This week more than 300 NCC Group consultants and colleagues gathered in Dublin for NCC Con Europe 2016. People came from all over the world for the event, including from the Group’s European, Canadian, Australian, and even US offices.
The internal conference began with two days of training provided for around 100 of our technical security consultants. Ten training courses, developed in-house, were delivered, covering the following topics:
- Advanced exploit development
- Android application assessment
- Exploit development
- Hardware hacking
- Introduction to malware analysis
- iOS application assessment
- Network infrastructure assessment
- Reviewing Cisco devices
- Security in software development lifecycle
- X86 foundations
Following the training sessions, a further 220 NCC Group employees arrived in Dublin for a two-day schedule of talks, spanning three tracks across many disciplines within information security.
A core aim of the conference was to facilitate the formation of informal networks across teams. It was an opportunity for colleagues who work across different offices and continents to meet in person and learn new skills.
The following presentation titles taken from the conference programme show the breadth of topics covered by our technical security experts:
- Automotive Cyber Security
- Hacking the Hunted
- Docker: Security Myths, Security Legends
- Static Code Analysis: Meet the Robot That Will Replace You
- Understanding OLE Exploit Primitives
- Fuzzing with FuzzLabs
- iOS Forensics and a Little Spying
- Bon Appetit AWS
- Analysis of a Supply Chain APT
- Debugging and Reversing .NET Clients Using Free Microsoft Tools
- Exploiting Videogames: Did You Play? I PWon!
- From CSV to CMD in 1-2-3
- Testing Over IPv6 Networks
- The Great Social Engineering Assessment Problem:
Attempts to Meet the Challenges of Security Testing Human Nature
- Baseband (ZigBee) Fuzzing Environment
- Mergers and Acquisitions – The Lowdown
- How (not) to Protect Your Scripts: Reversing Obfuscated Interpreted Languages
- Software-Defined Networking Security
- A Real-World View of Attacks and Incident Response
- Remediation Options Following a Failed Pen Test
- Android StageFright Exploitation
- Bypassing Execution Arbiters
The conference was a fantastic start to 2016. Taking most of the consultancy arm out of client work for a week was a massive undertaking, but was undeniably a great and valuable investment in the continued development of our employees, many of whom really did benefit from the conference. NCC Con was an example of NCC Group’s fun and collegiate working culture, and we can’t wait for the next one.
Published date: 08 January 2016
Written by: Matt Lewis