home // talks

list of talks:

• SnoopCon 2019 - Marine Technology Security - The marine space offers some interesting security challenges, and this talk covered what you'd be likely to see on a connected ship.
• CapOne Nottingham Cyber Security Meetup (May 2019) - TLS 1.3 Adoption Challenges - Discussing the changes made in TLS 1.3 and the challenges of adoption in enterprise networks.
• Securi-Tay (2019) - Hardware Isn't Hard - A talk on the basics of hardware hacking needed to get started picking apart boards
• Securi-Tay (2018) - An Introduction To Binary Application Assessments - Finding, exploiting, remediating, and reporting common security issues in binary applications.
• 44CON (2017) - Secrets of the Motherboard (Shit My Chipset Says) - Weird and wonderful things I found while reading Intel chipset datasheets, and exploitation of shared SMBus to connect DIMMs directly to the internet. [synopsis + slides]
• SecuriTay (2017) - SSL/TLS Hipsterism: Finding implementation bugs outside the mainstream - More modern tooling for finding SSL/TLS configuration and implementation bugs. [synopsis + slides]
• 44CON (2016) - Saving Nostalgia - Reverse engineering an old Z80-based kids' computer and building a hardware save mod for it.
• SecuriTay V (2016) - Am I Living In A Box? - Looking into the world of VM and sandbox detection, and offering some new ideas on the subject.
• DC4420 (2015) - VM detection using ACPI tables - A hastily thrown together talk on a technique to detect VMs via the ACPI tables exposed to the system.
• 44CON (2015) - Get in the ring0 - Understanding Windows Drivers - A starter's guide to Windows drivers. "Separate your IRPs from your IRQLs, people, it's time to learn about Windows drivers. Turns out they're not magic. Who knew?"
• SecuriTay IV (2015) - We Don't Take Kindly to Your Types Around Here - Discussing object injection attacks against (de)serialisation in various languages, including C#, Java, and PHP.
• 44CON (2014) - [no title, spontaneous lightning talk] - Standing in for someone else, talking briefly about the Windows access control model in the object namespace.
• EMF Camp (2014) - "Minimal Effort Web Application Security" - Quick tips and tricks for creating more secure web applications.
• BSides London (2014) - "Breaking Binary Protocols and Bad Crypto" - Analysing cryptographic implementations and a discussion of issues found in the Citrix NetScaler
• SecuriTay III (2014) - "Breaking Crypto Without Breaking Your Brain" - Teaching practical cryptography and cryptanalysis from the ground up, without the crazy mathematics and notation.
• SecuriTay II (2013) - "Feed Me A Cat" - Issues with office hardware, SOHO routers, and embedded devices.