CSides Monthly Security Meetups

CSides Monthly Security Meetups provide an opportunity to listen to and share security research within the Canberra region. The meeting occurs normally on the 3rd Friday of every month. Each meetup consists of 1-2 talks of around 30 mins each. Talks start at 6pm and are followed by some socialising at a local pub.

New attendees are welcome, just come along! (There are no entry fees, and no tickets to book)

The talks at CSides are technical. CSides welcomes new and interesting speakers to present - the topic will be on a technical or security issue. As a speaker you can be an expert, a student, someone learning a new area or maybe a regular speaker on the conference circuit, but we also love to have new and occasional speakers. Please contact one of the organisers below if you are interested in speaking.

You are very welcome to propose running activites other than talks, such as hands-on workshops, an infosec quiz or something else relevant to our techie audience!

Room N101
CSIT Building ANU

Acton ACT 2601



Uni Pub
17 London Circuit,

Canberra ACT 2601

Silvio Cesare
Kylie Peak
Andrew Muller

Future Dates:

Friday 11th November 2016

Talk 1: Efficient Fuzzing? Sure we can do that...

Fuzzing is a simple technique for finding software defects that are security interesting. Industrial fuzzing is simply doing ordinary fuzzing scaled out to many cores. Fuzzing's simplicity comes at a cost: it's very slow with a typical industrial campaign running for many months and involving hundreds of millions of fuzz tests. This is not surprising since fuzzing really is just a form of stochastic search. The question is can we make fuzzing an "optimal" search for defects using mathematical theories of "optimal stochastic control" and "reinforcement learning"?

In this talk I will give a simple explanation of these ideas and how we've employed them in the ACSC's industrial fuzzer "Sanity". I will talk about using modelling and simulation as a useful tool as well as the much under appreciated area of mathematics of "Multi Armed Bandit Theory". I will talk about our experimental trials on Sanity and what we've learned about "optimal fuzzing". My aim is to make a fun and interesting talk about how maths and science can be applied to cyber-security problems.
Shane Magrath
Shane Magrath received a B.E degree from the University of New South in 1990 and the a Ph.D degree from the University of Technology, Sydney in 2006. He is currently a researcher in the Australian Defence Science and Technology Group, in Canberra ACT. His interests are in software vulnerability discovery in general and more specifically, the methods by which we can automate at industrial scale software vulnerability assessments. He previously worked in DSTG as a military communications research with the goal of making network management as autonomous as possible.

Prior to completing the Ph.D, Dr Magrath had fifteen years experience in the ICT industry. He variously worked in network planning, design and construction of telecommunications networks. In 1998, Dr Magrath worked as a senior network designer for a IT outsourcing company where he worked in many projects involving WAN Technologies, LAN switching, IP, SNA, and Network Management in the banking and finance industry. Later as a Solutions Architect, he worked on both pre-sales and post-sales projects in the banking and aviation industry.

Talk 2: Who is lorax?

The Australian Federal Police (AFP) case study provides a brief overview of the how a cyber-criminal utilised social media and the challenges that investigators come across when attempting to prove the identity of the offender.

Between 2012 and 2014 the AFP conducted a protracted investigation into online Issue Motivated Groups targeting Australian online major infrastructure in the lead up to the G20. During the investigation “lorax” was identified as the leader of “Australian Anonymous”. “lorax” used an online radio show and social media to attract a large following which he then advertised data breaches, intrusions and defacements whilst at the same time organised and incited hackers on the dark-net to commit further crimes. In May 2014 the AFP executed a search warrant on an individual in Western Australia believed to be “lorax”.

Proving identity, in all crime types, is difficult at the best of times, even more so in cybercrime. The analysis of “lorax’s” electronic devices, communications, social media and telephone intercept data correlated with IRC, Tweets and Facebook show that it would be unlikely that anyone else other than the offender could have advertise these computer intrusions and hacks under the name of “lorax”.
Jade Newman-Andrews
Federal Agent Jade Newman-Andrews has been with the Australian Federal Police for 10 years, the last four with Cyber Crime Operations. He is currently the AFP liaison officer at the Australian Cyber Security Centre.

Past Talks:

Friday 14th October 2016

Talk 1: “Shiny Toys” vs Tools – Getting better value out of your detection tool suite
In this talk I will discuss how to get better value out of your security detection tools including how to identify whether your tool is actually just a “shiny toy”. This talk will lay out a practical approach to evaluating your existing security detection tool suite which will in turn enable you to lay out a plan to improve their value.
Petrina Olds
Petrina Olds is the Security Detection Technology Lead at Telstra and leads the strategic direction of their Security Detection tools. During her 4.5 years at Telstra she has worked with the Security Operations teams hunting for new malware infections and improving detection capability. She has also worked on the various SIEM (Security Incident Event Management) systems in Telstra to make them alert correctly using the incoming raw events. Prior to Telstra she spent 16 years with the Commonwealth Public Service working as a software engineer where she held a number of technical positions designing and developing new platforms and applications from standalone to enterprise using a variety of software languages and platforms.
Talk 2: Departed Communications: The Ways to Test them Aggressively
Securing communications is not easy, especially when they unify for enterprise collaboration. Unified Communications is widely used by larger organisations for video conferences, office collaboration, cloud services and mobile communications. However, response teams and security testers have limited knowledge of attack surfaces and threats in the wild. Due to this lack of understanding of modern UC security requirements; numerous service providers, larger organisations and subscribers are leaving themselves susceptible to toll fraud, robocall, TDoS and eavesdropping attacks. Corporate networks and systems may be also compromised through the clients connected to the UC services.
The talk aims to arm response and security testing teams with knowledge of cuttingedge attacks, testing techniques, tools and vulnerabilities for UC networks. The business impact of the UC attacks will be explained for various implementations, such as cloud services, commercial services, service provider networks and corporate communication.
Fatih Ozavci
Fatih Ozavci is a Managing Consultant with Context Information Security and the author of the Viproy VoIP Pen-Test Kit, Viproxy MITM analyser and the VoIP Wars research series. He has fifteen years extensive experience in the field of information security as a leading security consultant, researcher and instructor.
His current research is focused on securing IMS and UC services, IPTV systems, mobile applications, mobility security testing, hardware hacking and BYOD/MDM analysis. He has discovered previously unknown (zero-day) security vulnerabilities and design flaws in IMS, Unified Communications, Embedded Devices, MDM, Mobility and SAP integrated environments and has published several security advisories for SAP Netweaver, Clicksoft Mobile, Cisco CUCM/CUCDM and Microsoft Skype for Business platforms.
Fatih has previously presented at major security conferences such as BlackHat USA’14 and ’15, Blackhat Europe’15, HITB Singapore 2015, Defcon 22 and 21, Troopers’15, Cluecon 2013 and Ruxcon 2013. He has provided VoIP and Mobility Security training at Defcon 23 and 24, AustCert 2014 and 2016, Kiwicon 2015 and Troopers’15.
Homepage : http://viproy.com/fozavci
Linkedin : https://au.linkedin.com/in/fozavci

Friday 16th September 2016

Talk 1: Reverse Engineering and Data Acquisition of a Digital Answering Machine
In this talk, I'll reverse engineer a digital answering machine with the goal of dumping the contents of the EEPROM. This would allow a forensic analysis to potentially recover deleted messages from the machine. A main requirement is to dump the EEPROM without removing or taking chips off the device. This talk will look at how the data was successfully acquired. However, I leave the forensic analysis of the EEPROM contents for others. I'll be using soldering irons, multimeters, logic analysers, host adapters and other toys to acquire the data and understand the communications protocol. This talk will be beneficial for people who are interested in hardware hacking or those who want to understand systematic approaches to reverse engineer electronic devices.
Dr Silvio Cesare
Dr. Silvio Cesare is an organiser of BSides Canberra and is a Senior Software Specialist at Azimuth Security. He is also an Adjunct Senior Lecturer at UNSW Canberra. Previously, he was the Scanner Architect at Qualys and was, at another time, the Director of Anti-Malware Engineering at working on the commercialisation of his PhD research on malware variant detection. Silvio is author of the academic book Software Similarity and Classification, published by Springer. He has worked in industry within Australia, France and the United States, is a 4 time Black Hat USA speaker and has published and presented at industry and academic conferences and journals.
Talk 2: The SecNewbieCorner
The SecNewbieCorner is an online initiative that aims to encourage people to play ctfs, boot to roots, wargames and engage in other information security related activities. The talk will be mainly composed of write ups of a few challenges that have been completed during the fortnightly study sessions. Topics include a boot to root, steganography, cryptography, vulnerability and miscellaneous challenges. The talk will also briefly cover what SecNewbieCorner is about as well as up coming challenges.
Alannah Guo
Alannah Guo is a 4th year student studying a Bachelor of Network and Software Engineering, she is also interning as a Security Engineer at Datacom TSS. In her spare time hobbies include participating in CTFs, practicing lock picking, and art. She also organises the SecNewbieCorner as a way to encourage participation from other beginners in the information security industry.

Friday 19th August 2016

Talk 1: Walk-through of CertAU's BSidesCbr 2016 IR Challenge
In this presentation we will provide a technical walk-through of the BSides (Canberra) 2016 "IR Challenge" provided by CERT Australia. The challenge was based off actual activity and work undertaken by the CERT responding incidents and reflects contemporary adversarial tradecraft. We'll start with an overview of the challenge and then burrow into the gory details covering compromised websites, phishing, malicious Word macros, Gmail for command and control, persistence mechanisms and more!
Andrew Clark
Dr Andrew Clark is a Senior Technical Advisor in CERT Australia’s technical operations team which he joined in 2014. One of his key responsibilities at CERT is to help enhance its cyber threat intelligence sharing capability so that partners are more quickly made aware of emerging threats and better able to respond to them. Andrew has extensive experience in the information security domain having worked closely with industry as a researcher, practitioner and consultant during his career. He has led large industry-sponsored projects in fields such as digital forensics, intrusion detection, DDoS attack mitigation and control systems security involving diverse sectors such as telecommunications, energy and defence.
Simeon Simes
Simeon Simes is a Senior Technical Advisor at CERT Australia, Australia’s national computer emergency response team, providing advice and assistance to owners and operators of systems of national interest so they can better prevent, detect and respond to an increasingly hostile environment. One of his key responsibilities is to build and enhance the tools and technology utilised by the CERT to better fulfil its goals.
Talk 2: C2 Boot-Strap: Notes from the Field
The presentation will discuss and demonstrate methods in tunneling and persisting command-control (C2) access over seemingly innocuous web channels & content providers in a number of ways (such as steganography and messaging protocols) and highlight the key considerations when simulating and enacting an attack life-cycle covering (planning, env staging, targeting, exploit dev and persistence).
Dan Kennedy
Dan is a senior consultant over at Context Information Security (www.contextis.co.uk) who enjoys judo, pc gaming, traveling and surfing in his spare time.

Friday 15th July 2016

Talk 1: Automating Vulnerability Discovery
Richard will give a walk through of the process that his team uses to find vulnerabilities. This will include a high level overview of the tools and automation that they rely on.
RichL leads a small team of vulnerability researchers and software developers in the Department of Defence. They develop their own vulnerability discovery tools so that they can help vendors find and fix bugs in software used by the Australian government.
Talk 2: Intro to sofware-defined radio & basic replay attacks
SDR has never been cheaper to get into, but there's a lot to learn! We'll take a look at a handful of devices which happily accept previously transmitted commands replayed over the air, and walk through the basics of capturing, understanding and reproducing those signals with GNURadio and other tools.
Paul Harvey - @csirac2
Paul has been dragging his amateur radio gear to MakeHackVoid, a hackerspace in Belconnen, since obtaining his license in 2015. He also works as a software & systems engineer with a background in electronics and a desire to build hardened systems. He's worked in oil & gas, bioinformatics, and defence-related industries doing Linux-based embedded systems and web development.

Friday 17th June 2016

Talk 1: Data Recovery at the Australian Transport Safety Bureau
The Australian Transport Safety Bureau is Australia’s national transport safety investigation agency. Their role is to investigate transport safety incidents and accidents across Australia. The ATSB is an independent agency, with its focus on improving transport safety across the Aviation, Marine and Rail industries. The advancement of technology over the past 20 years has seen a dramatic increase in electronic devices capable of recording important data that may be useful to an investigation. Often is the case with serious accidents, electronic devices are subject to high impact forces, intense fires and water ingestion, complicating the data recovery process. The ATSB has developed various techniques and tools to recover data from electronic devices and transform that data into meaningful information for the investigation process. This talk will cover the evolution of traditional flight data recorders, the modern data sources, and recovery techniques that the ATSB use in the investigation process.
Aaron Holman
Aaron Holman - I graduated in 2010 from UNSW with an Engineering Degree (Aerospace). I joined the ATSB soon after in 2010, where I have been part of the team responsible for the ATSB’s development and research into data recovery. I’m currently doing a Masters in Engineering (Mechatronics) at ANU and have an interest RPVs, avionics, and inertial systems.
Talk 2: General destructive and non-destructive entry to locks + tips, consumer-edition
Some practical demos of common destructive and non-destructive attacks, in attempt to answer the Q: “how do I identify a decent lock?”, with additional advice and gotchas, ending with some quick tips for improving your lock at point of purchase, and afterwards.
Simon Pascal Klein - klepas
Pascal (@klepas) is a German (au?) muppet, working as a web ui/a11y/dev/typographer. Besides this, he is interested security (& pols thereof), and dabbles in (mostly NDE of) locks.