersecurity practitioners with a comprehensive understanding of GenAI, its impacts on business and suggest strategies on securing GenAI for use in the enterprise.
Imagine running multiple threat models, attack trees and graphs – simultaneously - on real-time asset cartography, vulnerability data and threat intelligence. Leveraging AI for predictive analytics, you could proactively defend regardless of the dynamics and turbulence presented in the emerging technology, attacker or vulnerability landscape. This is how we did it - and what we learnt.
Capture the Flag (CTF) events have become a popular format for ethical hacking competitions, offering participants invaluable opportunities to practice and hone their cybersecurity skills. With the release of ChatGPT, an artificial intelligence (AI)-based chatbot, the question now is: Can ChatGPT solve CTF challenges?
Explore the journey of discovering a blind SQL injection flaw, uncovering unforeseen access to sensitive data, and navigating the implications for cybersecurity practices. Gain insights into identifying, exploiting, and preventing such vulnerabilities.
Cybersecurity is no longer just an IT concern; it's a critical business issue demanding boardroom attention. This talk dives into the evolving threat landscape and its potential impact on an organization's reputation, finances, and operations.
A lightning talk about Imposter Syndrome, and some techniques to overcome it.
The study proposed a conceptual framework for South African commercial banks as a direct response to the exponential rise of cyber-attacks and threats. It proposed this framework by identifying the factors impeding commercial banks from developing their own frameworks. The factors were identified using a mixed methods approach, with qualitative data collection facilitated through interviews and quantitative data collected by means of a survey distributed to IT, risk, compliance, and governance.
This talk will dive into the world of hacking wireless communication, focusing on the automotive industry, access control, and IoT communications. We will jump into the mind of how attackers view wireless communication and explore various attack vectors that could allow them to unlock your car and drive away or bypass your office access control to gain access to sensitive areas such as the server room.
Embark on a humorous and enlightening journey into the world of car hacking in this developer-focused conference talk. As my trusty old car overheated and befuddled multiple repair shops, I decided to take matters into my own hands. Armed with an OBD connector, I ventured to uncover the secrets hidden within my vehicle's systems.
In this presentation, I'll guide you through the process of reverse engineering, offering a brief Electronics 101 for beginners. Discover how I used Arduino to decode
Closing ceremony of BSides Joburg by organizing team