It's time...


Securi-Tay has been a great success over the many years it has been running and it keeps getting bigger and better each year, even being included on several must-attend infosec conference lists. This year will be the 8th year that Securi-Tay is being run, and it is currently the biggest student-run infosec conference in Europe. What started as a way to get society members involved and engaged with the infosec community has grown into a popular conference which attracts around 350 attendees from a mixture of industry and academic backgrounds.

Securi-Tay offers many advantages for both attendees and sponsors. For attendees, included in the ticket is a day of high-quality talks from a range of industry professionals as well as the chance to network with other attendees and sponsors (plus, our world-famous hog roast). Thanks to our high level of student engagement, attending Securi-Tay offers excellent recruitment opportunities for any sponsors looking to network with potential interns and graduates.

This year the conference will be run on Friday 1st March at Abertay University.

Sponsors


Schedule


We're happy to announce the schedule for the conference is now available!

You can also find the programme as a pdf here.

We also have a lockpicking village being run all day next to track 3!

8-45

Welcome!

Meet us on the 1st floor of Abertay Union (Across the road from the University)
Sign in and collect your free swag!

There will be varied breakfast rolls, pastries and fruit waiting for you!

60 mins

Bar One

9-45

Software Security: Never Stop Evolving

From the early days of software bugs through to the modern day, software security practitioners have had to adapt to a cascade of paradigm shifts. As technology has increased in complexity, so have the attack vectors. Not only have we played cat and mouse with the attackers and their evolving attacks, but we’ve had to adapt to how software development has gone from Waterfall to Agile to DevOps.

As security finally appears to have won enough credibility to be given a voice in software development, there are opportunities and risks. In this talk, I will focus on software security specifically, some of its history, the current challenges, and how you as a security subject matter expert can help shape its future.

75 mins

Lecture Theatre 1 (2516)


About Nick Murison

Nick is the head of software security services for Nordics and BeNeLux within Synopsys’ Software Integrity Group. He’s spent the last 14 years in the security industry, working within R&D, security assessment services, incident response, training, and strategic security initiative development. Combining his passion for software security and butchering multiple languages, Nick helps customers in FinTech, IoT, Embedded Systems and other industries build high quality secure software faster. Nick holds a MSc in Information Security from Royal Holloway, University of London.

@nickmurison
synopsys.com/software

11-00

In this talk, we discuss the lengths some organisations go to, in order to protect personal data, as opposed to those that say they do, once the personal data they were responsible for has been flooded onto the Web. It's a tale of breach after breach after breach, laced with some hope that certain firms are at least trying to do the right things. We all make mistakes, but we should at least give it our best shot at avoiding doing so..

60 mins

Lecture Theatre 1 (2516)


About The Beer Farmers

Ian Thornton-Trump and Mike Thompson, doing a Beer Farmers 'gig'. Ian is a seasoned InfoSec campaigner, who's delivered many commentaries and talks over recent years, to a great reception. Mike is a relative newcomer to the community, but has a passion and enthusiasm to help educate and improve the security of the citizens of the web. Mike was also invited to deliver his talk on web application firewall technology at 2018's Securi-Tay, however had to withdraw due to a dental fail. Both are members of The Beer Farmers; a parody project, who's aim in life is to help the InfoSec community take itself less seriously, bring some fun, while at the same time help us focus on the important things in what we do.

Microsoft has slowly been introducing tools to help organisations better manage and troubleshoot Windows performance and issues; these are now entirely integrated into Windows. To improve performance and troubleshooting capabilities, Microsoft introduced System Resource Usage Monitor (SRUM) in Windows 8 and beyond. PowerShell has become the default “command line” management tool for windows administrators. These tools provide both a wealth of information into what has happened and is present on the system. For Forensics and even Incident Response, these tools are now a go to built-in option to bootstrap and drive the forensics process including opening access to artefacts that overzealous user or even a “smart” attacker has removed. SRUM for instance can provide data points ranging from network to process activitiy providing insight into what, who, when and how an attacker or malicious process introduced itself into the environment. This talk will help the participant build the foundations to identify which built in tools can assist in the Windows Forensics process and the data points that are available as well as examine how services such as SRUM can be used to extract key data points to provide information for incident response or threat hunting activities.

60 mins

Lecture Theatre 2 (2517)


About Thomas V Fischer

Thomas has over 30 years of experience in the IT industry ranging from software development to infrastructure & network operations and architecture to settle in information security. He has an extensive security background covering roles from incident responder to security architect at fortune 500 companies, vendors and consulting organisations. He is currently security advocate and threat researcher focused on advising companies on understanding their data protection activities against malicious parties not just for external threats but also compliance instigated.

Talk 1: Obfuscating PDF Malware: How I “nearly” created a FUD
Everyone and their dog is aware of macro based malware nowadays, but not all know that PDFs can also contain malicious payloads and be used to execute them. Although many anti-virus systems can detect malicious PDFs, basic obfuscation techniques can be applied to fool even the crème de la crème of these systems. In this talk I will discuss the fundamentals of PDFs, how several obfuscation techniques work, how they can be implemented, and their effectiveness (or lack thereof) at evading anti-virus systems.

Talk 2: GPU Accelerated Security
Since the introduction of general purpose graphics processing units, many trivially scalable tasks have benefitted from GPU acceleration. However, open source security projects have lagged behind, and those that have tried to implement GPU acceleration (such as suricatta) have failed to do it well. This talk takes a brief look at when GPU acceleration should be used, what it is good for, what the caveats are, and how it can be applied to security tools/applications. Accelerating security tools such as IDS and Hard Drive Forensics through GPU optimization.

30 mins per talk

Glass Room (2522)


About Jonathan Ross & Andrew Calder

Jonathan Ross is a 4th Year Ethical Hacking Student at Abertay University and intern cyber security consultant. His interests include offensive security and anti-phishing.
@JohDJRoss

Andrew Calder is a 4th year Abertay hacker, with interests including usb emulation, gpu acceleration, and automation. You can find him on github and twitter below.
@Verdnaa
AR-Calder

12-00

We may live in a software world, but all that software runs on hardware at some point down the stack. Sure, you need some hardware to talk to hardware, but that shouldn't be a barrier to entry. The cost of a couple pints is enough to get a device to help you. I'll demonstrate 7 different cases where you can use an FT232H-based board or cable to pull off a hardware hack, including:
- Getting a root shell over a UART
- Modifying I2C configuration of a device
- Sniffing a hardware bus as a Logic Analyzer
- Dumping flash off a device for offline analysis
- Backdooring firmware and flashing it to a device
- Jtag debugger
- Replaying custom crafted protocol packet
Hopefully you'll come away with the confidence and know-how to tackle a hardware attack of your own.

60 mins

Lecture Theatre 1 (2516)


About Joe FitzPatrick

Joe FitzPatrick is an Instructor and Researcher at SecuringHardware.com. Joe has spent over a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontroller. He has spent the past 5 years developing and leading hardware security-related training, instructing hundreds of security researchers, pen-testers, hardware validators worldwide. When not teaching classes on applied physical attacks, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.

@securelyfitz

Malware has become one of the most prevalent threats to personal computer security: how did this happen? Does every threat actor make their own? Come with me on a journey into the internet's archives, exploring how enterprising malware developers created a new market with ""remote administration tools"" and how they lowered the barrier to running a malware campaign significantly. This talk will help you become familiar with the role generic malware plays in the world of not-so-sophisticated threat actors, how it's built and what job it's designed to do. Expect a deep dive into the different sectors of the malware economy, a timeline of notable events and a technical analysis of some more interesting examples.

60 mins

Lecture Theatre 2 (2517)


About Dan Nash

I'm a software engineering student turned security engineer. I helped run ENUSEC for a while and now i'm helping to improve security with Sophos' Security Engineering team. Lifelong love of CTFs, programming and malware.

Talk 1: Profiling The Attacker - Using natural language processing to predict crime
What does Minority Report, Black Mirror, and 1984 all have in common?.. Well, turn up to the talk to find out. On a day to day basis we countlessly write notes, send messages and respond to emails. The question is, however, what does what we write actually show about us, and how can we use the meaning behind these pieces of text to predict crimes and attacks. This talk delves into just this - how machine learning, and specifically natural language processing and sentiment analysis, can be used to predict crime and security attacks. This, of course, comes hand in hand with talking about predictive policing approaches, biases in predictive policing, and how natural language processing can be used to automate this whole process.

Talk 2: Using Natural Language Processing Techniques to Crack Passwords
A custom dictionary that exploits the shared social experience of a userbase can be interactively built by making multiple cracking passes through a hash dump, and on each pass adding other similar words to the dictionary. We might crack one user's password that is based on a local football team and another based on an anime character but if we can add all the other regional football teams and other anime characters to the dictionary for the next cracking pass, we are likely to discover that other users share similar interests. Here we explore the use of Natural Language Processing models for automatically discovering candidate words for a custom password cracking dictionary.

30 mins per talk

Glass Room (2522)


About James Stevenson & Robin Vickery

James Stevenson is a Software Engineer and Security Researcher, with a security analyst background. James is qualified as both a Mental and Physical Health First Aider and these days he works at BT Security, as well as speaking at security events across the UK.
@_JamesStevenson

Robin is a senior cybersecurity penetration test consultant and has worked across a number of disciplines including offensive and defensive security. This has included offensive security in protecting ultra-high net worth individual’s online reputation and assets as well as more traditional commercial engagements. Prior to that Robin spent time as a developer.

13-00

Hop over the road to Abertay Student Union for a bite to eat before the afternoon talks.
Oh, lunch is provided as well by the way!

60 mins

Bar One

14-00

There are many Software Defined Radios (SDRs) available, with a great deal of time and effort having gone in to their design. These are not those radios. I present four radios that we have designed using crude, novel, and sometimes ridiculous methods for transmitting and receiving signals.
The arrival of SDR allowed more hackers than ever to experiment with radio protocols, but we're still using hardware built by other people. In the time honored hacker tradition of rolling our own tools, we'll demonstrate four simple radios that can be home-built using commonly available parts for little to no cost.

60 mins

Lecture Theatre 1 (2516)


About Dominic Spill

Dominic is a senior security researcher at Great Scott Gadgets, where he builds tools and investigates communications protocols.

In the past, I've built a number of challenges for a variety of events. I've always tended towards the more physical side of things. It's remarkably hard to second guess the skill level of potential players, and to build something that hits the fine balance between being achievable without being too easy, when given competitors of varying ability. Sometimes things go well, sometimes, almost comically less so. I'll give some examples of games I've built in the past, the approaches I took when designing them, and some lessons learnt actually getting people stress testing them in the real world...

60 mins

Lecture Theatre 2 (2517)


About Steve Wilson

22+ year veteran of the security industry. Forgotten more than I remember. :-( Physical security nutjob, currently doing advanced red team work. Builder of games for the likes of Hack Fu and the Cyber Security Challenge. Long time friend of Abertay (ask Colin) and occasional Ladywell drunk.

What’s a job in infosec really like? In fact how do you even get one in the first place? Based off experiences from their first few years in industry the team break down some of their favorite do’s and don'ts with getting your first job in infosec.

60 mins

Glass Room (2522)


About James Stevenson, Chlöe Ungar, Brett Calderbank, Daniel Nash & Jack Wilson

A team with a mix of backgrounds from entering the industry through university to working in internships and apprenticeships. We now all work, in one form or another, in computer security companies from small startups to large global organisations.

15-00

With the advent of IoT connected everything - doorbells, dishwashers, ovens, alarms, and uh... more private items - you may be interested to try your hand at pwning some devices. Messing with web portals and network traffic is one thing, but what about the board itself? What do those components do? What is that chip doing? How do I not electrocute myself? All equally important questions. This talk covers the basic hardware knowledge you need to start picking apart boards, accessing debug functionality, dumping firmware, and finding juicy secrets.

60 mins

Lecture Theatre 1 (2516)


About Graham Sutherland

Graham works as a senior researcher at Nettitude, and prior to that spent many years tinkering with various bits of hardware. He has only given himself near-fatal electric shocks twice. His main areas of focus are hardware, cryptography, and Windows internals.

Mobile application security isn't always super exciting or challenging but when it comes to application hardening things get more interesting. These days, it is not uncommon for particular types of application to go out of their way to defend themselves at runtime. Such application types would include but are not limited to:
- financial apps
- multiplayer games
- apps which feature DRM protected content
- apps with intellectual property etc.
It's often the case that such applications attempt to protect themselves via internally developed controls, as well as leveraging commercial products. During this talk we'll look at some of the typical controls that Android/iOS applications exhibit, how they work, how to spot them, and how to sidestep them. We’ll be demonstrating analysis and techniques using free open source tooling such as Radare, Frida, and for some parts we’ll also leverage IDA Pro. Since automation is the buzzword of the year too we’ll also be discussing how to automate some of these activities that typically take up most of the assessment window.

60 mins

Lecture Theatre 2 (2517)


About Grant Douglas & Nikola Cucakovic

Both Grant & Nikola are Abertay Alumni and are now working in security consulting at Synopsys Software Integrity Group (SIG). Grant Douglas is an associate principal consultant specialising in mobile security, having researched & worked in the space for over 7 years. Grant has published mobile tooling which has featured in books such as the mobile app hackers handbook as well as iOS Forensics. My particular areas of interest are in reverse engineering, application hardening, Runtime Application Self Protection (RASP), etc. Nikola Cucakovic is a security consultant, specialising in mobile security with a particular focus on financial services. Nikola has worked in a number of mobile based roles including Android software engineer, security testing, and also security architecture. Nikola is particularly interested in Reverse Engineering, Application Hardening, and Biometrics.

Talk 1: From Breaking In to Breaking Through: the applicability of skills from social engineering to teaching security behaviours
What isn’t there to love about talking your way into places you’re not allowed, free stuff, or any number of other things that leave you with epic stories? We glorify and revel in impressive and amusing social engineering hijinks, which is great until the point where we need to get our colleagues to be better about security behaviours and the first “soft skills" that we think of using in the context of security are about deception and manipulation. Social engineering can be powerful for getting people to do things for you, but helping people to be better with security practices requires a different approach to be effective. This talk will cover some basics tips from teaching and behaviour change interventions, which skills developed in the context of social engineering have some crossover, and pitfalls with using social engineering tactics on your coworkers.

Talk 2: Intro to Machine Learning for Hackers
As cyber security students & professionals, do we really need to care about Machine Learning? In this talk we will go over what machine learning is, what it can do, and how it can (and can't) help the cyber security profession. After taking a deep dive into a particular algorithm, where we will learn a bit of maths and logic behind how ML works, will focus on: examining how the industry is currently utilising it (ML for phishing detection, ML for NIDS and ML for SIEM), how adversaries could use it to our disadvantage and how Machine Learning is vulnerable to attack itself.

30 mins per talk

Glass Room (2522)


About Rose Regina Lawrence &: Helena Lucas

Rose Regina Lawrence is the digital security coordinator at Tactical Tech in Berlin. She has supported activists, human rights defenders, and journalists in heightened risk settings both in the US and internationally for over a decade. Her graduate level training in Public Health/ Community Health Education with a focus on communicating for behaviour change on individual and collective risk has deeply shaped her approach to digital security education. In addition to digital security workshops and interventions for activists and their attorneys, she has developed materials and presented on digital security and sexuality, including the specific needs of sex workers, people who have experienced domestic and intimate partner violence, and the queer community.

Helena Lucas: I am a Cyber Security and Forensics student currently on placement, which is where I first came into contact with Machine Learning. At Uni I was on the committee of ENUSEC and organised a TEDx conference. Oh and if you see me around, ask me to do a card trick !

16-00

Over the past fifteen years there's been an uptick in "interesting" UNIX infrastructures being integrated into customers' existing AD forests. Whilst the threat models enabled by this should be quite familiar to anyone securing a heterogeneous Windows network, they may not be as well understood by a typical UNIX admin who does not have a strong background in Windows and AD. Over the last few months I've spent some time looking a number of specific AD integration solutions (both open and closed source) for UNIX systems and documenting some of the tools, tactics and procedures that enable attacks on the forest to be staged from UNIX.

60 mins

Lecture Theatre 1 (2516)


About Tim Wadhwa-Brown

Tim Brown joined Cisco as part of their acquisition of Portcullis for whom he worked for almost 12 years. He is equally happy performing white box assessments with access to source code or where necessary diving into proprietary binaries and protocols using reverse engineering methodologies. Tim has contributed to a number of Cisco's bespoke methodologies covering subjects as diverse as secure development, host hardening, risk and compliance, ERP and SCADA. In 2016-2017, Tim looked at targets as varied as Active Directory, z/OS mainframes, power stations, cars, banking middleware and enterprise SAP Landscapes. Outside of the customer driven realm of information assurance, Tim is also a prolific researcher with papers on UNIX, KDE, Vista and web application security to his name. Tim is credited with almost 150 vulnerability advisories covering both kernel and userland, remote and local. Tim particularly like to bug hunt enterprise UNIX solutions.

Do you think users are the weakest link in the security chain? Here is some duct tape to change that, and to raise the bar for social engineers and other attackers alike. Over the last few decades, sysadmins and people working in IT have called users names and generally rolled their eyes at the antics of those allegedly lazy, stupid and uneducated people. From PEBKAC to ID-Ten-T we have been calling them names and didn't want them on our networks. This way of destructive thinking needs an overhaul, and here are some easy tricks how users can become the valuable asset in corporate security that indeed they should be. Finding creative solutions to existing problems has been a standard skill for red teamers, whereas those defending networks often rely on standards. Discover some creative solutions people have come up with to significantly raise their security - most of them are easy to implement - and how users can become a major asset of any security team.

60 mins

Lecture Theatre 2 (2517)


About Stefan Hager

Stefan works for the Internet Security Team at German company DATEV eG. Having started with computers and starting to be puzzled by reality in the 80s, he started out as a programmer in the early 90s. Since 2000 he has been securing networks and computers for various enterprises in Germany and Scotland. His main focus nowadays is security research, raising security awareness, coming up with creative solutions to security problems and discussing new ideas concerning threat mitigation. When not trying to do any of the stuff mentioned above, he is either travelling, procrastinating or trying to beat some hacking challenge. Stefan also writes blog posts (in English and German) on his site https://cyberstuff.org.

Talk 1: It might get loud! Exfiltrating data using audio interfaces
Data exfiltrating is often the final and most important phases of an attack as this is when the target data is actively stolen and transmitted across network boundaries. However, on restricted and isolated environments, this stage becomes more challenging as avenues for data to be transferred are drastically reduced, and it is quite common for removable storage devices to be disabled. How about using devices that are usually permitted such as sound cards to exfiltrate the data? Turning files into analogue signals is not a novel idea, modems did this many years ago... but how about using a USB soundcard to transfer files from a computer to another device? When classical methods fail, jazz it up and rock it out! (This can involve very low or high frequency sounds).

Talk 2: Back to School: Bringing it Back to the Students
This talk will discuss tools, tricks and stories from students on how to advance yourself and get a foothold in the infosec industry. Whether for a current student, a newbie or a hacking veteran, hopefully this talk brings some inspiration and knowledge to you.

30 mins per talk

Glass Room (2522)


About Miguel Marques & Callan Garratley

Miguel is a senior cybersecurity penetration test consultant and brings many years of experience across a range of disciplines. Prior to joining Commissum, Miguel led successful engagements across complex systems including banking platforms and biometric based authentication systems. He specialises in web application testing, infrastructure testing and mobile application security assessments.

Callan is a 4th year student & part time consultant. I love learning, talking and hacking things

17-00

Take five! ... or fifteen.

15 mins

Wherever you want!

17-15

ISIS Online: Junaid Hussain

This talk examines the online tactics of Junaid Hussain (Aka TriCk) as a hacktavist and later as a member of ISIS. The talk will cover:
Hussains hacking abilities
The hacks he and his crew perpetrated
How Hussain transferred his knowledge to propagandising for ISIS
Hussains role in ISIS’ propaganda and recruitment efforts
The main aim of the talk is to discuss how Hussain utilised his hacking skills and their effectiveness in relation to ISIS’ objectives.

This talk will not be recorded.

60 mins

Lecture Theatre 1 (2516)


About Michael Jack

Former @AbertayHackers Vice Gaffer. Purveyor of macOS security & tequila.

18-15

Just a couple of words thanking everyone who helped make this happen.

15 mins

Lecture Theatre 1 (2516)

18-30

Sponsored by MWR, join us in the union for a few(?) drinks and lots of awesome chat!

???

Bar One


Attendees of this event must abide by the Code of Conduct stated here.

Tickets


Tickets are available through Eventbrite.
Standard tickets are £26.
Student tickets £20.

Buy Tickets!

Directions


The University's address is Bell Street, Dundee, Scotland, DD1 1HG. The closest train station is Dundee Station.
The closest airports are Dundee Airport and Edinburgh Airport.

Click for a map!