Opening remarks from the organizers with practical information.
Moving to the public cloud should not feel like navigating a maze of
roadblocks - yet for DevOps teams in regulated industries, that is often the
reality. Compliance, risk, legal, and information security teams frequently
operate in silos, slowing down DevOps teams' ambition to deliver innovation
at speed. In this session, we will explore how Compliance-as-Code can unify
these efforts,...
In this talk, I will walk you through my journey of reverse engineering and cracking a binary protected by a modern licensing software stack named CryptLion.
The presentation will be structured into three main sections, going from my first observations (as a hacker more used to exploit Linux binaries than Windows executables) to successfully creating my own version of the program without...
Dynamic taint analysis (DTA) is widely used to detect information flow
vulnerabilities by tracking the propagation of taint tags at runtime.
However, existing DTA approaches rely on the assumption that the underlying
type system is secure. In reality is it often not the case. In this
presentation we will look at how attackers can manipulate object types and
directly alter taint labels,...
As scanning and reconnaissance grows more diverse - from public platforms like Shodan and Censys to hidden probing by botnets and bulletproof hosting services-security teams need better ways to understand who is on the other side of their network connections.
This talk will show how network fingerprinting has developed over time, starting with tools like p0f and moving up to more...
As Android continues to dominate the global mobile market, cybercriminals
increasingly target its vast user base with sophisticated malware. In this
presentation, we propose an interpretable framework for Android malware
detection that leverages language model to analyze a range of
features—including app manifests, API calls, and opcode sequences. By
integrating feature analysis...
A discussion of the OWASP ML Top 10 and OWASP LLM Top 10, and how a failure to apply these principles in 2001 A Space Odyssey, led to implementation flaws in HAL 9000, resulting in disastrous consequences for the crew.
There will be a discussion of failures to consider different aspects of both the LLM and ML top 10 during HAL's design and training phases, and the subsequent attempts to...
The difference between being reasonably able to run a security program and falling below the cyber poverty line can be one year's budget cuts, a business event, a breach, a pandemic or a war. How can we help prevent organizations from falling over the edge, or lift up those who can't even see the edge from where they are? In this session, we'll talk about new initiatives, what more is needed,...
Do you trust the embedded devices around you? Perhaps you shouldn't! Even industry giants make significant mistakes. In this presentation, we will analyse Cisco's VoIP phones, that can be found in offices, governmental buildings, and even the White House. These devices were found to have critical vulnerabilities, including easily exploitable flaws.
Fun Fact: Did you know that President...
Imagine if you could watch every step they taken… Unmasking a threat actor activity is sometime like deciphering an ancient manuscript, but what if you can see every move and control when to strike the pause.
This session is not about log analysis, or following the breadcrumbs left by an elusive adversary. It is about having a full timeline of the threat actors machine and knowing exactly...
An analysis of one case, together with an analysis of other similar campaigns identified that use malicious advertisements to distribute weaponised open-source software. A walkthrough of one case from start to finish: how the malware was distributed, how the malware worked, what indicators were found by the malware analysis, and what was the motive of the threat actor?