Welcome to DC4420, aka Defcon London.

.reality [2015 edition] Meetings are normally the last Tuesday of the month, except December... April 28th May 26th June 30th July 28th August 25th September 29th October 27th November 24th December tbc New attendees welcome, just come along! (There are no entry fees, and no tickets to book.)

April 28th 2015

We have 1 talk confirmed: 1st Talk Subject: Combating Evasive Malware Speaker: Marco Cova, Lastline Synopsis: Malware is one of the main threats in today's security landscape. The current state-of-the-art approach to the detection and analysis of malware consists of using dynamic analysis tools (sandboxes) to execute a malware sample and observe its actions at runtime. This approach is appealing because it does not rely on detecting specific malicious code patterns, but looks for generic "suspicious behaviors" that are common among several malware families, and, in addition, provides visibility into the protocols and infrastructure that attackers use to control their malicious samples. Of course, attackers know about sandboxes and have a vested interest in making their analysis less effective. In particular, over time, they have developed a number of techniques to evade or complicate the analysis of a sample performed by sandboxes. In this talk, we will draw on our experience with designing and running a couple of popular sandboxes to discuss some of the evasive techniques we see used by malware authors, and we will then present a number of solutions to these challenges. Bio: Marco Cova is a senior security researcher and a member of the founding team of Lastline, a company providing anti-malware solutions. Before defecting to industry, he was a Lecturer in Computer Security with the School of Computer Science, University of Birmingham. He has received his PhD from the University of California, Santa Barbara, and has spent several sleepless nights in Vegas playing the Defcon CTF with team Shellphish. +++ 2nd Talk No second speaker confirmed. If you'd like to give one talk to Major, Tony or Mark or email talks@dc4420.org if you'd like to give one.

Talk nights

Format is usually two talks: a primary 1 hour (ish) and, a secondary 30 minutes (ish). Talks start at 19:30, but we have the room from about 18:30 to 23:00.

Speakers Wanted

Typically our programme has a technical talk (~1 hr) and lighter talk (~30 min). Once or twice a year we have a "Lightning Talk" format, with shorter talks up to ~15 minutes, with anyone who wants to speak on the night. The qualifications for speakers are simple, have a subject of interest to fellow technical & InfoSec people. The subject can be on technical or security issues, social interaction with technology, based on the current events, or just something entertaining to our attendees. As a speaker you can be an expert, a student, someone learning a new area, maybe a regular speaker on the conference circuit, but we also love to have new & occasional speakers. Send your talk / activity proposals to talks@dc4420.org You are very welcome to propose running activities other than talks, such as hands-on workshop or an infosec pub quiz, or something else relevant to our techie audience! We also welcome occasional company pitches, to sell or recruit, but to regulate the frequency of these we ask you to buy a round of drinks. Also please discuss with Major Malfunction or Tony beforehand! Previous talks


The Phoenix, Cavendish Square Nearest tube (Bakerloo, Central and Victoria lines) and bus stops are at Oxford Circus. Transport for London have a journey planner http://www.tfl.gov.uk/


We've got this handy Google Calendar thing here Twitter : @dc4420, use the tag #dc4420 Facebook: DC4420 IRC: #dc4420 on Freenode Mailing List: Get on the mailing list: here (Note: don't set your address to dc4420@ as that won't work.) Linkedin : dc4420 group - 640 & growing (March 2015). Do you read the notes there? (No recruiters allowed on unless they've been to the meetings and intro'd themselves to tony and major.) Talks: Send your info to talks@dc4420.org Want to change the website? Submit a pull request