• Joint OWASP Cambridge & ARU Cyber May Chapter & Capture the Flag Event

    Tuesday 14th May[masked]:00 – 21:30, Compass House (COM014), Anglia Ruskin University, Cambridge, CB5 8DZ Hosted by the Cyber Security & Networking Research Group, Anglia Ruskin University, British Computer Society (BCS) Cybercrime Forensics Special Internet Group’s, UK Cyber Security Forum Cambridge Cluster and OWASP (Open Web Application Security Project) Cambridge Chapter. CTF (Capture The Flag) is a type of computer security competition. Contestants are presented with a set of challenges and puzzles which test their creativity, technical coding (and googling) skills, and problem-solving ability. Challenges usually cover a number of categories and when solved, each yields a “flag” which is submitted to a real-time scoring service. The difficulty levels are from beginner to advanced. CTF tournaments are a great and fun way for software developers to learn a wide array of application security skills in a safe and legal environment. Top scorers will win prizes kindly donated by cyber security technology vendors. Most programming languages supported. IMPORTANT: Please bring your own LAPTOP and a charger for the event. Speaker Biographies Andy Baldwin, Regional Cyber Crime Prevent Officer, ERSOU, “CyberChoices: Diverting talented and curious youngsters from Risk to Reward” Bio From a BT apprenticeship and subsequent moves, Andy installed and maintained a variety of telecommunications and building systems. He took this experience into Law Enforcement in 2004, as a technical support officer for the National Crime Squad and it’s successors. In 2015 he transferred to the National Cyber Crime Unit where he contributed to on-line investigations and later worked with partners at the National Cyber Security Centre, using threat intelligence to help make the UK’s cyber space safer. In 2017 he moved on to regional policing, where he is now a Cyber Prevent Officer, aiming to inspire youngsters to use their cyber skills ethically and legally. Aleksander Gorkowienko, Managing Consultant, Spirent, “Security of ICS/SCADA in 2019. Did we learn on our mistakes?” Bio Aleksander is an experienced professional with more than 20 years of experience in IT security in the UK and across Europe. Passionate about the benefits that modern technology can deliver, able to find the right path for businesses in rapidly changing the current cybersecurity landscape. Helping organisations across different sectors to protect their precious data, intellectual property and reputation. Aleksander is also an established trainer and security advisor, helping to build cybersecurity awareness and to protect digital identity. Aleksander is a managing consultant in Spirent Security Labs team, developing their services and capabilities in the UK and across EMEA. Abstract The talk is about exploring what the industry learned from its mistakes in the past. We shall check what the newest trends in exploitation and attacking ICS systems are, but also how industrial systems can be defended. The author will share his own reflections but also the insights and findings from his team, specialised in the security of ICS/SCADA and conducting hundreds of security assessments across the globe. Provisional Agenda 18:00 – 18:30: Registration, Pizza & Beer (Compass House Foyer/Cafe) 18:30 – 18:40 Welcome from the OWASP Cambridge Chapter Leader, Adrian Winckles, Director of Cyber Security & Networking Research Group, Anglia Ruskin University, (COM014) 18:40 – 19:10 Andy Baldwin, Regional Cyber Crime Prevent Officer, ERSOU, “CyberChoices: Diverting talented and curious youngsters from Risk to Reward” 19:10 – 19:40 Aleksander Gorkowienko, Managing Consultant, Spirent, “Security of ICS/SCADA in 2019. Did we learn on our mistakes?” 19:40 – 21:30 Capture the Flag – OWASP Challenges (Avatao) Registration Participation is free but the number of seats is strictly limited so reservation is recommended. To register for this event, please register at https://bit.ly/2ZNmGHM

  • OWASP Cambridge & ARU CSNRG Tuesday April 9th Chapter Easter Meeting 2019

    Hosted by the Cyber Security & Networking Research Group, ARU and OWASP (Open Web Application Security Project) Cambridge Chapter. Speaker Biographies Ian Glover, Presdient – CREST, “Building a Universal Cyber Security Maturity Modelling System” Abstract: • An update on the universal cyber security maturity modelling system scheduled for release this year • How will this system be used to accurately model your organisation’s cyber threat intelligence maturity level? • Understanding how your cyber maturity level will impact your threat intelligence and incident response requirements and capabilities Bio Ian Glover has thirty six years’ experience in information technology and has specialised in professional services for the last twenty eight years. Ian is the President of the CREST (GB). CREST is a not for profit organisation that promotes research and development in standards for professional technical Information Assurance practices. CREST serves the needs of an information security marketplace that requires the services of regulated and professional security professionals. Matt Lorentzen ~ Principal Security Consultant @ SpiderLabs “Sheepl – Automating People for Red and Blue Team Tradecraft” Abstract While there is a wealth of information out there about how to build environments that can be used for training, offensive tradecraft development and blue team response detection, a vital part of these environments is hard to emulate. A computer network is more than a collection of connected computer resources, it is a platform for communications and productivity between people. So the focus becomes how do you properly emulate people within a network environment? In this presentation Matt will share his research into developing more realistic user behaviour and how it can be used to improve red team and blue team tradecraft. Bio: Matt has 20 years IT industry experience working within government, military, finance, education and commercial sectors. He is a principal security consultant and penetration tester at Trustwave SpiderLabs with a focus on red team engagements. Before joining SpiderLabs, he worked with Hewlett Packard Enterprise as a CHECK Team Leader delivering penetration testing services to a global client list. Prior to HPE, Matt ran his own IT consultancy company for 7 years. Christopher Cherry - Information Security Officer Digital Investigations & Forensics, BBC, “Social Media as part of Security Operations” Discussing how Chris defined Social Media Incidents (SMI) and what they mean to the BBC and how they respond. How the BBC went from doing almost nothing at all to almost industry-leading in the sector in terms of Social Media monitoring and incident response. Sharing real examples of use-cases within the BBC and where the BBC are going with their solution in the coming months. Lastly, Chris will recommend what the next steps should be for your organisation and sign post where to go to acquire the knowledge and power to inspire the brass at the top to see the risk. Bio: Conducting Digital Investigations on behalf of the BBC Investigation Service and the Information Security team, in line with policy and legislation; ensuring BBC values are upheld Provisional Agenda 17:30 – 18:15 Registration & Refreshments (COS313) 18:15 – 18:30 Welcome from the OWASP Cambridge Chapter Leader, Adrian Winckles, Director of Cyber Security & Networking Research Group, Anglia Ruskin University (COS310) 18:30 – 19:15 Ian Glover, Presdient – CREST, “Building a Universal Cyber Security Maturity Modelling System” 19:15 – 20:00 Nou Matt Lorentzen ~ Principal Security Consultant @ SpiderLabs “Sheepl – Automating People for Red and Blue Team Tradecraft” 20:00 – 20:45 Christopher Cherry - Information Security Officer Digital Investigations & Forensics, BBC, “Social Media as part of Security Operations” 20:45 – 21:00 Roundup & Close Registration To register: https://bit.ly/2HYfuCv The meeting is in the Coslett Building

    2
  • OWASP Cambridge & ARU CSNRG March 12th Chapter Meeting 2019

    Anglia Ruskin University

    Hosted by the Cyber Security & Networking Research Group, Anglia Ruskin University and OWASP (Open Web Application Security Project) Cambridge Chapter. This evening is part of a series of evening events on raising awareness for local businesses & organisations on the issues of cyber security and cybercrime, what regulations and legislation do organisations need to be aware to protect themselves and what is considered best practice in these challenging times. Speaker Biographies Matthew Whitcombe, Global Account Director, MWR InfoSecurity “What’s wrong with penetration testing. By a penetration testing company.” Abstract: Vulnerability-centric pen testing is pretty much baked into our industry. We couldn’t do without it, but it has limitations and drawbacks. And for a lot of purposes, it’s a bit rubbish. Matthew works for a company whose past and present is rooted in pen testing. His talk will explore what’s wrong with pen testing, and describe more innovative approaches that have emerged in recent years which supplement pen testing to give organisations better security and better value for money. He’ll also outline where each approach is likely to succeed – and fail. Techniques discussed will include attack path mapping, red teaming, purple teaming, threat hunting, and continuous assurance. Bio Most of Matthew’s career has been in management consulting, and as a founding member of two technology start-ups. Since 2012 he’s been at MWR, an information security and cyber defence firm, where he’s had most fun helping highly-skilled technical specialists articulate their insights and innovations to major commercial organisations - and to business leaders who don’t necessarily live and breathe CVE numbers. To this end he’s authored papers on techniques such as red teaming, attack path mapping and continuous assurance. Jason Steer, Director – EMEA Pre-Sales, Recorded Futures, “Cyber Threat Intelligence” Abstract: TBC Bio: Jason has 20 years experience working across many aspects of information security at a senior, global and strategic levels across multiple emerging security vendors. He has strong experience of managing security projects across all sectors for a variety of government and blue chip organisations across EMEA. Jason is a communicator with strong interpersonal skills, who engages, negotiates and influences with people at all levels, across a variety of functions. Jamie Roderick, SOC Team Leader & IR Consultant, Nettitude, “Threat Hunting” Abstract: TBC Bio: Jamie is currently SOC Team Leader & Incident Response Consultant for Nettitude. He is also a Part-time Lecturer in Cyber Security for De Montford University (DMU) in Leicester. Provisional Agenda 17:30 – 18:15 Registration & Refreshments (COS313) 18:15 – 18:30 Welcome from the OWASP Cambridge Chapter Leader, Adrian Winckles, Director of Cyber Security & Networking Research Group, Anglia Ruskin University (COS310) 18:30 – 19:15 Matthew Whitcombe, Global Account Director, MWR InfoSecurity “What’s wrong with penetration testing. By a penetration testing company.” 19:15 – 20:00 Jason Steer, Director – EMEA Pre-Sales, Recorded Futures, “Cyber Threat Intelligence” 20:00 – 20:45 Jamie Roderick, SOC Team Leader & IR Consultant, Nettitude, “Threat Hunting” 20:45 – 21:00 Roundup & Close Registration To register for this free event, please register online at https://bit.ly/2UbS6o7 The meeting will be held in the Coslett Building, Room COS313 (Breakout Room COS310 for networking & refreshments). Please enter through the Helmore Building and ask at reception. Anglia Ruskin University Cambridge Campus East Road Cambridge CB1 1PT Please note that there is no parking on campus. Get further information on travelling to the university. http://www.anglia.ac.uk/ruskin/en/home/your_university/anglia_ruskin_campuses/ca mbridge_campus/find_cambridge.html

  • ARU CSNRG, OWASP Cambridge, BCS Cybercrime “Cyber Threat Intelligence Workshop”

    Provisional Agenda 10:00 – 10:30 Registration & Refreshments (COS313) 10:30 – 10:45 Welcome from the OWASP Cambridge Chapter Leader, Adrian Winckles, Director of Cyber Security & Networking Research Group, Anglia Ruskin University (COS310) 10:45 – 11:30 Nick Palmer, Technical Director, Europe, Attivo Networks “Deception technology, luxury item or life line?” 11:30 – 12:15 Alan Melia, Principal Incident Response Investigator, Investigations & Incident Response – MWR InfoSecurity, “Conducting an APT Investigation” 12:15 – 13:00 Adrian Winckles, Director of Cyber Security & Networking Research Group, Anglia Ruskin University, “Can IPFIX improve Traffic Capture Techniques for Cyber Threat Intelligence” 13:00 – 14:00 Lunch & Networking (COS310) 14:00 – 14:45 Simon Newman, Chief Strategy Officer, London Digital Security Centre 14:45 – 15:30 Verizon (TBC), Payment Security Intelligence Report 15:30 – 15:40 Roundup & Close Speaker Biographies Nick Palmer, Attivo Networks “Deception technology, luxury item or life line?” Abstract: Abstract: Is deception technology only for mature security operations or is it an effective cyber security solution to help companies mature their capabilities? Organizations continue to build their security arsenal, yet advanced threats and insiders continue to breach networks and extract valuable data. Learn how deploying decoys throughout your environment can build the bridge strengthening all the levels in your security stack. Join us for this session where you’ll hear about real-world deployment experiences, the value customers are realising, and what Red Teams are saying about deception-based threat detection. Alan Melia, MWR InfoSecurity, “Conducting an APT Investigation” Abstract How do you go about conducting an APT investigation? This talk walks through the technical details of an actual APT investigation. Tracking the investigation of the incident from detection point back across the client environment and through 9 separate compromised servers in 2 different domains and using 5 separate user accounts. Details of the process, tools and techniques used by the investigators to follow the ‘breadcrumbs’ of evidence so as to identify the entry vector, establish a containment plan followed by remediation and recovery of the client estate. While some of the details have been obfuscated, the process, tools and techniques used are very much real. Adrian Winckles/Dr Mark Graham, ARU, “Can IPFIX improve Traffic Capture Techniques for Cyber Threat Intelligence?”. Abstract IPFIX is the ratified standard for flow export. It was designed for security processes such as threat detection, overcoming the known drawbacks of network management based NetFlow. One major enhancement in IPFIX is template extensibility, allowing traffic capture at layers 3 through 7 of the OSI model. This talk introduces IPFIX and describes the creation of BotProbe - an IPFIX template specifically designed to capture botnet traffic communications from the analysis of almost 20 million botnet flows. BotProbe realises a 97% reduction in traffic volumes over traditional packet capture. Reduction of big data volumes of traffic not only opens up an opportunity to apply traffic capture in new areas such as pre-event forensics and legal traffic interception, but considerably improves traffic analysis times. Learn how IPFIX can be applied to botnet capture and other security threat detection scenarios. Registration To register for this free event, please register online at https://www.eventbrite.com/e/aru-csnrg-owasp-cambridge-bcs-cybercrime-forensics-cyber-threat-intelligence-workshop-2019-tickets-54753831183 The meeting will be held in the Coslett Building, Room COS310 (Breakout Room COS313 for networking & refreshments). Please enter through the Helmore Building and ask at reception. http://www.anglia.ac.uk/ruskin/en/home/your_university/anglia_ruskin_campuses/ca mbridge_campus/find_cambridge.html

    1
  • OWASP Cambridge Christmas Meeting – Tuesday 4th December 2018

    LAB002 - Lord Ashcroft Building

    Hosted by the Cyber Security Networking & Big Data Research Group, Anglia Ruskin University, and OWASP (Open Web Application Security Project) Cambridge Chapter. Speaker Biographies & Abstracts Guest Speaker: Matt Lorentzen ~ Principal Security Consultant @ SpiderLabs Bio: Matt has 20 years IT industry experience working within government, military, finance, education and commercial sectors. He is a principal security consultant and penetration tester at Trustwave SpiderLabs with a focus on red team engagements. Before joining SpiderLabs, he worked with Hewlett Packard Enterprise as a CHECK Team Leader delivering penetration testing services to a global client list. Abstract: “Red Teaming : From Battlefield to Bunker” Red Teaming is a fairly recent approach to delivering digital security assessments within the Information Security sector but the ethos of Red Teaming stems from the military and a successful operation is organized in the same way. In this talk I will be covering some aspects of Red Teaming to give an insight into how an operation is performed from the initial planning and preparation through to the delivery of the outcomes for the operation. I also introduce ways in which operators can maintain a constantly evolving skillset. A high level summary will introduce: ¥ Operational Infrastructure and organization ¥ Open Source Intelligence ¥ Attacking a target ¥ The importance of Reporting ¥ Skills evolution Guest Speaker: Etienne Greeff, CTO, SecureData Bio: Etienne Greeff is one of the early pioneers of the information security industry. He has spent over 20 years promoting the innovative use of technology and services to solve complex customer issues: founding, growing and successfully exiting a number of information security businesses. As CTO of SecureData, Etienne is passionate about cementing its status as a complete security services provider. He is a graduate of the University of the Witwatersrand in South Africa with a BSc in Electrical Engineering. Abstract: “Machine Learning, Cyber & Application Security” This talk isn’t a detailed technical talk and does not require prior knowledge of Artificial Intelligence (Al) & Machine Learning (ML). After introducing core AI & ML concepts this presentation takes a high level look at the state-of-the-art in machine learning and AI with respect to Cybersecurity. We will examine where ML is effective and where it isn’t effective in protecting us against those pesky hackers. I will share some practical insights in how my business uses Machine Learning to detect threats that would be difficult to detect in other ways. This presentation does not pull any punches however in debunking some myths around wild claims of how AI will automatically defend us by somehow becoming “smarter” on their own. The presentation finishes by predicting where all this may lead and the impact on application security. Guest Speaker: Michael Koczwara - Associate Director, SecOps:Purple Team , CLS Group. Bio: Michael is a Senior Cyber Security professional, involved in various Cyber Security projects, managing teams and engaging with senior management to meet objectives and maximising defences against sophisticated APT cyber attacks. He has conducted penetration tests/red/purple team engagements and cybercrime investigations. (incident response) in various FTSE100 companies/Financial Services. Agenda 17:30 – 18:15 Registration & Refreshments (LAB109) 18:15 – 18:30 Welcome from the OWASP Cambridge Chapter Leader, Adrian Winckles, Director Cyber Security Research Group, ARU 18:30 – 19:15 "Red Teaming : From Battlefield to Bunker”- Matt Lorentzen ~ Principal Security Consultant @ SpiderLabs 19:15 – 20:00 “Machine Learning, Cyber & Application Security” – Etienne Greeff, CTO, SecureData 20:00 – 20:45 “Hedge Fund Investigation Case Study” - Michael Koczwara - Associate Director, SecOps:Purple Team (Monitoring & Incident Response), CLS Group 20:45 – 21:00 Q & A & Close

  • OWASP Cambridge Autumn Chapter Meeting 6th November 2018

    LAB003 - Lord Ashcroft International Business School - Anglia Ruskin University

    Provisional Agenda 17:30 – 18:15 Registration/Refreshments (LAB006) 18:15 – 18:30 Welcome from the OWASP Cambridge Chapter Leader, Adrian Winckles, Director of Cyber Security & Networking Research Group, ARU (LAB003) 18:30 – 19:15 "A holistic view on Cyber Security in evolutionary terms (food-for-thought)" - Dr. Grigorios Fragkos, EY. 19:15 – 20:00 “OWASP Web Honeypot Project - Web Application Threat Intelligence” – Adrian Winckles, Director of CSN Research Group, ARU. 20:00 – 20:45 Speaker tbc 20:45 – 21:00 Q & A & Close Registration Please register online https://goo.gl/1ryB1s Speaker Bios/Abstracts Guest Speaker: Dr. Grigorios Fragkos (@drgfragkos), (EY) Bio: Dr. Grigorios Fragkos (aka Greg) is based in London and is currently part of the EY Cyber team in OTS/TAS, delivering excellence in a globally market-leading proposition that helps decision makers in multi-million investments to identify and quantify the risk-exposure in existing and emerging Cyber threats. With 20 years of experience, Greg has engaged with companies around the world sharing his expertise and ensuring that business entities within different sectors (such as banking, payments, maritime, defense & space) have in place security-in-depth practices against emerging Cyber threats. His background includes thought-leading security research, experience in defending mission-critical systems and leading technical security assessments, exposure to the CyberDefense department of the military and, identifying security gaps in the payments industry (fintech) while protecting high-value assets. Abstract: “A holistic view on Cyber Security in evolutionary terms (food-for-thought)” The Red Queen hypothesis, also referred to as the Red Queen effect, is an evolutionary hypothesis which proposes that organisms must constantly adapt, evolve, and proliferate not merely to gain a reproductive advantage, but also simply to survive while pitted against ever-evolving rival organisms in a continuously changing environment. Let's explore under a Cyber lens this evolutionary hypothesis in contrast to the evolving (cyber)threats and our adaptation (as professionals) to equally evolve our Cyber Resiliency capabilities (as an industry). This presentation is an opportunity to explore as professionals our security mindset and draw some personal conclusions on our Cyber Security culture in order to better ourselves. From user awareness all the way to Cyber Resilience, from developing by writing secure code to the effort it takes in breaking it, from gaps in hiring talents to hiring for the right reasons, this brief session is intended to spark a personal "eureka" moment in the mindmap of each security professional inside and outside the room. Guest Speaker: Adrian Winckles, Director of Cyber Security, Networking & Big Data Research Group, ARU Bio: Adrian Winckles is Director for the Cyber Security, Networking & Big Data Research Group and Security Researcher at Anglia Ruskin University. He is OWASP Cambridge Chapter Leader, OWASP Europe Board Member and is involved in rebooting the Cambridge Cluster of the UK Cyber Security Forum. Abstract: “OWASP Web Honeypot Project” The goal of the OWASP Honeypot Project is to identify emerging attacks against web applications by capturing intelligence on attacker activity against web applications and utilise this intelligence as ways to protect software against attacks. The honeypots in VM, Docker or small computing profiles like Raspberry Pi, employ ModSecurity based Web Application Firewall technology using OWASP’s Core Rule Set pushing intelligence data back to a console and be converted to STIX/TAXII format for threat intelligence or pushed into ELK for visualization.