BSides Ume 2023

Session

Talks

27 Jun 2023, 10:00

Aula Biologica (Umeå University)

4. Welcome and practical matters

Mattias Wadenstein (NeIC)

27/06/2023, 10:00

Talks

Welcome, and a brief rundown of practical matters and the rough schedule.

2. Keynote: How to Hack a Country - *a practical guide*

Leif Nixon (Nixon Security)

27/06/2023, 10:10

Talks

Cyber Warfare is a pretty vague concept. Often it is used intentionally vaguely, because it is a good way to get funding. It is a big, scary phrase. Our Cyber Warriors need umpteen millions to Cyber Defend the nation against Cyber Warfare.

But what does it mean in practice? How could you hack a country? How would I hack a country? We will discuss real-life attacks and vulnerabilities,...

3. Likelihood of Failure

Mr James Bore

27/06/2023, 10:55

Talks

Risk management is at the core of what we do in security, and yet is used as much of an excuse not to pursue security as to follow it.

This talk will look at removing likelihood from the risk management equation and taking a whole new approach in communicating risk. Instead of heatmaps or four by four boxes, we will look at assessing risks through scenario exercises to determine if the...

1. I’m ok, you’re ok, we’re ok: Living with AD(H)D in infosec

Mr Klaus Agnoletti

27/06/2023, 11:40

Talks

I was diagnosed with AD(H)D almost three years ago, aged 44. Getting the diagnosis and being able to get proper medicine meant the world to me; suddenly I understood all those symptoms and I was able to function remarkably better. Better understanding also meant that I got more insight to why it was becoming increasingly harder for me to get and keep a job. So something had to happen.
I’ve...

7. An In-depth Study of Java Deserialization Exploits

Alexandre Bartel (Umeå University), Mr Glenn Jansson

27/06/2023, 13:00

Talks

Deserialization is a technique based on rebuilding instances of objects from a byte stream. It can open applications to attacks such as remote code execution (RCE) if the data to deserialize originates from an untrusted source. Deserialization vulnerabilities are so critical that they are in OWASP’s list of top 10 security risks for web applications. This is mainly caused by unwise decisions...

8. Threat modeling: The single most effective security habit your team should start doing

Markus Örebrand (OWASP)

27/06/2023, 13:45

Talks

From it's inception in the nineties where threat modeling was an artifact-heavy beast and mostly used as a formality, the method is now a light-weight conversation and design tool used directly by the development teams.

In this session I will show you how you can lead your team to new insights about the system you're building and an understanding of the surrounding threat landscape, using...

5. Quantum computers -the end of all encryption. Or?

Jens Bohlin (Tutus Data)

27/06/2023, 15:15

Talks

The development of quantum computers has gain increased attention over the
last years, not least because of this year's Nobel Prize in Physics.
Quatum computers are often portrayed as a major threat against modern crypto
system and therefore also a threat against fundamental
security mechanisms that we all depend on in our modern connected world.

In this talk, we will learn how quantum...

6. Regaining Privacy with Self Sovereign Identities

Linus Lagerhjelm (Omegapoint)

27/06/2023, 16:15

Talks

Hur kan du bevisa att du är du? Hur kan du bevisa att du tagit en viss examen från ett visst universitet? Hur gör du detta i en digital kontext, där du inte ens träffar din motpart? Hur kan du veta att du kan lita på äktheten av ett digitalt dokument? Och hur kan du göra allt detta helt anonymt?

I denna föreläsning kommer jag berätta om ett knippe tekniker som besvarar alla ovanstående...

9. Closing Remarks

Mattias Wadenstein (NeIC)

27/06/2023, 17:00