CSides Monthly Security MeetupsCSides Monthly Security Meetups provide an opportunity to listen to and share security research within the Canberra region. The meeting occurs normally on the 3rd Friday of every month. Each meetup consists of 1-2 talks of around 30 mins each. Talks start at 6pm and are followed by some socialising at a local pub.
New attendees are welcome, just come along! (There are no entry fees, and no tickets to book)
The talks at CSides are technical. CSides welcomes new and interesting speakers to present - the topic will be on a technical or security issue. As a speaker you can be an expert, a student, someone learning a new area or maybe a regular speaker on the conference circuit, but we also love to have new and occasional speakers. Please contact one of the organisers below if you are interested in speaking.
You are very welcome to propose running activites other than talks, such as hands-on workshops, an infosec quiz or something else relevant to our techie audience!
- Room N101
CSIT Building ANU
Acton ACT 2601
- Wig & Pen
William Herbert Place,
Canberra ACT 2601
- Silvio Cesare
Future Dates:CSides will return June 2018, the break allowing us to spend time organising BSides Canberra 2018.
Please ensure you come around to the back of the building, no one can enter through the front after 5pm. Please refer to the following map
Friday 17th November 2017
Talk 1: Swift SecurityNew programming languages are advertised to have a wide array of improved security features that mitigate against unsafe code. Amongst other things, Apple Swift advertises that variables are always initialized before use, arrays and integers are checked for overflow, and memory is automatically managed. This talk will verify some of Apple's claims about Swift through the analysis of Swift binaries produced by the compilation process.
Christian GiuffreChristian is intrigued by how things work on the inside. During the day he works in CrowdStrike's hunt team, finding hands on actors that have infiltrated networks across the globe. He has a particularly keen interest in understanding the implementation details of implants and binary tool kits.
Talk 2: Gophers, whales and.. clouds? Oh my!Go, Docker and Microservices; some great technologies and buzzwords that we hear so much about on the development side of the fence, but how can we leverage these technologies to improve our offensive capacity? Armed with a passion for new tech, a vague theory, and an ‘nsa-o-matic’ approved project name; gopherblazer was born.
Whether through dockerising and improving existing tooling, leveraging Function-as-a-Service (FaaS) offerings, or just distributing offensive capabilities; I’ll share what I learned on my journey into improving my offensive capacity and productivity (while having an excuse to play with shiny technologies along the way!).
Glenn 'devalias' GrantGlenn ‘devalias’ Grant is a full-stack, polyglot developer with an acute interest in the offensive side of security. Whether building something new or finding the cracks to break in, there is always a solution to be found; even if it requires learning something entirely new. If you can improve/automate something, do it, and if you’ve put the effort in to do so, open-source it and share it with everyone else.
When not hacking and coding, Glenn can be found snowboarding the peaks of Japan, falling out of the sky, floating around underwater, or just finding the most efficient path between A and B (even if that’s over walls). Life is short. Do the things you love, embrace the unknown, live your dreams, and share your passion.
Friday 13th October 2017
Talk 1: The CSI Effect: How does Digital Forensics in the real world compare to what you see on TV?Alicia will give an insight into Digital Forensics in the AFP and how there is no such thing as a “typical” day. She will discuss the fact that even though real life forensics isn’t like what you see on TV, it’s still pretty cool! Alicia will touch on some of the cases she’s worked on and how digital evidence is critical to the investigation and prosecution of all crime types.
Alicia PetersAfter completing an IT degree, Alicia started her full-time tech career with the ATO. While working there, she discovered the emerging “Computer Forensics” field and began tertiary study again. She’s now had her dream job with AFP Digital Forensics for over 10 years.
Talk 2: L2 Attacks against virtual devicesThe growth of datacentre consolidation and on-demand compute has shifted the direction of computer networks to virtualisation. With the increasing popularity of programmable networks such as Cisco ACI and VMware NSX and the industry-wide push towards network automation, we are seeing more and more networks pushed down towards the hypervisor and implemented as virtual switches. This talk investigates traditional network attacks done against network hardware and how they apply to the virtualised network successors. I will cover L2 ARP attacks, VLAN hopping and STP.
Kylie McDevittKylie studied Telco Engineering at ANU in the late 90s and has a Masters in Computer Networking with CSU. She has worked primarily within Network Engineering across government and private sectors and currently is a technical security consultant specialising in computer networks. In her spare time she enjoys building and breaking networks, pushing boundaries in security and knowledge.
Friday 9th September 2017
Talk 2: 1001 Puzzles for Geeks: Volume 1There's a new crew from Canberra tearing up the international CTF circuit just about every time they can remember to show up to the InfoSect warehouse and exhaust themselves with puzzles for a whole weekend. They claim it's not all about winning but the look of exhilaration when they see a flag on their display makes that a pretty obvious lie. The InfoSect CTF team (collective? coven?) has placed 20th, 6th and 3rd in recently played events, typically out of a few hundred teams who participate and score at least one point. In this talk, we'll take a brief run through some of the most interesting challenges the team has solved in the last few months, and get an overview of some of the tools and approaches used. There'll also be a discussion on how some of us got into such a fun-strating hobby and how you can start truly enjoying your weekend relaxation time like us.
Matt BrindleyMatt Brindley is a secure systems developer at the Australian Department of Defence with a focus on application development, system analysis and forensics. He's got a history of being a puzzle dork, played the BSides AU CTF with the CyBears, and has shown a recent pivot into masochism by playing online CTFs in earnest with an array of friends from the InfoSect community.
Talk 1: An Introduction to Embedded Security
Friday 18th August 2017
Talk 1: Rust SecurityEvery programming language is a compromise. For instance, features that improve developer productivity might limit runtime performance and so on. When it comes to security, languages typically look to options such as garbage collection to provide a level of memory safety or encourage coding standards and static analysis to reduce bugs. This talk will look at some of the unique compromises Rust makes to try and offer its developers "safety, concurrency, and speed".
Cameron FordCameron is enthusiastic about security and software development. As a day job this means leading a small team developing tools to make red teaming faster and more reliable. In his own time Cameron can be found deving on other interesting problems that have caught his attention.
How to drop 100 USB keys into the wildWhat happens when you drop 100 USBs between Sydney & Canberra? Over the course of a few weeks my team, a few volunteers & I decided to scatter a few seemingly harmless USB keys around and to see what happens. This talk will go through the why, the method, outcomes of the drop and what we’d do differently next time.
Edward FarrellEdward Farrell runs a security practice out of Sydney.
Friday 14th July 2017
Talk 1: CFG BypassCFG is meant to be robust against Arbitrary Writes from a remote attacker through its usage of Mutable Read Only Data, but Microsoft acknowledges that attacks against Mutable Read Only Data do exist and that additional work is required in future versions of Windows to fully protect CFG against them. In this talk, we'll show practical examples of such attacks, which effectively mean that in the context of for example, a browser, an arbitrary read/write primitive (or simply, arbitrary write + info leak) can be used to bypass Mutable Read Only Data, which can then be used to bypass CFG.
Alex IonescuAlex Ionescu is the Vice President of EDR Strategy at CrowdStrike, Inc., where he started as its Chief Architect almost six years ago. Alex is a world-class security architect and consultant expert in low-level system software, kernel development, security training, and reverse engineering. He is coauthor of the last three editions of the Windows Internals series, along with Mark Russinovich and David Solomon. His work has led to the fixing of many critical kernel vulnerabilities, as well as over a few dozen non-security bugs.
Previously, Alex was the lead kernel developer for ReactOS, an open source Windows clone written from scratch, for which he wrote most of the Windows NT-based subsystems. During his studies in Computer Science, Alex worked at Apple on the iOS kernel, boot loader, and drivers on the original core platform team behind the iPhone, iPad and AppleTV.
Alex is also the founder of Winsider Seminars & Solutions Inc., a company that specializes in low-level system software, reverse engineering and security trainings for various organizations.
Talk 2: Not-so-bad USBRemember Bad USB? An attack so bad that every USB chip vendor recalled their products and fixed the problem? Well this talk is on my progress in trying to get it working on cheap Officeworks drives. This involves a number of broken drives and staring at hex dumps.
What will be covered:
- Quick overview of Bad USB and the drives in question.
- Obtaining files and documentation needed.
- Reversing the files and API commands used.
- Tools used and made.
- Issues encountered.