It's time...


Securi-Tay is an information Security conference held by the Ethical Hacking Society at Abertay University. After the sell-out success of Securi-Tay 2017, this year’s event will run on Friday 2nd of March and Saturday 3rd of March. The conference will be held in Abertay University, benefiting from the fantastic transport links to Dundee. As well as transport, Dundee benefits from affordable accommodation in the city centre, as well as a thriving technology community and the reputation for being Scotland’s sunniest city.

The conference is aimed at anyone with an interest in Hacking and Information Security. You don’t need to be a l33t h4x0r to attend and enjoy the event: Securi-Tay promises to provide a fantastic, worthwhile experience for everyone, new to the scene and conference veteran alike. The conference will feature talks from industry professionals and students as well as some workshops. Lunch and an evening buffet will be provided in the bar across the street.

Schedule


We're happy to announce the schedule for the conference is now available!

9-00

Welcome!

Meet us in the foyer of Abertay University and sign in!
There's also free stuff!

The first 100 people to arrive will get a free bacon roll! (or veggie alternative)

60 mins

Foyer

10-00

Advancing Cyber

TBA.

60 mins

Lecture Theatre 1 (2516)


About Darren Martyn.

Darren is a member of LizardHQ, a community of security researchers and activists, and infosec research think tank.

rum.supply

11-00

Internal security systems are often cumbersome and difficult to use, leading to your developers not always following best practice. In addition, data egress and unauthorised access are difficult to spot without analysing every endpoint your business uses, including the ones normally outside your sphere of control. In this talk, we outline a new type of heuristics-driven internal security system, designed to be both developer-friendly and easily-extensible.

60 mins

Lecture Theatre 1 (2516)


About Jonathan Kingsley & Jamie Hoyle

Jonathan Kingsley is the VP of Engineering at MirrorWeb. When he's not building backend systems, he likes to write film scripts and set swimming pools on fire.

Jamie Hoyle is the VP of User Experience at MirrorWeb. He's a long-suffering Bury FC fan, and accidentally became the CTO at an IoT firm for 9 months.

Due to the increasing number of recommendations for people to use VPN’s for privacy reasons, more app developers are creating VPN apps and publishing them on the Apple App Store and Google Play Store. In this ’gold rush’, apps are being developed quickly and, in turn, not being developed with security fully in mind. This talk outlines some of the research undertaken as part of my final year dissertation into the security and privacy of VPN apps on Apple's iOS platform, gives an insight into the general state of security on an ecosystem that is generally known to be secure and discusses methods to build secure VPN clients.

60 mins

Lecture Theatre 2 (2517)


About Jack Wilson

I'm a fourth year student at Abertay University, studying BSc (Hons) Ethical Hacking. My interests include offensive & defensive security and privacy.

12-00

Hop over the road to Abertay Student Union for a bite to eat before the afternoon talks.
Oh, lunch is provided as well by the way!

45 mins

Bar One

12-45

"Cloud Native" computing has been a hot topic in the last 18 months with tech. companies joining the CNCF at a rate of knots. At the same time containerization and solutions like Kubernetes have been gaining traction with a wide range of companies as a easy way to run their workloads in the cloud.

With any new trend in computing always comes the question "Can we Pwn it?" . This talk aims to take a look at containerization and cloud computing to see what the answer to that question is.

60 mins

Lecture Theatre 1 (2516)


About Rory McCune

Rory has worked in the Information and IT Security arena for the last 17 years in a variety of roles, from financial services, to running a small testing company, to working for large companies as a consultant.
These days he spends most of his work time on application, cloud and container security. He’s an active member of the UK InfoSec community and has been presenting at security and general IT conferences for the last 8 years.
When he’s not working he can generally be found out and about enjoying the scenery in the Highlands of Scotland, when the midgies aren’t biting!

2016 saw a substantial rise in ransomware attacks and in some cases the return of some favourites with Cryptowall, CTB-LOCKER and TeslaCrypt being some of the most popular. The volume of attacks was in fact pretty steady for a good part of the year, with regular campaigns coming out on a weekly basis. It was interesting to see the variety in mechanisms used for the ransomware which not only included self-contained binaries but went all the way to the use of scripts. As part of the research I conduct last year, I wanted to understand why such a drive and lure for ransomware outside of the victims will pay as well as have some way of properly testing "anti-ransomware" solutions with an unknown variant. So to do that, I went ahead and built my own ransomware and drew some conclusions on why it became so popular.

The intent of this talk is to demonstrate why ransomware has become a tool of choice for attackers beyond the notion of victims will pay. By analysing and investigating existing ransomware and delivery methods, I outlined a framework to easily build my own version of a ransomware.

60 mins

Lecture Theatre 2 (2517)


About Thomas V Fischer

As a global security advocate and threat researcher, Thomas spends his time advising companies on managing their data protection activities against malicious parties not just external threats but also compliance instigated. Thomas' 25+ years background in IT includes varying roles from incident responder to security architect at fortune 500 company, vendors and consulting organizations. Thomas is also an active participant in the InfoSec community not only as a member but also as director of Security BSides London, and ISSA UK chapter board member.

13-45

Assessing binary applications (i.e. anything with an EXE, DLL, JAR, etc.) can be a challenging space to get started in due to the large number of languages, platforms, network protocols, and other supporting technologies. This talk will cover a range of common security vulnerabilities that I find in my day-to-day work, how I generally find them, how you can exploit them, and what remediation you can suggest to clients.

60 mins

Lecture Theatre 1 (2516)


About Graham Sutherland

Graham has been working as a penetration tester for the last 5 years, and currently heads up the binary application assessment service at Cisco Advanced Services. His main areas of focus are Windows applications and drivers, cryptography, and hardware.

Spear phishing is on the rise, and the more our lives are displayed online, the more information a hacker has to target us. This talk will describe our journey for a spear phishing attack, detailing how to pick and research vulnerable targets via social media, and then how to construct emails based on the information discovered. Finally, we will demonstrate a typical spear phishing attack and the access a hacker could expect to obtain following a successful campaign.

We will use real-life case studies from social engineering engagements, supported with statistics from the attacks and the resulting real-world consequences.
After this talk attendees will understand:

  • The effectiveness of social media in planning spear phishing attacks
  • How to recognise common spear phishing attack vectors
  • How to protect themselves and their organisation against spear phishing

60 mins

Lecture Theatre 2 (2517)


About Alex Archondakis

Alex Archondakis is a self-taught ethical hacker, with a background in programming and a particular interest in human psychology and social engineering. Alex specialises in web application and external infrastructure testing and recently co-presented a two-day workshop at ISACA CSX Europe on Red versus Blue teaming.

14-45

Take five! ... or fifteen.

15 mins

Wherever you want!

15-00

The FaceDancer project is well known for its offensive capabilities, which include emulating USB devices and fuzzing USB hosts, but recent developments and new support for GreatFET hardware expand the project to include powerful reverse engineering capabilities. New features include simple protocol analysis, side channel analysis capabilities, and significantly faster emulation. With these features FaceDancer lowers the barrier to entry for reverse engineering USB devices, allowing anyone to get a foot in the door when reverse engineering "black box" or access-limited systems.

This talk demonstrates how modern FaceDancer boards can be used to gather information and reverse engineer real hardware-- by performing direct protocol analysis, capturing side channel information, and leveraging emulation to characterize devices, all using only the opening provided by a USB port. This talk will feature a variety of live demonstrations, including use of FaceDancer to reverse engineer real devices.

60 mins

Lecture Theatre 1 (2516)


About Dominic Spill

Dominic is a senior security researcher at Great Scott Gadgets where he writes software and firmware for open source hardware. His primary focus is sniffing and modifying communication protocols.

punk.sh is a just-released project that is the next generation of our former PunkSPIDER project. PunkSPIDER aimed to perform web application fuzzing using our custom, and open source, fuzzer/fuzzing library massweb. punk.sh is different in many many ways: first, it performs far more than just web fuzzing. It port scans and banner grabs along with web fuzzing and makes all of this information searchable via an intuitive front-end at https://punk.sh. The aim is to expose vulnerabilities that the bad guys are finding before they find them and alert sysadmins of these so they can then fix them. Oh and did we mention this is all completely free and that we're open sourcing all of the components?

We think punk.sh is a cool project, but its architecture is undeniably awesome. On the back-end we're using a scalable relational database to slice and dice the data how we (or you) want and a massively scalable queuing system powered by Apache Kafka. We're using nmap for port and banner grabs along with 100+ (safe) NSE scripts we run against the server along with web app scans from our custom-written web app scanner Ferret. This is all distributed across our queuing cluster, so various nmap and Ferret scans go off at once - don't worry though, politeness of the domains we scan is of the utmost importance and we don't allow our system to flood them with traffic.

In this talk we plan to go over the purpose of the project, its architecture, and generally how to use it to your advantage. We think it'll be fun!

60 mins

Lecture Theatre 2 (2517)


About Alejandro Caceres

Alejandro (Alex) Caceres is the founder and owner of Hyperion Gray, LLC, a small web security and software R&D company based in North Carolina. Alex attended Duke University, where he received a B.S. in both Physics and Mathematics and began working with distributed computing in the context of massive simulations of heavy ion collisions. A hacker and open source developer, he he worked as a computer network operations engineer and software developer at an information security consulting firm before starting Hyperion Gray in January 2013 with the release of his popular open source project PunkSPIDER. PunkSPIDER leverages distributed computing for mass-scale web vulnerability detection (we scanned the Internet - 100 billion domains a few times). Alex has extensive experience with web application hacking, penetration testing, and securing applications and systems against vulnerabilities. He has designed and taught several courses on these subjects, one of which has been published as an e-book and in print. He is currently the tech lead of Hyperion Gray's research team on the DARPA Memex project, and has been the tech lead on several other DARPA-funded projects as well. In 2013 he was the recipient of a DARPA Cyber Fast Track (CFT) research grant. He has been a speaker and panel moderator at several major security conferences, including OWASP AppSec USA, ShmooCon, DEF CON (twice!), DerbyCon, CarolinaCon, and more.

16-00

When security incidents happen, you often have to respond in a hurry to gather forensic data from the resources that were involved. You might need to grab a bunch of hard drives and physically visit the data centre to capture data from the systems. And that would mean getting dressed. When infrastructure is in the cloud, you have remote access and APIs for managing all your infrastructure, so you can respond to incidents with automation and do your forensic analysis in your bunny slippers. But is it as good as the capabilities you have in a data centre? Is getting dressed the price you have to pay for high quality forensics and incident response? In this talk Paco will explain the two major domains of cloud events (infrastructure domain and service domain) and describe the security and incident response techniques pioneered by AWS customers like Mozilla, Alfresco, and Netflix. He'll explain how to isolate resources to preserve the integrity of the data; get RAM dumps and disk image snapshots; and identify unauthorised changes to cloud resources using API tools and logs. And all of this while wearing pyjamas.

60 mins

Lecture Theatre 1 (2516)


About Paco Hope

I'm a security consultant with Amazon Web Services, helping to secure applications and data in the cloud. I've previously done a lot of penetration testing, source code review, and threat modeling. Today I help the biggest enterprises securely move their sensitive data and business critical workloads to the cloud.

This presentation will explore threat actors including insiders, cybercriminals, hacktivists and nation-states. Historical juxtaposition, detailed use cases and personal stories across two decades, 50 countries and six continents will help the audience better understand these threat actors.

Threat actors are motivated by financial, political and personal reasons. They act alone or in concert with others. Regardless, we hear all too often about attacks risking lives, destroying assets, threatening national security, and damaging businesses. In this presentation, we will explore profiles of each threat actor type to better understand the risks that each pose. By better understanding our enemies, our security can be more effective.

Presentation outline

This presentation will translate the "who, how and why" of cyberattacks. We will identify multiple "old school" and modern-day threat vectors and organize attacks by motives like sabotage and espionage. Each threat actor type will be explored in detail with real-life use cases and personal accountants. The examples used will illustrate the diversity in threats, methods, motivations, and organizational responses.

60 mins

Lecture Theatre 2 (2517)


About Brian Contos

Brian Contos has over two decades of experience in the security industry. He is a seasoned executive, board advisor, security company entrepreneur and author. After getting his start in security with the Defense Information Systems Agency (DISA) and later Bell Labs, Brian began the process of building security startups and taking multiple companies through successful IPOs and acquisitions including: Riptech, ArcSight, Imperva, McAfee and Solera Networks.

17-00

Take five! ... or fifteen.

15 mins

Wherever you want!

17-15

TBA

TBA

60 mins

Lecture Theatre 1 (2516)


About TBA

TBA.

example.com

18-15

Just a couple of words before the...

15 mins

Lecture Theatre 1 (2516)

18-30

Sponsored by LizardHQ, join us in the union for a few(?) drinks and lots of awesome chat!

???

Abertay Student Union

11-00

Good Morning!

Meet us in Bar One for a breakfast buffet a chill atmosphere.

Pancakes, smoothies, and more!

75 mins

Abertay Student Union

12-15

Storing Secrets in DNS

DNS is great. DNS TXT records are greater. A quick run through of how I manage my VPN tokens using DNS and some bash hackery.

15 mins

Abertay Student Union


About Oliver Leaver-Smith.

Greasing wheels, chasing 9s, polishing LAMPs, and doing devops at Sky Betting and Gaming

12-30

If the Kids are United, will they work in cyber?

The skills shortage in cybersecurity is well publicised and efforts have been made to fill it, but it seems that things are not improving on the recruitment side. In this talk I will reveal some exclusive research findings about what sort of careers the “next generation” are seeking, what the recruiters want from the applicants and understand what the barriers are on each side. I will also look at career paths into key positions in cybersecurity, and look at what the personality and experience requirements are for a successful application.

30 mins

Abertay Student Union


About Dan Raywood.

I'm contributing editor of Infosecurity Magazine, and have written about cybersecurity for almost 10 years. Outside of all of the fun that my day job brings, I love football, Star Wars and watching all of the boxsets in the world.

13-00

Engineered Chaos: Breaking Prod and Getting Away With It

A talk around disaster recovery testing, chaos engineering, etc. and how we do this at Sky Betting and Gaming

30 mins

Abertay Student Union


About Oliver Leaver-Smith.

Dad, husband, computer-man. Greasing wheels, chasing 9s, polishing LAMPs, and doing devops at Sky Betting and Gaming

13-30

Profiling the attacker

It was once said "Intrusion analysis is as much about TCPdump as astronomy is about telescopes. Understnading who is attacking a network and why is just as important as analysing the packets on the line.

This slot will focus on a technical offender profiling framework that can be used to build a knowledge base on malicious actors. This talk will take a deep dive into the following areas:

  • Building an information classification for your assets
  • Attack significance plotting
  • Discerning motive
  • Attacker kill chain analysis
  • Malicious actor profile checklist and naming conventions

30 mins

Abertay Student Union


About James Stevenson.

I am a computer security consultant that has worked in a variety of security roles, from SOC work to sec dev ops. I have a BSc in Computer Security as well as certifications in other areas, including Prince2. I have also written for several websites in the past and began speaking at security conferences in 2017.

14-00

Engineered Chaos: Vulnerability Anti-Pattern

There is a distinct communication gap between the software engineering and cybersecurity communities when it comes to addressing reoccurring security problems, known as vulnerabilities. Many vulnerabilities are caused by software errors that are created by software developers. Insecure software development practices are common due to a variety of factors, which include inefficiencies within existing knowledge transfer mechanisms based on vulnerability databases (VDBs), software developers perceiving security as an afterthought, and lack of consideration of security as part of the software development lifecycle (SDLC). The resulting communication gap also prevents developers and security experts from successfully sharing essential security knowledge. The cybersecurity community makes their expert knowledge available in forms including vulnerability databases such as CAPEC and CWE, and pattern catalogues such as Security Patterns, Attack Patterns, and Software Fault Patterns. However, these sources are not effective at providing software developers with an understanding of how malicious hackers can exploit vulnerabilities in the software systems they create. As developers are familiar with pattern-based approaches, this paper proposes the use of Vulnerability Anti-Patterns (VAP) to transfer usable vulnerability knowledge to developers, bridging the communication gap between security experts and software developers. The primary contribution of this paper is twofold: (1) it proposes a new pattern template – Vulnerability Anti-Pattern – that uses anti-patterns rather than patterns to capture and communicate knowledge of existing vulnerabilities, and (2) it proposes a catalogue of Vulnerability Anti-Patterns (VAP) based on the most commonly occurring vulnerabilities that software developers can use to learn how malicious hackers can exploit errors in software.

30 mins

Abertay Student Union


About Tayyaba Nafees.

I am a PhD student at the University of Abertay, Division of Cybersecurity. Being a Software Engineer with expertise in cybersecurity, I have design a novel pattern-based approach to capture and communicate poor security practices to software developers.

14-30

Scanning The Entire Internet

Systems connected to the public internet can provide a large amount of information about themselves, and in bulk, the internet itself. By utilizing tools such as nmap, web crawlers, and reverse DNS, systems can be profiled and fingerprinted. This data can be used for anything from identify darkweb servers on the surface web, to identify system vulnerabilities, to honeypot discovery.
The difficulty with deep scanning the entire IPv4 space, is it's size. Scanning even 10000 hosts per minute would take nearly 10 months to complete. Scanning the entire internet for a single port can be done quite quickly, but the proposed data set includes traceroutes, service detection, OS inference, web crawling, reverse DNS lookups, common vulnerability detection, IoT identification, and much more. All of which is quite slow to measure. Additionally, when scanning darkweb servers, this scan rate becomes even slower still.
DeepScan was created to create, store, and use this data. DeepScan is a pipeline of both custom tools, as well as existing ones (such as nmap). It regularly identifies active hosts, performs a detailed nmap scan, and then collects further data on specific targets or services (such as crawling websites). All this data is stored, and can be easily viewed or searched in a web interface. DeepScan focuses on detail, accuracy, and speed for both the collection, and visualization of the results. This talk will discuss the details of DeepScan development and structure, sample results, and future improvements.

30 mins

Abertay Student Union


About Jason Hopper.

Research and Development professions working in Internet Security. Interested in data collection and analysis on the entire internet.

15-00

Vulnerability Anti-Pattern

Many technically-oriented degree programmes do an excellent job of providing students with a thorough grasp of technical and engineering skills and material, but fall short of providing the soft skills necessary to successfully deploy these in a professional or workplace environment. Yet these are the skills that will help the student not only advance swiftly in their field, but become a sought-after member of a project team. This talk will give a brief overview of the three essential soft skills that will help the student transitioning into the workplace be viewed as an individual rather than a resource, and ensure clients, customers and colleagues are treated as people rather than clueless bumblers, meme bros, or competitors:

i. Courtesy and respect - listening, valuing, retaining integrity.
ii. Active listening and self awareness - considering before judging, paying attention and demonstrating, reflecting back, relevant questions, summarisation
iii. Professionalism - responsibility, teamwork, “yes and” and “yes but”

It concludes with some thoughts on how these techniques can be pulled together in a way that reflects and enhances the best ‘you’ and the role of experience and continual development throughout the security professional’s career.

30 mins

Abertay Student Union


About Mark Hunter.

Security consultant at ECS Security. Abertay BSc Digital Forensics graduate 2017. Over a decade's worth experience in content production, game design, scriptwriting, digital media, software development, and writing compact biographies.

15-30

We're looking for more lightning talks on the day! Reach out to a member of staff for more details.

??? mins

Abertay Student Union


Tickets


Tickets are available through Eventbrite. Standard tickets are £25, student tickets £20.

Buy Tickets!