Previous Meets

Monday, 1st April 2019 - The Beehive Inn - Venue from 18:00 - Talks from 19:00

"It might get loud! Exfiltrating data using audio interfaces" by Miguel Marques (@z0mbi3)

Data exfiltrating is often the final and most important phases of an attack as this is when the target data is actively stolen and transmitted across network boundaries. However, on restricted and isolated environments, this stage becomes more challenging as avenues for data to be transferred are drastically reduced, and it is quite common for removable storage devices to be disabled. How about using devices that are usually permitted such as sound cards to exfiltrate the data? Turning files into analogue signals is not a novel idea, modems did this many years ago... but how about using a USB soundcard to transfer files from a computer to another device? When classical methods fail, jazz it up and rock it out! (This can involve very low or high frequency sounds).

Monday, 4th March 2019 - The Beehive Inn - Venue from 18:00 - Talks from 19:00
"Analyzing Android malware with open source tools, an introduction with real world examples" by Cian Heasley (@nscrutables)

Coming up to New Years I made a sort of resolution to myself, to delve into some areas of infosec I've always been curious about, starting with Android security. Come along and see what I've learned in the past few months tinkering with suspect apks and learn a little something about static and dynamic analysis of Android malware.

Monday, 4th February 2019 - The Beehive Inn - Venue from 18:00 - Talks from 19:00
"Hunting Hard, Failing Fast, Maintaining Integrity" by Harry McLaren (@cyberharibu)

Many organisations have invested millions in building security operations teams, deploying powerful monitoring and reporting tools and then asking for continual improvement in the form of tuning, threat hunting and developing new threat models.
However, within large enterprises, these types of changes either represent a risk of making changes to a live production platform or take weeks or months to go through the development and release process or route-to-live.
This session outlines some DevOps principals and associate framework for enforcing change management, but still supporting rapid changes to code and configuration.
Discussed: Splunk, Agile, DevSecOps, git, Ansible, Docker

Wednesday, October 5th 2016 - The Glassroom - Napier University, Merchiston Campus - Venue from 18:00 - Start at 18:30

Being a pentester, an informal chat with Miguel

So Uni just started and you're excited with all the new challenges and subjects.
You might have an idea of what you want to follow but Computer Science and Information Technology is such a broad universe! What should your focus be? In fact, Information Security itself is also a tiny universe that allows for a multitude of roles and skills!
Security managers, pentesters, malware analysts, NOC/SOC personnel, social engineers, security researchers just to name a few! Will you be able to choose and how?
This will be an informal talk where Miguel will talk about his experience as a security tester to help clarify the role of a pentester in the grand scheme of things.

This will not be on our usual location or day of the week! It will be in The Glassroom at Napier University on a Wednesday.

August 2nd 2016 - The Glassroom - Napier University, Merchiston Campus - Venue from 18:00 - Start from 19:30

Solving challenges - A Collaborative Method

Following up on Lex's presentation on how he did NOT solve the SANS 2015 Holiday Hack Challenge where the audience ended up chipping in their two cents on how to continue, we thought it would be a good idea to try to complete other challenges using a collaborative effort.
Starting from basics such as "what do I need to start?" to "argh, can't make it past this last hurdle!", there should be something for everyone.
Bring your own laptop as we will try to go over a couple of challenges with explanations and discussion on each step. The challenges VM will be provided at the start of the event.
Will we be able to complete at least one?

This will not be on our usual location! It will be at The Glassroom at Napier University.

April 5th 2016 - The Beehive Inn - Venue from 19:00 - Talks from 19:30

Biometrics! Everyone is doing it, why should we?, by Miguel Marques

Biometrics have been used by humans ever since the birth of "society".
Now that machines are part of society, it makes sense that we try to teach them a thing or two about it.
What are the ramifications of this?

P.S. - This will not be a talk on how to bypass the fingerprint reader on your mobile...yet.

February 2nd 2016 - The Beehive Inn - Venue from 19:00 - Talks from 19:30

How I did not Solve the SANS 2015 Holiday Hack Challenge, by Lex Sobrinho

SANS have been running hack challenges for a number of years. Each challenge is designed for both, experts and beginners. Sometimes, in contexts where learning is the main focus, understanding the thought-process can be more beneficial than arriving at the results: beginners get exposure to how more advanced users solve these challenges, whilst more advanced geeks get to compare their thought-processes to others'; hopefully learning something new.

As 2015 was my very first live hack competition, rather than simply giving the answers to the challenge, I wanted to share my experience with trying-and-failing before each stage of the challenge, until arriving at the desired result. My intentions are to encourage beginners to take part in these challenges, and to gain insight on how more advanced users would solve the same or a different problem. This talk is delivered for the absolute beginner to follow, whilst still (hopefully) keeping the experts slightly entertained.

December 1st 2015 - The Beehive Inn - Venue from 19:00 - Talks from 19:45

David Stubley @DavidStubley

Taking the phish - We were hired to do a phishing job. We got to working, we did our share of research, we deployed the campaign, we collected results, job done. Then, the unexpected happened! This talk will describe some of the quirks and unexpected results we observed. We know what we did, but what did YOU do?

October 6th 2015 - The Beehive Inn - Venue from 19:00 - Talks from 19:45

Michael Jack @MikeyJck

Crypto Wars 2.0 - A walk through the history of modern cryptography, it's spread and subsequent scrambling by governments to control the technology. The main focus will be the renewed efforts by governments to control crypto, circa 2012 onwards, with a quick background in the first crypto wars circa 1990s. I'll finish with a more positive countermeasures section. Slides here!

June 9th 2015 - The Beehive Inn - Venue from 19:00 - Talks from 19:45

Gordon Gray @gor_zilla

Just how secure are public WiFi networks? What are the risks of doing your online banking from a coffee shop?
This talk will aim to cover the basics of local network attacks, starting with WiFi exploits and then going over a typical LAN setup to show how easily an attacker could control your network traffic and potentially even your whole computer.
Finally there'll be some discussion of the mitigations and what to be aware of to stay safe.

April 7th 2015 - The Beehive Inn - Venue from 19:00 - Talks from 19:45

Miguel Marques

Pentesters don't do programming (not very well, at least!). Programmers don't do security (usually). It doesn't need to be this way.
Miguel is going to go through OWASPs Secure Coding practices in his own words. Here's to hoping developers gain critical and basic knowledge to prevent a lot of the most common attacks on applications.
And yes, burp will be mentioned again :)

February 3rd 2015 - The Beehive Inn - Venue from 19:00 - Talks from 19:45

Lex Sobrinho

Lex is going to touch on some of the basic mathematical concepts used in modern (and to some extend ancient) cryptography such as Prime Numbers, Password Entropy Calculation and Probability Theory, with a focus on Modular Arithmetic. With that, he hopes to be able to demonstrate how the Diffie-Hellman key exchange works in practice by making use of a simple example with small integers.

December 2nd 2014 - The Beehive Inn - Venue from 19:00 - Talks from 19:45

Miguel Marques

Burp is probably the only tool Miguel refuses to test without.
He is going to try to make sense of it and show an actual example in which it could be used to find interesting information on a webapp.
Let's call it a free demo but without the commercial mumbo-jumbo.
Miguel <3's burp!

October 9th 2014 - The Beehive Inn - Venue from 19:00 - Talks from 19:45

Ross Bingham

Ross studied Digital Security, Forensics and Ethical Hacking at Glasgow Caledonian University.
This talk is about the differences he found between the course syllabus and his internship at an InfoSec company and how he ended up working for them.

Paul Mason

A few years ago Paul, an English teacher by trade, decided to try his hand at some of the cybersecurity challenges that were out there. He was rather surprised to find that he won. Not only won but had made it to a semifinal. This encouraged him to up his skill set dramatically. Following that, Paul continued to succeed in similar challenges, ending up in national and international finals, getting to meet "the spies" and ending up in Bletchley Park, beating professional scores at SANS's Netwars. This lead to a job as a penetration tester which he vowed to "give it at least a year". Paul is just about to finish his first full year in the industry and will be sharing the highs and lows of his journey, the successes and the occasional failure and revealing the secret of going from Noob to Leet in twelve months.