22 May 2019
2019#3 is is ready to rock! Vendor-free Cyber London, hosted by Capital One is held every eight weeks or so. Let us know how to make it better!
Provisional (usual and "ish") running order
18:00 Drinks, networking
19:00 Announcements and first speaker
19:50 Pizza, drinks, networking
20:10 Second speaker
21:00 Head over the road to the Craft Beer Co. to continue the conversation
The usual (and perhaps less usual) free refreshments will be available: beer, wine, soft drinks, pizza.
Speaker 1: Grant Douglas & Nikola Cucakovic
Talk Abstract: Mobile application security isn't always super exciting or challenging but when it comes to application hardening things get more interesting. These days, it is not uncommon for particular types of application to go out of their way to defend themselves at runtime. Such application types would include financial apps, multiplayer games, apps which feature DRM protected content or apps with intellectual property etc. During this talk we'll look at some of the typical controls that Android/iOS applications exhibit, how they work, how to spot them, and how to sidestep them. We’ll be demonstrating analysis and techniques using free open source tooling such as Radare, Frida, and for some parts we’ll also leverage IDA Pro. Since automation is the buzzword of the year too we’ll also be discussing how to automate some of these activities that typically take up most of the assessment window.
Bio: Both Grant Douglas & Nikola Cucakovic are at Synopsys Software Integrity Group (SIG). Grant heads up the mobile security practice, in the space for over 7 years. His particular areas of interest are in reverse engineering, application hardening, Runtime Application Self Protection (RASP), MDM, etc. Nikola Cucakovic is a security consultant specialising in mobile security with a particular focus on financial services. Nikola has worked in a number of mobile based roles including Android software engineering, security testing, and also security architecture.
Speaker 2: Chris Denbigh-White "You are not an IMPOSTER, you are a HUMAN."
Talk abstract: The term impostor syndrome is one that has become quite common. My talk will track my personal journey in realising that the term “impostor syndrome” is actually half of the problem. I will show how the term wholeheartedly misses the point and even more so takes us down a path that will not lead to confidence and inclusion. This talk will introduce the concepts of “personal asset inventory and vulnerability scanning” in order to truly understand what is really going on "under the hood." I will demonstrate some practical steps that I took that greatly helped me not only understand who I fundamentally am but also made me significantly more happy with that knowledge. When we realise that we are HUMAN then accepting that we are not an impostor is so much easier.
Bio: Chris Denbigh-White is a former police and intelligence officer. He has worked in system design and defense for both the public and private sectors. He contributes to the advisory board of the SANS Institute and assists in certification question writing for the ISC2 CISSP exam. Chris spends his days attempting to "find evil" with Jazz Networks as a Threat Hunter.