|Simon Roses Femerling||Protect Your Apps Effectively|
|Pedro Vilaça (osxreverser)||Revisiting Mac OS X Rootkits|
|Tiago Teles||Securing Password Storage - Increasing Resistance to Brute Force Attacks|
|Tiago Balgan Henriques / Tiago Martins / João Gouveia||Realtime analysis and visualization of internet status|
|Gavin ‘Jac0byterebel’ Ewan||I’m the guy your CSO is STILL warning you about|
|Gavin Holt||NoSQL – No Security?|
|Renato Rodrigues / Leandro Braguês||The Evildroid|
|Tiago Mendo||All your sites are belong to Burp|
|Bruno Morisson||Security (A)SAP|
|Tomé Duarte||IPv6 (in)Security – what we know so far|
|Pedro Cabrita||"there is no spoon" – The art of “bending” a vulnerability with the power of mind|
|Neyolov Evgeny||Understanding the Underground Traffic Sales|
|David Stubley||Cell Injection: Attacking the Bean Counters|
|Colin McLean||Convincing your friend that a Website sucks|
|Luis Grangeia||Man vs Internet or The future of Authentication|
|Miguel Mota Veiga / André Pinheiro||All Ur Base Are Known To Us|
|David Marques||Digital Forensics on todays’ digital worlds|
Protect Your Apps Effectively
Simon Roses Fermerling
|This presentation digs into how to write secure Apps for Smartphones and avoid classic mistakes. Many Apps developers have a web background introducing the same issues so it is time to stop them. If you are an App developer this talk is for you, and if not, still come and learn about Apps security!Talk covers common bugs on major mobile platforms; Apps secure design, OWASP top ten for mobile, cross platform technologies, techniques and tools to write secure code.The Web is full of bugs so it is time to avoid those pitfalls in the mobile space by writing secure Apps and this talk is all about it.|
About the speaker:
|Simon Roses holds a B.S. from Suffolk University (Boston), Postgraduate in E-Commerce from Harvard University (Boston) and Executive MBA from IE Business School (IE, Madrid).Currently is the Founder & CEO at VULNEX, driving security innovation. Former Microsoft, PriceWaterhouseCoopers and @Stake.Simon has authored and cooperated in several security Open Source projects like OWASP Pantera and LibExploit. He has also published security advisories in commercial products.He was awarded a DARPA Cyber Fast Track (CFT) grant to research on software security.Frequent speaker at security industry events including BLACK HAT, RSA, OWASP, SOURCE. DeepSec and Microsoft Security Technets.CISSP, CEH & CSSLPBlog: www.simonroses.com|
Revisiting Mac OS X Rootkits
Pedro Vilaça (osxreverser)
|The title says it all. Some cool techniques to improve mac os x rootkits and bring fun to a subject that stopped in time since last article in Phrack, 4 years ago or something. They make it so easy to write improved OS X rootkits and solve some annoying problems that Apple imposed lately. Hopefully they should kickstart research and tools to improve rootkit defense in this platform.|
About the speaker:
|I drive a Porsche! 911 of course, because all others aren’t the real thing.
Unfortunately gas and tires are expensive so I can’t drive it all the time
In those free moments I try to mess with Mac OS X and iOS. Very few others are doing it so someone needs to be brave and step up. That brought me some fame & fortune. Some crazy Asian guys thought I could be a good presenter and introduced me to this security presentations thingy, and so here I am.
Securing Password Storage - Increasing Resistance to Brute Force Attacks
|In this talk Tiago Teles takes apart password protection scheme analyzing the attack resistance of hashes, hmacs, adaptive hashes (such as script), and encryption schemes. First, we present a threat model for password storage. Then audience members will learn the construction, performance, and protective properties of these primitives. Discussion of the primitives will be from a critical perspective modeled as an iterative secure design session.
Ultimately, this session presents the solution and code donated as part an on-going OWASP project - a OWASP PSM (password storage module). Discussion of this solution will include key techniques for hardening PSM learned through years of delivering production JavaEE code to customers...
About the speaker:
|Tiago Teles is a Technical Consultant with 7 years of experience in clients across different sectors and countries, including banking, insurance, telecommunications and commercial organizations in a variety of roles: Delivering Training, Development, Business Intelligence and Quality Assurance. For some of the talks already delivered please see: https://www.youtube.com/watch?v=CbeSXmAXBbU for more information please visit: http://nl.linkedin.com/in/tiagoteles|
Realtime analysis and visualization of internet status
Tiago Balgan Henriques / Tiago Martins / João Gouveia
|Nowadays, nearly everyday we see a new botnet going up and another one being brought down, looking at this fact the presenters of this talk decided that they needed a way to constantly know and visualize different botnet status. Then we decided we needed to go one step further, and, not only understand how they were growing or shrinking, but to also capture patterns between the different machines that have been compromised and multiple proprieties of different botnets:
After we achieved this, we decided to create a fast and useful way to use this data, so we created what we call The Cyberfeed and Project Hyperion, which we will also be doing live demos of.On the cyberfeed side you can access all of our data of all types from sinkholes, to portscans, and even honeypots and do different types of queries, allowing you to access only the data you need and want, combining all this it can provide you with useful information that can even be used in defense.On Hyperion, is where our visual modules are located, you can easily get visual geospatial information about different botnets and search for information on our portscans.
About the speakers:
|João Gouveia:João Gouveia (CTO) & Co-founder of AnubisNetworks has specialized in the IT security field for over 13 years* Deep knowledge over the broad spectrum of the IT landscape security* Focused on understanding current and future threats and align technology strategy to come up with solutions for emerging problems.* Recognized by Microsoft and others for work related to vulnerability assessment and responsible disclosure of security flaws* Over 8 years of experience designing and deploying email security platforms.Tiago Henriques:
Tiago ‘Balgan’ Henriques currently is Security Lead at Centralway located in Zurich. At the university he did some part time lecturing on a different range of topics, from Computer Security, to Networking and Cryptography. His main interests are: Cryptography, Pentesting, Information Security, Computer Security and Forensics, Vulnerability research. On his spare time, he is the leader of a security research team Portuguese Core Security (http://ptcoresec.eu). He has spoken and organized multiple conferences before. For more information check balgan.eu
Tiago Martins got his MSc in Computer Engineering at University of Lisbon in 2010 and has been working in Research and Development since 2009.
Currently he's working at AnubisNetworks where his main area of focus is Security Information and Event Management. His work involves the processing of real-time events, so that valuable information is gathered, processed and accessed on request.
Since January 2012 he is member and co-founder of PTCoreSec (http://ptcoresec.eu) where we develop some projects and share our knowledge in conferences and workshops.
I’m the guy your CSO is STILL warning you about
Gavin ‘Jac0byterebel’ Ewan
|I’m the Guy your CSO warned you about’ was not your typical social engineering talk. Out went the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In came a hard hitting account of a social engineering attack drawn from real sources but anonymised to protect the pwned.Deano, our ‘hypothetical’ bad-guy hacked and social engineered his way to cash in his pocket and no cash in your pocket, but the despite the warnings, y’all didn’t listen enough.
This talk will see our hypothetical bad guy, Deano, up the stakes and deliver the kind of aggressive attack you have all lived in fear of. No longer a phone call to get your credentials, or a rogue e-mail to direct you to a fake website, this time its personal and Deano is looking to do you REAL damage.
Still drawing on real data from anonymised sources, from the account given of this attack, attendees of the talk will see that a real social engineer doesn’t once pick up a psychology textbook. Deano will instead pose you a question – “What if Joe Bloggs on the street had access to the kind of skills and instructions to destroy all my data?”. Live in fear of Hactivism? You won’t sleep at night after meeting Deano this time.
If you want an hour of being told that ‘looking to the right makes you easier to social engineer’, go to another talk. If you want to see how the real bad guy operates, and talk about how to defend against him, then I look forward to seeing you there.
About the speaker:
|Gavin ‘Jac0byterebel’ Ewan is a ranty, shouty, sweary Scottish hacker. After selling lots of things to lots of people, he decided to get firmly into the field of information security, always having been a geek at heart.Having taken his education and training in psychology, particularly sales psychology into the field of social engineering, he is now re-writing the social engineering rulebook and chasing out the snake-oil salesmen.Already a successful speaker, Gavin has delivered talks on social engineering worldwide to various audiences.|
NoSQL – No Security?
|CouchDB, MongoDB & Neo4j are all making names for themselves in the Big Data world. But behind these buzzwords, there is a very real and often overlooked threat. NoSQL Injection. For years Web Applications developers have been working hard to ensure that their inputs are sanitized, their strings escaped and applications secure.
But as more and more web developers move away from MySQL and other relational models toward graph and key store systems, are they falling into the same pitfalls as their peers did 10 years ago?
This talk will look at Big Data, Its uses, implementations, limitations and untimely, if Developers have adopted the same attitude to NoSQL Security as they have SQL Security.
About the speaker:
|Long haired Scottish Hacker, Developer and Security Enthusiast on a mission to educate developers about best practice, the importance of not trusting users and of writing awesome, efficient and secure code .
Student at the University of Abertay Dundee and Vice President of the Abertay Ethical Hacking Society. Loves all things Web Apps and Big Data.
Renato Rodrigues and Leandro Braguês
|Smartphones are an increasingly important part of everyday life, delivering personalized services and generating information. This enormous potential is inevitably qualified by a wide variety of challenges.This talk will look specifically at the potential of using an Android within an infrastructure such as a company or a campus. It will focus on the kind of information that can be gathered from a mobile device, dealing with physical data (photos, videos and audio) and network (network mapping and data dump).The discussion will include the presentation of a security tool aimed at handling collected data and infiltrating the infrastructure – Pwn Mode. Considering the key role of privacy in this context, some strategies will be given in what regards keeping the mobile device undetected. Additionally, a close-up look at the tool and exploration of the Pwn Mode will uncover security risks, processes of exploitation and mitigation.With the generalized use of mobile devices come new responsibilities and challenges for professionals and consumers alike especially in a world of BYOD. It is expected that this talk will provide a new insight into the use of mobile devices by considering tangible opportunities of exploring their potential.|
About the speaker:
|Renato Rodrigues:Proud member of MSc in the Informatics Engineering family and starting a new path as Junior Engineer at Dognaedis.I’m always on the quest for new things and breakthroughs in pioneering fields. I'm really keen on informatics security issues and innovation. I’ve been interested in these specific areas ever since I can remember. Currently, I split my free time between exploring the Android platform and surfing some waves, whenever I get the chance.
Site: http://www.pathonproject.comLeandro Braguês:Computer Science Engineer (MSc) graduated from University of Coimbra and for the last 2 years developing projects in the computer security company Dognaedis.
I have gained experience in the areas of programming, distributed architectures, reverse engineering and presented some academic research contributions.
Within computer science, I developed a particular interest for security. Mainly due to the fact that, in this field, there’s a need to have a global vision of how the computer functions and also because it is an ongoing challenge similar to solving one puzzle after another. For these reasons, programming, in this area, comes naturally as one of my passions and fuels my workflow. I have developed applications on Android Play and made a few reversing/ security tools.
|This talk is going to be all about Burp. I will explain why is such a great tool and how it compares with similar ones.
Its going to have a quick walkthrough of its main features, but the juicy part is going to be about how to fully explore its main tools, such as the scanner, intruder and sequencer, to increase the number and type of vulnerabilities found.
In addition, I will provide an overview of the Burp Extender Interface and how to easily and quickly take advantage of extensions to increase its awesomeness. I will show how easy is for an pentester to translate an idea to a extension and (I hope) publicly release one plugin to further help pentesters.
The talks objective is to increase your efficiency while using Burp, either by taking advantage of its excellent tools or by adding that feature that really need.
About the speaker:
|Currently working for Portugal Telecom in the web security team of SAPO, the largest and most visited web portal in Portugal. During the day I wreck sites, train developers to code securely, provide all-around security consultancy and earn CPEs. Before SAPO, I spent a few years reverse engineering traffic from proprietary applications and taking caring of a countrywide network of honeypots.
I hold a Master in Information Technology/Information Security by the Carnegie Mellon University and CISSP certification. For older presentations and other info please visit http://www.linkedin.com/in/tiagomendo.
|No security conference can happen without a talk about SAP security. Achievement unlocked.This talk will cover some basic information on why you should be worried about SAP’s (in)security. I’ll also be showing 2 metasploit modules I’ve developed that can help you test SAP, and tell the short story of CVE-2013-3319 (SAP Note 1816536).|
About the speaker:
|Bruno is a partner at INTEGRITY, where he leads penetration testing engagements. With over 13 years in the industry, he’s been involved in the portuguese infosec community for as long as he can remember, having founded the portuguese chapter of the Honeynet Project, founded and still managing the only portuguese infosec mailing list Infosec-Pros-PT and is involved in the organization of monthly meetings of infosec professionals (Confraria). He was a founder and currently VP of the board of directors of the Portuguese Association for the Promotion of Information Security (AP2SI), trying to raise awareness and promoting infosec, and supporting events such as BSidesLisbon. He holds the typical industry certifications, such as the CISSP, CISSP-ISSMP, CISA and ISO27001LA, but the one he’s most proud of is the OSCP. Currently finishing his MSc in Information Security @ Royal Holloway, in his free time (what free time??) he co-organizes BSidesLisbon where he also fills in the slots for canceled talks.He likes breaking things but hates talking about himself in the 3rd person almost as much as rewriting metasploit modules that work.|
IPv6 (in)Security – what we know so far
|Look and behold, a new protocol is taking over the Internet and our corporate networks: IPv6.
The first IPv6 protocol RFC dates back to 1998, yet adoption grew at a very slow rate and significant progress has only been made in the past 3 years. We find ourselves in 2013, transitioning our computer networks to a protocol which was designed and layed out with the security principles of the 90s. Design flaws have been discovered and exploited, counter-mechanisms proposed and implemented, only to be beat again; IPv6 is still proving its worth on the security front and much work is still ongoing by security researchers around the world.
In this talk, I propose to dive into IPv6 history of adoption and (in)security, exposing what researchers around the world have been finding and what the current state of the art is regarding secure deployment issues, open RFCs and security tools support.
About the speaker:
|Tomé Duarte is a recent graduate as an MSc in Informatics Engineering from FEUP and has been playing with networks since ~2002 when he was a teen, as well as “professionally playing” with them since 2006. His thesis research focused on IPv6 transition and security, and he believes IPv6 will become increasingly relevant for security professionals in the following years as adoption grows.|
"there is no spoon" – The art of “bending” a vulnerability with the power of mind
|We will be talking about perception or reality applied to Information Security in the context of non-existent vulnerabilities. When our favorite, industry grade, expensive, automated scanner tells us: "there is no spoon"! Are we ok? Should we care? What could be done to adjust our "perception"?|
About the speaker:
|I’ve been working in Information Security, for the past 13 years, mainly for the financial sector. Three years ago, i started a new challenge joining BiAHEAD as Partner and Information Security Consultant. Since then, I have been developing consulting activities concerning several security related domains, from infrastructure, systems and applications security, to aspects related with processes, organizations and user awareness.Some specialization and interest, are: penetration tests; tactical exploitation; social engineering; security audits; code review; reverse engineering; security engineering; risk analysis.|
Understanding the Underground Traffic Sales
|This talk was born during the deep research and the analysis of the underground black markets. It explains the origin of all kinds of the illegal traffic, all its flows and targets. This is the inside look at the traffic business, which uncovers the market ecosystem. Different work schemes such as sending traffic to exploit packs, working with pay-per-install affiliate programs, malvertising, social networks fraud, redirecting mobile traffic and others will be revealed. Description of all these schemes is based on author's experiments via buying the traffic for analysing and selling it for tracking its flows. So, the presentation helps to understand how does underweb traffic sales markets work in details.|
About the speaker:
Neyolov Evgeny is IT security analyst in ERPScan.His key research interests include enterprise business application security, cybercrime analysis, forensics and anti-forensics, online gambling security, e-commerce security and anti-fraud systems.He was a speaker at some international hacker conferences (SyScan, Nullcon) with talks about cybercrime and analysis of bypassing anti-fraud of online gambling systems (poker, casino, etc).He has acknowledgements for discovered vulnerabilities from Microsoft, SAP and others.
He is organizer of ZeroNights hacker conference and of Russian Defcon Group.
Cell Injection: Attacking the Bean Counters
We’re all familiar with input and output validation and why it’s important for the overall security of web applications, but are your web application security tests focusing solely on HTML and missing the other ways in which your customers may render data?This presentation (including demo) will show you how to attack an application that has been coded to defend against common input validation, but can still result in some good old fashioned ownage and abuse of trust. Resulting in full compromise of an internal host.Cell injection occurs where a user is able to inject valid spreadsheet function calls or valid delimited values into a spread sheet via a web front end that results in unintended consequences. A number of attacks exist, from simple data pollution to more harmful calls to external sources.
As we will see from this presentation, testing should be more than just the OWASP Top 10. We need to think about the overall context of the application, the business logic in use and ultimately where and how our input is used and how it manifests as output.
About the speaker:
David is the CEO for 7 Elements Ltd, an Edinburgh based information security consultancy. David created this highly technical niche consultancy following over 13 years of experience within the technical security market, where he has gained a huge wealth of knowledge and expertise through the delivery of security testing and in the provision of technical expertise to high profile incidents. He has used this experience to develop a new thematic for assurance, that of, resilient information security assurance.His specialist skill is bridging the gap between technical teams, senior management and C-level executives, to improve the understanding, use and development of security testing. He has recently taken on the role of Strategic Cyber Security Advisor to the Scottish Government’s Resiliency Advisory Board.He has performed key roles in security programmes, aligning a risk managed security approach and business risk appetites across multiple business functions in order to provide pragmatic security solutions that met regulatory requirements. David has devised bespoke risk assessment methodologies for a number of security projects, including technical and business risk assessments aimed at understanding the risk profile for a multinational organisation.
David is an active member of the wider security industry, regularly presenting on the subject of information security and its many facets.
Convincing your friend that a website sucks
|My friend is a middle-aged single, beer drinking dude who uses the Internet for all the vices that you would expect of a single, beer drinking dude. He is not particularly security aware, especially if it gets in the way of his browsing habits.My friend posted a link on facebook to a site that I knew would lead to malware. After informing him about this, he challenged me to “prove it”. Challenge accepted. A simple test was to visit the web-site in a controlled environment. This resulted in the expected trojans, spyware and adware. So how can a geek prove to a non-geek that a web-site is not safe without actually getting them to visit the site? Surely this is easy. My first idea was to use the various on-line tools from various security web-sites assuming that they would prove the site was bad. However, I found that these on-line tools did not give the answer I expected.My talk is an entertaining insight about the “journey” I have taken in an attempt to actually prove to my friend that a web-site is “bad”..|
About the speaker:
|My claim to fame is that is 2006, I developed what I believe was the world’s first undergraduate degree with the word “Hacking” in the title. The B Sc in Ethical Hacking at Abertay University in Dundee, Scotland has since become one of the main providers of graduates to the security industry in the UK.I have been a lecturer at Abertay University for 23 years and have taught Robotics, Mechatronics, Computer Networking, Computer Programming and now Ethical Hacking. Hey, I get bored easily.On the non-academic side, I have worked with NCR, R&D Dundee, Scotland on ATM security projects since 2005 and have also worked with various Scottish companies on security issues since around that time. I have previously talked at BSides London in 2011 and 2012, BruCon 2012, E-Crime Scotland Summit 2013.As a measure of our success, four of our students talked at BSides London in 2013 and in previous years, students of mine have also talked at BruCon, GrrCon, BruCon and lots of other cons ending with the letters “con”. Notorius ex-students of mine include two of today’s speakers in Arron f1nux Finnon and Gavin Jacobyterebel Ewan. One of my current students Gavin Holt is also talking today. Our plan to take over the world is on track. As a sidenote, we are all delighted to be a part of this event|
Man vs Internet or The future of Authentication
|This talk will address a fundamental challenge in information security: Authentication, or how to establish trust between a user and their collection of devices and internet services.I will start by describing the current state of play: a regular user typically has at least one computer and a smartphone; each individual is then subscribed to tens or sometimes hundreds of Internet services which are accessed using these devices. Even these services are interconnected with trust relations, such as email accounts that receive password reset tokens. Some of these relations are not so obvious…The complexity of this arrangement is rising so fast that is getting harder for end users (and even power users) to cope with all of its security implications. Most users will not have any strategy to manage their security, using the same password for all services and devices; but even most power users such as infosec professionals make mistakes that can be exploited.I will illustrate the current scenario with a dissection of the Mat Honan hack and my own experience mapping the interconnections between my own devices and services.I will then attempt to provide a strategy to schematize and improve the level of trust between users and devices / services, analysing ad-hoc strategies by power users and provide the tools to create a personal strategy.Finally I'll look into what the future of authentication, and what this Tangled Web might bring us: mutual authentication between devices, the future of two factor, the role of social networks, location based authentication, behavior based trust, trust federation.|
About the speaker:
|I’m an information security professional working in the field for about 12 years, mostly doing security audits and pen-tests.In 2001 cofounded SideStep, one of the first portuguese companies specializing in ethical hacking. Since 2005 I’m a partner at SysValue, and am responsible for the company’s infosec auditing and pentesting services.I do information security auditing and testing to major national and European companies (retail, banking, insurance, telcos). I regularly speak about security at conferences and meetings, such as:- IBWAS 2010 https://www.owasp.org/index.php/OWASP_IBWAS10
- Codebits V (SSL – Past, Present and Future)
- Confraria da Segurança da Informação (several talks presented, https://ap2si.org/pt/confraria-si)All my recent slide decks are available at http://www.slideshare.net/lgrangeiaBack in 2004 I authored a paper in 2004 about a new DNS design weakness (http://www.sysvalue.com/ResourcesUser/docs/dns_cache_snooping.pdf). In the past century I might also have written an article about Linux Kernel Modules on Phrack Magazine (http://www.phrack.org/search.html?key=kossak), and did some hacking of Asus Graphics Cards that led to advances in breaking cablecrypt, an old encoding mechanism for Portuguese Cable Television.
Miguel Mota Veiga / André Pinheiro
|The talk will target different types of information gathering and analysis with the aim to study your target (regardless of your side of the “force”). We will cover some Opensource Tools for data mining, cross validation, social engineering, information gathering and how you can use your l33t h4xor skillz for Intelligence and to profile a target.On a more hands on approach we will present two personal projects where we have been applying the techniques described earlier.The first project will focus how can you “Know your Enemy” and how you can gain advantage over your adversary by analyzing it, studying his behavior, identify patterns, collect information and create scenarios.
We’ll show you how even with and extremely small amount of data we can learn alot about our target, gather new evidence/information, recognize his/their true motivation and, in some cases even identify our final target.
So, if you’re generating some heat, is better to keep your profile low and your guard high. The other project tries to measure the susceptibility of the portuguese population to spam and scams emails.
The project stresses out something important about information gathering: data is not always information, sometimes the process of collection information is the first step to the creation of real information.For this project we will stress the following 4 steps: data collection (gather the emails), data analysis (get the juicy information from your data), increase of information value (performing the spam test / spear phishing) and finally create a report with intelligence and the final conclusions.
About the speakers:
|Miguel Mota Veiga:
A 28 years old IT Security Professional (well, at least I’d like to think that ) with 7 years in the Security Arena with a strong background in :- Penetration Testing;
- Intrusion Analysis;
- Incident Handling;
- (H)ID/PS deployment;
- Malware Analysis;Currently employed has a Security Analyst @ Dognaedis.Presently being particularly interested in OSINT, Data Mining, Profile Analysis and Human Behaviour (and how manipulate it) for fun and profit.Curious (please, do not confuse with bicurious ) , paranoid and skeptic by default.André Pinheiro:André Pinheiro is a Dognaedis Security Consultant who studied at UC where he got his minor and master degree on Computer Engineering. He currently works at Dognaedis, as part of both the Operations and R&D teams, targeting the dangers of publicly available information (either technical or business related) and the implications it can bear to the organizations. As a relevant part of his research he measures and assesses how the personal information can represent an attack vector to organisations. From the operation point of view, he also integrates the Incident Handling and Security Operation Center teams.
|What is Digital Forensics and why it plays an important role in today’s investigations. What are we suppose to do and what are we not suppose to do in order to validate our evidence in court. How to extract evidence in a forensically sound manner. Does the law (PT and abroad) help us or retain us. Lets also see some of the main tools used worldwide, both in Computer Forensics and Mobile Forensics. Should we get training and what’s available around the world. Also, what will the future brings us all regarding Forensics. How will we be affected by cloud storage, privacy, SSD’s or variety of Mobile devices. And any other topic that we may remember.|
About the speaker:
|David is CTO @ Data Recover Center, a PT based company spread across a few countries, that works on Data Recovery, Digital Forensics and Infosec. I spend my time divided into 3 different areas and always learning new things, what is one my favourite hobbies. I like to understand how things are done. Also made a post graduate in Information Security on Royal Holloway University of London and hold some infosec certs.|