It Doesn't Have to Be That Hard: Battle of the Hardware Hacking

This September, OWASP Manchester welcomes you to two talks that smell faintly of solder, tofu, and the quiet hum of rebellion. You’re about to hear from two giants in the world of hardware hacking, people who void warranties not by accident, but as an art form: Jay Harris and Andrew Tierney.

Away from the crumbling ruins of Twitter, old legends rise again: Heroes of Hardware, Titans of Tinkering, Overlords of the Open-port. Join us as we plug in, pry open, and peer deep into the guts of the machines around us… or, you know, just learn how the masters break them?

-------------------------

Due to a corporate policy from the venue sponsor, to get into the venue & up to the event, you will need to register with your full name when signing up to the event AND show photo ID when checking in to the event on the night.

As we're still dealing with a large number of no-shows, if you don't attend without releasing your ticket, we may remove you from future events.

-------------------------

Agenda:
6:00 - Open doors & networking & drinks
6:30 - Andrew Tierney - Quick & Dirty: Getting Inside Boxes
7:15 - Refreshments (Food & Drinks & Networking)
8:00 - Jay Harris - Before the Shell: Picking Locks and Cloning Badges
9:00 - Vacate venue -> to the pub for more socialising

LOCATION
-------------------------
Booking.com
6 Goods Yard Street Manchester
M3 3BG
-------------------------

SPEAKERS

Jay Harris
Jahmel Harris is a security researcher and ethical hacker with a passion for pulling things apart - both in code and in hardware. As a director at Digital Interruption, he specialises in penetration testing, hardware hacking, and helping organisations understand the real-world impact of security flaws. He's known for making complex security concepts accessible and fun, whether he's demonstrating how everyday tech can be exploited or showing developers how to build with security in mind. Jahmel has spoken at conferences and meetups across the UK. When he's not hunting for vulnerabilities, you'll probably find him reverse-engineering gadgets, tinkering with electronics, or breaking something in the name of learning.

Before the Shell: Picking Locks and Cloning Badges
We all know that a lot of penetration testing consists of sitting in front of a computer looking at code, but the question arises; how do we get to that computer? Sometimes, it's inside a building meaning we need to break several physical barriers before we attempt to get root on the server. In this talk, we'll discuss real world attacks on physical access control systems such as locks, keyfobs and badges we use to enter buildings and demonstrate how, with the right tools, we can clone employee's badges, exploit locks and brute force wireless entry systems.

Andrew Tierney
I asked Andrew three times for a bio, gave up and got ChatGPT to write it for him…

Andrew Tierney (@cybergibbons) is a hardware hacker and security consultant at Pen Test Partners, specializing in uncovering vulnerabilities in IoT devices and embedded systems. With a background in electronics and software engineering, he bridges hardware tinkering and real-world cybersecurity.

A well-known voice in the security community, Andrew shares teardown threads and research on Twitter, speaks at conferences, and brings hardware hacking to life with hands-on demos. When not breaking connected devices, he’s often reverse-engineering them for fun — proving curiosity (and a soldering iron) are powerful security tools.

Quick & Dirty: Getting Inside Boxes

Most infrastructure testers go straight for existing public vulnerabilities or find issues in software to exploit. But what about the hardware sitting right under your nose? Routers, firewalls, booking systems, CCTV, access control, HVAC, car chargers and lighting controllers — they’re all there on site, waiting to spill the beans.

In this talk, we’ll use quick and dirty techniques that find vulnerabilities in hardware fast. We’re not talking full-blown lab teardowns — just fast, pragmatic hacks that turn “mystery boxes” into stepping-stones for deeper access.

You’ll see how a quick poke can reveal hidden backdoor accounts, how dump of flash memory hands you high-value passwords, and how a downloaded firmware with hardcoded VPN keys left an entire fleet of ships wide open.

If you’ve ever walked past a dusty box in a server room and thought, “I wonder what’s inside?” — this talk will show you why sometimes it pays to get your hands dirty.

-------------------------

SPONSORS (Thank you for supporting our community!!)
-------------------------
**Booking.com** - Venue Sponsor AND Food & Drink Sponsor
-------------------------