Main Track
"From 2600 to 1600 Pennsylvania Ave: Reflections on 15 years of infosec reporting"
"The Insecurity of Industrial Things"
"Human vs Machine: A source code review challenge""Behind the Scenes Building DARPA's Cyber Grand Challenge"
"Efficient Fuzzing? Sure we can do that..."
"The evolution of flight data recovery at the ATSB - from foil to flash"
"Departed Communications: Learn the ways to smash them"
"Walk through of the 2016 CERT Australia BSides Canberra Incident Response Challenge"
"'Shiny Toys' vs Tools – Getting better value out of your detection tool suite""Exploit to Exfil - Emerging techniques for persistence, lateral movement"
"Life After Yara"
"Middle-out Network Analysis: Finding Evil with a Low Signal-to-Noise Ratio"
"Mitigating control-flow hijack with dereferenced function pointers"
Hardware & Wireless
"Back to the Futu^H^H^H^H …… ah screw it, it’s all broken - Practical GPS Spoofing"
"SatNav Forensics - I Know Where the Bodies are Buried"
"USB Based Overvoltage Devices or Another reason not to trust USBs"
"Homebrew homebrew"
"What the Heck is a Ham Radio?"
"We have no idea how to hack a Furby Connect"
"One keyring to rule them all"
"Breaching physical security, and generally causing mayhem, with wireless signals"
"/redacted/"
"The Root of all EAPoL"
"Pentesting voice biometrics"
"Busted: Putting common Elevator myths to the test"
Workshops
"Antenna building & testing workshop"
"Using radio to transmit text and exfil data"
"Set up your own end-to-end encrypted group chat"
"Set up (your secret blog) on a Tor hidden service""Honeypotting - A Journey Into Deception Based Security"
"Infosec 101.1"
Pat Gray - Keynote
From 2600 to 1600 Pennsylvania Ave: Reflections on 15 years of infosec reporting
After 15 years reporting on information security, Risky Business podcast host Patrick Gray reflects on the journey of "teh cybar" from a subculture and hobby to the forefront of the agenda of the 2016 US presidential race.With a particular focus on 2010-2016, this talk will examine some of events that foretold where we are now: From the University of East Anglia attacks (recently cited by US Presidential-elect Donald Trump as evidence against man-made climate change) to the Saudi Aramco and Sony Pictures attacks, Patrick looks at how the events of 2016 should have come as no surprise.
Bio:
Patrick Gray is the host of the Risky Business infosec podcast, a weekly, hour-long security news and current affairs program. Prior to launching the podcast, Patrick wrote about infosec for all manner of publications, including The Sydney Morning Herald, The Age, Wired.com and ZDNet Australia.Stephen Ridley & Margaret Carlton
The Insecurity of Industrial Things
This talk summarizes the state of IoT security, specifically as it relates to Industrial Control and Energy. When hearing the buzz-word “Internet of Things,” we typically think of the consumer world: smart toasters and connected fridges. However, there is a staggering number of networked embedded devices that perform life- and mission-critical tasks that our daily lives depend on. We haven’t thought of these new types of devices as miniature computers that need the same care in deployment, management and protection as our servers, computers and mobile phones. This is a HUGE blind spot. Embedded devices, such as ICS and SCADA systems, are the low-hanging fruit for potential attackers: They are fairly easy to compromise, are connected to high-value networks and detection often only happens after the fact. This talk will catalog our experiences at Senrio exploiting embedded system used in industrial control environments and discuss the reasons why these insecure design patterns exist; including business drivers and technology factors. We will share stories and anecdotes based on 10 years of research, training and consulting. Attendees will get an inside view into how attackers operate and walk away knowing what to look for when future-proofing our industrial control systems.Bio:
Stephen A. Ridley, Founder and CEO/CTO of Senrio. Stephen has more than 10 years of experience in software development, software security, and reverse engineering. His original research on embedded device vulnerabilities has been featured on NPR, SecurityWeek, Wired and numerous other publications. Prior to his current work at Senrio, Mr. Ridley was Principal Researcher at Xipiter and served as Chief Information Security Officer of a financial services firm. Prior to that Mr. Ridley held various information security researcher/consultant roles (Matasano Security, et al) and was the Senior Security Architect at McAfee. Earlier in his career, Stephen was a founding member of the Security and Mission Assurance (SMA) group at a major U.S. Defense contractor where he did vulnerability research and reverse engineering in support of the U.S. Defense and Intelligence community.Margaret Carlton heads the Senrio research team, focusing on product security and development. She brings strong embedded device research capabilities to the team. After graduating from MIT, she worked as a software security analyst in the DC area. Most recently, she was conducting embedded device security research at Draper Laboratory in Massachusetts before joining the Senrio team.
Kate McInnes
Human vs Machine: A source code review challenge
Take one human, a couple of commercial code analysers, a few open source code analysers, and one code project full of security holes. Can a human really beat a machine at finding complex, multi-faceted, deeply rooted vulnerabilities spanning multiple languages and thousands of lines of code? Are automated code scanning tools a scam or do they truly aid software assurance? Is human error and code coverage a factor? What is the false positive and true negative rate? How do open source tools measure up against commercial scanners? This talk will measure each capability against a baseline code project and present the strengths and weaknesses of each approach.Bio:
Kate McInnes is the Security Assessments Manager at Telstra where she is responsible for securing all Telstra source code. Kate has previously worked for Datacom TSS and as an AppSec specialist for Barclays Capital. Kate started her career at the Australian Department of Defence where she held several technical positions.Chris Eagle
Behind the Scenes Building DARPA's Cyber Grand Challenge
DARPA hosted the Cyber Grand Challenge Final Event—the world’s first all-machine cyber hacking tournament—on August 4, 2016 in Las Vegas. Starting with over 100 teams consisting of some of the top security researchers and hackers in the world, DARPA pit seven teams against each other during the final event. During the competition, each team’s Cyber Reasoning System (CRS) automatically identified software flaws, and scanned a purpose-built, air-gapped network to identify affected hosts. The design of this competition was a three year effort that carefully considered the need to promote DARPA's research objectives while also ensuring the integrity of the competiton. This talk is a behind the scenes look at the creation of that competition. We discuss how the design of the competition was meant to influence the behavior of the competitors as well as security measures, many of which were unknown to the competitors, which were implemented in order to ensure a fair competition.Bio:
Chris Eagle was the chief architect of the competition infrastructure for DARPA’s Cyber Grand Challenge. He has been a speaker at conferences such as Black Hat, Shmoocon, and Defcon and is the author of "The IDA Pro Book". He has twice won the prestigious capture the flag competition at Defcon.Shane Magrath
Efficient Fuzzing? Sure we can do that...
Fuzzing is a simple technique for finding software defects that are security interesting. Industrial fuzzing is simply doing ordinary fuzzing scaled out to many cores. Fuzzing's simplicity comes at a cost: it's very slow with a typical industrial camapign running for many months and involving hundreds of millions of fuzz tests. This is not surprising since fuzzing really is just a form of stochastic search. The question is can we make fuzzing an "optimal" search for defects using mathematical theories of "optimal stochastic control" and "reinforcement learning"?In this talk I will give a simple explanation of these ideas and how we've employed them in the ACSC's industrial fuzzer "Sanity". I will talk about using modelling and simulation as a useful tool as well as the much under appreciated area of mathematics of "Multi Armed Bandit Theory". I will talk about our experimental trials on Sanity and what we've learned about "optimal fuzzing". My aim is to make a fun and interesting talk about how maths and science can be applied to cyber-security problems.
Bio:
Shane Magrath received a B.E degree from the University of New South in 1990 and a Ph.D degree from the University of Technology, Sydney in 2006. He is currently a researcher in the Australian Defence Science and Technology Group, in Canberra ACT. His interests are in software vulnerability discovery in general and more specifically, the methods by which we can automate at industrial scale software vulnerability assessments. He previously worked in DSTG as a military communications research with the goal of making network management as autonomous as possible.Prior to completing the Ph.D, Dr Magrath had fifteen years experience in the ICT industry. He variously worked in network planning, design and construction of telecommunications networks. In 1998, Dr Magrath worked as a senior network designer for a IT outsourcing company where he worked in many projects involving WAN Technologies, LAN switching, IP, SNA, and Network Management in the banking and finance industry. Later as a Solutions Architect, he worked on both pre-sales and post-sales projects in the banking and aviation industry.
Aaron Holman
The evolution of flight data recovery at the ATSB - from foil to flash
Australia was the first country to legislate the requirement for flight recorders to be carried on commercial aircraft. Since then, flight recorder technology has evolved from a basic analog scribe onto foil, into a complex system containing thousands of parameters; small avionics equipment technology is also evolving and often becoming the key piece of evidence to help investigators determine what happened during small aircraft accidents. The flash memory that stores this critical information is often subject to intense fire, water ingestion, and high impact forces. Over the past eight years, the ATSB has slowly developed the capability to extract data from damaged flash memory. This presentation will explore that capability, looking at the unique challenges of damaged devices, data recovery from flash memory, reverse engineering devices and circuits, and transforming that data into useful information.Bio:
Aaron completed his Engineering Degree (Aerospace) at UNSW in 2010. He joined the Australian Transport Safety Bureau (ATSB) soon after, where he has been part of the team responsible for the ATSB’s development and research into data recovery. This team has been responsible for data recovery from numerous high profile accidents involving damage avionics and flight recorders. He’s also currently completing a Masters in Engineering (Mechatronics).Fatih Ozavci
Departed Communications: Learn the ways to smash them
Unified Communications (UC) is widely used by larger organisations for video conferences, office collaboration, cloud services and mobile communications. These services also have key roles in the IP Multimedia Subsystem (IMS) implementations of next generation mobile networks. As a result of these, customers require unified collaboration; and the telecommunications industry offers managed communications services and infrastructure using UC and IMS technologies. These offerings also come with design issues, well-known security vulnerabilities and legacy services.Security testing of communication networks, however, is underestimated, and mostly under-scoped. Due to the lack of time and resources, the results of the security tests are only providing a security illusion. On the other hand, the advanced VoIP and UC attacks can be much faster and efficient with a proper methodology used. Therefore, this talk aims to improve the testing skills of the assurance teams for better penetration testing results. The theme of the talk is on transferring the VoIP and UC knowledge from a phreak to penetration testers. This will be performed through practical attack demonstrations, testing tips and automated actions.
Bio:
Fatih Ozavci is a Managing Consultant with Context Information Security and the author of the Viproy VoIP Pen-Test Kit, Viproxy MITM analyser and the VoIP Wars research series. He has fifteen years extensive experience in the field of information security as a leading security consultant, researcher and instructor.His current research is focused on securing IMS and UC services, IPTV systems, mobile applications, mobility security testing, hardware hacking and BYOD/MDM analysis. He has discovered previously unknown (zero-day) security vulnerabilities and design flaws in IMS, Unified Communications, Embedded Devices, MDM, Mobility and SAP integrated environments and has published several security advisories for SAP Netweaver, Clicksoft Mobile, Cisco CUCM/CUCDM and Microsoft Skype for Business platforms.
Fatih has previously presented at major security conferences such as Black Hat USA’14 and ’15, Black Hat Europe’15, HITB Singapore 2015, DEF CON 22 and 21, Troopers’15, Cluecon 2013 and Ruxcon 2013. He has provided VoIP and Mobility Security training at DEF CON 23 and 24, AustCert 2014 and 2016, Kiwicon 2015 and Troopers’15.
Andrew Clark & Simeon Simes
Walk through of the 2016 CERT Australia BSides Canberra Incident Response Challenge
CERT Australia has been using technical challenges to test applicants for technical roles in its team over the past two years. In 2016 we re-released one of these challenges for the Bsides Canberra Incident Response Challenge. In this presentation we will provide a technical walk-through of the analysis associated with this challenge which involved examining packet capture and memory artefacts. We'll also give an overview of how CERT Australia uses technical challenges in its recruitment activities. The challenge was based on actual activity and work undertaken by the CERT responding to incidents and reflects contemporary adversarial tradecraft. We'll start with an overview of the challenge and then burrow into the details covering compromised websites, phishing, malicious Word macros, Gmail for command and control, persistence mechanisms and more!Bio:
Andrew Clark leads the threat intelligence capability in CERT Australia's technical operations team. This role sees him working with a range of domestic and International partners to assess and share information about the latest cyber threats being faced in Australia. Andrew has extensive experience in the information security domain as a researcher, practitioner and consultant during his career. He has led large industry-sponsored projects in fields such as digital forensics, intrusion detection, DDoS attack mitigation and control systems security involving a range of sectors including telecommunications, energy and defence.Simeon Simes heads up the tools and technologies capability at CERT Australia, Australia's national computer emergency response team, providing advice and assistance to owners and operators of systems of national interest so they can better prevent, detect and respond to an increasingly hostile environment. One of his key responsibilities is to build and enhance the technical infrastructure utilised by the CERT.
Petrina Olds
'Shiny Toys' vs Tools – Getting better value out of your detection tool suite
In this talk I will discuss how to get better value out of your security detection tools including how to identify whether your tool is actually just a “shiny toy”. This talk will lay out a practical approach to evaluating your existing security detection tool suite which will in turn enable you to lay out a plan to improve their value.Bio:
Petrina Olds is the Security Detection Technology Lead at Telstra and leads the strategic direction of their Security Detection tools. During her 4.5 years at Telstra she has worked with the Security Operations teams hunting for new malware infections and improving detection capability. She has also worked on the various SIEM (Security Incident Event Management) systems in Telstra to make them alert correctly using the incoming raw events. Prior to Telstra she spent 16 years with the Commonwealth Public Service working as a software engineer where she held a number of technical positions designing and developing new platforms and applications from standalone to enterprise using a variety of software languages and platforms.Ben Wilson
Exploit to Exfil - Emerging techniques for persistence, lateral movement
During numerous investigations and incidents we've seen that attackers can be a creative and crafty lot. We'll take a look at some of the notable tactics and techniques we've seen used by advanced threat actors for persistence and lateral movement that attempt to evade detection, such as "living off the land" by using and abusing built in Operating System tools and libraries, running Command and Control and Exfiltration traffic through legitimate websites, tunnelling tools preconfigured with proxy configurations and credentials, persistence locations that you won't find with autoruns, and lots more. You'll walk away with a todo list of actionable detection and defensive steps you can take to counter these in your own environments. Click here to enable macros and continue reading the rest of this abstract.Bio:
Ben is a perpetual learner in Information Security, and been doing it long enough to have lived through Y2K bugs. Ben is a Technical Intelligence Analyst, tracking threats and advanced threat actors using insights to drive strategies, tools, and methodologies to enable better detection and response.Paul Black & Dr Arun Lakhotia
Life After Yara
Yara rules are widely used to quickly search for malware samples and memory dumps. Though these rules are easy to create, they are also very brittle. Since the rules are essentially regular expressions over byte sequences, they can be rendered ineffective by very small changes in the byte ordering, such as due to reordering of a few instructions in polymorphic malware.This presentation looks at semantic alternatives to yara rules and examines whether they are ready for industry use. Though polymorphic malware have different byte ordering, or even different bytes, the underlying semantics of their instructions remain unchanged. The challenge is in extracting the semantics and using the semantics to search. The presentation will present results of some recent advances that make such semantics based searching possible.
Bio:
Paul Black is studying a PhD in Information Technology at the Internet Commerce Security Lab (ICSL) at Federation University. His PhD topic is Techniques for the Reverse Engineering of Banking Malware. Paul has a Masters of Computing, his research topic was the reversing of Zeus malware. Paul started his career as a programmer in 1981 and has worked in banking, defence, law enforcement and malware analysis.Dr. Arun Lakhotia is CEO of Cythereal and a Professor of Computer Science at the University of Louisiana at Lafayette. He specializes in automated and large-scale analysis of malware. To deal with mid-life crisis he ventured into developing self-driving automobile, leading to the development of CajunBot, a self-driving Jeep.
Steve Miller & Geoff Carstairs
Middle-out Network Analysis: Finding Evil with a Low Signal-to-Noise Ratio
Attackers are using increasingly clever techniques to evade detection in network traffic. The development of new backdoors that use legitimate internet services (such as Twitter, GitHub, etc) allow C2 to hide in plain sight. And SSL is a biatch.It sounds impossible to recognize evil within large volumes of legitimate and encrypted network traffic without first having a starting point. However, in applying our understanding of attackers and C2 structures, we’ve created some simple network analysis techniques that can help pull weak signals out of the noise to find compromises that are otherwise undetectable.
In this presentation we will show samples of C2 traffic to legitimate services used by a whole bunch of emerging backdoors, all the while talking about what is and what is not "APT" by our definition. And pcap and decoding and maybe even some sexy IDA stuff too.
Bio:
Steve Miller joined Mandiant in 2013 as a threat analyst and continues his work in FireEye as a security strategist, leading incident response services and threat research – work that has directly led to the discovery of hundreds of intrusions and a handfull of 0-days.Prior to joining Mandiant, Steve conducted research and special projects for federal government agencies the U.S. Department of Homeland Security and the U.S. Department of State. His work in these orgs included the development of new ways to perform mobile phone forensics and tailored evidence collection for use in law enforcement investigations. Steve’s other research includes the design and management of security emergency exercises, and most recently, a simulated international manhunt called the TAG Challenge, the results of which are now published in the Public Library of Science.
Steve began his career in security working with the U.S. Army Intelligence and Security Command (INSCOM) at the National Security Agency (NSA) from 2002 to 2007. Throughout various roles at the INSCOM and NSA, Steve conducted signals intelligence missions in direct support of U.S. counterterrorism ops in Iraq and Afghanistan.
Steve holds a Bachelor of Science in Computer and Digital Forensics from Champlain College in Vermont. In his spare time, he likes to ride his totally rad BMW F800GS motorcycle.
Geoff Carstairs is an incident responder and hunter at FireEye, where he specialises in detection and response for incidents involving nation state threat actors, some which have led to 0-day discovery. Geoff spends most of his time looking at network traffic and endpoint data to find evil, and currently leads the incident response team in Asia-Pacific and Japan.
Prior to joining FireEye in 2014, Geoff focussed on network detection and alerting at NBN Co, and helped build the capability of the SOC.
During his time at IBM from 2005 to 2012, Geoff had a variety of roles including incident response, penetration testing, and leading the threat assessment and malware analysis team in Australia.
Dr Gideon Greech (Zed)
Mitigating control-flow hijack with dereferenced function pointers
Exploits seek to gain control of the execution path of a program and direct it to attacker-supplied or -manipulated code. Much of the modern cyber defence focus is on preventing this from occurring through a variety of techniques. Traditionally, mitigation strategies rely on a range of metrics to detect control flow hijack, including CFG analysis, signature-based recognition of shellcode and heuristic assessment. This talk will present some new concepts based on original research conducted at UNSW. This new approach seeks to improve on Intel's recently released Control-flow Enforcement Technology white paper by leveraging the new hardware-based options to dereference function pointers and perform assessment based on the raw OPCODEs rather than stored pointer values.Bio:
Zed is an academic at the Australian Centre for Cyber Security (UNSW Canberra). His research areas include exploit development, network security, intrusion detection systems, cyber resilience and cyber threat intelligence.David Robinson
Back to the Futu^H^H^H^H …… ah screw it, it’s all broken - Practical GPS Spoofing
GPS is central to a lot of aspects of the systems we deal with on a day-to-day basis. Be it Uber or Tinder through to aviation and “air gapped” networks running GPS based NTP servers.GPS Spoofing is now a thing and can be done with minimal effort. This raises some concerns when GPS is depended upon by safety of life applications. This presentation will look at the process for GPS spoofing, how we can detect GPS spoofing and trolling NTPd and the services that rely/assume that time only moves forward.
Bio:
Dave/Karit (@nzkarit) has worked in the IT industry for over 10 years. In this time he has developed a skillset that encompasses various disciplines in the information security domain. Dave is currently part of team at ZX Security in Wellington as a penetration tester. Since joining ZX Security Dave has presented at Kiwicon and Unrestcon and also at numerous local meetups; along with running training at Kiwicon and Syscan. He has a keen interest in lock-picking and all things wireless.Peter Hannay
SatNav Forensics - I Know Where the Bodies are Buried
The research being presented has contributed to over a 250 years of combined jail time.For the last ten years this speaker has been poking, prodding and glancing at satellite navigation units. In this talk, we discuss the types of evidence present on various satellite navigation devices and explore the reliability of this evidence from a scientific perspective. Additionally we will discuss the construction of a locational forensics laboratory which in the humble opinion of the speaker is BETTER THAN REALITY™. Equipment, configuration and lessons learnt will be discussed. Come along and learn all about wild and weird ideas that SatNav developers have about everything from data structures, to appropriate epoch values. What was special about 1970^H^H89 anyway?
Bio:
Peter Hannay is a researcher and lecturer based at Edith Cowan University in Perth Western Australia. His research is focused on the acquisition and analysis of data from small and embedded devices. In addition to this he is involved in smart grid research and other projects under the banner of the ECU Security Research Institute.Adam Jon Foster
USB Based Overvoltage Devices or Another reason not to trust USBs
The Killer USB, Building a Killer USB, A guy thinking he knows what hes doing and fucking it up. If any of the above statements peaked your interest, this may be the talk for you. Much has been said in the media as of late for the Killer USB, much of that content is the same as can be found on the websites selling or blogging about them, and yet, there has been no research done on the subject. This makes a nice spot for me to come in, with my magical bag of good tidings and no knowledge of electrical engineering, I embarked on the search for the Killer USB. So come join me for a tale of magic smoke, near electrocutions and many many dead motherboards.Bio:
Adam Jon Foster (evildaemond) is a Undergrad and Researcher at Edith Cowan University, where he works on a Bachelor of Cyber Secuirty and various research projects. (INSERT YOUR OWN MADE UP BIO PARTS IF YOU FEEL LIKE THIS IS LACKING)Liam0
Homebrew homebrew
You can get it hackingYou can get it cracking
You can get it any old how
As a matter of fact, Liam will show you how...
This talk will give an overview of brewing at home, and discuss how it can be improved and automated using Raspberry Pis, Arduinos etc
Bio:
Liam likes his ducks upright, his languages strongly-typed, his commas Oxford, and his grammars context-freeMax
What the Heck is a Ham Radio?
Amateur radio is quite a broad hobby, and you may already be interested in part of the pastime. We'll go over the many facets of ham radio, and give a little demo of how to achieve some privacy with two-way radios. ...and then how to break it. There's really something for everyone in here!Bio:
Max is a hacker, geek, magician, snowboarder, professional consultant, electronics enthusiast, amateur radio operator, and more. He got his first amateur radio licence in the US over 5 years ago, and has recently been immersing himself in the hobby once again in Australia after a long break.l0ss & swarley
We have no idea how to hack a Furby Connect
On the morning of New Year’s Day 1965, children’s TV presenter Soupy Sales encouraged his young viewers to steal money from their sleeping parents wallets and mail it to him. Follow along as l0ss & swarlz try to figure out how to repeat the feat using this season’s hottest robotic annoyance, the Furby Connect. This hit toy offers fun-for-the-whole-family features like IN-APP-PURCHASES (TM), Bluetooth connectivity, LCD panel eyeballs, and a whole suite of invasive sensors to allow Hasbro to track your spawn as they grow into acceptable consumers. Also, Furby now comments on the pornography you’re watching on your iPad! ALSO HE NEVER SHUTS UP GODDAMN HE DOESN’T SHUT THE FUCK UP EVER.Topics covered will include RE, BT-LE, HTTP, ARM, AVR, SPI, I2C, UART, JTAG, and DVDA.
Bio:
swarley is an academic-turned pentester currently working for Asterisk in sunny Perth, WA. When he’s not busy smashing Final Fantasy and Furb(ie/ys), swarley helps spread the infosec cheer by making immature fart jokes at WAHCKon.l0ss used to be a grumpy sysadmin but now he’s a happy (upright) tester at Asterisk who spends his days making sysadmins grumpy.
Scott Herdman
One keyring to rule them all
In a time where companies are investing in endless “CYBER” protective devices and services to secure their networks, little thought is given to how physically secure these investments are. Once physical access is obtained most security controls can be bypassed relatively quickly granting attackers or competitors unrestricted access to your data.Most locks can be bypassed by an experienced enough lock picker, but lock picking is much harder and more time consuming than just using a key…..
This talk will cover some of the common keys used in Australia, how to obtain them and how to identify their uses. Be it the back gate, the elevator or even your desk draw, there is a good chance that there is a key that can be “easily“ obtained to open the lock.
Bio:
Scott Herdman has worked in the Financial Services industry for the past 10 years specialising in delivering IT solutions to both large and small organisations. He is passionate about IT security, with a focus on physical security.T.J. Acton
Breaching physical security, and generally causing mayhem, with wireless signals
In today’s technologically advanced world, insecure wireless protocols remain at large. With the emergence of the Internet of Things (IoT), and a thriving open-source hardware community, such weaknesses are poised to become more widespread. We rely on insecure wireless signals for physical access control, communication with aircraft, controlling surgically implanted medical devices, transmitting emergency response messages, and for home automation. This presentation will provide a technical overview demonstrating how security researchers (or bad actors) may approach the reverse engineering process for RF or SDR devices, and will touch on some of the wider security implications. Finally, some practical advice for determining which RF devices are more resilient to attacks will be provided.Bio:
T.J. is a Security Researcher & Penetration Tester based in Sydney. He hosts Cyberspectrum Sydney (a Software Defined Radio group), and is a little too into physical security.Tim Noise
/redacted/
Tim promises to drop /redacted/Bio:
internet jerkPamela O'Shea
Using radio to transmit text and exfil data - 1hr
This hands-on workshop will walk participants through a series of steps to transmit and receive ASCII text using gnuradio and the PSK31 protocol. No special radio equipment will be needed as the audio card and microphone will be used. We will also look at scripting this up and embedding it in a raspberry pi for proof of concept data exfil purposes.Bio:
Pamela is a pentester in Melbourne, organises the Melbourne software defined radio group, and follows the prime directive.Paul Harvey
Antenna building & testing workshop
Do you have a HackRF or RTL-SDR that's deaf? You can't fix everything in software - it all starts with the antenna! There will be a brief show & tell of some DIY antennas and the design compromises behind them, then we'll try our hand at building a simple corner-reflector style 5.8GHz directional antenna suitable for WiFi fox-hunting (while stocks last). We also plan to have some antenna analyzers on hand - in order of certainty: 240MHz, 1.5GHz, and if we're lucky - a 20GHz analyzer loaned by a generous local radio club (CRARC) member. So if those cantennas, DIY helicals/clover-leaf designs or commercial antennas aren't working - come get it measured! We'll hopefully have the gear available throughout both days of the conference.Bio:
Paul is a software developer, amateur radio explorer, and member of MakeHackVoid (a local hackerspace).Neal Wise
The Root of all EAPoL
EAP - Extensible Authentication Protocol - is used in network authentication strategies such as IEEE-802.1x (for wired and wireless networks) and for authentication for VPNs. EAP authentication relies on EAP implementation methods such as EAP-TLS and EAP-PEAP and others to authenticate accessing endpoint devices.When implemented correctly (and with related controls) EAP as used in 802.1x can be an effective strategy for layer 2 authentication for network mediums. Unfortunately, the security qualities of EAP methods vary widely with some more being more effective than others. EAP implementations for VPN, wired and wireless network authentication also vary widely and, because of WPA/WPA2’s use of EAP in wireless solutions, some poor presumptions and myths exist about the effectiveness of all EAP implementations.
This brief talk illustrates threats to EAPoL (EAP over LAN) solutions by examining network packet captures on each side of the solution - between the accessing client’s supplicant software and the network device and that device and its authentication source. If you like long walks on the beach and tedious walks through gory network packet details, this talk is your jam.
Bio:
Neal Wise is director of Melbourne-based Assurance which he co-founded in 2005.Neal's >25 year career as a sysadmin and consultant has centred around distributed solutions and the network and security duct-tape that holds them together.
Jakub Kaluzny
Pentesting voice biometrics
The era of scratch cards, RSA tokens, SMS codes and different variations of second factor authentication (and authorization) devices is soon to be over. The question is - what will replace current 2-FA methods - smart mobile applications or biometric solutions? And how quickly will the attackers find ways to bypass these methods. One of the most popular biometric authentication already being widely implemented is voice biometrics. In this talk, expect to learn:- how to pentest voice biometrics
- tools for automating calls to IVR channels
- how good is a good microphone
- how to fuzz the voice and identify key biometric characteristics and thresholds to bypass the algorithms
- how these kind of solutions compare to standard password metrics
Bio:
Jakub is a Security Consultant at The Missing Link Security in Australia and performs penetration tests of high-risk applications, systems and devices. Previously securing online banking in Europe, working for European Space Agency and protecting instant bank transfers intermediary. He was a speaker at many international conferences, including OWASP AppSec EU, Zeronights, HackInTheBox, BlackHat Asia, as well local security events. Apart from testing applications, he digs into proprietary network protocols, embedded devices and enterprise solutions.Wizzy
Busted: Putting common Elevator myths to the test
In this presentation I will attempt to bust some common elevator myths. These myths may have originated from movies, internet forums or friends whose aunts cousins brothers work colleague did it once! Each of the myths will be explained and validated/invalidated with technical reasoning. Some examples myths include:- You will be crushed if you are underneath or on top of an elevator.
- You can force a lift to travel directly to your selected floor by pressing a combination of buttons.
- When stuck you should just pull the doors open and climb out.
- If everyone jumps in the elevator at the same time you can cause it to stop.
- In a free falling lift can you cheat death by jumping at the exact right moment? (Myth Busters have already done this!)
Bio:
Like many of us Joshua has had an interest in computing and security for as long as he can remember. However, out of high school he pursued a career as an Elevator Technician (Electrician) where he spent over a decade in various roles including rescuing trapped passengers and designing security interfaces. More recently Joshua has transitioned into a role as a security consultant for a Sydney based firm.Privacy Workshops
Set up your own end-to-end encrypted group chat - 1hr
Are you a pentester or bug bounty hunter? Do you share lots of secrets over Slack? There is a better way. We build our own end-to-end encrypted secure group chat service based on Matrix and Riot. Matrix is an open standard for decentralised communication and Riot allows teams to communicate across a wide range of collaboration apps.Set up (your secret blog) on a Tor hidden service - Minimise leakage and get your fancy .onion URL - 1hr
Were you planning to publish something anonymously on the Internet? What can go wrong? Join this workshop to avoid the common mistakes others make. Learn how you can generate a fancy .onion URLs for your static blog. Scan your service for OPSEC leaks and misconfiguration that may reveal your real identity.Bios:
Attacus is a software and systems engineer from Australia. She spends her days building and breaking corporate identity systems. Following a stint as an academic specialising in the surveillance mechanisms of medieval Europe, she has spent more recent years teaching practical tech privacy to the public, giving talks on the history and ethics of technology, and camouflaging herself in libraries.Gabor is a information security freelancer in his professional life. In his free time, he organises the monthly CryptoParty privacy workshops in Sydney. He is a passionate privacy, open government and free speech advocate.
Robin is a software developer who believes the software industry is culpable in the demise of privacy. He attempts to demystify and promote privacy tech by facilitating cryptoparties, making noise on the internet, and organising a collective of software makers called Hack for Privacy.
Contributors: Magdalena Cassel, Andrew Jones
Adel Karimi & Elliott Brink
Honeypotting - A journey into deception based security - 2hrs
This workshop introduces you to honeypot technology and the ways you can leverage deception in production environments. During this practical session you will learn about the different types of honeypot, use-cases, tools, implementation techniques and challenges. The attendees will then have the opportunity to setup and try honeypot tools. We will also have a kind of Forensic Challenge. So don’t forget to bring your laptop with a virtualization software installed (VMware / VirtualBox).Bio:
Adel is a security guy by day and a honeypotter by night. He has been a chapter lead at the Honeynet Project since 2010 and recently started Trapbits, an open community for honeypot enthusiasts in Oz. He enjoys astrophotography, researching botnets, data visualization, and anything infosec!Elliott is an Information Security Consultant based out of Melbourne. He specializes in internal/external pentesting, security architecture, and social engineering engagements. He loves computer history, tracking bad guys, honeypots, an expertly crafted bloody mary and traveling the globe.
Dan Wallis & Kevin Alcock
Infosec 101.1
Abstract: Do terms like XSS, SQLi, RCE, Buffer Overflow, Rootkit, Trojan, Phishing, DDoS, Malware, Virus, or just the word Hacker leave you confused? We all had to start somewhere and this is the training for you, the beginner. Dan and Kevin are here to help you into the world of information security. This will be a light hearted, fun and interactive session.We'll talk through what these terms mean, and try to answer questions as we go. There'll be live examples of the basics, and an opportunity to try these out in a lab (so bring along a laptop). The goal of this session is to come away with some usable knowledge, and an entry level understanding of the information security world.
Topics:
What is Hacking? (History, what's legal, ethics) Hacking in popular culture versus reality Getting started Understanding of attacks Performing your first attack Tools of the trade How to carry on beyond this session And more…
As an attendee you will need to have a laptop capable of running 2 Virtual Box VM's that will be supplied.
Bio:
Dan works as a Technical Sales Specialist at Lateral Security and also runs the Christchurch branch of Information Security Interest Group (ISIG). Formerly a sysadmin in a world of web developers, he's built, managed, maintained, fixed, and tested a good number of websites.Kevin occasionally helps Dan run the the Christchurch branch of ISIG. He has been programming for a living since 1986 (yes, longer than most of you have been alive).Now he is the founder and principal consultant at Katipo Information Security.