CSides Monthly Security Meetups
CSides Monthly Security Meetups provide an opportunity to listen to and share security research within the Canberra region. The meeting occurs normally on the 3rd Friday of every month. Each meetup consists of 1-2 talks of around 30 mins each. Talks start at 6pm and are followed by some socialising at a local pub.
New attendees are welcome, just come along! (There are no entry fees, and no tickets to book)
The talks at CSides are technical. CSides welcomes new and interesting speakers to present - the topic will be on a technical or security issue. As a speaker you can be an expert, a student, someone learning a new area or maybe a regular speaker on the conference circuit, but we also love to have new and occasional speakers. Please contact one of the organisers below if you are interested in speaking.
You are very welcome to propose running activites other than talks, such as hands-on workshops, an infosec quiz or something else relevant to our techie audience!
- Room N101
CSIT Building ANU
Acton ACT 2601
- Wig & Pen
William Herbert Place,
Canberra ACT 2601
- Silvio Cesare
Friday 18th August
Talk 1: Rust Security
Talk 2: Security in depth
Friday 8th September
Talk 1: Swift Coding
Talk 2: TBA
Friday 20th October
Friday 17th November
Please ensure you come around to the back of the building, no one can enter through the front after 5pm. Please refer to the following map
Friday 14th July 2017
Note: This month only CSides will start at 5.30pm sharp
Talk 2: Not-so-bad USB
Remember Bad USB? An attack so bad that every USB chip vendor recalled their products and fixed the problem?
Well this talk is on my progress in trying to get it working on cheap Officeworks drives. This involves a number of broken drives and staring at hex dumps.
What will be covered:
- Quick overview of Bad USB and the drives in question.
- Obtaining files and documentation needed.
- Reversing the files and API commands used.
- Tools used and made.
- Issues encountered.
Peter doesn't like writing bio's.
He occasionally makes flashing badges for conferences.
Friday 23rd June 2017
Talk 1: Deception Defence: what, why and how
The concept of deception security has been around since early 1990. However, its rate of adaption has been very slow. Deception security has been primarily used for research (ad-hoc hobbyist using honeypot systems or commercial rebranding of the same systems) and rarely as a protection mechanism. The security industry has a very limited understanding of Deception security and is not using it at its full capacity.
This is presentation is based on my research on Deception security. I will take you through a fun journey from deception in real world to Deception Defence. I will describe a hand-picked selection of principles in Deception Defence and demo how you can implement Deception Defence using your current technology stack (and with no additional tool). Lastly, I will touch on how Deception can be used by an adversary, i.e. Deception Offence.
Dr. Pedram (pi3ch) Hayati
Just another dude who tries to follow his passion
Talk 2: Surpassing Napoleon: Invading Russia During the Winter
Back in the ancient days of BSides Canberra 2017, three (mostly) young people got together and attempted the inaugural Counter Intelligence Simulation - Maskirovka Winter. Much to the surprise of the team and the host Dan Kennedy of Context IS, they somehow managed to reach the top of the scoreboard. In this talk, the only team member brave/dumb enough to attempt the challenge of Canberra Winter will give an overview of the various aspects of the event, the tools and techniques used to solve them, and a number of issues encountered by the team. Topics that could potentially be covered include digital forensics for beginners, investigating pcaps for fun and profit, and a smattering of analytical tradecraft.
syn is just some guy who once accidentally rocked up to a hacker con and now doesn't know how to get off the bus. He is usually found applying caffeinated beverages directly to his mouth, he occasionally organises SecTalks in Canberra. Easily confused by both shiny things and computers, syn's latest infosec-related achievement was utterly failing to get ransomware running on deliberately vulnerable boxes.
Friday 19th May 2017
Talk 1: BSides Entertainment System - Wearable gaming but your princess is in another castle
Just before Christmas 1995, mum purchased a Nintendo Entertainment System and asked “how long should I let them play?” to which the answer was “let them use it as much as they want, the will get sick of it”. She is still waiting for that day. In a never ending quest to make things work where they shouldn’t, the BSides NES emulator was born. Come with me across the mushroom kingdom to find hardware power ups and software pitfalls in a quest to build a device fit for a princess. Topics covered will include Arduino IDE, C/C++, MVC design, NES internals, Emulator basics, SPI, NodeMCU, Graphics and hardware optimisations.
Peter Rankin is a secure software developer for the Australian Department of Defence where he spends his time writing software applications for critical systems. Outside of work he enjoys making devices do things they shouldn’t and then never using them. Peter has previously worked as a software engineer for Robert Bosch and Thales Australia.
Talk 2: Bit Banging UART and SPI
Bit Banging is a means of communicating over physical interfaces. It works by using a microcontroller to set and sample IO lines. Bit Banging is popular method to implement support for a communications protocol on hardware lacking direct support and devices such as the Bus Pirate, GoodFET and JTagulator use it instead of providing dedicated hardware. In this talk, I will discuss my implementation of bit banging UART and SPI using an LPCXpresso 1769 ARM-based development board. SPI is the interface often seen in serial flash memory and UART is the popular serial communications interface that is common on embedded devices such as routers and IoT. A typical UART interface requires line settings such as the BAUD rate, which is different for each type of device and is required knowledge before communication occurs. Other more guessable line settings include how many data and stop bits there are, as well as knowing the parity setting. In my UART interfacing implementation I can automatically detect all of these line settings which makes it more versatile than typical UART interfacing devices. This talk is suitable for everyone with an interest in hardware, and due to the nature of bit banging, the majority of the heavy lifting is done in software.
Dr Silvio Cesare
Dr Silvio Cesare is an organiser of CSides and BSides Canberra. This year, along with co-organiser Kylie Peak, he has opened up InfoSect, an infosec hackerspace in Fyshwick.