It's time...


Securi-Tay is an information security conference held annually at Abertay University, organised by Abertay University's Ethical Hacking Society. This year's edition will welcome over 350 attendees and marks the twelfth annual Securi-Tay, Europe's largest student-run information security conference.

Securi-Tay runs across three separate tracks and welcomes talks from both seasoned professionals and first-time speakers! Additionally, there are spaces available to host workshops in a separate workshop village throughout the day.


Securi-Tay would not be possible without the support and generosity of our sponsors; attendees will have the opportunity to network with some of our sponsors in the main exhibition space throughout the event.


This year the conference will be run on Friday 1st of March at Abertay University.

Attendees of Securi-Tay must abide by the Abertay Hackers Code of Conduct which can be found here.

Tickets are now sold out.

Sponsors


Schedule


Times Track 1 Track 2 Track 3 Workshops
0845 Registration
0945 Opening Remarks
The Committee
1000 Opening Keynote: A Journey in cybersecurity.
James Kwaan
1100 Measure Twice, Cut Once: The Importance of Lab-ing out Attack Paths
Andy Gill
Scaling Securely: Addressing Cybersecurity Challenges in Small and Medium-Sized Enterprises
Rorie Hood
Everythings Fucked and We're All Going To Die
Michael Whitehead
Container Security and Hacking with Docker and Kubernetes
Iain Smart & Rory McCune
Intro to the code compilation process
Tom Blue
1200 How I learnt to love my superpower
Daniel Walters & Ben Docherty
On the Creation of a Secure Key Enclave via the Use of Memory Isolation in Systems Management Mode
Ian Ferguson
Humans are Systems Too
John "Geo" Duncan
OT Security, IT on it's head
Callum Baston
1300 Lunch
1400 Hacking the Crown Jewels - The Mainframe!
Kev Milne & Hubert Januzewski
"Humans are the weakest link in cybersecurity" – nope, they are not. A different perspective on human factor as cyber threat.
Anna Mazurkiewicz
Orbital Breach: Theorizing Satellite Cyber Attacks and their Implications
Viktor Arato
AI can be as stupid as humans
Clara O'Callaghan
1500 Securing the Playground: Combatting Cheating in Console Video Gaming
Grant Douglas
2 Years out - X or somethings in?
Peter Captain
AI In Social Engineering, Robots Hacking Humans
Rory Smith & Sam Rutherford
Exploring 'Bytes of Insight' in Incident Response and Malware Hunting
Jinto Antony
State of the OT
Jenny
1600 Cyber Risk Quantification: Assessing Threat Actors in Real World Terms
Allan G.
The Offer of a Lifetime, for a Fee
Marc Kydd
Q&A Panel
Sarah Cunningham, Gavin, Michael Jack, Morven MacKellar. Chaired by Natalie Coull
1700 Break
1715 Fault Injection on a budget: how to cash your death in service payment
James McKee
1815 Closing Remarks
The Committee
1830 After Party
Interrupt Labs

Registration

Registration will be in the Old College Building. Follow the signs and volunteers to sign in and collect your free swag!

60 mins

Old College Building, Room 1001

Opening Remarks - The Committee

A brief welcome and introduction to the conference.

60 mins

All Tracks

Opening Keynote: A Journey in cybersecurity. - James Kwaan

We will describe the challenges and opportunities of the Lloyds banking group journey in Cybersecurity. The importance of a diverse workforce and lifelong learning to be successful in our transformational journey.

60 mins

All Tracks


About James Kwaan

Measure Twice, Cut Once: The Importance of Lab-ing out Attack Paths - Andy Gill

When I’m doing a red team, a large portion of what I do is measuring my environment and mirroring the setup so that each step is calculated. Lab each step repeatedly so the result is measured before attacking and reducing the chances of tripping things. The Blue Team is getting more innovative, deceptive technology is improving, and as important as the hacks are in a Red Team, the recommendations are just as important therefore playing through both sides in a lab comes into their own. This talk will walk you through some tooling I've written in the last year for making red teaming easier and for exploring how certain tools react when met with a mature defensive stack.

60 mins

Track 1


About Andy Gill

I am a hacker at heart, an adversarial architect, an offensive security leader, an engineer and a consultant who has always been interested in taking things apart and sometimes even putting them together again. My specialism lies with offensive security, but I can be found working both sides of the fence frequently. My interests outside of work include photography, exploring the roads of Scotland and enjoying the finer arts of life.

Scaling Securely: Addressing Cybersecurity Challenges in Small and Medium-Sized Enterprises - Rorie Hood

Navigate the distinct cybersecurity challenges encountered by small and medium-sized enterprises (SMEs), encompassing limited resources, expertise gaps, compliance intricacies, and the risks tied to off-the-shelf solutions. This presentation offers practical insights into securing SMEs, emphasizing strategies for scaling securely amid rapid growth. Join us for a straightforward discussion, providing a pragmatic approach to fortify SMEs defenses, foster a culture of cyber resilience, and effectively address the dynamic cybersecurity landscape while scaling securely.

60 mins

Track 2


About Rorie Hood

Rorie has been working with clients to address their cyber security challenges for the last decade. He is a graduate of Abertay’s Ethical Hacking degree, a previous president of its Ethical Hacking society, and a founder of the Security-Tay conference. He also appreciates it when you buy him a drink.

Everythings Fucked and We're All Going To Die - Michael Whitehead

Two immutable facts, but correlation does not imply causation. In this talk, we'll reveal why "everything's fucked" doesn't necessarily lead to "we're all going to die" in the world of vulnerability management, and why context is key to (sometimes) winning the battle.

30 mins

Track 3


About Michael Whitehead

Security professional, CTF aficionado, purveyor of the Oxford comma, but a dad first and foremost. When not doing "teh cyberz", I'll be found doing DIY, playing football, or accidentally/intentionally breaking/fixing things.

Intro to the code compilation process - Tom Blue

We'll delve into the process of how code is converted into machine code - delving into compilers, linkers, lexers, parsers etc. There will be a focus on C but the process for higher level languages would also be touched upon. After this talk, you'll come away with an understanding of what happens between writing code and compiling it, and how to leverage that knowledge to write better and more efficient code.

30 mins

Track 3


About Tom Blue

I'm a second year computer science student at Lancaster University with an interest in cybersecurity, particularly around low level stuff. I've given talks at Bsides Cambridge and Bsides Newcastle about software reverse engineering, I've also worked as an intern for two years at Digital Interruption. I'm currently trying to make my own programming language hence the talk idea!

Container Security and Hacking with Docker and Kubernetes - Iain Smart & Rory McCune

This hands-on workshop aims to give you an understanding of the security features and pitfalls of modern containerization tools like Docker and Kubernetes. We’ll cover a range of topics to build up a picture of the security options available and show practical examples of attack and defence on containerized systems.
There will be hands-on labs covering common attacks on Docker, Docker containers and Kubernetes clusters.

120 mins

Workshops


About Iain Smart & Rory McCune

Iain Smart is a former Abertay student and Hacksoc committee member, now working as a Principal Consultant with ControlPlane, where he performed offsec engagements against cloud-native deployments. He enjoys playing with new technologies, and if he's not hacking a Kubernetes cluster or attacking a build pipeline he can probably be found writing new home automations to annoy his family.
Rory has worked in the Information and IT Security arena for the last 23 years in a variety of roles in information security and penetration testing. These days he spends his work time on container and cloud native security. He is an active member of the container security community having delivered presentations at a variety of IT and Information security conferences. He has also presented at major containerization conferences and is an author of the CIS Benchmarks for Docker and Kubernetes and main author of the Mastering Container Security training course which has been delivered at numerous industry conferences including Blackhat USA. When he's not working, Rory can generally be found out walking and enjoying the scenery of the Scottish highlands.

How I learnt to love my superpower - Daniel Walters & Ben Docherty

In this talk Dan and Ben will go over their experience of dealing with their neurodiversity in the ever-changing cyber landscape. They will cover their experiences, Ideas, and coping mechanisms to always stay on the forefront of their active cyber careers. This talk will highlight how 2 people can use a skill that most view as a disability to adapt and overcome the challenges with opposite approaches. Both approaches resonate with us each as individuals as they complement the difficulties that neurodiversity can present.

60 mins

Track 1


About Daniel Walters & Ben Docherty

Dan - Dan comes from a background of response with the beginning of his career starting in in a multi-client SOC and progressing his way up to been a consultant specialising in financial clients as Adarma. Dan is an avid hiker who loves a swim in the highland lochs (even in winter). Ben - Ben comes from a background of engineering with the beginning of his in-IT Support and progressing his way up to been a engineering specialist in Sentinel for Adarma. Ben is a fire spinner, a battle bot builder, and founder of BSidesNcl and InfoSecBattleBots.

On the Creation of a Secure Key Enclave via the Use of Memory Isolation in Systems Management Mode - Ian Ferguson

Last minute talk replacement.

60 mins

Track 2


About Ian Ferguson

Humans are Systems Too - John "Geo" Duncan

Finding a job is difficult, but it doesn’t have to be! This talk covers ways to "hack" into cyber and increase your chances of progressing your career faster.
We all know that psychology and social engineering are important to understand within the cyber security landscape from a defence point of view, but you can also use them to your benefit — after all, cyber security is ultimately a people industry.
Tl;dr: the stuff uni didn’t teach me, but working did!

30 mins

Track 3


About John "Geo" Duncan

Working in information security for almost 5 years, I’ve learned to enjoy and understand the niches of human risk and psychology. I also love music and motivating others.

OT Security, IT on it's head - Callum Baston

"OT Security, IT on Its Head" is a talk that explores the unique challenges and considerations of securing Operational Technology (OT) systems, which control physical processes and devices in industries like manufacturing, energy, and transportation. Unlike traditional IT systems, OT systems prioritize availability and real-time performance, often at the expense of security. This talk will delve into why IT security strategies may not work for OT, the potential risks and consequences of OT system breaches, and how we can rethink our approach to better protect these critical systems.

30 mins

Track 3


About Callum Baston

I have a strong passion for ethical hacking and cyber security, which led me to pursue a bachelor's degree in ethical hacking from Abertay University, graduating in 2023. I now work as a OT security consultant specialising in Risk. If I'm not at a computer, you'll find me at the gym.

Hacking the Crown Jewels - The Mainframe! - Kev Milne & Hubert Januzewski

'The Mainframe' is often overlooked as a legacy system that holds little importance in today's computing world. It is certainly seen as some mystical black box that should not be touched. The lack of access to Mainframes such as the IBM zSeries often does not make it easy to conduct research on these systems that really process billions of transactions per year and hold critical and sensitive financial data.
During this talk we will give an insight into the history of Mainframes, some of their weaknesses (and strengths) and demonstrate some of the tools and exploitation techniques that can be used to assess, gain a foothold, and escalate privileges to SPECIAL. Finally, we will provide information on where to start learning about Mainframes with special attention paid to tapping into the free resources and emulators that exist out there.

60 mins

Track 1


About Kev Milne & Hubert Januzewski

Kev Milne is a technical specialist with 30 years of experience, and over 20 years of Cyber Security experience having started Pen Testing first in 1999 - then moving on to Risk Management and Cyber Risk Quantification before shifting back to Offensive Security. His job as 'Coach Kev' is to mentor, oversee and motivate the next generation of testers at NatWest whilst maintaining the Security Testing Labs. In his spare time, he is a professionally qualified Fencing Coach and has competed at Senior Level for Scotland and in 2018 became the British and Commonwealth Veterans Champion.
Hubert Januszewski is a graduate of Abertay University Ethical Hacking course and is currently part of the Offensive Security Testing Team at NatWest Bank where he conducts tests on everything from MacBooks breakout, Web Application testing, and Mainframes! Hubert's interests include CTFs, Sci-fi books, games, and mechanical keyboards. He is from Poland and his favourite food is Pasta with Strawberries and Cream!

"Humans are the weakest link in cybersecurity" – nope, they are not. A different perspective on human factor as cyber threat. - Anna Mazurkiewicz

We have all heard the popular saying about how "humans are the weakest link in security"... However, there is a lot more to it, and how repeating this statement is not necessarily beneficial to anyone. This talk will offer a fresh perspective on how humans are a strength in the ongoing battle against cyber threats, as well as will briefly touch on security culture. Prepare to challenge your preconceptions about human factor and embrace a new understanding of how people can be the biggest strength in cybersecurity

60 mins

Track 2


About Anna Mazurkiewicz

Currently a SOC Manager at Quorum Cyber, with a diverse work experience spanning across various industries and roles. Apart from being very interested in human factor in security, Anna is also a huge OSINT enthusiast, as well as enjoys learning more about anything malicious in cybersecurity.

Orbital Breach: Theorizing Satellite Cyber Attacks and their Implications - Viktor Arato

In this provocative and theoretical exploration/journey, methods of hacking satellites and their possible implications will be explained in a talk, as well as remedies to evade the issues. The talk will discuss the technical feasibilities and challenges to conduct this experiment, which is only for educational purposes.

30 mins

Track 3


About Viktor Arato

Ethical hacker and student, specialising in satellite cyber security, web application security and phishing

AI can be as stupid as humans - Clara O'Callaghan

Socially engineering people is a utilised tool for many attempts at obtaining data. Why stop at people? This talk looks at some ways an AI can be socially engineered to give you the answer you want

30 mins

Track 3


About Clara O'Callaghan

3rd year cyber security undergrad at Napier and vice president of ENUSEC. I like all things computing but specifically Linux and digital forensics. I enjoy learning about random projects that interest me at any given time

Securing the Playground: Combatting Cheating in Console Video Gaming - Grant Douglas

In the rapidly evolving world of console video gaming, the integrity of gameplay is paramount. This talk delves into the multifaceted realm of anti-cheat strategies, addressing the current landscape of threats and attacks that undermine the fairness of console games.
We begin with an exploration of the types of attacks prevalent in console gaming today, from simple tricks to sophisticated hacks.
The talk provides a high-level overview of the strategies employed to counter these threats. This includes a discussion of both technical and non-technical approaches, such as advanced software solutions, community management practices, and collaboration with game developers and hardware manufacturers.
This talk is designed to be accessible to a wide range of audiences, from technical experts in the field to gaming enthusiasts interested in the behind-the-scenes efforts that go into preserving the integrity of their favourite games. Join us to explore the cutting-edge of console game security and the ongoing battle against cheating.

60 mins

Track 1


About Grant Douglas

Grant Douglas is an Abertay Ethical Hacking alumni with a specialism in the realms of mobile security and reverse engineering. With a decade of experience, Grant decided to move forward with his own company Reconditorium, providing security consultancy services. Currently Grant spends a lot of time working on games console anti-cheat and mobile game anti-cheat. Grant has spoken at conferences throughout the world including a few talks and keynotes at Securi-Tay over the years.

2 Years out - X or somethings in? - Peter Captain

2 Years on from the (then) Vice President of hacksoc waking up in the middle of the night to the possibility that 2022’s conference might be cancelled because someone online has said WW3 has started in Ukraine, the same SOC Analyst finds himself working on the frontlines of incident response and notices their skillset lets them sleep better after scrolling through the endless deluge of deep fakes, misinformation and other deceptive articles produced by many disinformation campaigns that employ the use of bots and armies of real people alike.
This will be a light-hearted, semi-serious (and possibly educational) retrospective talk about the parallels of analysing security events and cutting through the nonsense we see online to help us to interpret what's going on behind the scenes. Developing our critical thinking ability whilst being bombarded with information is perhaps more pertinent than ever; it's 2024 and it promises to be a very busy year (see upcoming elections, ongoing conflicts - just check the trending section of your favourite social and / or news app!).

60 mins

Track 2


About Peter Captain

Peter currently works as a SOC analyst. Graduating in 2022, the once VP of Hacksoc has spent a year and a half triaging a plethora of different flavours of cybersecurity incidents. Peter enjoyed his past few Securi-Tays and has decided to come back and deliver a talk.

AI In Social Engineering, Robots Hacking Humans - Rory Smith & Sam Rutherford

Throughout history the use of social engineering has developed to become more intricate and elaborate through the use of emerging technologies. Social engineering is the act of using different methods of deception to gain access to computer systems or valuable intel. There are numerous examples of social engineering appearing throughout history such as faking letters and army commands during war time, these were incredibly basic but foundational to preparing for further attacks.
Modern social engineering can be utilised using technology, examples of this include Wagnergate and DreadPirateRoberts. More recently, developing technologies which utilise modern AI tools to orchestrate auto generated phishing, vishing and deep fakes which can all be incredibly dangerous and scandalous. Case studies for these include fraudsters using AI voice manipulation to steal £200k from a company and deepfakes being used for political disruption.
Countermeasures for these emerging technologies include elaborate and up to date staff training and anti phishing tools. The future of AI based social engineering includes more advanced AI based attacks but also allows for countermeasures to utilise AI for improvements.

30 mins

Track 3


About Rory Smith & Sam Rutherford

We're both 4th Year Ethical Hacking Students, both developed a tool for AI assisted spear phishing. (Rory) I also play in an alt rock band and enjoy a bit of photography. My favourite hacking topics include; Social engineering, CTFs (Sam) I enjoy cooking, working out, music and I participate in Smash Bros esports. My favourite hacking topics are malware analysis and social engineering.

State of the OT - Jenny

A summary of the first year of my PhD: A discussion on the current state of the art within Operational Technology and how advancements in connectivity including the rise of IoT devices, has caused an (air) gap in the literature.

30 mins

Track 3


About Jenny

Teaching Software Engineering and Researching Industrial Cybersecurity.

Exploring 'Bytes of Insight' in Incident Response and Malware Hunting - Jinto Antony

Learn the Pattern Matching techniques using YARA and how to apply them in real-life incident response cases. We'll delve into File Analysis for effective Malware Hunting, teaching you how to find important artifacts for threat detection and attribution at scale

120 mins

Workshops


About Jinto Antony

With over 17 years of experience in the field of Cyber Defense (Digital Forensics, Incident Response, Security Engineering, Threat Hunting), Jinto is currently working as a Senior Incident Response Consultant at WithSecure (formerly known as F-Secure Business) in London, UK.

Cyber Risk Quantification: Assessing Threat Actors in Real World Terms - Allan G.

Ever wondered if there's a better way to assess the risks associated with cyber attacks? Ye olde risk matrix just not doing the job?
This talk is for you!
Over the course of an hour we will discuss limitations in existing approaches to cyber risk assessment, as well as the industry accepted solutions to quantifying cyber risk. Finally, through the use of business specific cyber scenarios we will look at a different way to approach risk assessment and quantification in real-world terms, tried and tested within the bank.

60 mins

Track 1


About Allan G.

Allan is a Senior Security Tester with the NatWest Banking Group. He is an alumnus of the Abertay Ethical Hacking honours degree and served two terms on the Abertay Hackers committee. His professional interests include adversary emulation, cyber risk quantification, web application security, and development of cyber training resources.
In his free time he enjoys reading, hiking, cooking, kayaking, and implementing ridiculous home network configurations.

The Offer of a Lifetime, for a Fee - Marc Kydd

You've had the texts, the emails, the cold calls claiming you've won untold treasures - just pay a small fee and it's all yours. Now, hear the origins of one of the most devastating forms of crime we still face today. How people, businesses, and governments were duped out of millions of dollars all on the promise that billions more lay hidden in a vault in the Swiss Alps.
This is a talk about corruption, cashier's cheques, and far too many Cuban cigars. This is a talk about all reasoning and logic falling away when you're presented with the offer of a lifetime - and all for just a small fee.

60 mins

Track 2


About Marc Kydd

Marc Kydd is a PhD student working on Machine Learning and Usable Security. His research focuses on the human aspects of cyber security through using natural language processing to counter fraud and deception online.

Q&A Panel - Sarah Cunningham, Gavin, Michael Jack, Morven MacKellar. Chaired by Natalie Coull

Join us for an engaging and informative Q&A panel on cyber-security, where experts from various areas of the field converge to tackle pressing questions from attendees! this is your chance to get advice from the industry, about the industry!

60 mins

Track 3


About Sarah Cunningham, Gavin, Michael Jack, Morven MacKellar. Chaired by Natalie Coull

Sarah is the Service Director for Cyber Resilience at Daisy Corporate Services, where she specialises in Governance, Risk, and Compliance. Her day to day role involves working with various security standards, delivering training, and leading incident response tabletop exercises. Outwith her professional role, Sarah is the founder of Cyber in Schools Outreach and is a big advocate for gamification, having developed 2 educational boardgames so far.
Gavin is a Co-Founder and the Chief Information Security Officer of AmberWolf, an Attack Simulation and Risk Management consultancy, where he is also a Lead Red Team Operator. He is an experienced Red Team Operator, previously as co-lead of the UK Full Spectrum Attack Simulation practice at NCC Group where he conducted covert offensive cyber operations against mature targets, including some of the largest financial organisations in the world, Central Government and Critical National Infrastructure. Gavin graduated from Abertay in 2014 with a First-Class Honours degree in Ethical Hacking and Countermeasures and was the Vice President of HackSoc 2013-2014 where he was part of the Securi-Tay 3 organising committee. Gavin refuses to believe that was ten years ago.
Michael Jack is the Former AbertayHackers Vice Gaffer, Purveyor of macOS security & rum. War Studies postgrad Terrorism, Radicalisation & British Intelligence
Morven MacKellar is an Abertay Ethical Hacking Alumni with over 5 years of experience within the Reactive side of Security. She has previously worked as a Senior Consultant in Digital Forensics, where she had a particular interest in civil litigation work and an affinity for mobile device forensics. She is currently an internal Security Analyst at a sports betting company. Outside security, she enjoys climbing, reading, and walking with her Doberman, Mersey.
Chairing the panel is Abertay's Head of Division of Cyber Security, Natalie Coull

Fault Injection on a budget: how to cash your death in service payment - James McKee

Research targets are becoming harder & harder, lets explore using high-voltage to break into chips in weird and wonderful ways

60 mins

All Tracks


About James McKee

Closing Remarks - The Committee

A few words to conclude the day and thank everyone who made it possible

60 mins

All Tracks

After Party - Interrupt Labs

Sponsored by Interrupt Labs, join us for a few drinks and lots of awesome chat!

???

The Barrelman

Directions


The University's address is Bell Street, Dundee, Scotland, DD1 1HG.
The closest train station is Dundee Station.
The closest airports are Dundee Airport and Edinburgh Airport.
If you are driving, the closest parking lot is the multi-story Bell Street Car Park

Click for a map!