Past CorkSec Talk Materials

From CorkSec / DC021353 Wiki
Jump to navigation Jump to search

On this page you can find a full list of all the previous CorkSec talks, and the corresponding presentation material where available. Click the links for more detailed descriptions of the talks

Num Date Topics
100 10-2021
  • TALK 1: Strategizing Threat Intelligence - the hard way - Kaushal Parikh

The session would cover a beginner's highlight to Threat Intelligence, various majorly used frameworks to operationalise Threat Intelligence, some common pitfalls for the same and how to maximise your Threat Intelligence output.

Blockchain is sometimes considered as a promising technology looking for a problem to solve. Continuing from last months overview on Blockchain evolution - this talk explores how Ethereum can be adapted for distributed enterprise scenarios.

99 09-2021

CyberQuest is on a mission to help people impacted by the pandemic to find the best pathway to employment in Cyber Security. Part of IT@Cork Skillset, and with more details on , Neil will talk us through some of the free security courses that they offer - something for sure of interested to wider CorkSec community

Blockchain is sometimes considered as a promising technology looking for a problem to solve. This talk explores it's use to support Bitcoin and Ethereum, studies how both function and differ, looks at their crypto primitives and then explores how Ethereum can be adapted for distributed enterprise scenarios.

98 08-2021
  • Talk 1: CDK, CDK. Does what ever a CDK does! - Maurice Cronin

(To the tune of Homer Simpon's 'SpiderPig') As part of our ongoing series of AWS related talks I'll be taking a looking at AWS's Cloud Development Kit. CDK is a framework for defining Cloud Infrastructure As Code, which allows you to define infrastructure (in your language of choice) and deploying it using CloudFormation.

We'll look at how to get started with CDK, some of the pitfall's to avoid and also look at deploying some infrastructure using CDK CLI and Python.

97 07-2021
  • 8th Annual CorkSec pub quiz
96 06-2021
  • TALK 1: Intrusion Detection with Honeypots by Ian Kenefick

A honeypot is a computer system that uses 'deception' to capture adversarial activity. They can be cost effective, quick to deploy and extend, and are an excellent source of actionable threat intelligence - and thus worthy of a place in any defensive arsenal.

When exposed to the internet - honeypots can be used to capture malicious activity from the internet in the direction of your network perimeter. When placed inside a private network - honeypots can be used to capture the activities of an adversary who has already breached perimeter defences and is moving laterally (an activity synonymous with intrusions such as those leading to extortion and Ransomware).

95 05-2021

In application security vulnerability is “a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application,” according to OWASP.

A flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system's security policy.

Resilience is the ability of an organization to enable business acceleration by preparing for, responding to, and recovering from cyber threats. A cyber-resilient organization can adapt to known and unknown crises, threats, adversities, and challenges. The ultimate goal of cyber resiliency is to help an organization thrive in the face of adverse conditions.

In this talk, Joel Aleburu will be talking about a key part of designing security resilience into applications primarily by identifying security flaws in solution architectures.

  • TALK 2 : AWS - The Cloud Strikes Back! or AWS - Attack of the Clouds! by Maurice Cronin

This is the second (hence the title puns) part in our on-going introduction to AWS and what you can do with it. This month we'll look a little deeper at the Shared Security model, run some commands using the AWS CLI, explore AWS documentation and if all goes well we will standup some infrastructure using a service called CloudFormation.

94 04-2021
  • TALK 1: Sysmon for Windows Logging by Amalkanth Padinjarethottiyil Raveendran

Log management is an important part of cybersecurity. Windows operating system holds the major market share of endpoint systems and significant part of servers, does Windows event logs provide sufficient visibility into these systems? Is there an additional log monitoring supported by Microsoft? In this talk we are going to find answers for these questions and discuss how sysmon can be implemented in an enterprise environment.

  • TALK 2: Do the benefits of your social network presence REALLY outweighs the security risks? by Robert Mcardle

In the last few weeks it was disclosed that 533M Facebook records had been published on several cybercriminal forums. These records appear to be a republishing of an old data breach - but still bring up two important points - just what can an attacker do with this data, and do you REALLY want to be putting it online in the first place. In this short 10-15 min session I'll explore a bit the sort of the data thats in dumps like this, and discuss briefly what you can consider to limit your exposure to such breaches in future

93 03-2021
  • TALK 1: How to Develop a Pentesting Methodology by Artur Serra

Each pentester has their own methodologies. It's how they like to approach a problem, understand it, exploit it and post-exploit it. But the structure is (usually) the same. In this talk we are going to explore this structure, understand each step of it and walk through it together in a practical way: By live-attacking a simple vulnerable machine/application.

  • TALK 2: Launching CorkSec Slack Channel

A physical meet-up of CorkSec regulars is likely still some way off - but we thought it makes sense to keep that community going as best as we can. We are kicking off a CorkSec Slack, which is open to all regulars. A place to share news of upcoming CorkSec events, but more importantly a place to bridge the gap between each month - and share interesting Security and Technology news, go off on techie tangents and so on. The only rule is that sign up links are only available during the monthly CorkSec sessions (similar to signing up at a real physical event) - not blasted out to the full mailing list. Why Slack, why not Discord? We had thought about both - and will explain that too :)

92 02-2021
  • TALK 1 : An introduction to Amazon Web Services - Maurice Cronin

We've had a few talks recently that mentioned some Amazon Web Service (AWS) components, however we have yet to have a talk that explains what AWS is, and what can be done with it. So in this talk we'll explore what AWS is, how it started, how it's grown and look at what services it provides. We'll also try a few demos to show how you can get started with AWS.

  • TALK 2: Past Present and Future of Criminal Infrastructure - Robert McArdle

Over the course of the 2nd half of 2020 Trend Micros research team published an in-depth paper series on how Cybercriminal Infrastructure operates today. The 3 papers together form one body of research which we entitled ”The Hacker Infrastructure and Underground Hosting” . In this talk I'll give an overview of some of the key talking points, and hopefully encourage those interested in the topic to do a deeper dive :)

91 01-2021
  • TALK 1 : An introduction to Amazon Web Services - Maurice Cronin

We've had a few talks recently that mentioned some Amazon Web Service (AWS) components, however we have yet to have a talk that explains what AWS is, and what can be done with it. So in this talk we'll explore what AWS is, how it started, how it's grown and look at what services it provides. We'll also try a few demos to show how you can get started with AWS.

90 12-2020

Practical and modular implementation of a security-enabled CI/CD pipeline, using only open-source and freely available tools.

Panel: Paul Horgan, Maurice Cronin, Martins Ajayi, Akshay Satish Joshi

OSCP (Offensive Security Certification Program) is probably one of the most coveted, and hardest to get, certificates in offensive computing. In this session we will have some folks sharing their experience of trying this course and exam and what you can expect, in a mixture of slides and an AMA (Ask me Anything) format

Zoom Recoding Passcode: jnN1B*Gu

89 11-2020

As software development continues to become container obsessed, this talk offers a quick drive by of the world of containers and introduces orchestration platforms such as Kubernetes. We look at the security considerations needed at the code, container, cluster and cloud layers and look to understand common attack vectors. Continued from last months talk

The ins and outs of the development, testing and securing of a social media Content Management System

88 10-2020

Serialization is the process that is used to transfer an object in a programming language by converting it into a format (referred to as Bytestream) that can be saved locally or transferred via the network, once recieved, the bytestream is converted (deserialized) back into the object. However, without proper verification, an attacker can craft a serialized object and send it to cause the application to perform undesired operations. Since the vulnerability is run on a code level (Run as a code) the vulnerability can provide a range of attacks rather than a single exploit, it can range from performing scanning process to even perform RCE. Over time, several tools were developed to generate payloads and exploit the vulnerability, however, these tools were developed without a way to verify the success or failure of the attack. Which made exploiting insecure deserialization considerably difficult, and was not automated, Therefore, a new approach is to be introduced and developed in order to perform the attack and verify its success.

As software development continues to become container obsessed, this talk offers a quick drive by of the world of containers and introduces orchestration platforms such as Kubernetes. We look at the security considerations needed at the code, container, cluster and cloud layers and look to understand common attack vectors.

87 09-2020
  • Developing a Framework for Threat Hunting within your environment by Tony Loughnane and Michael Walsh

An overview of Threat Hunting from a Blue Team perspective. During this Cork|Sec meetup we will break down how and when you should switch your blue team focus to hunting for threats in your environment. Some methodologies and approaches on how you can use open source Threat Intelligence to enhance hunting techniques. This talk will step through the technical breaks down of how you can leverage tools like Endpoint Detection Response (EDR) and System Information Event Monitoring (SIEM) to not just hunt but create alerts to detect any potential future threats within your environment. We will also reference how you can leverage the MITRE ATT&CK framework to map out attacks and how you can use this framework to track detection coverage in your organization

  • Containerised DevSecOps, or: How I Learned to Stop Worrying and Love DevOps by Steve Giguere

The monolith to microservice movement gave a home to containerisation and the efficient use of cloud resources. This perfect storm of new technologies while enabling a new definition of velocity and efficiency has created an equally new attack surface. One that requires an approach to security which breaks down not just the silos of DevOps and Security but those within the Security teams themselves. This talk will explore how containerisation can be viewed as an opportunity for security instead of a threat to it.

86 08-2020

An iOS semi-tethered permanent jailbreak based on CheckM8, an unfixable vulnerability affecting nearly all iOS devices in Apple's secure boot model. CheckRa1n takes advantage of this vulnerability, in order to fully unlock control of the application processor, and take over the system. This talk will cover how this vulnerability works, how it came to light, and how it's used to jailbreak devices.

When Paul submitted a bug bounty report to 15 multinationals, he wasn't expecting what happened next...

85 07-2020

Market Analysts Gartner have coined yet another term: SASE (Secure Access Service Edge) It's main principle is the market convergence of Network as a Service and Network Security as a Service. But what does this mean? What business problems is this trying to resolve? How will it impact future enterprise network architecture? What are the security benefits?

84 06-2020
  • 7th Annual CorkSec pub quiz
83 05-2020

Parents are expected to oversee the use of digital devices by their children, but how can they implement this? In this talk Johannes will give a high-level overview of solutions that can be combined towards a possible solution for parents with an emphasis on open source solutions. Perhaps surprisingly, at some level, the requirements and solutions for "Parental Control" have a quite lot in common with enterprise "Acceptable Use" controls.

- Device-level restrictions (Kid's mode, Screen Time, Launcher, fevice separation) - Network-level restrictions (Pi-hole, Netguard Home) - Content-level restrictions (OPNSense, intercepting proxy, e2guardian, Squidguard, e2e encryption) - Mobile Device Management (Flyve, Headwind) - Logging, Auditing

82 04-2020

With the increasing uptake of SSL on websites our web traffic is becoming more secure - but that causes headaches if we need to analyse our traffic for any reason. One easy ( & cheap) solution is to use a RaspberryPi to run SSLSplit - so this presentation will demonstrate turning a RaspberryPi into a wireless access point capable of capturing SSL traffic and SSL session keys, and then use them to decrypt the secure traffic.

  • Security Issues and Reducing the threats by Robbie Lambert

Zoom has been rapidly deployed by many organisations to support home working. However its security record is flawed and while its addressing these issues, organisations need to deploy it carefully and with good staff guidance. The key issues are presented with recommended practices and usage settings to reduce the risks.

81 03-2020

This CorkSec was cancelled as a precautionary measure to help assist with containment of ongoing Covid-19 situation.

80 02-2020

Buffer overflows are well known in the security industry to be one among the oldest vulnerabilities that exist even today. This talk followed by a demonstration will let one understand how these vulnerabilities can be detected and exploited along with measures that can be taken to prevent and/or mitigate them. We'll cover - What is Buffer overflow ? - Short history and trends. - Computer fundamentals: Stack & Heap memory organization. - An overview of CPU registers and Assembly language. - How can stack buffer overflow vulnerability be exploited ? (Practical demonstration) - How to prevent and/mitigate these vulnerabilities.

Competitive environment, expectations of users and authorities require one to find better and more efficient solutions to securing applications. User authentication is one of the first cross cutting concerns one needs to implement and yet it is always challenging and time consuming. How do you reduce time, resources and increase security at the same time? Would you invest in your engineers or buy services of a third party authentication provider or maybe do something in between? After working on various authentication implementations starting with ad-hoc approaches to integrating with third party auth vendors there is no single answer - the devil is in the details.

79 01-2020

DevOps and cloud adoption represent significant shifts that demand dev's and security professionals to challenge their view of a defensive mindset from not only keeping attackers out, but to also assume a breach. Assume Breach does not focus on how a certain type of compromise might have occurred but instead accepts that it may happen and asks how would you know? and what would you do?

Talk will explore • Exercises that assume certain breach scenarios to help determine if a service is breach ready. • Cloud design considerations to try to restrict impact of a breach.

  • AWS Lambda and 3rd party dependencies what could go wrong? - Mark O'Sullivan

More and more development teams are adopting Serverless technologies to allow them to develop business logic at greater speed and scale without having to worry about managing underlying infrastructure.

There is a common misconception that a serverless approach will be more secure as the cloud provider handles all of that for you. While some of this is true there are still large risks that have to be managed. Also traditional security approaches focused on using endpoint/network level protections no longer apply with this new approach. If you add in the fact that a lot of development teams are now using open source 3rd party dependencies to help implement core business logic you have a very ripe attack vector that if not managed correctly could be exploited with bad consequences.

Talk will discuss: • Explain a little about Serveless (focus on AWS) • Explain a little about AWS Lambda • Talk about the AWS shared responsibility model • Give some issues with open source dependencies (focus on NPM) • Outline some potential attack vectors with what we now know • Outline some ways to mitigate attacks against your serverless architecture

78 12-2019

A covert channel is an attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by a computer security policy. Covert channels are easily used to exfiltrate data from a secure location especially over a long period of time. Generally, covert channels are usually very difficult to detect due to their ability to use existing legitimate connections hence raising as little red flags as possible. In this talk, Joel Aleburu would give an overview of Covert channels; what they are, the different types, how they function, how to detect and mitigate against them.

Poor Morty has forgotten his JuiceShop password and Grandpa Rick wants his Juice now! Can we help Morty reset his password before Rick blows everything up? Tonight, as part of our on-going CTF series, we're going to re-visit OWASP's JuiceShop and take a look at one of the tier 5 challenges - Reset Morty's Password. We'll break the problem down to identify what we do know, what we need to know solve it and then prepare the scripts needed to reset poor Morty's password.

77 11-2019

How well does Android provide privacy, what reasonable and unreasonable steps can we take to increase privacy, and what are the security implications (AOSP, GrapheneOS, /e/, LineageOS, Librem, etc.) - regular CorkSec presenter Johannes is back to cover all this for your benefit!

  • "Why we need SIEMs" by Sai Charan Goud Alligeri

In this talk we will cover: • Intro to SIEM, integration with different log sources, use cases. ( Brief insight into QRadar, USM..) • I Will give a short demo on OSSIM (recorded). • Why SIEM is also important for SMEs • Evolution of SIEM, Threat identification improvements in the recent years.

76 10-2019
  • Come CTF with us (Part 2) !! by Maurice Cronin and Dhinadhayalan Radha Krishnan

Participating in a CTF, especially an online CTF, can be an intimidating experience but CorkSec in partnership with OWASP are here to help! As promised we will have a follow on to our joint OWASP / CorkSec event from August where we gave an intro on how CTFs work, how much fun they are, and how you can take part. To round out our look into CTF - for one night only we're running an interactive CTF demo stepping through 2 or 3 of the 100 point challenges from the recent TrendMicro Raimund Genes cup. With you (the audience) navigating and Maurice and Dhina (the hosts) steering, we will work through the challenge together to get the flag and help de-mystify CTFs|-

75 09-2019
  • Malware Clustering by Ian Kenefick

• Static Malware clustering is a method for finding relationships between different files based on their structural characteristics (how a file is made up of its different components eg. a PE file, Document with/without Macros etc). • Dynamic (behaviour based) Clustering is used to find relationships between files base on how they behave at runtime. In this talk we will discuss Malware Clustering, the pros and cons of different approaches and a bit about how you can create a lab to automatically cluster files and even take signals from other researchers to source and find, analyse and cluster stuff that’s noteworthy at the time.

  • IOT in the Cybercriminal Underground by Robert McArdle

A look at all aspects of IOT attacks in the Cybercrime underground today as detailed in the recent Trend Micro paper released this week. We'll look at different regions, the attackers, motivations and predictions for the near future.

74 08-2019

This month we focused on a topic a lot of people have asked about before but many are apprehensive to try out - CTF (Capture the Flag). We started by taking people through an intro to CTF. Then Darren showed OWASP projects that allow people to quickly and easily run their own CTF events, and 1-2 challenges from this. Finally Bob had some demos of live solving of challenges from last years Trend Micro Raimund Genes cup ( By the end we hope everyone is more comfortable and ready to take on their first CTF - and as luck would have it, we have an upcoming global one to talk about :)

  • Intro to CTF - by John O'Riordan
  • OWASP CTF Projects - by Darren Fitzpatrick
  • Trend Micro Raimund Genes Cup challenge Demo - Robert McArdle
73 07-2019

In this talk, we'll go through some of the concepts of static code analysis, discuss what should be considered when using a tool and rolling it out at scale (or not). As usual, if you're looking for a silver bullet, this ain't it. However, it will help consistently catch a wide variety of issues and free versions exist for most languages. Why not use it?! To understand some of static code analysis limitations and common pitfalls, we'll use the widely used bandit on a python project!

In this session Dhina will give an overview of Burpsuite, one of leading tools for testing Web application security

72 06-2019
71 05-2019

In the beginning there was Netcat and it was good! And 23 years later it's still good. So come join us for a live demonstration of just what this awesome tool can do. The demo will include TCP/UDP port scanning, service detection, bind and reverse shells, proxying and more. We'll also talk briefly about Ncat and Socat, two modern takes on Netcat.

70 04-2019

HTTP/2 is the first major upgrade in 20 years to the protocol that is used to serve billions of web pages and web APIs. But what is HTTP/2 and how is it different than HTTP/1? Should website owners upgrade to it and what does that involve exactly? What are the security implications of this relatively new protocol? This talk will try to answer those questions and more! We'll also take a sneak peak at HTTP/3 and QUIC due to come in the next year or so, which will herald even bigger changes. I've recently published a book on the subject: HTTP/2 in Action and the publisher (Manning) has kindly offered 5 free eBook copies of that book to give out on the night for those that want to know more on the subject.

  • Vulnerabilities in the Energy and Water sector - Bob McArdle

In this talk I will give a summary of Trend Micro's findings from our research paper "Critical Infrastructures Exposed and at Risk: Energy and Water Industries" -

69 03-2019

All transactions are public in most cryptocurrencies, making it is possible to deanonymize bitcoin wallet holders and learn details about their identity and their transactions. This can be done through transaction graph analysis of on-chain transactions, and through realtime network analysis of IPs and node messages. We will discuss how deanonymization is performed, how to reduce the risk on popular networks like Bitcoin, and what alternatives exist for more anonymity in cryptos.

  • Cybersecurity in the UK, a top down view of the cybersecurity market and what we can learn from it - Austin France

The UK has a world-leading digital economy, employing over a million people and with UK businesses earning £1 in every £5 from the Internet. The cybersecurity industry that has grown up around this digital economy had a value in 2016 of £5.7 billion with £1.8 billion in exports. The UK is the biggest market for cybersecurity in Europe and the government is one of the largest customers. Irish companies are increasingly expanding in to the UK market and providing services to UK customers in the public and private sectors. Initiatives such as The EU security of Network and Information Systems (NIS) Directive seek greater cooperation among member states across Europe to improve cybersecurity. Irish companies will benefit from an understanding of the UK cybersecurity market drivers and practices. Understanding the customer and their needs will help them to win and successfully deliver services. Having consulted in cybersecurity in both public and private sectors in the UK for 20 years, I will set out a perspective on the customers in this space, products and services in demand, the skills required and the opportunities for Irish companies and jobseekers in the UK and Irish markets today. I will talk about the evolving threats and the tools practices and processes that have emerged from the ongoing investment in cybersecurity. I will talk about how large organisations achieve information assurance though systematic assessment of their business and application of controls that are proportionate and effective. I will talk about penetration testing, risk management, security architecture and compliance frameworks, how customers purchase these services and the role of the cybersecurity consultant in their delivery. There are career paths associated with each of these services and I will set out information on training and certification in this space. There are free resources out there defining good practice for cybersecurity and providing guidance to the end user as well as the consultant and I will give an overview of these resources

68 02-2019

A short voyage exploring the recent resurgence of Crypto Fraud, focusing on cryoto-jacking and wallet theft, and how even nation state threat actors decided to wet their beaks

  • "Mobile Telecoms Network Security, A Basic overview" - Robbie Lambert

This will provide a high level overview of current and evolving mobile phone networks, highlighting the threats to the networks and the users. It will focus on security issues both from outside and within mobile networks and provide an example of a previous exploit that was carried out to compromise user SIM card security

67 01-2019
  • "Cloning around" - Will Knott of Tyndall

RFID, NFC, those swipe cards are very useful to give you access to places. And to copy. We'll take a look at the cheapest options to play with.

  • "Protecting outside the box - the things you likely are not secured against" - Robert McArdle

Today we live in a wonderful world, where we put multiple layers of defence around our data - which all resides in one place, on devices we have complete control over. As a result defending against attackers has never been easier, and the worldwide security job market is expected to dry up completely by 2020. "Amazing. Every word of what you just said ... was wrong" - Luke Skywalker, Jedi Knight, 34 ABY In this talk I'll catalog several different attack scenarios based on Trend Micro's research projects. All of these will fit outside the normal ones you are likely setup pretty well to defend against - and show why there will always be novel ways for attackers to defeat defences because ... Humans.

66 12-2018

This will cover a quick intro of what a Software Defined Radio is , where to get it , how to configure the corresponding software on your laptop and then the demo with few use cases like listen to Cork Airport Weather Data , ADSB Flight Tracking , Listen to local FM Radio on laptop, Decode & Record data from local Weather Station @433MHz.

This will be a presentation on Malware lab setup and basic static and dynamic analysis of a particular malware sample, so you can see the setup in real use

65 11-2018

Continuing on with the recent series of Wireshark talks, this week we will look at some of the product features available for WiFi packet analysis. This will include a live demo where we will show hardware configuration, then an example of how a public hot spot secured with wpa2 personal could be monitored.

Cork|Sec has seen some cool DIY hardware projects and we're hoping to encourage more with tonight's presentation: Assembling an inline packet sniffer using a RaspberryPi! We'll look at what the Pi is, where to get it, setting up for headless use, configuring it for sniffing and (hopefully) test the sniffer to ensure it works. (This is an introductory level talk, so no background knowledge needed.)

64 10-2018

Capture the Flag challenges (CTF) are a fantastic way to learn and test out new skills, and are often free, or even entirely online. In this talk I'll give you an example of that by looking at an OSINT (Open Source Intelligence) CTF puzzle, and stepping through how to solve it - and the tools and techniques you would learn along the way. I'll also include tips on where you too can find your own CTF puzzles to try out - safe in the comfort of your own home :)

  • Security and End User Readiness in large scale technology projects - Robert Lambert

This talk covers the necessary activities that need to be carried out ahead of the deployment of new systems and applications in large organisations, to ensure that they work and are secure. It will cover the specific technical activities that need to be done, including Secure Network Connectivity, Client hardware/software readiness, User Access, Client Software deployment and Security Testing."

63 09-2018

An in-depth look at the packet analyzer

- how WireShark actually works - usability tips and tricks (some useful menu items and layout functionality) - re-interpreting traffic (including some ideas around TLS) - example on how WireShark can be used for reverse engineering - magic of sequencing (invaluable for troubleshooting communication problems)

Jack talked about paths for those looking to get into careers in InfoSec, followed by a Q&A session with Jack, Bob McArdle (Trend Micro), and Michelle Grant (Morgan McKinley - who can offer a recruiters perspective).

Num Date Topics
62 08-2018

Have you ever wondered what sort of traffic your system generates? Wanted to follow an HTTP connection? See an ARP request in process? Well join me for an introduction to Wireshark - where we'll explore what Wireshark is, whats it's basic functions are, demo some live packet capture, and show how it can be used to answer those questions.

  • Cybercrime in 2018 - Bob McArdle

The world is coming to an end, the internet is going to consume us all, and cybercriminals will soon steal everything thats not nailed down. Only kidding :) #FakeNews . In this talk I'll give an overview of the main categories of threats affecting the internet today, and talk a bit on where things are likely to go in the next 12 months.

61 07-2018

Given this is my first Cork Sec talk, I am going to briefly introduce myself to everyone and give a run down on my first six months working in the cyber-security field as a Threat Researcher in Cylance. Also I am going to deep dive into the modular banking trojan . The malware which has been in the wild since 2016 and even now in 2018 has a trick or two up its sleeve. I will go through how the malware works, why it is so damaging on both business and personal levels and what makes me think the bot might be adding a ransom module in the near future.

Overview of Identity and Access Management and its importance in securing organisational and personal data in organisations. How does it work and what is required for its implementation. This talk is by Robert Lambert, an independent contractor, who has worked with the design, deployment and security of large scale systems and security in the IT and Telecoms sectors.

60 06-2018
59 05-2018
  • "Parite back at my house: Spotting Viral file infector techniques, leveraging CyberChef to decipher encrypted code" - Adam Martin
  • "How many ways can I transfer thee?" - Maurice Cronin

We've all been there: Need to copy files to a remote system, but it has no FTP/SCP and you have no physical access (or you're just too lazy to get up and walk that far... Or you're trying to exfiltrate data from somewhere you're not supposed to be.... ). So what can you do? Well come join us and find out how many common programs can be used (or abused) to transfer files on Windows & Linux systems! BYOFTM - Bring your own file transfer method - Have a method you want to share? Bring it along and we'll add it to the demo!

58 04-2018

We live in an era of centralized trust of financial institutions, amazon, ebay and walled gardens. Distributed Ledgers and Blockchain promise to decentralize trust and "dis-intermediate" many of the traditional platforms, gateways and exchanges we are using everyday. When people think of "Blockchain", many will immediately think of cryptocurrencies. But the use cases, technologies and possibilities go far beyond Bitcoin and Ethereum. While public, permissionless blockchains promise anyone access to a distributed ledger and agreed state of the world, Federated Blockchains can be used by more-or-less known entities to collaborate, and they also allow control over data privacy and confidentiality. This talk will give an overview of the motivation for Distributed Ledgers, the overall technology behind them, and possible use cases from Supply Chain to Digital Assets to Programmable Money.

How does an attacker figure out a valid activation code for a piece of software without stealing or purchasing it? Or worse, how do they figure out the algorithm enabling them to create a valid activation code for anyone? If you ever asked yourself those questions, join me as I’m trying to lift the blanket

57 03-2018

How attackers bypass Registration, how not to protect your software and how to get a handle on flipping jumps!

Are your opinions really your own—or how much have they been carefully shaped until you think they are? Today’s digital connectivity makes it possible to share information like never before—traditional borders and constraints of distance simply do not exist anymore. But this same connectivity also makes it easier to manipulate the public’s perception of reality. The term “fake news” has become increasingly common in the past year—but it is only one facet of a much larger problem: the use of technology to alter public opinion, and ultimately affect the real world.

This is not a new phenomenon. At every point in human history where a new disruptive communications technology has replaced another, propaganda and manipulation flourish. Each communication method has its associated societal norms and customs, but these take time to form. What is allowed on television, radio, and print is well established—but the Internet has not reached that level of maturity yet.

I will demonstrate the techniques and methods that have been actively used to this end—and not exclusively in the field of politics. I will review the global availability and costs of such underground services, from Russia to China, Ukraine and the Middle East and demonstrate the affiliation of these activities with other Black Market commodities and services. I will discuss several techniques of identifying such campaigns by processing social media data and show how it is possible to trace those campaigns to the original perpetrators. Finally, I will walk through a number of case studies, demonstrating the links between artificially fabricated events and the executors carrying out those orders.

56 02-2018

In this talk Keith will give an overview and demonstration of the WiMonitor Basic packet sniffer followed by a look at WiNX, a multi-purpose Wi-Fi attack-defence platform. Two very nice hardware appliances for all your Wifi attack and defence needs!

Come join us at Cork|Sec 56 for a gentle introduction to Offensive Security's Penetration Testing Training with Kali Linux course! I'll explain what PWK is, what it involves, and what lessons I've learned from it so far. We'll also take a practical look at the course: A (hopefully) live demo of an enumeration and attack on one of the lab systems.

55 01-2018

This is not a sales pitch! A presentation providing a whirlwind tour through Trend Micro’s approach to security and an overview of the architecture and systems in use to provide a layered defence in depth approach. The view point is from an IT/InfoSec perspective on what we do every day to try and ensure we remain protected and the challenges we face safeguarding a very diverse and mobile workforce in Europe.

  • Threat Intelligence - Lonnie Benavides (Head of Cybersecurity Active Defense at McKesson)

Building a Threat Intelligence programme can be hard, but it doesn’t have to be! In this talk I will briefly cover a few topics and strategies that are intended to help those who are building threat intelligence into their process, or who have the basics in place and are looking to optimize. This talk will cover many cyber threat intel topics from threat feeds and cyber threat intel providers, to data management and process improvement.

54 12-2017
  • Threat Intelligence of a brute force attack: the riskypass project - Filippo Sitzia

Using the attacker to harden our defense is the ultimate strategy, but when the users influence the defense model choosing bad passwords, probability and statistics become part of the strategy. Is there any wordlist that can statistically be more effective than another during a penetration test? This talk will go through the riskypass project, a weakness scoring system for passwords that provides the most attacked passwords on the Internet and some of his outcomes

  • Q3 CyberCrime Tactics and Techniques - Helge Husemann

An overview of what MalwareBytes has seen as the key drivers and changes on the Cybercrime side in Q3 including changes to exploit kits, seasonal scams, the issue with PUP’s and an outlook for the coming months

53 11-2017
  • The Reality and Future of IOT Attacks - Bob McArdle

In the world of the media “IOT attacks” means someone hacking a car and driving you off the road, or a connected toaster burning down your house. But what is the reality of IOT attacks and exposed devices in 2017 - and where will it really go over the next 2-3 years? Trend Micro’s FTR team has now carried out several different researches in this area - and in this talk I will discuss where we see the future of IOT botnets and attacks. I will present research findings that show what sort of devices are exposed to the internet across the US and Europe - many of which are remotely accessible and unauthenticated. The compromise of these devices would certainly gain public attention, and not look out of place on a security conference stage - but most importantly we will discuss where the opportunities for CRIME and IOT overlap, not simply device hacking - for it is only when a hack has a financial or espionage benefit that it truly will be a concern for the future.

The KRACK Wifi attack has gotten a lot of press recently. In this talk I will give an overview of the attack - showing how the EAPOL handshake works. how the fast transition handover works, and how these have been exploited to perform the KRACK attack.

52 10-2017
  • Building your own USB pen testing tools - Mark O'Sullivan

As a follow on from the previous talk on USB attack vectors I will showcase some of the techniques discussed that could be used to attack systems. In the style of the A-Team and MacGyver we will build our own tools in a live demo. At the moment I have Ardunio and Raspberry Pi based tools, and am working on some more which may be ready for the talk.

The internet contains many open and openly-available datasets that can be used to gather intelligence on people and organizations. This talk will outline possible approaches to gathering such intelligence:… - what is a company working on through employee's github accounts - track when a company's website or web stack changes - build a profile of target persons from public activity (blog posts, forum posts, etc.) for targeted communication like for spear fishing

51 09-2017

Which can be a problem, because when you can do everything it can be hard to know where to start.So come along for a gentle introduction to the Metasploit Framework, where we'll explore what it is and what it can do, before running through a number of demonstrations of the framework's features. Special guest appearance by The Bomb!

If you would like access to the video recording - contact Maurice via the Meetup app

50 08-2017

In this talk we will review popular covert channel techniques and their respective mitigation techniques. We will also see how we can transfer a file through a covert channel on a freshly installed windows machine with a restricted user account.

A lot of focus is now rightly given to various logical attacks that are very prevalent, which has shifted the focus somewhat off of physical attack threats. This talk will explore some attacks that require physical access and focus on USB as an attack method. USB is the port of choice on all devices now, so it is worthwhile trying to understand threats to USB. With the increase of IoT devices there are now even more exposed and forgotten about USB ports that can be targeted for attack. A number of commercial tools that can be used to exploit USB will be discussed and possible defenses to USB attacks will also be discussed.

49 07-2017

Ransomware is no longer the new kid on the block. In fact, going back as far as 2005, Ransomware has been playing its part in the world of cybercrime. Being a relatively “easy” way for criminals to make money, it comes to no surprise that Ransomware has enjoyed great many followers in the underground over the past 11 years. Recently Ransomware has moved away from file based encryption to database encryption. In this session, we will examine some of these cases and potential ways of securing the enterprise databases.

The presentation will cover the following: - Why blockchain is important / what problems it solves - A quick walkthrough of the building blocks of this new architecture - Why its so important for security, privacy and trust - Some IoT applications and how their security can be enhanced by blockchain

48 06-2017
47 05-2017

Browser fingerprinting has been used for a long time to track "anonymous" users on the web, but recent advances and adoption of HTML5 web standards and more direct access to hardware has allowed far more intrusive and robust fingerprinting. This talk will give an overview of the techniques being used (canvas, web GL, audio, bluetooth, etc.), why this is a problem and possible practical approaches for preventing fingerprinting.

  • I've built a better (pentesting) playground, but what do I do with it now?!? - Maurice Cronin

Following on from last months talk , you've got ESXi up and running, host VMs are installed and a working network, but what do you do next?That's easy, you come along to the next Cork|Sec meetup and find out!We'll explore some of what can be done with your virtual lab:First we'll look at cloning VMs via vmkfstools and also converting OVAs to OVFs so they can be deployed to ESXi.Then we'll do some network mapping with netdiscover/nmap, ARP spoofing with Ettercap and to finish we will take over a host using Metasploit.

(While this is a follow-up to the April talk on setting up a virtual lab, you don't need to have attended that talk to benefit from this one.)

46 04-2017

The Battle of B-R5RB was a massive-scale virtual battle fought in the MMORPG space game Eve Online in 2014. The in-game cost of the losses totaled over 11 trillion InterStellar Kredit (ISK), an estimated theoretical real-world value of $300,000 to $330,000 USD and went on for almost 24 hours. This theoretical value is derived from PLEX, an item purchasable with real currency that can be redeemed either for subscription time or traded for in-game currency. The total forces involved in this single engagement of the Halloween War was 7,548 players. The best conservative guess for the total ISK lost during the Halloween War is in the 25 to 35 trillion ISK range. This relationship between in game currency and real world money is becoming more and more prevalent in video games, with other examples including gold sellers, power levelers to real money auction houses. Games are becoming more and more an investment of time and/or money and for those who do not have the time they have to resort to other methods, and out of this demand a sort of black market has grown. Bots are not being used in MMO’s like this alone, take Pokémon Go for example. The first accounts in the world to hit level 35 and level 40 were bot accounts which later revealed themselves. These bots can go under the radar and in this talk I shall talk a bit about these bots, how they work and how they can use in game glitches to quickly obtain currency/items, which is often later sold on and the effects of this.

The problem: It's tricky to find a safe, controllable environment to practice penetration testing (or malware analysis). Many of the techniques and tools used are potentially dangerous to use on your home network.

The solution: Build your own virtual test environment using ESXi and whatever hardware you, hopefully, have lying around at home.

45 03-2017

Interested to know how a piece of fruit can help with Wifi auditing, how a bath time accessory can type faster than you, and how a certain aquatic animal can help with stealthy network monitoring? This talk will make sense of the previous sentence by looking at 3 devices from Hak5;

- The Wifi Pineapple: A Wifi pentesting platform designed to make wireless network auditing simple.
- The LAN Turtle: A USB to Ethernet adapter with an embedded computer allowing for SSH access and a range of MitM attacks.
- The USB Rubber Ducky: Looks like a USB drive, acts like a keyboard. Featured on "Mr. Robot", this cool little device creates an interesting attack vector.

Dylan will give an overview of the devices and look a bit further at the USB Rubber Ducky, exploring use cases, existing payloads, and payload development.

  • "Securing C Suite meeting rooms with TCSM - Jeremiah Kelly"

TSCM (technical surveillance counter-measures) is the original US Federal government abbreviation denoting the process of bug-sweeping or electronic countersurveillance. It is related to ELINT, SIGINT and electronic countermeasures (ECM). In this talk we'll discuss some practical experience of carrying out such bug sweeps, and the tools and techniques involved

44 02-2017

OSINT, or Open Source Intelligence, is the act of gathering intelligence from public sources. I'll be running a series of talks over several months looking at the different tools available for those whose job sees them needing to attribute people online, profile people during a pen-test - or the sorts of things someone could do if they were profiling you.

This time around we focus on Facebook. With 1.86 Billion people, its very common that the target of your investigation will be on Facebook. I'll show you some lesser known approaches and tips and tricks gathered over the years. Everything shown will be done live, with no powerpoint - so bring some pens and paper if you want notes, and lets find a stray goat to sacrifice to the demo gods...

43 01-2017
  • "An Irish perspective on the LinkedIn Hack" - Danny D (~ 15 mins)

This presentation will feature a short analysis of the data released as part of the LinkedIn hack from an Irish perspective.It contains lots of infographics, statistics and a background to the event itself. The presentation doesn’t contain any content from the account dump or personally identifiable information - but will focus on the analysis of the data instead.

HTTPS is a poorly understood, complicated protocol that few SysAdmins, and even fewer Developers truly understand IMHO but which, up to now, few have had to understand. However HTTPS is changing from a "only use it if you really have to" protocol (e.g. online banking or the checkout part of e-commerce sites) to one that every website or web service should be using ALL of the time. This is being driven by a massive reduction in costs (thanks in part to initiatives like LetsEncrypt) and a push from the browsers (particularly Chrome) to only allow some features (e.g. Geolocation, HTTP/2, Service Workers... etc.). This year will see an even bigger push as certain pages are marked "insecure" on sites if served over HTTP instead of HTTPS. Additionally, after years of not changing much, the last 2-3 years have seen a huge amount of change (from SHA2, various protocol attacks, a drive for greater security and privacy in the post-Snowden world and new technologies like CT, HSTS, HPKP... etc.).

42 12-2016

A brief introduction to the tools, techniques and mindset needed to start you down the rewarding, exciting and challenging task of dissecting the malware that plagues our networks. Utilising freely available, opensource tools, we'll analyse several samples and run through the process analysts will conduct upon receiving a suspicious executable or fragment from their Incident Response team, SOC or through proactive hunting.

  • "Profile of Banking Criminal network" Bob McArdle

This talk will show the layout of banking criminal networks, with some specific examples of how they operate and the tools that they use.

41 11-2016
  • "The Dark Net, how big is the internet and what are the implications" - Ron Williams, IBM X-Force

Ron will discuss the Dark Net, what you can find there and how this affects our daily lives.

  • "The evolution of ATM Malware" - Bob McArdle, Trend Micro

Every day around €250 Million is withdrawn from over 3 million ATM machines around the world - and recently there has been a significant rise in malware attacks against them. We live in an age where if a device has a computer on board – its hackable, something Organized Crime knows all too well. And if the devices are regularly Windows XP and have a box of cash attached – well, you do not need to be a criminal genius to see why that might be attractive. In this talk I’ll describe the evolution of these threats – and why they are not going away any time soon

40 10-2016
  • Jack Baylor - Latest Topics in InfoSec discussion

Talks this month will be replaced by a more informal video and discussion evening, where we'll cover some of the latest topics in the InfoSec world, both technical and professional, and discuss how we can leverage our existing experiences and skillsets to maxamise the return on investment with this new knowledge.

39 09-2016
  • Insider Threats - Part 2 - Michelle Murphy

An Insight into the Psychological, Legal, Ethical and Deterrent Factors, which may secure an SME from an Insider Threat. What factors are relevant, with regards to reducing risk, in a ‘real world’ implementation?

  • "I see what you did there..." - Mario

A quick journey through Man-in-The-Middleing Android Apps with Mallory. See that blinking light on your router? Something is definitely going on there! Would you like to know what? Where has your data allowance gone? What about your battery? What App is going to be nominated to leave your phone next? Dare to find out!

38 08-2016
  • Cracking Enigma - Mike Costello

The idea of encoding messages for military purposes is probably as old as warfare itself. There has always been a need for sececy, just the methods have changed. One of the most infamous military encyrption devices used was the Enigma machine by the Nazi's in World War 2. Find out how this machine worked, why the Germans believed it was unbreakable and who the people were that did just that!

  • Targeted Attacks: More FUD than APT - Bob McArdle

When we think of Targeted Attacks thoughts immediately race to state-level "spy vs spy" scenarios, with weapons grade malware designed to do things like take a power plant offline. APTs are the new equivalent of the suitcase nuke from every 90's spy movie. But is that the reality, or maybe - just maybe - could it be that someone would want to specifically target your organisation, and not just because the New World Order plan to rule the future with your data. In this talk I'll layout a bit more of what I see as the reality in Targeted Attacks today drawing on several case studies, showing how the world has evolved to the stage we are at today - and finally how you can best defend your organisation from such attacks.

37 07-2016
  • Title: Malicious Documents - Guido Denzler

A brief investigation on what malicious documents are, how they are used by bad actors and what you can do to protect yourself. We will have a look at a tool that can help take these malicious documents apart and we'll be having a look at some recent samples. There will be some easy samples, some fancy ones and we'll end up looking at a truly diabolically samples.

  • Title: Exploiting Pitfalls in Software-Defined Networking Implementation - Dylan Smyth

Software-Defined Networking (SDN) offers an alternative network architecture which centralises control to a device known as a 'Controller'. This design enables low overhead when handling data flow while allowing for better management of the network traffic. SDN is well suited to environments such as Data Centres and Wide-Area Networks (WANs), but has also been considered as a candidate for IoT and campus networks. In this talk, we'll look at some new attacks against this type of network, including an ARP poisoning attack, a MitM attack, a port scan capable of bypassing certain firewall and ACL rules, as well as a DDoS attack.

36 06-2016
35 05-2016
  • Title : Learning to Learn to Teach - John Corkish

Understanding the interactions between human beings and complex computing systems is a continuous and arduous process. There are many areas of research that require a high degree of collaboration among numerous research and development communities. The communities encompass, machine learning, artificial intelligence, , and game theory. The development of ARPANET presented a milestone in technological advancement. Now, research and development communities are modelling and forging new human – machine interactions. In the context of , machine learning research is rapidly evolving with focus on the creation of resilient systems that enhance goals, threat modelling and cyber situational awareness.

  • Title: Maltego 4.0 - Sneak Peak & some fun Demos - Bob McArdle

At CorkSec we try to give some good introductory talks on many of the commonly used security tools - Nmap, Metasploit etc. One tool used heavily in the recon phase of any security assessment is the awesome Maltego. We've previously had two talks on Maltego in CorkSec 6 and 26. This time we'll show some of new, and very cool, features add in 4.0 - as well as some fun demos profiling networks and people :)

34 04-2016
  • 'Sandstorm - making it simple to securely host open source web apps' - Tom Atkins

"Personal hosting is only accessible to those with the time, money, and expertise necessary to maintain a server. Even most techies don’t bother, because it’s a pain. Sandstorm exists to fix that, making personal hosting easily accessible to everyone. In this talk I'll show how Sandstorm works and demonstrate how to create and host your own web app."

  • “The differences and niches in the different major criminal undergrounds” - Bob McArdle

Trend Micro’s FTR team has put out several criminal underground paper focusing on the cybercrime underground in various countries. Recently we looked back over our underground research over the years, and while certain things are common pretty much everywhere (hint – you’d need to be pretty poor at internet searching to not be able to buy a stolen credit card these days) - there are certain things that are unique to each country. In this talk we’ll look over each one and show what sets them apart, and makes them unique.

33 03-2016
  • MongoDB Security and NoSQL Injection - Damilare Fagbemi

MongoDB and NoSQL databases in general are quite popular in IOT solution development due to their flexibility and scalability. The lack of SQL or SQL injection doesn't mean security concerns are out of the way... unfortunately or fortunately, depending on how you lean:) In this talk, we'll take a look at NoSQL security considerations in IoT, using MongoDB. We'll cover:

- MongoDB, NoSQL & IOT
- A MongoDB Threat Analysis
- Practical demonstrations of NoSQL Db injection via NodeJS, PHP, and possibly Ruby web services.
  • Malicious Documents - Guido Denzler

A brief investigation on what malicious documents are, how they are used by bad actors and what you can do to protect yourself. We will have a look at a tool that can help take these malicious documents apart and we'll be having a look at some recent samples. There will be some easy samples, some fancy ones and we'll end up looking at a truly diabolically samples.

32 02-2016

At Blackhat Vegas 2015 two of my colleagues, Kyle Wilhoit and Stephen Hilt, presented the results of their research of attacks on Gas Pump Systems. In this talk I will go over their results, show just how exposed some of these systems are to the internet - and what attacks on Pump systems we have observed so far. Plus some live demos just for fun :)

  • Gerard Morris - An introduction to developing a game for Steam using Unity 3D.

In this talk I will give an overview of the process an Indie developer can go through to get a game onto Steam (through Greenlight) and an introduction to to one of the most popular game engines right now, Unity 3D. I teach kids in 2 different coder dojos the basics of this engine and I am currently developing a game myself using this engine. I hope to take to Greenlight in the coming months. I will also share with you a bit about my game known as Tales of a Spymaster.

31 01-2016
  • Insider Threats [Part 2] - Michelle Murphy

Following on from last months talk on Insider Threats, we have part 2 of this mini-series :) "How to secure the person, not the technology. An insight into the environmental, ethical and deterrent factors that may secure an enterprise from a psychological perspective."

  • Phishing Pen-Testing - Niall O'Farrell

Phishing attacks have changed over the past number of year, most of us are blind to the level of risk and exposure that a single attack can inflict on our company. Know your enemy, know your exposure, put your defences in place. In this talk we'll look at the preparation, execution and aftermath of previous such pen tests

30 12-2015
  • SDR (Software Defined Radio): From the ground up - Patryk Glogowski [15-20 mins]

What is Software Define Radio? What's hardware is needed What's software is needed Where is the fun with user cases.

  • Insider Threats - Michael Costello

The external threat grabs the headlines, but latest figures state that up to 40% of data loss is down to the insider threat!. How do you profile the insider threat and put in place controls to mitigate the risk? There is no one answer or a simple fix but this presentation will provide some food for thought

29 11-2015
  • “Wayward WiFi” - Paul Ryan

Ever wonder if you should be using that Café WiFi hotspot? Want to know how NOT to setup a WiFi network? Or do you just want to know what IEEE 802.11n is?

  • "Cybercrime in the Deepweb" - Bob McArdle

Trend Micro's FTR team has recently being doing some indepth research into the Cybercriminal aspects of the Deepweb - TOR, i2P, Freenet and others. Bob will present an overview of the work that others on his team have carried out - as well as explaining in general the different types of Deepweb, and how we can track them.

28 10-2015
  • Software Defined Networking (SDN) - Dylan Smyth (approx 30 mins)

Software-Defined Networking (SDN) is a concept which involves the separation of decision making and data forwarding in a computer network. In this talk, Dylan will introduce the concept of SDN and discuss both the security opportunities and challenges it presents.

  • Keylogger Investigation Case Studies - Bob McArdle (approx 30 mins)

Cheap and Popular. Not just the tagline of this speakers dating profile, but also a phrase that can describe the array of commercial keyloggers in common use today. In this talk we will look at investigations carried out by Trend Micro into various Keylogger tools - and explore the people that use them, and the whole interconnected web that links them all together.

27 09-2015

IBM® X-Force® Exchange is a free cloud-based threat intelligence sharing platform enabling users to rapidly research &share the latest global security threats, aggregate actionable intelligence and collaborate with industry peers. We will demo & show how you can contribute & talk about some of the technology behind it.

  • Privacy 101: From theory to practical examples - Mario (approx 30 mins)

A journey from hand-written privacy to the digital lack of it. A talk on privacy, threats to privacy and ways to preserve it using ToR and VPNs

26 08-2015
  • Tips on Techie FYP - Dylan Smyth (approx 25 mins)

In Dylan's Final Year Project in CIT, he scored a pretty damn impressive 100%. The project was HEATS (Hospital Emergency Alert Trafficking System). It was a system for the Bon Secours Hospital Cork to replace their current emergency alert system. There's three types of alerts in the hospital; Cardiac Arrest, Fire and Security. So the idea was to allow a member of staff in the hospital to send an alert either from a web application, a mobile app or an IP Phone. A member of an emergency response team could receive the alert via a mobile application. In this talk, Dylan will explain a bit about the project - but also use the talk to give advice to students in general on tips for doing well in their own Final Year Projects

  • Maltego 102: Maltego Cookbook - Bob McArdle (approx 45 mins)

Way back in CorkSec 6 I gave a talk on Maltego explaining the basics of the tool, and all the various functionalities in it. This time out I'm going to move beyond that - I'll be very briefly doing an overview of the tool for those who have never seen it - but spending most of the time showing lots of cool examples of things you can do by visualising OSINT data with Maltego.

25 07-2015

Computer forensics have come a long way in the last few years, and their value have expanded from the confines of internal investigations and out into the public consciousness through movies, tv shows and news items. In this talk, Jack Baylor will identify and explain some of the latest tools, techniques and environmental factors affecting the current IT Forensics landscape, concentrating within the Windows environment. Areas discussed will include: • The concepts of Forensics Image Acquisition, Preservation and Handling • Incident Response and Forensic Framework • Indicators of Compromise and Malware Detection • Volatile Data Analysis

Eoin will talk about the history of exploitation techniques and defense with a demo on basic buffer overflow

  • Mobile Phone Forensics: - Michael Walsh

A look into the ever growing area of mobile phone forensics, covering the tools and technology involved. With the prevalence in our corporate lives and recent successful prosecution of a murder based on mobile forensics this relatively new subset of IT is becoming more and more prevalent. Join Michael Walsh as he demonstrates some of the tools and equipment available in this cutting edge field, and why we as IT professionals need to add this skill to our knowledge base sooner rather than later. Demos will include an overview of the Cellebrite UFED Touch Ultimate which is a fully equipped mobile forensic tool that enables quick and easy data acquisition from more than 8,000 mobile devices, including not only cellphones, but handheld GPS units, tablets and other mobile platforms. Also reviewed will be some open source tools available on the market such as ADB (Android Debug Bridge) and LiME (formerly DMD) which is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. While also discussing some aspect of jailbreaking and rooting on Android and iPhone devices

24 06-2015
23 05-2015
  • [Security in the Cloud Jumble Email Encryption - Emmet Kearney (30 mins)]

"Email encryption is not new, and it has been available in a cumbersome way for more than 20 years to the more security conscious users. Today, it is now becoming more mainstream as it gets easier to use, particularly in light of the Snowden revelations and the increasing number of cyber-attacks. Individuals and companies now view email encryption as a critical tool to protect their privacy and their businesses. Emmet will introduce Jumble (Beta), a secure end-to-end email encryption solution that integrates with your existing email account. He will discuss the product itself and then show how the end-to-end email encryption process works hopefully stirring up some good crypto conversations."

  • Predicting disease spread with machine learning - Chris Murphy (15 mins)

Epidemia is a Web application with an interactive map and chart. This monitors and predicts the spread of a disease over time by looking at different factors which have an impact on the disease. By analysing the data from the past, we can predict the spread in the future to help form a plan to deal with it. This uses a machine learning algorithm for the prediction. By using different programming languages and frameworks along with data selected from a particular range this is possible.

  • WTFi (What The Fidelity) - John Foley (15 mins)

Finding the best spot to put the access point for your wireless network. A look at how wireless radio waves propagate through their surrounding environment and using this information to help find the ideal placement for your wireless access point.

22 04-2015
  • Inner workings of a SOC - Alex Feick

Have you ever wondered what goes on inside a Security Operations Centre? What can they do when the Internet is broken – remember ShellShock? When the latest version of Ransomware is released in the wild, what can be done if you get compromised and what can you do to try and minimize the risk? What is Active Threat Intelligence and how can it be used? Alex Feick will present a view into what it’s like to work in a SOC supporting global customers and how these topics have been shaping CyberSecurity responses.

  • Targeted attack case study - Bob McArdle

In this talk we'll look at a particular ongoing targeted attack campaign, explaining the setup of the malware, the politics involved, and how an investigator can go from indicators such as C&C, malware hashes etc - to really building up a picture of some of the possible suspects behind the attack.

21 03-2015

Content: Do you like Coffee? Of course you do - you are a techie, and caffeine is a important (read: overused) part of our daily schedule. But what if yours work's fancy coffee machine could be hacked to give you FREE coffee? In this talk Ilja will show you how using NFC you can sit back, and slug down coffee, without spending a penny. He will give an overview of HF RFID (how it works etc), why some implementations are vulnerable, and then the routine of getting the dump, followed by trying to get the data structure and mangle with it.

Look at the front door of your house, and many other buildings - what do they all have in common? In a lot of cases they rely on a simple lock to keep people out. Its amazing how much of the world's physical security is reliant on something people have been bypassing for generations. And ensuring your property is physically secure should come before just about everything else In this talk Dylan will explain the inner workings of how pin tumbler locks operate, and the common attacks against them covering topics like picking, raking and bypass

20 02-2015

Gareth will address the 80% of people who say security is an issue when considering cloud applications. In the talk he will cover two Cloud projects that BT have done with a customer using iPad, Microsoft Surface Pro, Checkpoint Endpoint, Mobile Iron, Sophos Anti-vrus, Microsoft Federation Services, Cisco Wireless LAN, Cisco Identity Services Engine and Microsoft Azure. As well as the technical aspects he will touch on security assurance.

Got a lot of free time on your hands? Fancy 3D mapping an entire City? Before you decide on doing such a crazyily involved project - its probably worth listening to the learning from Paul Lee - who has done exactly that with :)

  • - David Coallier (approx 40 mins) is a company that provide Intrusion and Data Breach detection as a service. For this talk David will explain a bit about the backend and Artifical Intelligence aspects of the system

19 01-2015

Deploying an out of band patch to a large organisation is a royal PITA :) Anthony will cover the evaluation process and how the update was released to production

  • Kerberos primer - Jack Baylor (Approx ~TBC mins)

What is Kerberos? How does it work?

  • Deep Dive on CVE-2014-6324 - Jack Baylor (Approx ~TBC mins)

Techie details on the hack itself, how it was detected, and how the patch mitigates the threat.

  • Live Q&A with Tom Maddock

Live session for folks to ask Questions of Tom

18 12-2014

In this 101 talk Vincent will explain how using the DNS Cache poisoning attack an attacker can introduce false records into a DNS server, so that all users of that server will incorrectly be redirected to malicious IPs for legitimate domains (with all sorts of nastiness arising as a result)

Got a spare RasPi sitting in the house? Or an old PC that is just sitting clogging it fans with dust. If so Dylan has a proposal - he is looking to get a couple of CorkSec folks working together to run a bunch of Honeypots (based on some of the ones on like ConPot, Kippo, Glastopf) and we can present the results at a later CorkSec. This 5 mins is a call to action :) What else where you going to do over Christmas, honestly ...

17 11-2014

Netcat is often referred to as a swiss army knife sort of tool - it can do many, many thing. It is one of the most important tools you should become very familiar with If you are a sys-admin or have ever heard of "Linux" you will most definitely have used Netcat - and be wondering why you would be bothered turning up to hear a 101 style talk on it. To help you with your decision see can you answer these questions: - Have you ever used Netcat to create a backdoor on Windows and Linux? - Have you use Netcat as a port / vulnerability scanner? - Have you ever imaged a drive over a network using netcat? - Have you used Netcat to set up 2-way relays around a network for lateral movement? If any of those questions where coming up with a No - I hope this talk will be interesting for you. NOTE: I'll also be giving lots of hands on examples in this talk, as well as one final puzzle at the end that people can work out during a 10 minute break. So if you want to join in bring along a laptop with Kali or any other format of Linux on it.

The Oculus Rift brought Virtual Reality to the tech communities attention in a big way, and is still quite cheap for what it does at about 300 Euro. But some engineers at Google decided that was not cheap enough - and built their own version with about $10 worth of cardboard and an Android phone. At CorkSec I'll bring along my own Google Cardboard frame so people can try it out. If you would like to join in all you will need is an Android phone with some apps installed on it (I may have one too). - Download the Google Cardboard App for Starters - Google for other Google Cardboard Apps that are recommended.

16 10-2014

Our first talk will be from Mike Hill (approx 30 mins). Mike presented back in CorkSec 6 about the app he is working on called SensiPass. The Android version of the app is now in customer beta and Mike will present an update and a deeper technical overview of how it works and the chalenges they encountered along the way. From Mike: “Sensipass has developed a novel 3-factor authentication platform using non-alphanumeric prompts and responses. We have facilitated it in the cloud, and have developed a native version using a novel matching engine and would like to share our journey and use cases with the group.”

This presentation looks at the results of an investigation into how custom ASIC’s have driven hashing growth. It focuses on the “difficulty” growth of the network and the corresponding energy growth with the reducing bitcoins rewarded for solving the hashing puzzle. It looks at how all these variables effect a core security process – mining.

  • An Overview of the ShellShock / Bash Vulnerability (approx 20 mins) by Daniel O'Regan
15 09-2014

Darren will introduce the concept of getting a shell through a website. This basically means remotely taking over the server on which a web application is installed. After a little theory, he will go about delivering demonstrations of this in action. Demos will include common attack vectors of this type and one recent and quite common ruby on rails specific remote exploit.

In this short talk I'll be covering: - my education and previous work experience - what courses I wish I'd covered but didn't - how I got interested initially - how I started researching and networking - how I came about working in Qualcomm - how some others broke into security (through polling others here and through talking to people on LinkedIn etc...), - what courses I intend to take in the next 1, 2 and 5 years

14 08-2014
  • Volatility Framework - Eamonn Ryan (approx 20-30 mins)

The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. It is very useful for anyone involved in malware analysis and forensics, as well as anyone pen-testing apps or attackers doing memory modifications for cracking etc.

The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are today. It is very useful for any web developers to know about these common issues, as well as pen-testers or network defenders - as they are some of the most common attacks carried out today.

13 07-2014

Arduino is the open-source hardware that is cheap, affordable and the first choice of many when it comes to building your own hardware and making everything from home automation appliances to Geigercounters. Regis will step us through some of the basics to get you started.

Darren and Fiona will give an overview of the Open Web Application Security Project

12 06-2014
11 05-2014

The RasPi is a fantastic general purpose and very cheap computer. Jim will step us through his thesis project where he set one up to be an all in one inline security device for the home.

Buying a PWNPad ( will normally cost you over $1000, but if you already have a Nexus 7 you can build one yourself. We previously looked a bit at using PwnPads when talking Wifi hacking back in November. This time I'll spend more time explaining how to set one up for around 300 euro (less if you have a Nexus) and what sort of tools it gives you access to (with plenty of demos :) )

10 04-2014
  • The fabled LOST CORKSEC. Some say it was caused by a rip in the space-time continuum, some recoil in horror at its very mention, some even say it was just cancelled as Bob was busy. Whatever the reason it has been expunged from all official records (apart from the odd CorkSec pub quiz question)
9 03-2014
8 02-2014
7 01-2014
6 12-2013
5 11-2013
4 10-2013
3 09-2013
2 08-2013
1 07-2013