Time Speaker Talk Title Abstract
09:30 Dr B. Welcome  Welcome to Dundee’s first BSides conference
09:40 FC How I Rob Banks A light-hearted trip through security failure, both physical and electronic, that have enabled this ethical hacker and social engineer over the years to circumvent the security of most of the world’s largest banks.  Using tales from the font line and lots of visuals, Freaky Clown will attempt to take you through the lessons to be learned from an ethical hacker with a penchant for breaking into the impossible. Join him on a rollercoaster ride of epic fails and grandiose plans, and some Jason Bourne like adventures including lock picking, kidnap, police chases and multi-million-pound bank heists.
10:40 Abhinav Khanna API Security from the lens of an AppSec Engineer With the rising use of APIs in everyday work, the threats surrounding the APIs also keeps on increasing. In today's era, especially after Covid-19, normal automated scans are not enough to perform API Security Assessments. It is important to have an out of box thinking about how the API weaknesses can be avoided and what is the correct strategy for it. One way can be to make the dev team understand the thinking behind how an attacker can attack a particular API. While this strategy can be good, it is often seen that the dev team and the security team do not always come on the same page for a few issues.
The talk will include stories as example to explain OWASP Top 10 API vulnerabilities, along with the other below mentioned points:
1. Why is API Security Important?
2. What should be approach to perform API Security Assessment?
3. Discussion about a few vulnerabilities out of OWASP Top 10 for APIs
4. Recent high profile breaches related to APIs
5. What are some of the tools that can be used for API Security Assessments?
6. How to build a good DevTeam-SecTeam relationship?
11:00 Coffee break
11:20 Cian Heasley Digital Shakedown: A Brief History of Ransomware Around 40 years of history delivered in a brisk 25 minutes, you are guaranteed to leave this talk knowing things you were previously unaware of. If you've ever read the news of a high profile ransomware attack that has impacted a hospital, school, business or even national government and thought to yourself "how the hell did we get here?" then this talk is for you. We'll be going on a whistle-stop journey through the history of ransomware, starting back in the early days of the 1980s, straight through to the present day, with a little dash of speculation as to where ransomware is headed as a fully fledged industry in the future.
11:50 Joe Sarkisian Whatever Happened Last Time, It Wasn’t a Penetration Test As a penetration tester, I have lots of awkward conversations when a client has misguided assumptions about their security. One of the most awkward is when we complete our testing and have a laundry list of low-hanging fruit that needs to be fixed that previous vendors never brought up. This leads to fear, uncertainty, and doubt, often resulting in one or more of the following:  But we let you in; That’s not a realistic scenario; Our MSSP would have stopped you.  This report does not adequately reflect our environment; But we’re tracking that issue; Our report was clean last year; Why didn’t the previous vendor find this? Clearly, whoever was hired to do this last time failed to adequately explain why we do what we do. Offensive security practitioners need to do a better job at partnering with clients to enable them to make security a part of the business that helps it function better, not a cost centre that is seen as a burden. Our job is not to play gotcha, it is to help security teams build trust within their organizations that will holistically create a secure environment for all.
12:30 Lunch Break
13:30 Justin Varner Honeypot Boo Boo: Better Breach Detection with Deception Inception Breaches continue happening at unprecedented levels with huge financial impact to the global economy year after year.
Our traditional approach to breach detection that is focused on triaging alerts generated by massive amounts of data from disparate sources is not working. Adversaries know this fact and regularly benefit from it.
The average breach goes unnoticed for 287 days. That’s an ample amount of time for anyone to surreptitiously run off with the crown jewels and inflict significant damage with ramifications that include consumer privacy violations, loss of trust, steep financial penalties, and irreversible reputational damage.
We need a new approach if we’re ever going to stop the madness. Hackers also deserve a much better opponent.
This presentation discusses a different way of thinking about breach detection that is intended to reduce the number of false positives, improve alert fidelity, reduce time-to-detection, and prevent the massive level of burnout affecting our industry.
We will cover the history of breach detection, the current state of affairs, the paradigm shift to new ways of thinking about the problem, and many practical examples of how to deploy effective breach detection technology.
14:10 Callum Wilson Lulz, Lolz and Lots of Make-up:  Hacking Primetime TV News Broadcaster Whilst we all rely on internet sources for news; over the last 5 years the credibility and trust of news, especially from social media has been questionable.  We still rely on the old fashioned TV news for the big stories - but is it trustable?  Callum will take you behind the scenes of the live TV broadcast industry and show you how the technology works and also some cool hacks performed whilst investigating TV studios.
14:50 Steve Davies What is the Metaverse and what should we be doing!? What is the Metaverse, really?  As hype converts to reality what should security teams be doing?  How do we support organisations as they explore and embrace extended reality, virtual reality and whatever comes next??
15:30 Coffee Break
15:50 Dr B.
and
Scott MacKenzie
The impact of emerging technologies on the Cyber Threat landscape In the last few years, we’ve seen digital transformation take over the mindset of businesses. With there being a big push to ensure that organisations in all sectors are adopting technology that is at the forefront of innovation. And every sector from marketing to manufacturing are now undergoing some form of digitalisation. Yet in the race to adopt this technology, many organisations have failed to understand the importance of cyber security. A situation which will affect Critical National Infrastructure (CNI).
16:20 Professor Lizzie Coles-Kemp “People-centred Information Security: where it came from and why it matters” It has been more than twenty years since people-centred security entered the security technology landscape. In this talk we’ll look at why people-centred security became a part of technical security practice, how people-centred security has evolved over the last 20 years and why people-centred security matters. Using examples, we’ll examine how people-centred security is practised, and what it means for the effectiveness of security controls. The talk will conclude with a discussion about how people-centred security might evolve in the future.
17:20 Dr B. Thank you
17:30 After Party