[+] The Aim
The idea; a get together to share ideas, knowledge and war stories from within the IT Security industry with the overall aim of creating a local group for like minded individuals to meet on a regular basis.
In each meeting we aim to have 2 – 3 presentations lasting for 30 – 45 mins each in which anything and everything can be discussed, i.e. application, infrastructure, mobile, software and hardware security to mention a few topics. We also aim to occasionally host Capture the Flag events and Workshops during the meets as and when something ‘funky’ presents itself.
Check out the Camsec YouTube Channel– a lot of previous talks have been filmed and archived here!
[+] Upcoming Events
Location: Centre for Computing History, Cambridge
Details: Meetup group
[+] Previous Meets
Date: Wednesday 29th November 2017
Meeting Notes: @bruntonspall gave a talk on Agile Security (brief overview follows):
Agile and security aren’t normally considered good bedfellows. Agile software development tends to throw out plans, designs and specifications and just keeps changing the system over and over. How can we build software in a secure manner and have any confidence in how secure our systems are in this world? Michael argued that agile development methods can actually make systems more secure than more traditional methods, and show some tools and techniques that can be used to improve the security of systems that are built and operated using agile techniques.
Steven van der Baan demonstrated his new tool ‘Issue Finder’ – the Github repo can be found here https://github.com/vdbaan/IssueFinder
Date: Thursday 10th August 2017
Meeting Notes: @garethr talked about “Attacking CVE data with automation”.
The Common Vulnerabilities and Exposures (CVE) database provides a central list of publicly known vulnerabilities. But how can you use that data to make sure your own systems are secure? In this demo-heavy talk we explored:
* Different sources of CVE data and why they are useful (or not)
* The importance of APIs and data, over just high-level tools
* Vulnerability data for application dependencies and for operating system packages
* The importance of programming skills to security professionals in a devops world
Gareth’s tool findcve is available from Github – https://github.com/garethr/findcve
@Stealthsploit talked about “Cleartext and PtH are still alive” – Microsoft should have #TriedHarder when mitigating credential theft and lateral movement, covering both shell and GUI access
Date: Thursday 8th June 2017
Meeting Notes: @Pentestcorner talked about “Logging sensitive information through Smali injection” (slides tbc)
@Stealthsploit presented a talk on Hashcat rule efficiency and password cracking tool limitations
@Rebootuser presented “IPv6 for Pentesters” that was a rehash of the talk given at Bsides London 2017 Rookie Track
Date: Thursday 6th April 2017
Meeting Notes: @binaryheadache presented the 2nd part to his reverse engineering talk (slides follow)
@exploresecurity presented a talk on hash length extension attacks (slides follow)
@garrybodsworth presented a modified version of his talk “Security is hard – I need a cheatsheet” that he presented at Cambridge Coding Academy (slides TBC).
Date: Thursday 26th January 2017
Meeting Notes: Jordan Hrycai talked about ‘NIM’, a modern tool for interfacing and creating bare bone C programmes
I (@rebootuser) also gave a quick talk about Active Directory Delegation in a fictitious environment and how enumeration may lead to pwnage in a pentest.
@r007break finished off the meet with an interesting tale of pwnage initiated from a vishing exercise!
Date: Wednesday November 23th 2016
Meeting Notes: Unfortunately the planned talk from @commonexploits had to be cancelled at short notice due to technical difficulties. However Dan kindly sent the official 44con recording of his talk “Not only frogs can hop” that was played at the event.
A copy of his slides can be found at http://info-assure.co.uk/public_downloads/not-only-frogs-can-hop.pdf
Date: Thursday 27th October 2016
Meeting Notes: @binaryheadache presented the 1st of a two-part talk titled “Basic Assembly for Reverse Engineering”. This was the primer for his 2nd part of the talk, and just in case you missed it, the slides can be found here and we’ll be uploading the recording shortly.
I (@rebootuser) gave a very brief into into some of the cool hacks you can do with a $50 HAK5 LAN Turtle.
Date: Thursday September 29th 2016
Meeting Notes: @exploresecurity gave an excellent presentation on Excel/application hacks, see below for a link to his slides. The meeting was held at The Centre for Computing History (thanks Jason) and the main presentation was by Jerome Smith @exploresecurity, “Tricks to improve web app Excel export attacks”.