welcome to crestcon 2019€¦ · tabraiz is an ethical hacker within the cyber threat operations...
TRANSCRIPT
www.crestcon.co.uk#CRESTCon
CRESTCon 201914th March, Royal College of Physicians, London
welcome to
Introduction
About CREST
Agenda
– The Penetration Testing Stream
– Incident Response & Threat Intelligence Stream
– Training stream
Sponsors
– Platinum
– Gold
– Silver
– Bronze
– Other sponsors
Student Demonstrations
CRESTCon 2019
2
contents
CRESTCon 2019
3
Now in its 8th year CRESTCon has become an important date in the technical information
security calendar. The event attracts the very best in the industry, with over 450 delegates
and an impressive line-up of speakers. I hope you enjoy the three conference streams:
penetration testing; incident response & threat intelligence; and training. There are also two
exhibition rooms upstairs and on the lower floor a student demo room to explore.
I am very proud to see what CRESTCon has become, growing year on year both in size
and reputation. A big thank you to everyone who works so hard to make it such a success.
Thank you as well to all of our sponsors this year, and in particular, to our Platinum sponsor
Aon. It is our sponsors that make this event possible.
We are already looking ahead to next year’s event, which is booked for 14th May 2020 in the
Royal College of Physicians so we look forward to seeing you here again next year!
Ian Glover
welcome
CRESTCon 2019
4
CREST is an international not-for-profit
accreditation and certification body that
represents and supports the technical
information security market. CREST
provides internationally recognised
accreditations for organisations and
professional level certifications for individuals
providing penetration testing, cyber incident
response, threat intelligence and Security
Operations Centre (SOC) services. CREST
Member companies undergo regular
and stringent assessment, whilst CREST
certified individuals undertake rigorous
examinations to demonstrate the highest
levels of knowledge, skill and competence.
To ensure currency of knowledge in fast
changing technical security environments
the certification process is repeated every
three years.
CREST is governed by an elected Executive
of experienced security professionals who
also promote and develop awareness,
ethics and standards within the cyber
security industry. CREST supports its
members and the wider information security
industry by creating collaborative research
material. This provides a strong voice for the
industry, opportunities to share knowledge
and delivers good practice guidance to the
wider community.
aboutCREST
CRESTCon 2019
AgendasThe P
enetration Testing Stream
Incident Response &
Threat Intelligence Stream
Training Stream
CRESTCon 2019
6
09:00 – 09:15
Ian Glover
Mark Turner
Welcome: Ian Glover, President, CREST
and Mark Turner, Chairman
09:15 - 09:45
Paul Midian
KEYNOTE:Paul Midian, CISO Dixons Carphone plc:
Growing old is mandatory, growing up is optional
Paul is an accomplished information and cyber security practitioner with over 20
years’ experience; he is Chief Information Security Officer at Dixons Carphone
plc. Previously, Paul was a director in the Cyber Security practice at PwC leading
large scale information and cyber security improvement and transformation
programmes. Prior to his role at PwC, Paul was a director at Information Risk
Management Plc. During his tenure revenue increased by over 75% and the
company won the Secure Computing ‘Information Security Consultancy of
the Year 2013 award. Prior to working at IRM he was Head of Security Testing
at Siemens Enterprise Communications (formerly Insight Consulting). Paul
is a member of the BCS and of ISACA. He has been involved in the CREST
organisation since its inception.
The Penetration Testing Stream Wolfson Theatre Stream hosts - Mark Turner and Paul Midian
CRESTCon 2019
7
09:55 – 10:25
Sarka Pekarova
Download presentation
Sarka Pekarova, Cybersecurity Consultant, SureCloud:
The Pirate Queen’s Techniques to social engineer her targets (and how you can too)
You can have great firewalls, IPS/IDS, have your perimeter locked down, your
web applications secured, but it doesn’t stand a chance against the social
engineering tactics of Grace O’Malley, my social engineering alter ego and pirate
queen from the 16th century! 91 % of today’s cyberattacks start with social
engineering.
Social engineering has many different faces; using open source intelligence
(OSINT), phishing, vishing, smishing and all the other ‘-ishings’, dropping
weaponised USB flash drives and eventually getting right in middle of your
target’s own office to hack all things! There are many tools and almost all of them
do not require any interaction with the target because it does not need you to
leave your warm chair in front of your machine. But everyone wants to break
into buildings like a pirate queen, am I right? To do that we will have to interact
with our target directly and that requires certain knowledge and skills. I will
describe how to use knowledge of facial expressions, body language, Chinese
medicine, the whole psychology behind influence and persuasion and how to
manipulate targets into believing my pretext and comply with my (evil) plans. I
will also explain what some of the behaviours and pretexts to avoid are and I
will step over to the defensive side as well and explain how to defend against
the attacks I describe. Attendees will walk away knowing how to start working
on their social engineering skills that can be used during social engineering
engagements/ physical security, red teaming or at home. They will also have a
better understanding of what to defend against.
This presentation is part of my unique series of talks on the deep dive into the
psychology/body language reading to be used in social engineering. None of the
talks are the same, I am building a deeper knowledge with every talk.
Grace O’Malley is a pirate queen from the 16th century that breaks into
buildings, exfiltrates sensitive data and gets to places where she shouldn’t be,
manipulates people to comply with her demands…oh and Sarka is the nice
one. She has been in IT for over 10 years and has a rich experience in blue
team environment having worked in and managed SOC that guards national
British infrastructure. Currently Sarka works as a pen tester for SureCloud where
she tests everything from infrastructure, web apps to payment systems and
specialises in social engineering.
10:25 – 11:00 Coffee & networking (exhibition rooms) – sponsored by Aon
CRESTCon 2019
8
11:00 – 11.45
Tabraiz Malik
Download presentation
Tabraiz Malik, Cyber Security Associate, PwC:
Unorthodox Command and Control (C2) Channels
As technology progresses and malware evolves, cyber attackers continuously
adopt new and innovative techniques to exploit current technologies, whilst
also seeking to evade detection. The method in which an infected machine and
attacker communicate – the “command-and-control” channel - is arguably the
most critical aspect of its operation, allowing the attacker to remotely control
malware and exfiltrate data remotely. By establishing a covert communication
channel which bypasses a victim’s logical defences, an attacker can increase the
chances of making this channel persistent - a pivotal element of any successful
attack campaign. Through developing novel channels which have not yet been
widely adopted, Tabraiz will demonstrate how these seemingly innocuous
technologies can be manipulated to achieve bilateral communication between an
attacker controlled station and an unwitting victim. In order for organisations to
take a proactive stance on combatting and minimising the adversarial threat in the
increasing volatile digital realm, it is crucial that they are appropriately equipped
with knowledge of unique C2 channels which could be abused by attackers.
Initially Tabraiz will aim to provide an analysis of unconventional C2 channels
adopted in the wild by real threat actors in the modern age, such as X.509 and
steganography. Notably he will give specific case studies of notorious strands
of malware and provide commentary on the impact they have had on targets
including the critical infrastructure of organisations and nation states. He will then
proceed to explore a selection of original techniques that he has been actively
researching and developing.
Tabraiz is an Ethical Hacker within the Cyber Threat Operations team in PwC’s
UK Cyber Security practice. Prior to joining PwC, he worked in the High-
Performance Computing team at Rolls-Royce, developing in-house software. His
research interests include remote C2 channels and SOC evasion techniques.
11:50 – 12.35
Gabriel Gonzalez
Download presentation
Gabriel Gonzalez, Principal Security Consultant, IOActive: SATCOM:
Attacker’s Perspective
In 2014, IOActive presented “A Wake-up Call for SATCOM Security,” and described
several theoretical scenarios that could result from the disturbingly weak security
posture of multiple SATCOM products. They are at CRESTCon now to prove those
scenarios are real. Some of the largest airlines in the US and Europe had their entire
fleets accessible from the Internet, exposing hundreds of in-flight aircraft. Sensitive
NATO military bases in conflict zones were discovered through vulnerable SATCOM
infrastructure. Vessels around the world are at risk as attackers can use their own
SATCOM antennas to expose the crew to RF radiation. This time, in addition to
describing the vulnerabilities, we will go one step further and demonstrate how to
turn compromised SATCOM devices into RF weapons. This talk will cover new
areas on the topic, such as reverse engineering, Radio Frequency (RF), SATCOM,
embedded security, and transportation safety and security.
Gabriel has more than 15 years of working experience with embedded
system mixing development and security from network equipment to satellite
communication systems where he has actively exploited software and hardware
vulnerabilities. Lately he has specialised in industrial equipment with a special
mention to smart grid environments.
CRESTCon 2019
9
12:35 – 13:30 Lunch (main hall) – sponsored by Aon
13:30 – 14:00
Andrew Jutson
Neil Fowler
Matt Gordon-Smith
Denis Onuoha
CISOs and Pen testers debate panelChair: Andrew Jutson, Director, Cyprotec Ltd
CISOs: Neil Fowler Wright, Hitachi Rail Europe;
Matt Gordon-Smith, Anglo-American;
Denis Onuoha, Arqiva
Andrew is an experienced Chief Information Security Officer, seasoned Information
Security Consultant and Risk professional working across a number of industries
including financial services, defence, retail and banking. Through his time in the
industry I’ve had hands on experience interfacing with global regulators throughout
the incident management, containment and response process.
Neil has a background developed through Legal Services, Financial Services
(including FinTech), and Manufacturing; and has lead both large and small,
but always highly dynamic, Information Risk/Security teams. Currently he
is working for Hitachi Rail, overseeing all areas of their Information Security
governance, and in doing so he covers areas as diverse as GDPR, Security…
Design, Policy, Metrics, Compliance, Operations, Testing, Architecture, and
Forensics. Whilst working closely with all the various business areas, from
Manufacturing to Legal, and HR to Service and Maintenance, he is always
focussed on how to deliver valuable security solutions that simultaneously
protect and enable the business. Though he describes his primary role as
that of translator between IT and business on those many areas of security
governance and regulation. With more than 20 years’ experience in Security,
he is now enjoying working with a fast growing and young organisation that is
deeply embedded in our national critical infrastructure.
Matt is CISO at Anglo American, a FTSE100 mining company, managing
information security requirements globally across both corporate and industrial
IT; in-house and outsourced applications; and on-premise and cloud-based
services. Matt began his career in Information Security over 18 years ago at
IBM, before taking on global security leadership roles within several IT Service
providers, dealing with both internal and customer requirements across several
different sectors, including Banking, FMCG, Media, Telecommunications and
Local and Central Government. In 2014, Matt moved out of the IT managed
services sector to take the role of Head of Security at URENCO, a highly-
regulated global uranium enrichment company. Three years later, Matt took his
current role in Anglo American to manage an increased investment in Cyber
Security, leading the growth and development of the security team, processes
and technology.
Denis is the Chief Information Security Officer at Arqiva, a major UK infrastructure
company which supports 40% of the UK’s Critical National Infrastructure spanning
the broadcast, telecommunications, finance, energy and utility sectors. He has
the overall responsibility for Security Risk Management, Information Assurance
and Cyber Security for the company and is at the forefront of its fight in defending
against the latest media industry cyber-attacks. Denis holds a BSc in Computer
and Network Security from the University of Hertfordshire and is close to
completing the MSc in Information Security at Royal Holloway.
continued on next page
CRESTCon 2019
10
continued
13:30 – 14:00
Gemma Moore
Justin Clarke-Salt
Brian McGlone
Having completed his undergraduate studies, he commenced work in the financial
sector with responsibilities for Risk and Information Security, subsequently making
the move across to the broadcast industry. A proactive IT professional, Denis
sits on three of UK’s Centre for the Protection of National Infrastructure (CPNI)
Government Information Security Exchanges, is the elected Chair of the AIB Cyber
Security Working Group and is a member of the CREST industry advisory panel.
Penetration Testers:
Gemma Moore, Director, Cyberis;
Justin Clarke-Salt, Managing Director, Aon’s Cyber Solutions Group
Brian McGlone, Regional Leader of IBM X-Force Red
Gemma is an expert in penetration testing and simulated targeted attack. Having
been a CHECK Team Leader since 2007, she holds CREST certifications in
Infrastructure, Applications and Simulated Attack. Gemma has spent more than
a decade working in the security consultancy industry and has helped customers
across a wide range of industry sectors assess their risks and improve their security.
Gemma is an engaging presenter and trainer who is passionate about helping
her customers improve their own skills and experience. She delivers training and
workshops to industry professionals, developers, operational teams and end users.
In recognition of her outstanding level of commitment to the technical information
security industry and the highest level of excellence in CREST examinations,
Gemma was selected to receive a CREST Fellowship award in 2017.”
Justin is one of the founders of Gotham Digital Science, and these days (post
acquisition) is a Managing Director in Aon’s Cyber Solutions Group. He is in charge
of Aon’s proactive business development and partnership efforts for EMEA. Justin
has more than 20 years of experience providing organisations with security and
risk management services, and on the CREST side of things he is a CREST
Certified Tester (Infrastructure) and a CREST Certified Simulated Attack Manager.
He is the lead author/technical editor of “SQL Injection Attacks and Defenses”
(Syngress 2009 and 2012), co-author of “Network Security Tools” (O’Reilly 2005),
and a contributing author to “Network Security Assessment, 2nd Edition” (O’Reilly
2007), as well as a speaker at various security conferences and events such as
Black Hat, EuSecWest, ISACA, BruCON, OWASP, OSCON, RSA and SANS.
Brian is Regional Leader of IBM X-Force Red - UK & Ireland. His remit covers the
selling, managing and delivering security services to a global client base. Brian
has a wealth of experience in the Security Assessment and Audit fields. Brian was
worked in America, Africa, and 10 countries across Europe; his work includes
security assessments for all sectors. Brian has had many roles in IBM including
ownership of Cyber Security & Intelligence UKI & Head of Security Assessment
Services UKI. Primarily focussed on security technical assessments & consulting.
CRESTCon 2019
11
14:05 – 14:35
Imran Shaheem
Download presentation
Imran Shaheem, Consultant, Cyberis:
Quantum Cryptography
Quantum Cryptography has come along a great deal since scientific and
mathematical interest in the field took off in the 90s. It has several consequences
for classical cryptography and what will be considered the standard for secure
communication in the near future. Successful trials that secure communication
through the unique properties of quantum physics have already been
undertaken. Progress in quantum technologies has been swift in the last decade;
Quantum Key Distribution (QKD) systems have been tested by banks and
governments, similar systems were deployed at the 2010 World Cup in South
Africa. In 2017, researchers held a QKD-protected video conference between
China and Austria using the quantum satellite Micius as a trusted relay, further
strides and greater worldwide adoption is anticipated for the coming decade.
In this presentation we will begin by taking a broad look at quantum information
and the ramifications it has on classical (current) cryptography. After which we
shall be taking a dive into the interesting and counter intuitive world of quantum
physics with regards to cryptography.
Imran joined Cyberis Limited in early 2018 following the successful completion
of an MSc with Merit in Theoretical Physics (Gravity, Particles and Fields) at the
University of Nottingham.
Prior to joining Cyberis, Imran participated in online bug bounty programs which
led to private security research work for a Fortune 10 company. In conjunction to
this, his work earned him BugCrowd’s VIP researcher accolade in 2017, placing
him in the top 300 of over 50,000 researchers who use the platform.
14:40 – 15:10
Justin Clarke-Salt
Download presentation
Justin Clarke-Salt, Managing Director, Aon:
Let’s Talk About Risk
As many folks are aware, Gotham Digital Science and Stroz Friedberg are now
part of Aon. As part of the integration into what is a massive risk management
professional services organisation, working with risk colleagues in other
disciplines has highlighted how we look at risk wrong as pentesters, and how
naive the traditional pentesting risk rating approach is.
In this talk I’ll be covering some of the context of how we fit into a risk
management structure, and how changing our awareness of risk can help to vastly
improve the quality of advice we provide to our clients on what their true risks are.
Justin is one of the founders of Gotham Digital Science, and these days (post
acquisition) is a Managing Director in Aon’s Cyber Solutions Group. He is in
charge of Aon’s proactive business development and partnership efforts for
EMEA. Justin has more than 20 years of experience providing organisations with
security and risk management services, and on the CREST side of things he is a
CREST Certified Tester (Infrastructure) and a CREST Certified Simulated Attack
Manager. He is the lead author/technical editor of “SQL Injection Attacks and
Defenses” (Syngress 2009 and 2012), co-author of “Network Security Tools”
(O’Reilly 2005), and a contributing author to “Network Security Assessment, 2nd
Edition” (O’Reilly 2007), as well as a speaker at various security conferences and
events such as Black Hat, EuSecWest, ISACA, BruCON, OWASP, OSCON, RSA
and SANS.
CRESTCon 2019
12
15:10 - 15:45 Coffee & networking (main hall) – sponsored by Aon
15:45 – 16:30
Christopher Thomas
Download presentation
Christopher Thomas, Solution Architect, IBM:
Blockchain - conceptual and architectural security considerations and their potential associated risks
This Blockchain technology was first proposed in 1982, however it was never
fully conceptualised until the end of 2008 with the creation of bitcoin. While its
potential applications are now becoming known, there is a distinct shortage of
knowledgeable individuals who understand the technology and even less who
understand the risk and security aspects. A blockchain enabled environment is
made up of many different components that can be built on-top of blockchain
where it can be likened to building a house; if it is built on insecure foundations
the house will always be at risk. This talk will embark on outlining conceptual
and architectural security considerations and their potential risks associated with
blockchain projects.
Over the last 10 years, Chris Thomas has honed his skills within the information
security industry and today is a Senior Managing Consultant at X-Force Red
and part of the European management team. With a Bachelors (BSc) degree
in Software Engineering and a Masters (MSc) degree in Computer Systems
Security his responsibilities include managing the penetration testing network
within the EMEA team, to mentor junior consultants and to perform a wide range
of assessments ranging from infrastructure, web applications, code reviews,
blockchain and architecture reviews.
Chris’s experience with providing security assessments and advice spans a
variety of industries include Finance, Government, Nuclear, Telecommunications
and National Critical Infrastructure. Chris first started within the industry as a
systems administrator of a penetration testing network where he eventually
came to manage the same network while performing penetration testing
activities. Chris likes to solve complex problems by either writing software or
architecting systems/environments where he has built several enterprise grade
solutions from the ground up that have spawned their own division.
CRESTCon 2019
13
16.35 – 17:05
Rewarth Cool
Download presentation
Rewanth Cool, Payatu Software Labs LLP:
Creating browser extension to hunt low hanging fruits
With the recent advancements in technology, more people are aware of the
importance of security. More companies started paying huge rewards to protect
the sensitive information of their customers. This Firefox extension is a first of its
kind and an open source product. The Firefox extension is capable of detecting
header related vulnerabilities by analysing the request and response headers.
The browser extension requires no special configurations, easy to install, easy to
use, low false positives and capable of finding vulnerabilities in all the endpoints
the user visits in a fraction of seconds. The web application firewall doesn’t block
the requests crafted by the browser extension (due to legit traffic) yielding better
results compared to other existing tools. Github link of the tool -
https://github.com/rewanth1997/vuln-headers-extension.
As of today, the browser extension is capable of detecting CORS
misconfiguration, Host Header Injection, Clickjacking and missing secure flags/
headers vulnerabilities. I found vulnerabilities in Bugcrowd, Hotstar, Medium,
Signup.com, Chargify etc using this minimal browser extension. People from
across the globe (India, Sri Lanka, Taiwan, Philippines, Nepal, Denmark, etc)
found this tool to be helpful, https://github.com/rewanth1997/vuln-headers-
extension/stargazers.
In this 30minute talk, we will be focusing on creating your own minimal
smart scanner as browser (Firefox ESR) extension to detect header related
vulnerabilities. This extension monitors the request and response headers
passing through your browser and detects vulnerabilities in them. The browser
extension is capable of detecting CORS misconfigurations, host header
injections, and clickjacking vulnerabilities. In the process, you will be learning
about basic header vulnerabilities like CORS misconfiguration, host header
injection, clickjacking and exploitation scenarios, detection methods and the
biggest bounties earned through simplest detection techniques for each of the
above vulnerabilities. By the end of the talk, you will be capable of writing your
own browser extension to hunt low hanging fruits.
Rewanth started his career as a fullstack/backend developer building
applications before moving to the security field. He is currently working as
a security consultant at Payatu and has been a speaker at Null Pune and
a trainer at MIT Pune. Rewanth participates in numerous Capture-the-
Flags (CTF) and enjoys participating in private bug bounty programs. He is
a programmer and open source contributor as well as an active Hack The
Box player. Currently, his focus is on vulnerability research, web application
security and contribution to security tools. He collaborated with Daniel Miller
a.k.a bonsaviking and added 17,000 lines of code to Nmap which includes
punycode support, enumeration of openwebnet protocol, remote smb
services, optimisation of exploitation scripts etc.
17:05 -17:15 Closing address
17:15 – 18:15 Sponsors and VIP guest networking drinks - Sponsored by Pentest partners
18:00 – 22:00 Networking drinks and canapés – sponsored by Aon
CRESTCon 2019
14
09:00 – 09:15 Welcome: (Wolfson Theatre)
Ian Glover, President, CREST and Mark Turner, Chairman
09:15 - 09:45 KEYNOTE: (Wolfson Theatre)
Paul Midian, CISO Dixons Carphone plc:
Growing old is mandatory, growing up is optional
09:55 – 10:25
Thomas V. Fischer
Download presentation
Thomas V. Fischer, Security Advocate & Threat Researcher,
FVT SecOps Consulting:
Building a Personal Data Focused Incident Response Plan to Address Breach Notification
The era of the data breach is upon us. In a traditional incident response
investigation, the focus is often on attribution and how it was done, with an aim
of quickly containing. Change needs to occur and organisations need to be
able to quickly identify and understand what personal data is affected. Using the
SANS six primary phases of incident response as a base, this talk will explore
practical steps to rebuild the incident response plan with a personal data focus.
By using and understanding Information Asset registries, data mappings and
data protection impact assessments, the preparation phase can be enhanced
to support personal data protection coverage in the IR plan. The goal to engage
ideas and thoughts on how to improve the identification phase where detection
and determination needs to quickly identifies an event and subsequent incident
where a potential personal data breach is occurring.
Thomas has over 30 years of experience in the IT industry ranging from software
development to infrastructure & network operations and architecture to settle
in information security. He has an extensive security background covering
roles from incident responder to security architect at fortune 500 companies,
vendors and consulting organisations. He is currently security advocate and
threat researcher focused on advising companies on understanding their data
protection activities against malicious parties not just for external threats but also
compliance instigated.
Thomas is also an active participant in the InfoSec community not only as a
member but also as director of Security BSides London, ISSA UK chapter board
member and speaker at events like SANS DFIR EMEA, DeepSec, Shmoocon,
and various BSides events.
10:25 – 11:00 Coffee & networking (main hall) – sponsored by Aon
Incident Response & Threat Intelligence Stream Seligman Theatre Sponsored by
Stream hosts - Rob Dartnell, Security Alliance and Tim Haines NCC Group
CRESTCon 2019
15
11:00 – 11:45
Matt Lorentzen
Download presentation
Matt Lorentzen, Principal Security Consultant, Trustwave:
Sheepl – Automating people for Red and Blue Team Tradecraft
While there is a wealth of information out there about how to build environments
that can be used for training, offensive tradecraft development and blue team
response detection, a vital part of these environments is hard to emulate. A
computer network is more than a collection of connected computer resources, it
is a platform for communications and productivity between people. So the focus
becomes how do you properly emulate people within a network environment?
In this presentation Matt will share his research into developing more realistic
user behaviour and how it can be used to improve red team and blue team
tradecraft. Windows based lab environments are vital in developing a cohesive
team strategy and exploring new attack vectors, but static environments don’t
offer the opportunities to experience ‘real world’ stimulus and therefore diminish
learning objectives. Matt’s wanted look at how he could replicate more natural
end user behaviour in a portable, but less predictable way.
His solution to this challenge is a new open source tool called ‘Sheepl’ that can
be used to emulate the tasks that people could perform within a network whilst
addressing some of the shortfalls of traditional script-based approaches to
emulating user behaviour. Matt will demonstrate how the tool allows the creation
of ‘Sheepl’ who execute tasks over a defined period of time.
Matt has 20 years IT industry experience working within government, military,
finance, education and commercial sectors. He is a principal security consultant
and penetration tester at Trustwave SpiderLabs with a focus on red team
engagements. Before joining SpiderLabs, he worked for Hewlett Packard
Enterprise as a CHECK Team Leader delivering penetration testing services to
a global client list. Prior to HPE, Matt ran his own IT consultancy company for
7 years. Matt has spoken at CRESTCon Asia, 44Con London and presented at
various university and IT events.
CRESTCon 2019
16
11:50 – 12.35
Nancy Strutt
Kimberly Bucholz
Nancy Strutt & Kimberly Bucholz, Accenture:
VBA and Macro-Document Analysis & Case Studies
This presentation looks at the VBA code and obfuscation techniques used by
APT groups (i.e. APT32) and other groups/actors (i.e. FIN7). This presentation
will discuss analysis techniques and tools and demonstrate their use on specific
samples. This presentation will show how to perform analysis on malicious
macro-based documents and follow-on payloads, such as powershell scripts,
through common analysis tools such as Microsoft Word VBA Debugger, Didier
Steven’s oledump.py, Process Explorer, Python, and more. Applicable examples
will be shown from various APT actors, as well as other groups.
Kim is a member of the Cyber Espionage team. She has more than 11 years of
experience in IT, including a Bachelor of Science degree in Computer Science
and Master of Science in Information Security. Since 2011, she has been
focused on incident response and malware analysis. This focus has included
crimeware, as well as targeted threats. Her main areas of interest are in reverse
engineering malware, and using the information obtained to pivot and find
unknown threats.
Nancy joined iDefense in 2011 as a malware analyst whose focus was
primarily web-based malware. Currently she works for the Malware Analysis
and Countermeasures team, where she looks at and dissects many different
types of malware. Her specialties in malware analysis have included exploit
kits, ransomware, wipers, and information stealers. Prior to iDefense, she
analysed spyware as a research engineer for PestPatrol, CA, and HCL. Before
2004, Nancy had an extensive career as a software engineer. Nancy holds
a B.S. degree in Computer Science and a M.S. in Information Systems and
Telecommunications Management as well as several humanities degrees. Her
other research interests include digital forensics and finding common code
bases between malware.
12:35 – 13:30 Lunch (main hall) – sponsored by Aon
CRESTCon 2019
17
13:30 – 14:00 Oliver Church, CEO of Orpheus & Chair of CTIPs:
Introducing the CREST Threat Intelligence Practitioners group – what are we doing and why?
In order to contribute to the further development of the cyber threat intelligence
specialism, CREST has established the CREST Threat Intelligence Professionals
group (CTIPs). CTIPS represents cyber threat intelligence companies and
professionals globally, and some of the work being undertaken by CTIPs
includes accreditation of leading cyber threat intelligence companies, developing
certifications for individuals and acting as a lightning rod for communication.
Oliver Church, current Chair of CTIPS, will provide an overview of CTIPs, what
we are doing and why.
Oliver is CEO of Orpheus, a specialist cyber security company. Oliver is a
passionate believer in the importance of intelligence-led security, and has
previously established successful cyber security teams and capabilities at
major global companies. He has a wide portfolio of risk management and
security experience, developed working for a diverse range of large and
small organisations over the last 17 years. Oliver is an elected member of the
Executive Committee for CREST, and has led the establishment of the CREST
Threat Intelligence Professionals (CTIPs) group with the purpose of developing
the Cyber Threat Intelligence sector worldwide. Oliver is also a CREST Certified
Cyber Threat Intelligence Manager (CCTIM), and an Assessor of the CCTIM
exam. An expert in cyber risk management and cyber resilience testing,
Oliver has been involved in developing intelligence-led cyber resilience testing
frameworks such as CBEST, and has extensive experience leading teams to
conduct the testing itself.
CRESTCon 2019
18
14:05 – 14:35
Paula Hancock
Download presentation
Paula Hancock, Senior Intelligence Lead, Cyber Tech and Threats,
BT Cyber Threat Intelligence:
Out of the trough of disillusionment and up the slope of enlightenment
Threat intelligence has become one of the recent buzzwords of the last 5
years. It became a “must have” for businesses to protect against cyberattacks.
Organisations rushed to fill their intelligence gaps with “threat intelligence
feeds” which in reality are little more than lists of indicators which quickly
become outdated and useless, as criminals quickly adapt to security defences.
Organisations then question the effectiveness of the threat intelligence that they
have invested in, and after all the hype and peak of inflated expectations, the
inevitable disappointment in the quality of service follows.
The market is currently awash with vendors claiming to provide a holistic
approach to threat intelligence, but in reality there is simply no one-stop
shop solution. Organisations find it difficult to navigate the minefield of threat
intelligence providers, where the range of content and expertise means it is
virtually impossible to compare services and match them against their needs,
which in themselves are likely to be poorly understood.
“Threat intelligence” as a term is also widely misused and misunderstood.
What vendors claim to provide may not necessarily align with an organisation’s
expectation or interpretation of threat intelligence. So how does an organisation
fully leverage the capabilities of threat intelligence? And how does threat
intelligence as a discipline, climb out of this trough of disillusionment and up the
slope of enlightenment?
Paula is a Senior Security Specialist within BT Security’s Threat Intelligence
and Investigations team. She leads a team of Cyber Intelligence Analysts to
proactively protect BT and its customers from the myriad of cyber threats faced
by global organisations every day. With over 14 years’ experience in operational
intelligence environments, Paula has seen first-hand how proactive intelligence
is crucial in mitigating and preventing threats, allowing organisations to focus
on their core business. Having joined BT from Hampshire Constabulary in
2010, Paula has worked in a variety of intelligence areas including physical
security, fraud and now cybercrime. With experience as an intelligence analyst
in law enforcement, Paula has brought a wealth of knowledge on the various
methodologies and processes to help BT successfully adopt a new approach
to intelligence-led security. Paula has a BA (hons) degree in Geography and an
MSc in Social Research Methods, is a qualified Intelligence Analyst and currently
she is working towards the CREST Threat Intelligence Manager accreditation.
CRESTCon 2019
19
14:40 – 15:10
Louise Taggart
Keith Short
Louise Taggart, Manager & Keith Short, Senior Analyst, PwC:
A Quartermaster for Compromise
PwC Cyber Threat Operations staff will present on an ongoing series of
campaigns conducted by multiple threat actors using a common document
builder. We examine some of the more interesting lures, and cover overlaps
between documents and groups. We will also examine the targeting from a
strategic point of view and suggest some potential geo-political reasons for the
threat actor’s interest.
Louise is a manager in PwC UK’s Threat Intelligence team, responsible for
tracking political and defence/security developments and analysing their
implications for cyber security, with a particular focus on the Former Soviet
Union region. Before joining PwC, Louise worked as head of the intelligence
department at a political risk and security consultancy firm. She holds an MA
(Hons) in Russian, an MSt (Oxon) in Slavonic Studies and an MA in Politics,
Security and Integration.
Keith is a technical analyst on PwC’s Cyber Threat Intelligence team based in
London, UK. Specialising in malware analysis, Keith has also previously delivered
a talk on how to track Threat Actors at the BSides London rookie track in 2018,
which focussed on the activities of a threat actor commonly known as Dark
Caracal. He has worked at PwC following his graduation from a Computer &
Information Security course at Plymouth University in 2016.
15:10 - 15:45 Coffee & networking (main hall) – sponsored by Aon
15:45 – 16:30
Lesley Kipling
Lesley Kipling, Lead investigator & Chief Cybersecurity Advisor, Microsoft:
What is the first thing you do when you are faced with a security incident? Do you have a plan?
What is the first thing you do when you are faced with a security incident? Do
you have a plan? Join Microsoft Lead Investigator and Chief Cyber Security
Advisor Lesley Kipling to find out what the first thing the Microsoft response
team does when they get to site. This session will showcase some of the
common attacks against Azure through a demonstration of Azure Security
Center, discuss changes Microsoft are seeing in the incident response world
and how to protect, detect and respond to those attacks. Objectives are to:
Gain an understanding of common attacks against cloud workloads; Learn
how to leverage Microsoft built-in cloud services to detect, investigate and
contain attacks; Understand how to harden cloud environments to be resilient to
common attacks.
Previously the lead investigator for Microsoft’s detection and response team
(DaRT), Lesley has spent more than 16 years responding to our customers’
largest and most impactful cybersecurity incidents. As Chief Cybersecurity
Advisor, she now provides customers, partners and agencies around the globe
with deep insights into how and why security incidents happen, how to harden
defences and more importantly, how to automate response and contain attacks
with the power of the cloud and machine learning. She holds a Master of
Science in Forensic Computing from Cranfield University in the United Kingdom.
CRESTCon 2019
20
16:35 – 17:05
Nick Hayes
Download presentation
Nick Hayes, Global Head of Technical Direction, BSI:
Safely Assessing Operational Technology (OT) Environments
The Operation Technology (OT) security landscape is traditionally one which has
been significantly lagging behind that of the IT world. With a huge emphasis
on safety and availability over confidentiality and integrity, a need for further
divergence and an elevated threat profile from nation states it is imperative that
OT environments are adequately assessed from a security point of view. Many
of those same OT environments however, are not safe to perform fully offensive
testing against. In this talk, Nick will explore the different methods BSI have
employed in recent times to assess SCADA/ OT networks whilst maintaining
operational safety and availability. This includes the development of a bespoke
risk assessment methodology and framework providing a holistic view, targeted
testing within test/development environments and a full penetration test of a
production gas network.
Nick is an experienced and well-rounded security consultant with 7 years of
industry experience and over 750 delivery days completed to-date. Working
for two of the largest security consultancies before BSI, Nick gained valuable
experience and skills working across a large number of industries, being
exposed to a wide variety of technologies and assessment types and leading
teams of all sizes. In a previous life, Nick was also a SCADA design engineer
before moving into the security world. Nick is currently the Global Head of
Technical Direction at BSI with the remit of ensuring that BSI are at the forefront
of the industry and delivering high quality consultancy.
17:05 -17:15 Closing address (Wolfson Theatre)
17:15 – 18:15 Sponsors and VIP guest networking drinks - Sponsored by Pentest partners
18:00 – 22:00 Networking drinks and canapés – sponsored by Aon
CRESTCon 2019
21
09:00 – 09:15 Welcome: (Wolfson Theatre)
Ian Glover, President, CREST and Mark Turner, Chairman
09:15 - 09:45 KEYNOTE: (Wolfson Theatre)
Paul Midian, CISO Dixons Carphone plc:
Growing old is mandatory, growing up is optional
09:55 – 10:25
Costas Senekkis
Download presentation
Costas Senekkis, Senior Security Analyst, ICSI:
Mandatory Access Control Essentials with SELinux
It is very important for technical people to understand the importance of
Mandatory Access Control and why it should be enforced in an organisation.
Standard permissions are not enough to protect a system thus by using more
sophisticated rules in a case of compromise, mandatory access control (enforced
by using SELinux) will protect user data from the compromised service.
Costas is an experienced pen tester and security consultant and has delivered
several penetration tests across several countries. He leads the Penetration
Testing team at ICSI LTD UK and is passionate about Linux Security. He has also
delivered penetration testing courses across the globe.
Costas is now working with companies to help management to understand the
technical issues that will arise if their employees (technical and non-technical) do
not have have not a security awareness consciousness.
10:25 – 11:00 Coffee & networking (main hall) – sponsored by Aon
11:00 – 11:30
Tom Huckle
Download presentation
Tom Huckle, Head of Cyber Training and Development, Crucial Academy:
An overview of CREST Registered Threat Analyst Training
Tom is the Head of Cyber Training & Consultancy at Crucial Academy and a
specialist in defensive security, threat intelligence and information assurance.
Tom is a former Royal Marines officer and Mountain Leader. He joined Crucial
Academy from Barclays SOC Cyber Operations Team and is responsible
for the strategic direction and delivery of Crucial Academy’s training and
consultancy capability.
Training Stream Lineker Room Stream hosts - Andrew Jutson and Samantha Alexander
CRESTCon 2019
22
11:35 – 12:05
Tony Reeves
Download presentation
Tony Reeves, Director of Level 7 Expertise Ltd and QA Partner:
Hacking Drones… Or not?
Hacking Drones….or not” is presented by Tony Reeves, the Level 7 Expertise
Ltd principal consultant for drones and Unmanned Aerial Systems (UAS). Tony
is an air defence and electronic warfare expert and has worked on a variety
of military drone projects from mini UAS through to ScanEagle in the maritime
domain, and up to large UAS such as the MQ-9 Reaper. More recently Tony
has been involved in vulnerability analyses and the provision of counter-drone
workshops to Government and Industry clients. The presentation will address
the following areas:
• A typical airborne drone system architecture
• Areas in which drones might be vulnerable
• Countering Drones – Deter, Detection, Defeat and Response
• Where next? Cyber and drones – drones delivering cyber effect?
Tony’s company is soon to undergo accreditation for CAA Permission for
Commercial Operations, which will include such as operations as the use of
drones for disruptive experiments and assessments, and ethical penetration
testing. Tony is an experienced Unmanned Aerial Systems (UAS or “drone”) and
cyber security principal consultant, with over 23 years in the Royal Air Force and
9 years in Industry. Tony has worked for SMEs and large international Defence
Primes, but for the past two years has been a director and co-owner of Level 7
Expertise Ltd, a small business based in Northamptonshire. Tony has worked
on or with most of the UK MOD’s current and recent portfolio of UAS, and also
has experience in a number of international programmes. He has experience
of enterprise audit and insider threat programmes, and comes from a strong
military intelligence background. More recently, he has been involved in Cyber
Vulnerability Investigations across a number of platforms and capabilities, and
through his chairmanship of a number of high-profile Counter-Drone conferences
is recognised as a leading proponent in his field. As part of Level 7’s Corporate
Social responsibility activity. He has started an education programme for
business owners and local government, seeking to improve their cyber security
and business resilience.
CRESTCon 2019
23
12:05 – 12:35
Miguel Rego
Download presentation
Miguel Rego, CEO of iHackLabs: Cyber Training 4.0:
How to face dynamic environments training
Miguel Rego will outline some of the guiding principles of the iHackLabs ground-
breaking approach to cybersecurity education and its cyber-range, which covers
the whole spectrum of training platforms and simulation solutions. He will explain
the dilemmas that companies face with the lack of professionals in the sector
and how iHackLabs helps the public and private sector with its solutions.
Miguel is CEO of iHackLabs, a cybersecurity training company, specialising in
cyber-range platforms for training, drills and performance evaluation. From 2013
to October 2016 he was General Director of the Institute National Cybersecurity
Agency (INCIBE), a centre designated by the Government of Spain to provide
cybersecurity services to citizens, businesses and critical infrastructure
operators, and for the development of cybersecurity talent and entrepreneurship.
Miguel collaborates with the Organization of American States as an international
expert, having participated in the definition of the national cybersecurity
strategies in Peru, Paraguay and the Dominican Republic.
In Spain, Miguel contributed to the definition of the National Cybersecurity
Plan and the derived plans. He is currently a professor at the War College
of Colombia, within the Cybersecurity and Cyber Defense Master’s Degree,
and the Business School IE, in its Master of Cybersecurity. Miguel has been
Cyber Security Leader at EY, Director of Technological Risks at Deloitte,
Director of Security and Corporate Risks at ONO company, and held several
positions related to cybersecurity in the Ministry of Defense of Spain. Miguel
is Lieutenant Colonel of the Spanish Navy and has different postgraduate
courses and certifications related to the governance and management of ICTs
and cybersecurity.
12:35 – 13:30 Lunch (main hall) – sponsored by Aon
13:30 – 14:00
Max Vetter
Download presentation
Max Vetter, Chief Cyber Officer, Immersive Labs:
Criminal Innovation and Cyber Threat Intelligence
Immersive Labs has partnered with Digital Shadows to bring practical labs on
the latest cyber threat intelligence. When the latest threat intelligence is received,
we work with Digital Shadows to produce lab exercises that give users hands on
experience of the malware, threat or exploit just released.
In this training we will go through a few stages of the cyber threat intelligence
cycle; from the intelligence collection on the darknet to seeing the malware
activate on a live system, how to detect and mitigating it.
Before joining Immersive Labs, Max spent seven years in London with the
Metropolitan Police Service. He worked as a police officer, intelligence analyst
and covert internet investigator, while also spending time in Scotland Yard’s
money laundering unit. Max spent seven years with the Commercial Crime
Services and Federation Against Copyright Theft too, investigating commercial
crime, fraud and serious organised crime groups. Most recently, Max trained
the private sector and government agencies in ethical hacking and open source
intelligence, specialising in darknets and cryptocurrencies. This included three
years teaching the GCHQ Cyber Summer School.
CRESTCon 2019
24
14:05 – 14:35 Martin Jordan, Austerbury:
Iranian cyber threat briefing
Austerbury will deliver a briefing on Iran’s Cyber capabilities, likely targets and
modus operandi. They will also discuss the broader state of Cyber Resilience
across the Middle East.
Martin has been in IT for over 30 years, having worked at Oracle, Defcom
Information Security and KPMG were headed up the ethical hacking team for ten
years. Martin now runs his own company, Austerbury, focusing cyber intelligence
training and bespoke cyber assessments. Martin spends his spare time buying
and restoring Land Rover Defenders, his latest project is a 94’ TDi 300.
14:40 – 15:10
Mark Hutchings
Mark Hutchings, QA:
The challenge of cloud security and penetration testing
This presentation takes a look at some of the challenges facing those wishing to
perform penetration tests of cloud based applications and functions, whether it’s
something simple like understanding the naming conventions used by cloud providers,
or something more complicated like understanding the different constraints enforced
by different providers, a gap in your, or your teams knowledge and skills may exist. Are
penetration testing qualifications keeping pace with these requirements.
Mark joined QA after a 23 year career in the Royal Air Force (RAF), Mark started
his career as a Telecommunications Technician progressing through the ranks. In
2007 Mark was commissioned as an Officer and after completing Initial Officer
Training and Engineer Officer Training went on to Command the Command and
Control, Computer, Communications and Intelligence Flight at RAF Honnington.
Mark then worked as a Service Manager in the Logistics Information Technology
System Project Team. Following these tours Mark completed a Master’s Degree
in Computing and Information Network Systems before seeing out the rest of his
service career teaching at the Defence School of Communications and Information
Systems as lead instructor in the Information Systems department of Engineer
Officer Training. Mark is a Network and Telecommunications specialist (including
mobile, cryptography and Radio Frequency Networks), also has UNIX and Windows
administration experience, has coded and published iPhone applications, has spent
the last few years teaching digital footprint and Open Source Intelligence.
15:10 - 15:45 Coffee & networking (main hall) – sponsored by Aon
15:45 – 16:30 Ask the Assessors Panel
Chair: Stuart Morgan
Assessors: Simon Clow, Oliver Church, Steve Bates and Geoff Jones
16:35 - 17:05Brian Moore, Subject Matter Expert for Cyber, Firebrand Training Ltd:
Firebrand Apprenticeships and Your Business
17:05 -17:15 Closing address (Wolfson Theatre)
17:15 – 18:15 Sponsors and VIP guest networking drinks - Sponsored by Pentest partners
18:00 – 22:00 Networking drinks and canapés – sponsored by Aon
BUILDINGCONFIDENCE
WORLD ofin aUNCERTAINTY
When it comes to cyber, there is no crystal ball. The greatest challenge organisations face is keeping up with and staying informed about the evolving cyber risk landscape.
Aon’s Cyber Solutions offers holistic cyber security, risk and insurance management, investigative skills, and proprietary technologies to help clients uncover and quantify cyber risks, protect critical assets, and recover from cyber incidents.
Aon UK Limited is authorised and regulated by the Financial Conduct Authority. FP.AGRC222.JJ
The following products or services are not regulated by the Financial Conduct Authority:• Cyber risk services provided by Aon UK Limited and its affiliates• Cyber security services provided by Stroz Friedberg Limited and its affiliates
Find out more at aon.com/cyber
CRESTCon 2019
Sponsors
CRESTCon 2019
A big thank you to our sponsorsCREST would like to take the opportunity to thank all our Sponsors this year for supporting at CRESTCon.
Without the input of our Sponsors CREST would not be able to put such a great event together for the industry to attend.
The sponsors can be found spanning out over two halls at the venue, please make sure that you take the time to visit
them at their stands, you can also get your card stamp and the chance to win a experience voucher!
Gold
Platinum
Silver
Bronze
CRESTCon 2019
27
Aon’s Cyber Solutions offers holistic cyber security, risk and insurance management,
investigative skills, and proprietary technologies to help clients uncover and quantify cyber
risks, protect critical assets, and recover from cyber incidents.
Learn more at aon.com/cyber
Aon plc (NYSE:AON) is a leading global professional services firm providing a broad range
of risk, retirement and health solutions. Our 50,000 colleagues in 120 countries empower
results for clients by using proprietary data and analytics to deliver insights that reduce
volatility and improve performance.
Platinum SponsorOur platinum sponsor this year is - Aon
www.aon.com/home/index.html
CRESTCon 2019
28
Gold SponsorOur Gold sponsor this year is - Ixia
www.ixiacom.com
At Ixia, we deliver a powerful combination of innovative solutions and trusted insight to
support your network and security products, from concept to operation. Whether you are
preparing your product for launch, deploying an application, or managing a product in
operation, we offer an extensive array of solutions in testing, visibility, and security—all in
one place.
Whether you are seeking greater visibility into your network or better performance, our
solutions validate network functions, test the integrity of security infrastructure, and deliver
an end-to-end view of your network. The result: stronger applications, better performance,
increased security resilience, happier customers, and maximum ROI.
CRESTCon 2019
29
Ethical Hacking Team
PwC is home to one of the world’s leading cyber security practices. The purpose of the
practice is to build a secure digital society. This is achieved by providing a comprehensive
range of services to help clients assess, build and manage their cyber security capabilities.
The Ethical Hacking team sits within Cyber Security. We help our clients to better understand
the vulnerabilities of their IT environments by simulating the actions of real-world threat
actors. This can involve anything from hacking web applications to sneaking into offices to
gain a foothold on an internal network!
The Ethical Hacking team at PwC is unique for several reasons
• The range of expertise. Our team is comprised of people with a wide variety of
backgrounds: software development; computer networking; systems administration;
hardware testing; reverse engineering; RF engineering; and core cyber security.
• Cross collaboration. We work closely with other teams within Cyber Security, including
Threat Intelligence, Threat Detection and Incident Response. This allows us to provide
customised and holistic solutions to meet the business objectives of our clients.
• The attention to human factors. No technology-based cyber security control can prevent
human error. We therefore work closely with our clients to understand their controls from
both technical and human perspectives, enabling us to offer far more than just commodity
penetration testing.
What you’ll gain?
The Specialist Advisory pathway is a three year programme. Based in Cardiff, you will
specialise in ethical hacking from day one. This will give you the opportunity to acquire the
relevant experience and technical capabilities to become an effective ethical hacker.
On the Specialist Advisory pathway, you will:
• Join a world class team of qualified ethical hackers;
• Be part of one of the largest formal ethical hacking training programmes in the world; and
• Gain the industry-leading CREST qualifications that will accelerate your career.
As part of the continued expansion of our capabilities, we are heavily investing in training
and research to develop our staff into world-class experts in a variety of specialisms.
Throughout your first twelve months, you will work towards the CPSA certification. There
will be additional training in years two and three to help you work towards the CREST CRT
qualification, giving you the ability to join the government CHECK scheme. Moreover, there
will be an option to attempt the advanced level CREST CCT Infrastructure and/or Application
exams if you reach the appropriate level of competence.
Silver SponsorsOur Silver sponsors this year are - PWC and Redscan
www.pwc.co.uk
CRESTCon 2019
30
Redscan is a multi-award-winning provider of managed security services, specialising in
threat detection and integrated incident response.
Possessing a deep knowledge of offensive security, Redscan’s experts are among the
most qualified in the industry, working as an extension of clients’ in-house resources to
expose and address vulnerabilities plus swiftly identify and shut down breaches. Services
offered include CREST accredited Penetration Testing, Red Teaming and Managed
Detection and Response.
By understanding how attackers operate, leveraging cutting-edge threat intelligence, and
offering clear and actionable advice, Redscan’s cyber security professionals can be trusted
to provide the high-quality insight needed to successfully mitigate information security risk
and achieve compliance standards.
The choice of industry leaders, Redscan boasts excellent customer satisfaction and
retention levels. Security certifications held by the team include CREST CRT, CCT APP, CCT
INF, CC SAS, CISSP, CEH, Security+, CISM, OSCP, SFCP, CCNA, and ISSAP.
Silver SponsorsOur Silver sponsors this year are - PWC and Redscan
www.redscan.com
CRESTCon 2019
31
Bronze SponsorsOur Bronze sponsors this year are - Bob’s Business, Checksec, Nettitude, Obrela, Titania, Versprite LLC
www.bobsbusiness.co.uk
www.checksec.com
www.nettitude.com/uk
www.obrela.com
www.titania.com
www.versprite.com
CRESTCon 2019
32
Training Providers
www.austerbury.com
www.academy.crucialgroup.co.uk
www.icsi.co.uk
www.ihacklabs.com/en
www.immersivelabs.com
www.pgitl.com
www.qa.com
Academia
www.cybsafe.com
www.royalholloway.ac.uk
Demonstrations
www.nettitude.com/uk
www.TryHackMe.com
Student demo room sponsor
www.contextis.com/en
CRESTCon 2019
33
Student Networking Drinks Sponsor
www.pentestpartners.com
Evening Drinks, Lunch and Coffee Breaks
www.aon.com/home/index.html
Incident response and threat intelligence stream sponsor
www.secalliance.com
Community
www.44con.com
www.cerisapproved.com
www.ptsdresolution.org
www.techvets.co
info.whitehatrally.org/p/home
CRESTCon 2019
34
Student DemonstrationsSummaries
Nicholas Nicolaou,
Bournemouth University
Fraud detection platform
The rapid evolution of credit card fraud techniques has
influenced the investigation of the shortcomings in the different
credit card transaction processes that fraudsters exploit. By
doing as such, a platform that evaluates and benchmarks the
performance of credit card fraud detection algorithms needs
to be produced, this is to facilitate a comparative analysis to
determine which algorithms are most appropriate for detecting
credit card fraud for a given transaction.
Nicholas is developing a platform that will test multiple
fraud detection algorithms using a transaction dataset that
contains fraudulent and genuine transactions. The test
results will be analysed to create a comparative analysis
of multiple algorithms that can be used in the industry for
deciding which fraud detection algorithm to implement. The
platform will exhibit multiple fraud detection algorithms and
the benchmark results of them once a transaction data set
is uploaded.
Nathan Jenkins,
Bournemouth University
Nathan is looking at how the risks identified during
penetration testing are later contextualised during the
reporting phase. The aim is to identify an area of risk
reporting to be modified and then produce tool support
for the identified process, currently this is likely to be a
connection between Dradis and CAIRIS (although that
could change).
James Hickie,
Keele University
Password guessing using Deep Learning
James will be demonstrating how hackers using a Generative
Adversarial Network (GAN) to autonomously learn the
distribution of real passwords from actual password leaks,
can generate high-quality password guesses.
Declan Callahan,
Bournemouth University
A Gamified Serious Gaming based Cyber Range Platform for Financial Operations
Declan’s project aims to comprehend the advantages of
using a developed gamified cyber range platform as an
alternative means of training operational users to traditional
CBT programmes. The cyber range will encourage
reactional based learning by providing threat scenarios
to the end-user to act upon, thereby promoting positive
reactional behaviour change through reactional dynamics.
The project focuses primarily on the financial sector as a
case study and will divide subjects into two subject groups
– one group using the developed Cyber Range Platform
(CRP) and the other using the developed CBT. Once results
are collated after use (by a form of interactive examination)
a critical evaluation will be employed to address the benefits
and shortcomings of each platform.
Kofi Aboagye,
UWE
Manipulating Image Recognition Systems using Adversarial Techniques
Image recognition systems have great potential to be used
in a variety of applications, from security systems using facial
recognition, through to autonomous vehicles for analysing
road sign objects. Whilst the performance of image
recognition classifiers has improved over recent years, using
techniques such as Convolutional Neural Networks, such
recognition systems are not infallible, and so understanding
their limitations is vital for improving their robustness.
In this work, Kofi has developed a prototype system for
training an image recognition system to a high classification
accuracy. He has also developed techniques for assessing
the vulnerabilities of classifiers by automatically generating
falsified image attacks, and being able to visualise the
success rate of attacks. By utilising this system, users
can understand the performance issues and limitations of
image classifiers, and can iteratively improve the classifier
robustness against adversarial attacks by training on
generated falsified examples.
CRESTCon 2019
35
Student DemonstrationsSummaries
Ieuan Walker,
Cardiff Metropolitan University
Cloud Storage Vulnerabilities
Computing has sky rocketed in popularity and is
estimated to reach $411b BY 2020 (Columbus, Cloud
Computing Market Projected To Reach $411B By 2020,
2017), and is heading in the direction that every company
will integrate part of cloud computing into their company
in some way or another.
Research problem
The projected value of IoT in 2021 is predicted to be
$520 (Columbus, IoT Market Predicted To Double By
2021, Reaching $520B, 2018) with organisations and
governments collecting highly valuable information, there
needs to be a highly secure mechanism to store the large
frequent volume of data being collected in an efficient and
reliable way. This is what my research will be focussing on.
Primary Objectives
The main aim of this research is to identify cloud computing
vulnerabilities and research/ develop methods to mitigate
them. This research will be focussed around cloud storage
device and technologies that will interact with it, such as
Internet of Things (IoT) and Blockchain.
Secondary Objectives
I have two secondary objectives for this research. These are
– Implementing and testing Ultranyx cloud storage algorithm
called Zero Storage Platform (ZSP)
– Researching a Blockchain solution to for the auditability
and transparency of the data
I want to research Blockchain use cases for open auditability
and transparency.
Zainab Alkhalil,
Cardiff School of Technologies,
Cardiff Metropolitan University
Human Side of Phishing / Why People Fall for Phishing Attacks?
Despite the high-level anti-phishing techniques and non-
technical solutions in place to combat them, phishing
attacks continue to be the number one threat to
cybersecurity. Phishing as a social engineering attack relies
mainly on deception art. The human factor is the weakest
link in any company’s security chain therefor instead of
focusing on the technical side; attackers exploit the human
vulnerability by playing on people’s emotions. The targets
of various phishing attacks are increasing with the increase
in the number of internet users. This number rose from 2
billion to 4 billion internet users, in 2015, 2018 respectively
and expected to reach 6 billion users by 2022 (PhishLabs,
2018). Although most of the successful attacks start with
spear phishing, new forms of phishing techniques have
been emerged and expected to increase such as Vishing
(Voice phishing) and Smishing (SMS phishing). Many
reasons behind why do people fall for phishing for instance
lack of knowledge, visual deception, and lack of attention
to the existence of security indicators. More human factor
elements will be discussed in this proposed study as well
as exploring the types of phishing. Understanding human
factors vulnerabilities, and take it into account will not only
help in raising the awareness and prevent falling for phishing
but also helps in designing stronger systems security.
CRESTCon 2019
36
Student DemonstrationsSummaries
Vibhushinie Bentotahewa,
Cardiff School of Technologies,
Cardiff Metropolitan University
BREXIT ON CYBER THREATS: Would it make UK less safe?
The framework proposals for UK exit have been agreed in
principle, but the process is at an impasse due to serious
concerns raised by a majority of UK Government. Cyber
security is one of the issues amongst other constitutional
issues that has drawn the attention of the public because of
potential security implications. What all this adds up to is a
lack of direction in meeting cyber threats.
The concerns refer mostly to shortage of skilled labour,
likely difficulties in attracting talented people from EU,
potential reduced level of intelligence sharing leading to less
cooperation between the UK security agencies and Europol.
Also the impact on the data and privacy sharing leading to
redefining Data Protection Regulations. The Data Protection
Act (DPA) 2018 is a national law which complements the
European Union’s General Data Protection Regulation
(GDPR). However, the GDPR gives member states limited
discretionary provisions in its application in respective
countries, and DPA gives detailed guidance on how that
could be done. After Brexit, UK will have to either use
both GDPR and DPA in parallel or follow their own path. In
addition, the loss of access to European technical expertise
is considered high on the list.
Cyber security matters to everyone because it protects
and promotes national interests. Therefore, continuation
of the UK-EU cyber security partnerships is likely to
remain high. However, despite the uncertainties and
concerns, UK intelligence agencies might continue to
maintain their partnerships with Five Eyes and NATO to
reap mutual benefits.
Ali Shahaab, Chaminda Hewage and Imtiaz Khan
Cardiff School of Technologies,
Cardiff Metropolitan University
Blockchain Inspired Security for Government Organisations
Industry 4.0 revolution, prompted by big data, sensors and
automation demands an open but secure framework for
data storage and exchange. Private and public sectors alike,
are moving towards building frameworks through which
they can be more open and transparent while protecting
the confidential information. With 20th century data
management frameworks, it is very difficult to fulfil these
goals as these frameworks are innately centralised and
prone to security threats. Information and data security are
the biggest challenge organisations are facing today.
Blockchain, a type of distributed ledger technology (DLT)
and the underpinning technology of cryptocurrency bitcoin,
has the potential to overcome the aforementioned issues.
It provides a secure, immutable and trusted way of sharing
and storing data across multiple parties. We at Cardiff
Metropolitan University, in partnership with Companies
House (CH) UK are investigating how blockchain technology
can be used in public sector to guarantee the data integrity
and secure sharing across multiple stakeholders. Encryption
keys dissemination, distributed storage solutions such as
IPFS to avoid creating data honeypots, smart contracts for
the enforcement of data sharing policies, secure channels
for confidential communication and logging access to critical
records on blockchain are the current areas of research that
we are undertaking. We are also looking at the legislative
challenges around data immutability and implementing a
new set of technologies which significantly differ from the
existing technologies known to the legislative bodies.
Furthermore, we are also investigating how cryptographic
techniques like zero-knowledge proofs can be used to
protect personal information when sharing data with other
trusted government organisations.
CRESTCon 2019
37
Student DemonstrationsSummaries
Emily Parsons,
Greenwich University
Human-as-security-sensor in the Internet of Things: Deception-based attacks
The Internet of Things is becoming more popular, with
predictions that by 2020 there will be 25 billion internet
connected devices in the world. Where functionality is
important, there is also a need for users to be secure, most
users will not use secure passwords on their smart devices.
Within this project, Emily explores how humans react to
physical changes on a device when their smart device is
being used by an attacker (unbeknownst to them). Are users
glossing over potential visible attacks?
Damien Thurgood
A methodology for Android data extraction and acquisition
Damien carried out research looking at the current methods
of data acquisition and extraction on android devices,
finding that forensic commercial tools don’t always support
the latest versions of android. As such Damien ran tests
using devices running android pie, such as a Google Pixel
and a One Plus 6T to see what methods could be used for
data collection. From there he created a web application
using vue.js to give visual aid on how to collect data from
devices running android 9+. Damien will be presenting the
issues raised by his research and looking at the potential
solution.
Rory Galpin
An observation, exploration and exploitation of RFID technology
Rory will be showing how malware can be injected into
a network with an RFiD node attached and running
experiments on the security of RFID and demonstrating
how users can stop these kind of attacks. Rory is exploring
different types of encryption and suggesting a new from
of RFiD middleware where the interigator has a higher
resilience to Malware attacks.
Christopher Jezierski
Emanation Assisted Intrusion Detection for Industrial Control Systems
The cost, downtime and hardware limitations of
implementing traditional host based Intrusion Detection
Systems (IDS) in the industrial sector has hampered
adoption of modern security practices. Christopher’s work
attempts to combine emanation analysis with packet
inspection to develop a passive IDS specifically for Industrial
Control Systems and SCADA.
Raghavender Rao Jadhav Balaji
UEL
Analysing and classifying click-bait native advertisements using machine learning
Native advertisement is a form of advertisement which
is designed to blend into the webpage content. Native
advertisement is categorised in different ways such as
“Paid Content”, “Sponsored Content”, “Promoted Content”,
etc. Native advertisement is perceived to deceive users by
camouflaging ads within the webpage making users believe
that the content of the ad is originating from the webpage
and not from a third party who is sponsoring the ad.
Raghavender is conducting research that he believes will be
the first to devise a detection technique to detect clickbait
native ads. This will be achieved by using set of features
never used before in previous studies or any current models
in regard to malicious clickbait ads in native advertisements.
Connor Cleak,
University of Greenwich
A forensics tool to efficiently map Online Social Network activity using python
Connor will be presenting a poster based on his dissertation
project that involves using python to scrape through Twitter
and mine tweets based on a specific term, then using
sentimental analysis determine whether or not the tweet is
positive, neutral or negative, enabling investigators to filter
their search for cyber criminal activity. The python script is
able to mine: usernames, tweets, creation time, retweet and
favourite count, location of tweet posted from and the MD5
of the tweet.
CRESTCon 2019
38
Student DemonstrationsSummaries
Thomas Win, James Briggs, Nathen Davies, Jack Sperduti,
Molly Dewis, Cassey Beach, Kieren Stanton and
Harry Barron
University of Gloucestershire
Operation Break CyOps
This group project will be showcasing the activity that
the University of Gloucestershire uses on its Cyber and
Computer Security applicant days. The activity is inspired by
a mission impossible-esque scenario in which the applicants
will discover information, which will lead them to identify a
cyber-criminal within the CyOps team using different cyber
security techniques.
CRESTCon 2019
39
InformationUseful links
For filmed presentations go to: CREST YouTube
To watch the 2018 presentations go here:
To watch the 2017 presentations go here: