CSides Monthly Security Meetups
CSides Monthly Security Meetups provide an opportunity to listen to and share security research within the
Canberra region. The meeting occurs normally on the 2nd Friday of every month. Each meetup consists of 1-2 talks
of around 30 mins each. Talks start at 6pm and are followed by some socialising at a local pub.
New attendees are welcome, just come along! (There are no entry fees, and no tickets to book)
The talks at CSides are technical. CSides welcomes new and interesting speakers to present - the topic will be
on a technical or security issue. As a speaker you can be an expert, a student, someone learning a new area or
maybe a regular speaker on the conference circuit, but we also love to have new and occasional speakers. Please
contact one of the organisers below if you are interested in speaking.
You are very welcome to propose running activites other than talks, such as hands-on workshops, an infosec quiz
or something else relevant to our techie audience!
- Location:
- Canberra Rex Hotel
150 Northbourne Ave
Braddon ACT 2612
- Time:
-
6.00pm
- Afterwards:
- Swan & King Bar
Canberra Rex Hotel
- Organisers:
- Kylie McDevitt
Silvio Cesare
Future Dates:
- No more dates scheduled for 2023, but get ready for BSidesCbr 2023!
Friday 12th May 2023
Talk 1: Introduction to SAML and its Security
SAML is one of the key protocols used to perform Single Sign-On. Especially for enterprises who...
ACKCHYUALLY!!! SAML is a Markup Language, like HTML... You don't code in HTML, you don't SSO with SAML.
Ok, thanks for the clarification. In this talk we are going to look at how SAML is used to provide Single
Sign-on and what security issues can arise.
Louis Nyffenegger
Louis Nyffenegger is a security engineer based in Melbourne, Australia. He used to perform pentest, architecture
and code review. Louis is the founder of PentesterLab, a learning platform for web penetration testing.
Past Talks:
Friday 28th April 2023
Talk 1: Code Analysis with Databases
We use databases for storing, querying, and analyzing data. But what if our database stored code? Then, you
could write your code analysis via rules describing “what” the analysis produces, rather than defining
algorithms for “how” to perform the analysis. This approach is called declarative static analysis, and is the
basis of tools like CodeQL. This talk will look at the key ideas and technologies behind declarative static
analysis (in particular, the Datalog programming language). It won’t be all theory; we’ll also build our own
security tooling along the way.
Adrian Herrera
Adrian is a security researcher at Interrupt Labs, where he builds tools for vulnerability research. Before
joining Interrupt Labs, Adrian was a researcher at the Defence Science and Technology Group. Adrian is also
completing a PhD at the Australian National University. He swears he’ll finish his thesis “in the next month or
so”.
Friday 10th March 2023
Talk 1: IoT Malware
David will present some new IOT malware he discovered, by accident, on a wifi photo frame purchased at a
physical store right here in Canberra. He will describe the tools and techniques used to locate and extract the
malware from its hiding place deep in the firmware of the device.
David Collett
David is a Software Developer within the Digital Surveillance Collection branch at the Australian Federal Police
and formerly worked for ASD. He has 20yrs experience in the computer security field.
Friday 3rd February 2023
Talk 1: Attacking the heap allocator in musl-libc
This talk is a dive into the new malloc implementation in musl, a lightweight alternative to glibc that is
commonly found in docker containers and some embedded devices. Musl takes an interesting approach to memory
management, which has effectively killed some common classes of heap vulnerabilities. We will discuss how these
changes have improved on security, and follow up by demonstrating some ways in which the allocator's internal
data structures can be corrupted to gain more powerful exploit primitives.
Daniel Wood
Daniel is a vulnerability researcher at InfoSect with a background in penetration testing and software
development. His interests include hacking.
Friday 11th November 2022
Talk 1: Looking into security and privacy of the Galaxy SmartTag
Many smartphone devices now days have some sort of 'Find My Device' feature that helps the owner locate their
lost devices. Companies such as Apple and Samsung have further extended this feature using the concept of
crowd-sourced finding, which allows the owner to locate their lost devices remotely without requiring the lost
device to have an active internet connection. This extended feature will be referred to as Offline Finding
(OF). Typically, an OF network consists of 3 types of devices:
- Offline/lost device: emits Bluetooth Low Energy (BLE) data
- Online/finder device: scans for BLE data from lost devices and reports the approximated location of any
found lost device to a location server
- Owner device: receives location updates of their lost device(s) from the server
Samsung has one of the largest OF networks, which consists of hundreds of million devices participating
actively for location tracking, which follows that security and privacy flaws within such a "ubiquitous"
network may cause extensive impact.
This talk will primarily focus on the Galaxy SmartTag, which is a small BLE tracker released by Samsung in
2021. We will look at some close-sourced details of the Galaxy SmartTag's OF protocols, BLE implementation,
security and privacy flaws discovered throughout my research on SmartTags.
Tingfeng Yu
Tingfeng is a comp sci undergrad at ANU, working on the Machine Learning specialization and a Mathematics
minor. Tingfeng has always been interested in cyber security. The research project on Bluetooth security
allowed her to further explore her interests in this field. Some of her other interests include digital art,
boxing, rock climbing, sk8ting, and PIGEONS.
Talk 2: Case Studies in Embedded VR
This talk examines InfoSect's VR process from bug discovery to exploit development on embedded devices. We use
a combination of manual code review, binary reverse engineering, fuzz testing, and program static analysis to
discover bugs. After bug discovery, we set up an environment to verify the bug and develop an exploit.
Finally, we test that our exploit works on the live device. This talk looks at these stages and gives case
studies that highlight the processes.
Dr Silvio Cesare
Dr Silvio Cesare is the Managing Director at InfoSect. He has worked in technical roles and been involved in
computer security for over 20 years. This period includes time in Silicon Valley in the USA, France, and
Australia. He has worked commercially in both defensive and offensive roles within engineering. He has
reported hundreds of software bugs and vulnerabilities in Operating Systems kernels. He was previously the
Director for Education and Training at UNSW Canberra Cyber, ensuring quality content and delivery. In his
early career, he was the scanner architect and a C developer at Qualys. He is also the co-founder of BSides
Canberra - Australia’s largest cyber security conference. He has a Ph.D. from Deakin University and has
published within industry and academia, is a 4-time Black Hat speaker, gone through academic research
commercialisation, and authored a book (Software Similarity and Classification, published by Springer).
Friday 14th October 2022
Talk 1: ICS@home
Smart Homes are so passe - Industrial Control Systems (ICS) are where it's at! After all, why do it with an
arduino and a sensor when you could use a Programmable Logic Controller, Human Machine Interface, and Ladder
Logic instead?
Courtney will be talking through her attempts to monitor her garden hydration levels using an ICS, and how you
can do it too.
Courtney
Courtney has been working in cyber security for nearly ten years, and in that time, has been a software
developer, project support officer, security systems assessor, and a cyber security researcher. Over the last 2
years she has become particularly interested in how to secure industrial control systems.
Talk 2: Cognitive hacking is a cyber security threat
We know disinformation can amplify social tensions and unsettle communities, but to what degree can it be
intentionally weaponised on a population without it’s knowledge?
Cognitive hacking is a cyberattack using disinformation and online influence activities across social media, the
internet and networking infrastructure to manipulate our perceptions and exploit psychological vulnerabilities
to shape our thinking and change our behaviour. This makes cognitive hacking a real cyber security threat with
solutions part of the cyber environment.
Steven Coomber
Steven Coomber is a Senior Manager Cyber with Synergy. As an intelligence professional he has previously worked
in the National intelligence Community across counter-terrorism, counter-espionage and technical capabilities.
He has written two disinformation white papers with the University of Melbourne on developing capabilities to
assess and counter disinformation with citizen intelligence using AI augmented collective analytics.
Friday 9th September 2022
Talk 1: Variant Analysis to Detect Bugs
Variant analysis is a technique to discover software defects based on variants
of known bug patterns. This talk compares the effectiveness of different static
analysis tools to detect these variants, and the advantages and disadvantages
of static variant analysis more broadly.
Sam Hinwood
By day, Sam is in his final semester of his undergraduate at the Australian
National University, studying sociology and cybersecurity. By other days, Sam
is a security researcher at InfoSect.
Talk 2: Phil and Sash's Most Excellent Adventure in Security Engineering
Sasha and Phil will present on two separate experiences with Project Zero and
Zero Trust.
Sash will go through some public vulnerability disclosures at a Health Tech
Unicorn circa 2015-2015 that were Responsible (Project Zero) and Irresponsible
(!!); and how the security team Engineered the way out, kept Product Engineer
velocity, upheld customer trust, and saw the team release firmware to over a
million customers. What did Public and Private bounties miss versus what we
knew? Did researchers keep up with us? Can you eat a FitBit? All will be
answered!
Skip to present day, Google ate FitBit and Phil will speak about some hazy
edges around zero trust, managing security at scale using optimisations to work
around limitations with hardware processing power. Can you get all 3 of cost,
speed and quality at once? Can we eat cake and more?
Phillip Grasso and Sasha Biskup
Phillip has been with CBA (Commonwealth Bank) since 2021 and prior to that
spent 14 years at Google running software, networks SRE and infrastructure
teams.
Sasha has been with CBA since 2022 and leads security teams, baby seals and
likes computers.
Friday 12th August 2022
Talk 1: Pointer Authentication on the M1
This talk will discuss an exploit mitigation technique in modern ARM processors
called Pointer Authentication or PAC. We'll discuss some experiments and
conjectures on how Apple has implemented PAC on their M1 chips.
Cipher
Cipher is an avid CTF player for the Cybears CTF team. Every CTF he says he
will learn more about reverse engineering and vulnerability research, before
solely focusing on cryptography challenges. Cipher has also helped run the
BSides CBR CTF for the last two events.
Talk 2: GetInjectedThreadEx - improved heuristics for suspicious thread creations
Since its debut in 2017, Get-InjectedThread.ps1 has been a blue team staple for
identifying suspicious threads via their start addresses. However, red teams
have subsequently identified low-cost evasion techniques to counteract this -
obfuscating their shellcode threads with start addresses within legitimate
modules.
This talk will outline the memory artifacts that each evasion leaves behind and
the development of an updated script which may be used to detect them.
John Uhlmann
John (he/him) is a Security Research Engineer at Elastic, where he focuses on
scalable Windows in-memory malware detection. Prior to this he did similar work
at the Australian Cyber Security Centre.
Friday 8th July 2022
Talk 1: How Can We Effectively Test Transient Execution Mitigations
Since the bombshell of Spectre and Meltdown dropped on the public in January
2018, there's been a steady trickle of new transient execution vulnerabilities
over the years - with the recent BHI/Spectre-BHB (CVE-2022-0001 &
CVE-2022-0002) as a timely reminder that this exploit class is the gift that
keeps giving.
Hardware mitigations have been introduced with new CPU generations, but plenty
of mitigations still exist in software, typically flushing various bits of
state when switching between privilege boundaries. In the ongoing conflict
between security and performance, how can we reliably know that out mitigations
are working? We can write tests, but mitigation testing is tricky. Exploits
that abuse microarchitectural details are inherently finicky, so making a
functional test that you can run everywhere isn't easy. You can instead only
test if a mitigation is correctly applied, but that doesn't tell you if it
actually works against an attack.
In this talk, Russell will discuss pros and cons of different testing methods,
detail what's currently being used by the community, and look at how we could
potentially do better in the future.
Russell Currey
Russell Currey is a software engineer at IBM, leading the kernel hardening
effort for Linux on POWER Systems. Russell primarily works on kernel memory
protection features and automated testing of vulnerability mitigations. He also
runs the public continuous integration services for Linux on POWER upstream
development, and is a regular speaker at linux.conf.au.
Talk 2: Beautiful Snowflakes - Fingerprinting shared libraries for speedy offset hunting
Every time I write an exploit in pwntools, I'm kind of disappointed by how long
it can take to leak enough information about a remote program to discover the
offsets I need for ret2* or ROP gadgets. Given an address leak and some
arbitrary read construction for a target ELF, the usual process for finding and
identifying shared libraries in memory can require a significant number of
reads. For remote exploitation or complex/fragile reads, this can impact on
both speed and stability.
In the era of BIG DATA, it seems like we should be able to do better.
This talk covers an adventure in corpus building; fingerprinting approaches;
and leveraging those to more effectively identify libraries loaded on a remote
target with fewer reads than traditional approaches.
Matt B (maybe)
Matt is your host for the evening and somehow snuck his name onto the speaker
list. Someone stop this man! During the work week, he is a security researcher
with InfoSect, and on the side he tries to find time to build/play CTF with
Cybears, skateboarding bears, and now skateboarding roombear (this is getting
weird). Also talk to him about rhythm games :sunglasses-emoji:
Friday 10th June 2022
Talk 1: Strike Force Weenamana
A case study from the digital forensics team leader attached to a joint New
South Wales Police and Australian Federal Policy strike force investigating
firearms trafficking on the dark net.
Simon Smalley
Simon is a red team cyber security expert with experience in National
Intelligence, the Military, and Law Enforcement. He holds a master of Cyber
Security (Advanced Tradecraft) with Excellent from UNSW ADFA. He is an OSCP,
eCPPT, GSLC, GSNA and IRAP assessor #1308. As a former NSW Police office, Simon
has worked in counter-terrorism and special tactics, investigations and digital
forensics.
Talk 2: Evolution of State-based Offensive Cyber Operations
This talk examines the use of offensive cyber operations (those which manipulate, deny, degrade or destroy) by
looking at how the activities of various states and their tactics in the space have evolved over time. It will
include a first look at how Russian forces have used cyber operations during the 2022 invasion of Ukraine.
Tom Uren
Tom writes the Seriously Risky Business policy-focussed cyber security newsletter (
https://srslyriskybiz.substack.com/ ) and is a Senior Fellow at the
Australian Strategic Policy Institute (ASPI). He was formerly a Senior Analyst in ASPI's Cyber Policy Centre
where he contributed to various projects including on offensive cyber capabilities; information operations;
the Huawei debate in Australia; and, most recently, end-to-end encryption. Prior to ASPI, Tom worked on
cyber-related issues in the Australian Department of Defence. Tom's formal training is as a scientist and he
has a degree in Biochemistry and Molecular Biology.
Friday 13th May 2022
Talk 1: Open Source Cloud Management
This talk covers the details of an open source application for CSPM (Cloud
Security Posture Management), and execution through all life-cycle phases for
Cloud Estate. We will look at some of the templates developed, how to use them
and how to develop your own.
Kieran Rimmer
Kieran is a co-founder and CTO of
StackQL.
You can find him on
LinkedIn
and the project on
GitHub
Talk 2: E-Voting - Fool me once, shame on you...
This talk will cover as much information about the security, and particularly
cryptography, of electronic voting systems as time allows. It will start with a
brief discussion of what the systems tend to look like and what security is
typically expected. A few examples will be given of errors in real systems,
concluding with a discussion of where the field goes from here.
Thomas Haines
Thomas is a lecturer at ANU who loves breaking and fixing e-voting systems.
Thomas' work focuses on the security of cryptography in the wild and the
applications of formal methods to cryptography.
Friday 8th April 2022
Talk 1: Intro to 3D Printing
There's never been a better time to get into 3D printing. This talk will cover:
- a brief history of 3D printing from the 1940s to present day,
- the three most common types of 3D printing currently available to hobbyists
and what you can do with them,
- why you should care about 3D printing, and
- how to get started and what to expect in terms of budget and effort
investments.
Cat
Cat is a software security engineer by day, who loves making and breaking
things by night. Their hobbies include almost anything you can do with your
hands.
Talk 2: Windows x64 Stack Walking - Same Same, but Different
This talk covers the differences between x86 and x64 stack walking on Windows
– and the implications for security folks.
John Uhlmann
John is currently a security researcher at Elastic, and formerly at the ACSC.
Friday 11th March 2022
Talk 1: Abusing Public Infrastructure to BYO VirusTotal for Email
In this talk we'll discuss how public-facing email infrastructure can be abused to build a novel email
evaluation
capability that encompasses an array of targets and secure email gateway technologies. Building this capability
has
been greatly simplified through development of an open-source project called Phishious. We'll showcase how
Phishious
exploits a common misconfiguration to leak sensitive information from mail receivers, that ultimately provides
the user
with information on whether or not their phishing material would end up in the target's mailbox.
Sebastian Salla
Seb is a Security Professional who loves all things related to Cloud and Email Security. When not working his
day job,
he's frequently trying to find novel techniques that bypass email security controls.
Talk 2: Diamond in the SIEM - Improving the Building Blocks of Security Alert Monitoring
While Pat was taking an in-home holiday (thanks to the apocalypse), he decided to revolutionise the world of
Security
Information and Event Management (SIEM). Come along for a journey of discovery that traverses event collection,
detection development, and user experience; that chronicles how you too can develop your own SIEM that brings a
new
dimension to computer security.
This will not be a serious talk, but hey, you might enjoy it and learn something regardless!
PatH
Pat works as a Senior Security Researcher at a large international security organisation and has spoken at
numerous
international conferences such as BSides Canberra and DEFCON. This is not one of those talks.
Friday 11th February 2022
Talk 1: Immersive 3D for Network Traffic Analysis
This research covers the long, but ultimately un-successful so far, attempt to display computer network traffic
in a 3D
abstraction that can be more than just a gimmick for management fascination.
Daniel Clark
Daniel has been working in computer security within government since 1999 and is currently working on a part
time PhD
in cyber security. The software at the heart of this research, Scanmap3D, has been available open-source on
Source
Forge since 2003.
Talk 2: Exploiting Browsers
This talk takes a bug in a JS Engine and provides an example of the work required to develop it into a browser
exploit.
Dr Silvio Cesare
Silvio is best known for his steak cooking and being Kylie's partner. He also wrote about some linux elf stuff
in the
90s that is still referenced, has spoke at Blackhat a few times, has a PhD, worked in a few roles and likes to
teach
and share knowledge. Can you just google him? The next time he speaks at CSides he will get his abstract &
bio to
Kylie early so she doesn't have to write it for him. ;)
Friday 18th June 2021
Talk 1: eBPF - The coolest-newest kid in town
extended Berkeley Packet Filters (eBPF) is quickly becoming the hottest-newest addition to the Linux Kernel.
With its ability to dynamically trace code execution and efficiently route packets, it is quickly becoming the
major system to replace software-defined firewalls, routers, and system tracers, thanks to investment by
cloud-native giants like Google and Netflix.
This talk will give an overview of eBPF, and how it can be used for everything from packet capturing, to malware
analysis, bug hunting, and even malware. eBPF is becoming a must-know system for Linux developers and security
specialists, so come along to learn what eBPF is, why I think it's so dope, and how to start making and using
eBPF Programs and tools. Also it's coming to Windows (sorta)!
Pat
Pat is an awesome partner to his wife, a hilarious dad to his daughter, and a dedicated ball fetcher to his dog.
When he's not spending time doing those things, he's a senior security researcher at a public cybersecurity
company.
Having previously worked as a developer of mission-critical systems, he now helps threat hunters uncover and
stop advanced actors across the globe.
Talk 2: Cybears Present: A Review of some 2021 BSides CTF Puzzles
The Cybears returned to BSides Canberra in 2021 to run the Capture the Flag
competition. This talk will include run throughs of some of our favourite
challenges, discussion on how we approach puzzle design and how new players can