It's time...


Securi-Tay is an information security conference held annually at Abertay University, organised by Abertay University's Ethical Hacking Society. This year's edition will welcome over 350 attendees and marks the ninth annual Securi-Tay, Europe's largest student-run information security conference.

This year the conference will host a total of eighteen talks across three simultaneous tracks, welcoming both seasoned professionals and first-time speakers! Additionally, two workshops will be hosted in a separate workshop village throughout the day.

Securi-Tay would not be possible without the support and generosity of our sponsors; attendees will have the opportunity to network with some of our sponsors in the main exhibition space throughout the event.

This year the conference will be run on Friday 28th of February at Abertay University.

Sponsors


Schedule


We're happy to announce the schedule for the conference is now available!

8:45

Welcome!

Meet us on the 1st floor of Abertay Union (Across the road from the University). Sign in and collect your free swag!

There will be varied breakfast rolls, pastries and fruit waiting for you!

60 mins

Bar One

9:45

Opening Remarks - The Committee

A brief welcome and introduction to the conference.

15 mins

Track 1

10:00

Vulnerability Reporting In Open Source Software - Andrew Thompson

Usage of open source is pervasive across every industry and is used by organizations of all sizes. The reasons are straightforward - open source lowers development cost, speeds time to market and accelerates innovation and developer productivity. However open source is not without its risks. Unlike commerical software, where updates are automatically pushed to users, open source has a pull support model - users are responsible for keeping track of vulnerabilities, fixes and updates for the open source they use. Consumers of an open source component may not be up to date with these unless they're engaged in the community supporting that component. This talk aims to explore the current state of vulnerability reporting and management in open source software.

60 mins

Track 1


About Andrew Thompson

Andrew is a vulnerability analyst working for the Black Duck Security Research team as part of the Synopsys Software Integrity Group. He is a graduate of Queen's University Belfast where he studied Computer Science. Before developing an interest in cybersecurity I worked briefly as a recording engineer. I'm particularly interested in developing automated tools for building and testing vulnerable open source software. In my free time I enjoy running, cooking and annoying the neighbours with my guitar playing.

11:00

IR DevSecOps (or Incident Response by the seat of your pants) - Alan Melia

The opportunity to work on an APT investigation is something few Incident Responders will have been involved in. regularly Indeed, many organisations may never experience an APT. This talk will give the audience experience of an actual case, step by step, following the actions of investigators and their efforts, together with some of the tools and techniques used in a live investigations.

60 mins

Track 1


About Alan Melia

Principal Consultant with one of the six government-sponsored CIR Scheme providers. The Government-run Cyber Incident Response (CIR) is certified by NCSC and CPNI (Centre for the Protection of National Infrastructure). NCSC/CPNI certified CIR providers deal with sophisticated, targeted attacks against networks of national significance.

Starting work on mainframe systems in the 1980’s I moved to Microsoft in the 1990’s where I first started work in what became called Incident Response. In the 2000’s I moved into Digital Forensics and obtained a Masters in Forensic Computing. Since 2009 I have developed dynamic and talented Incident Response teams and managed challenging incidents ranging from Ransomware to APT attacks.

A Practical Guide To Getting Security Right On AWS - Jamie MacDonald

There are news articles every week about exposed databases or public S3 buckets full of personal data, so what's so difficult about security in the cloud? Luckily, not very much! Most aspects of cloud security just involve knowing a little bit about what you should be doing before you dive right in and understanding how to design with the cloud in mind. This talk will be a whirlwind introduction to building a secure environment on AWS, finding out which key services you should know about before you start and understanding how to architect an application to be cloud native (and secure).

60 mins

Track 2


About Jamie MacDonald

Jamie is the security lead for a cloud-based Fortinet security product and was previously Head of Security for ZoneFox. His primary area of expertise is designing and securing cloud-native systems on AWS and He's passionate about helping others to understand how to use the cloud securely.

So You Want to Learn Red Teaming? - Andy Gill

Red Teaming or Simulated Attacks, both used interchangeably are terms being thrown around a lot recently. It's something I've been learning about over the last year and I've come to the conclusion that there's not much out there that actually explains the process or a path to actually learn what to do. There are lots of articles that explain the differences between red and blue but few actually outline a learning path for someone wanting to transition from standard penetration testing to red team operations.

60 mins

Track 3


About Andy Gill

Most notable achievement, found a few holes in a website once. I write blog posts, hack computers, social engineer free whisky out of people and enjoy helping folks understand what technology really means through the eyes of a security person.

12:00

DOH! Bypassing DNS-over-HTTPS - Sean Wright

DNS requests are submitted over an unencrypted channel. This has potential security and privacy related concerns associated with it. As a result new technologies such as DNS-over-HTTPS attempt to address some of these shortcomings. DOH has started gaining some popularity, especially since it has now been baked into popular web browsers such as Chrome and Firefox.

The purpose of this talk is to highlight some of the shortcomings of this technology, as well as illustrate so scenarios where it still fails to provide privacy.

60 mins

Track 1


About Sean Wright

Lead Software Security Engineer and OWASP chapter leader, with special interest in web based security as well as TLS security.

Offensive Tradecraft - Defence Evasion - Paul Laîné

Over the last years, the cyber security posture of companies is improving, and, despite the general opinion, anti-viruses and endpoint protections are more and more sophisticated against “day-to-day threats”. Additionally, defenders are better trained and more aware of the techniques, tactics and procedures (TTPs) used by the bad guys, which subsequently make them readier to detect and respond to incoming threats.

The two objectives of this presentation are (i) to define the numerous challenges faced while building and deploying malwares nowadays, and (ii) to provide a non-exhaustive list of techniques and tactics that can be implement in order to bypass defence mechanisms.

60 mins

Track 2


About Paul Laîné

I'm working as a cyber security consultant since 2018, in London. On top of my consultant duties, I'm actively involved in the development of custom implants, malware and tools used during simulated attack engagements (Red Team operations & CBEST).

paper tickets > smartcards, probably. - Harley Watson

Following its adoption by the Department for Transport, the ITSO specification has been the legally mandated technological stack for all new smartcard ticketing systems in the United Kingdom. Many transit operators have adopted ITSO as their primary ticketing scheme as a result of the government’s endorsement and the plethora of vendors supplying ITSO-certified equipment. Despite this, there has been little research done into the security mechanisms provided by the specification. After creating a tool to interpret data stored on compliant smartcards, I compromised a public ITSO validator app by abusing backwards compatibility measures to clone a genuine smartcard and alter its contents in an unauthorised manner.

60 mins

Track 3


About Harley Watson

Payments Software Engineer at Skyscanner. Abertay Ethical Hacking ‘19. I like trains. they/them.

13:00

Lunch

Hop over the road to Abertay Student Union for a bite to eat before the afternoon talks.

Oh, lunch is provided as well by the way!

60 mins

Bar One

14:00

Confessions of a Lock Collector (v2020_02 – Disc Detainer Edition) - Steve “autom8on” Wilson

Amateur locksmith and physical security nut, Steve’s lock collection continues to grow at an alarming rate, now including a huge range of strange and unusual locks from around the world. Following on from his BSides Leeds “v2020_01 - Lever Lock Edition” talk, this time he’ll be exploring the disc detainer locks he’s picked up during his travels.

Once again, it will be a picture heavy whistle stop tour through some interesting variations on the disc detainer theme, covering the history and design differences, and opening methods of this interesting style of lock. As an added bonus, he’ll also include a brief recap of all the things he forgot to say whilst speaking at Leeds, and probably rant on a bit about physical red team work. His dulcet tones have been known to induce sleep in audience members in the past, so caffeine or a comfortable pillow/blanket are advised. 😉

60 mins

Track 1


About Steve “autom8on” Wilson

That lock picking obsessed loony. Pen tester, teacher, mentor, physical security consultant, CTF builder, workshy layabout... ;-p

OEMs HATE it! Get paid to backdoor phones with this One Weird Trick! - Ash Wolf

I found out the firmware updater on my new Android phone was pulling double-duty as a malware distribution mechanism — legitimate-seeming OTA downloader by day, remotely-controllable backdoor by night. All in one convenient pre-installed, highly-privileged APK.

This talk tells the story of how I discovered, tore apart, disclosed and exposed an OTA provider’s years-long side hustle. In the process I draw the ire of the provider, the gratitude of the manufacturer (who were completely unaware!) and uncover frankly ludicrous levels of shadiness.

60 mins

Track 2


About Ash Wolf

I’m a mostly self-taught developer and hobbyist reverse-engineer who dabbles in all sorts of areas, from game dev and Twitter bots to writing iOS tweaks and obscure device emulators. Currently in my final year doing Computer Science at the University of Strathclyde. I like travelling, exploring cities, public transit, dogs, graphic design and retro tech.

Mine your own business: Predicting the future of cryptojacking through data fusion application - Sophia McCall

Wouldn't it be great if we could predict the future of cybercrime? In this talk I will discuss on how we potentially can...

Achieving cyber situational awareness remains an ongoing battle in preparing ourselves to deal with emerging problems and threats within the cyber realm. In a recent project I undertook, the application of data fusion - namely the JDL model, can help us further understand problem realms and identify causations and trends that can allow us to forecast and speculate the future patterns of cybercrimes. In this talk I will namely detail what data fusion is and how the JDL model has been applied to analyse and predict the future of cryptojacking.

30 mins

Track 3

About Sophia McCall

Sophia is a final year student studying a BSc Cyber Security Management at Bournemouth University. A soon to be Junior Consultant and three-time Team UK representative for the European Cyber Security Challenge, Sophia is nearing the end of her studies and hopes to continue to hone and improve her technical skills to compliment her managerial skills achieved through her degree.


From Low to PWN: A CTF challenge in the wild - Charlie Hosier

Have you ever found that something you find in the real world has more resemblance of a CTF challenge? In this talk I will go over the technical details of a couple of issues I found in PrestaShop an open source e-commerce platform. The issue itself began as a low severity issue yet once chained with another finding I was able to first achieve SQL injection and then later code execution.

The vulnerability began as a low severity access control issue which allowed a low privileged user to add a link to a quick access toolbar of the super administrator. Further investigation revealed some interesting functionality which meant it was possible to get XSS using the JavaScript URI. A payload such as javascript:alert(0) would prompt a nice little alert box and a proof of concept that XSS was possible. But why stop there?

30 mins

Track 3

About Charlie Hosier

I am a Junior Security Consultant at NCC Group, I am currently on my year in industry as part of my University course at Edinburgh Napier University. I have a passion for research and enjoy bug bounties. I also play CTF's for the top UK CTF team the Cr0wn/EmpireCr0wn.

15:00

Saving user data one company at a time - Hacking with zseano - Sean Roesner

In this talk I will be discussing how I was easily able to identify numerous vulnerabilities on popular websites (can't disclose names i'm afraid) and leak user info on a wide scale. I have saved multiple companies from data breaches and saved users' info from ending up in criminal hands.

In this talk I will also go through how I approach hacking and will explain my methodology and how this resulted in me finding lots of bugs. Hacking isn't as hard as some think it is.. it really is as simple as using the website intended :)

60 mins

Track 1


About Sean Roesner

Hi, my name is Sean, aka @zseano. I have been participating in bug bounties for almost 5years and i've managed to find vulnerabilities in some of the biggest companies in the world. I am the first security researcher to be publicly acknowledged by the Amazon Retail security team.

I do mentoring via youtube (just search for zseano) and now I want to do more talks around the UK and discuss more about my findings & techniques :)

Whodunnit? The Art of Attribution in DFIR - Morven MacKellar

The attribution of a person to a crime is a significant aspect of digital forensics and incident response - in both positive and negative ways. How exactly do we identify an individual based on digital evidence or determine which APT group is responsible for orchestrating an attack? And what happens when we get it wrong?

This talk will discuss the concepts surrounding attribution by drawing on real world experience both from investigations I've worked on and from high profile cases seen in the news to explore the differences in approach to attribution between investigators in law enforcement and in the private sector, and the potential pitfalls of incorrect attribution.

60 mins

Track 2


About Morven MacKellar

Morven graduated from Abertay's Ethical Hacking program in 2018, and is now a DFIR consultant at Aon (formerly known as Stroz Friedberg). She has a particular interest in mobile device forensics and the subject of true crime.

DumpTheGit - Malkit Singh

DumpTheGit searches through public repositories to find sensitive information uploaded to the Github repositories. The tool will flag the matches for potentially sensitive files like credentials, secret keys, tokens etc which have been accidentally uploaded by the developers. DumpTheGit just require your Github Access Token to fetch the information.

30 mins

Track 3

About Malkit Singh

I have around 8 years for experience in the area of security. I am CREST and OSCP certified. I practiced in various security domains like Web Application Security, Network Security, Mobile Security and Source Code Reviews.


Practicing Safe Sex(t) - Tia Cotton

Nudes, Dirties, Pics, whatever you call them, you’ve probably sent them or know someone who has. But how can we protect ourselves and our opsec when we’re sexting, producing sexual content of ourselves or even watching and buying sexual content online?

This talk will discuss how we can protect our physical bits online, how to practice safe sexting properly, how sex workers have better opsec than us all and looking into the weird and wonderful world of sex online.

Content Warning: This talk will contain sensitive topics such as sexual/domestic abuse and suicide.

30 mins

Track 3

About Tia Cotton

Second Year at Abertay - social engineering, badUSB’s and researching the weird and wonderful in security

16:00

Nautical Nonsense - Graham Sutherland

Never thought you'd be on a boat? Me neither. Come explore the weird and wonderful world of industrial control systems that float. What does a ship's network look like? How does navigation work? What shoes should I wear? What happens if you run nmap against engine monitoring infrastructure? How easy is it to accidentally set equipment on fire? What time is lunch? All this and more will be answered.

60 mins

Track 1


About Graham Sutherland

Graham spends most of his time scouring eBay for weird boat-related equipment and being sent to countries that are far too hot for his liking. When he's not doing that, he shoots lasers at things and sets off smoke alarms.

God Does Not Hate You, God Hates Your Computer - Ian Thornton-Trump

It's unpleasant to even contemplate but global climate change will have massive impact on our daily lives - especially our daily lives in IT & IT Security. Never before have IT systems been faced with an existential threat and although humans are resilient to a point, it turns out silicon is not nearly as resilient. From desktops to oceanic cables global climate change may be far more destructive and disruptive than we ever contemplated. Why this talk now? Quite simply this: If you are at the beginning of your career in IT or IT security design choices and technology choices now may sustain your career in the future.

60 mins

Track 2


About Ian Thornton-Trump

Proud member of The Beer Farmers. BC1 (the 24 hour virtual conference) organiser & interviewer. CISO for Cyjax.com Twitter: @Phat_Hobbit

Densor - Effective DDoS attack tracking - Lloyd Davies

Densor is a distributed DDoS threat intel platform which gives parties access to DDoS attack intelligence as to if they are being attacked by a threat actor. Currently, Densor can fingerprint 95% of the DDoS attacks which occur worldwide. All of this information is presented on a platform accessible via a dashboard; parties can also have alerts via email if a certain IP address range is targeted in one of the attacks. This is achieved by monitoring reflected DDoS attack vectors (such as memcached, DNS, etc..) and the monitoring of botnet operators; such as Mirai. Combining all of this intelligence together gives the party a rich dataset to identify threat actor trends.

This talk will outline the techniques, motives, attacks seen on the platform, DDoS attack trends, along with the reverse engineering side of common DDoS-based malware.

30 mins

Track 3

About Lloyd Davies

A low-level programming and reverse engineering enthusiast who likes to rip apart malware and track the bad guys.


Risk Intelligence, Using the Intel Lifecycle for real results. - Michael Goedeker

This talk focuses on a new emerging way of moving past marketing terms like Threat Intel and moving towards Risk Intelligence and data gathering to start defending and recognizing cyer warfare based attackers.

30 mins

Track 3

About Michael Goedeker

Speaker, potential PhD student, author for IGI-Global and CEO of Security Startup Hakdefnet.

17:00

Break

Wee 15 minute break before the closing keynote.

15 mins

17:15

Sunshine Through the Clouds: Successful Penetration Testing in Cloud Environments - Paco Hope

Running world-class, scalable infrastructure in the cloud means deploying cloud-native security that is resilient, adaptive, and responsive. We can use penetration tests to give us confidence that the infrastructure has been implemented correctly. Cloud infrastructure, though, is best secured using cloud-native mechanisms. Testing that infrastructure, then, means looking at new and different aspects of the infrastructure. This is not your father's penetration test. If you're going in cold to test cloud infrastructure, what should you look for? What are the cloud-specific checks that have the best value? How can we ensure that the clouds are full of rainbows and remain a safe place for unicorns to frolic and play?

60 mins

Track 1

About Paco Hope

Paco Hope is a Principal Security Consultant with Amazon Web Services. Formerly based in London, he's now based in us-east-1. Paco helps enterprise customers build secure landing zones in AWS, migrate applications securely, and configure their AWS services securely to meet their security, risk, and compliance goals in the cloud. He has been known to dress as a rainbow unicorn to drive home the importance of cloud security. Read his most recent blog post and other great security resources on the AWS Security Blog: https://aws.amazon.com/blogs/security/

18:15

Closing Remarks - The Committee

A few words to conclude the day and thank everyone who made it possible.

15 mins

Track 1

18:30

After Party

Sponsored by F-Secure, join us for a few drinks and lots of awesome chat!

???

Innis & Gunn


Workshops

11:00

Lockpicking Workshop
Moon on a Stick Lock Picking and Cold Brew Coffee Emporium

Interested in learning something about how locks work and how they can be opened without keys? Have a desire to find out a bit more about the world of physical security (of which lock picking and bypass is a tiny part)? Completely new to this, or an experienced hand? Come along and brush up your skills, and possibly your tools. The friendly staff from Moon on a Stick, and their helpers, will be on hand to explain how things work, and hopefully get you opening locks yourself.

We should have a range of tools, equipment and locks available to borrow, or feel free to bring your own along and teach us a thing or two (if you have locks without keys, or keys without locks, we’ll happily take them off your hands). In addition to all the small pieces of brass and steel, we should also have a good quantity of cold brew coffee available to help blow away any cobwebs from the pre-con party. Drop in and say hello!

3 Hours


About Moon on a Stick Lock Picking and Cold Brew Coffee Emporium

Lockpicking Village – brought to you by the Moon on a Stick Lock Picking and Cold Brew Coffee Emporium (@MoononaStickLP)

14:00

The attacker's point of view
Stefan Hager

One of the first phases of targeted attacks always is reconnaissance. The crafty attacker tries various methods to gather as much information as they can about their destination before striking. This phase is often overlooked by defenders, because seemingly there is nothing that can be done against it, and it's also hard to detect. Yet analysing what's left in the open and getting a proper understanding of how a company looks to an attacker gives valuable information to the defenders, even if the gathered information is stuff that can't be fixed; it still gives helpful information what to look out for.

Defenders have a disadvantage, which can be somewhat softened by putting themselves in the footsteps of an adversary to discover the same information an attacker would use. The gathered information can be used to tweak logging alerts, set up honeytokens, or even to remove critical information from the public to reduce possible attack vectors or to get alerted quickly when something is up.

Get a jump start on how to research the digital presence of your company from network level to social media without any inside information (and no big budgets).

3 Hours


About Stefan Hager

Stefan works for the Internet Security Team at German company DATEV eG. He started messing with computers in the 80s and turned it into a job as a programmer in the early 90s. Since 2000 he has been securing networks and computers for various enterprises in Germany and Scotland. His main focus in #infosec is securing humans and creative deception and defence strategies.


Attendees of this event must abide by the Code of Conduct stated here.

Directions


The University's address is Bell Street, Dundee, Scotland, DD1 1HG. The closest train station is Dundee Station.
The closest airports are Dundee Airport and Edinburgh Airport.

Click for a map!