Schedule Monthly Security Meetups
Schedule Monthly Security Meetups provide an opportunity to listen to and share security research within the Canberra region. The meeting occurs normally on the 3rd Friday of every month. Each meetup consists of 1-2 talks of around 30 mins each. Talks start at 6pm and are followed by some socialising at a local pub.
New attendees are welcome, just come along! (There are no entry fees, and no tickets to book)
The talks at Schedule are technical. CSides welcomes new and interesting speakers to present - the topic will be on a technical or security issue. As a speaker you can be an expert, a student, someone learning a new area or maybe a regular speaker on the conference circuit, but we also love to have new and occasional speakers. Please contact one of the organisers below if you are interested in speaking.
You are very welcome to propose running activites other than talks, such as hands-on workshops, an infosec quiz or something else relevant to our techie audience!
- Location:
- Room 1.33
Bldg 145 (New Cyber building) ANU
Acton ACT 2601
- Time:
-
6.00pm
- Afterwards:
- Wig & Pen
William Herbert Place,
Canberra ACT 2601
- Organisers:
- Kylie McDevitt
Silvio Cesare
Future Dates:
returning May 2019
Please ensure you come around to the back of the building, no one can enter through the front after 5pm. Please refer to the following
map
Friday 9th November 2018
Talk 1: Intro to binary patching – How to make the Switch
Finally, Nintendo combines the console and portable into a single device – the Switch. But who has the pocket space to carry around multiple devices? Surely there’s a way enjoy the fun of the Switch on a mobile device… Just pair some controllers and bam! But nothing is ever that easy, and sometimes a binary patch is the key. This talk will cover how to understand and make your own binary patches for Android, including Android security considerations and patching from the kernel using a driver.
Peter Rankin
Peter Rankin is a secure software developer for Penten, solving hard problems in the mobile space. Outside of work he enjoys making devices do things they shouldn’t and then never using them. Peter has previously worked as a software engineer for Australian Department of Defence, Robert Bosch and Thales Australia.
Talk 2: Hardware Interfacing with the BUSSide
At BSides Canberra this year we gave away an electronic badge, known as the BUSSide, to 2000 delegates. The BUSSide has since been under active development to deliver a hardware hacking tool to interface with I2C, SPI, UART, and JTAG. The well known and fantastic JTagulator can detect UART and JTAG pinouts, yet costs $175 USD. The BUSSide does all this, and more, at a fraction of the cost. Additionally, it has some functionality provided by the Bus Pirate, and some extra features. The BUSSide can detect I2C and SPI pinouts, dump I2C EEPROMS, and dump SPI flash. A neat feature is the 'uart passthrough auto' command which detects a UART pinout, identifies the line settings, and drops you into an interactive serial console - all done completely automatically. This presentation will discuss the design and implementation of the BUSSide at a technical level. If you want to
know the low level details of common physical interfaces, and how to use that for IoT and hardware hacking, then this talk will be of interest
Dr Silvio Cesare
Dr Silvio Cesare is the managing director of the Canberra-based training, consultancy, and occasional hacker space, InfoSect. He is also the co-founder of the annual BSides Canberra conference and the Schedule monthly security meets. Before InfoSect, he was the Director of Education and Training at UNSW Canberra @ADFA. During his career, he has been the scanner architect at Qualys, worked in Silicon Valley, taken University research to commercialization, written a book, and published within academia and industry.
Past Talks:
Friday 19th October 2018
Talk 1: USB Protocols
USB fans, so cool right! What if the fan could talk to you? I finally found a fan that would talk to me, but I wanted more from it. This talk discusses reverse engineering software and USB protocols all to reimplement an RGB LED fan's USB protocol.
Fergus Symon
Fergus is a software developer with a focus on security, malware and embedded platforms.
Talk 2: `pip install exfil` - Date exfiltration and C2 using package repositories
Developers regularly use public repositories to install 3rd party libraries, from OS-specific repos like the Arch User Repository to language-specific repos like Python's PyPi, to public sourcecode repos like Github. The majority of requests to these systems are under SSL, to known, trusted, public servers, and request would not look out of place coming from a software build server or a developer's workstation.
This talk will present a novel example of using Python's official PyPi repo to create a command-and-control and data exfiltration channel. It will then cover analysis of other common public repositories; detailing protections in place to prevent similar malicious usage.
Pat
Pat is a software developer who creates silly security tools, referring to them as "novel techniques" in a vain attempt to gain street cred in the infosec community.
Friday 21st September 2018
Talk 1: How To Eat A Shell Backwards In 367 Bytes
Shellcode, as a stranger in a foreign land of memory and execution, is a literal use case for the phrase 'pull yourself up by your bootstraps'. This talk analyses and explains how, when you start from
nothing, all you need in the end is 367 bytes of code and data to get badness done.
Christian
Christian is intrigued by how things work on the inside. During daylight hours he is part of CrowdStrike's APT hunt team, finding hands on actors that have infiltrated networks across the globe. He has a particular keen interest in operating system internals, and understanding the implementation of implants and binary tool-kits.
Talk 2: Threat Modelling
A simple discussion on threat modelling, what it is, using threat modelling in vulnerability research, and a few basic tips.
Kim
Over 10 years experience in cyber security. Heavy focus on reverse engineering, finding vulnerabilities, getting them fixed and improving the security posture of software and systems.
Friday 17th August 2018
Talk 1: redacted
Talk 2: JavaScript Deobfuscation
JavaScript code can be hard enough to read and understand, even when it’s been well engineered. Now imagine that you’re a malware analyst who needs to understand some malicious JavaScript that has been purposefully obfuscated; what do you do? One approach is to add instrumentation and do a dynamic analysis, but in doing so we may miss important details. Another approach is to perform a static analysis and try to undo the obfuscation. This talk is about the later, and explores how we can borrow techniques from compiler theory and functional programming to build a deobfuscator for malicious JavaScript.
Adrian Herrera
Adrian Herrera is a cyber security researcher at the Defence Science and Technology Group and a visiting researcher at the Australian National University. His research interests are in applying program analysis techniques from academia to solve practical reverse engineering problems.
Friday 20th July 2018
Talk 1: Physical Security Auditing
IT Audit - Tick and flick checks for your network, right? What sort of things does an Internal Audit team do. European financial centres use their internal audit functions for penetration testing, physical security checks and red teaming activites. Mark will tell some of the stories of his time working in an Internal Audit function in Europe.
Mark Prior
Mark started off as a systems administrator looking after Novell and AS/400 systems, he moved into Windows and Linux administration and happily did this until 2013 when he had the option to try working in IT security and has been trying to become more than a script kiddy since then. He also enjoys it when he gets a chance to do physical security testing.
Talk 2: Optimum Corpus Design for Fuzzing
An important pre-fuzzing step is to choose which seeds you want to use in your fuzzing campaign. Too many seeds is very bad because most seeds are pretty similar to one another. Too few and you don't have enough diversity for the fuzzer to explore new behaviours. In this talk we look at how to conduct optimum corpus design and introduce two new open source tools to do this: Moonshine and Moonbeam.
Shane Magrath
Shane Magrath is a security researcher in Defence Science and Technology Group. His interests revolve around how to conduct large scale fuzzing campaigns and how to automate as much of this as possible.
Friday 15th June 2018
Talk 1: Control Systems Cyber Security
There is an increased focus on critical infrastructure control systems cybersecurity in the world. This presentation will give an introduction to control systems cybersecurity concepts and directions.
Ken
Talk 2: Using VProbes to detect crashes in VMs
VProbes is a dynamic instrumentation system developed by VMware. It is used to provide observability into both virtual machines running on VMware hypervisors, and the hosts themselves. It was developed for internal use in applications such as debugging, tracing, and performance profiling. This talk presents an investigative project on the use of VProbes as a tool for detecting program crashes in virtual machines, and providing diagnostic information relating to the crash; specifically in cases where access to the operating system is limited. The hardware-level systems involved in program crashes will be discussed, as will the operating system-level procedures which determine how to respond.
Sam Wade
Sam Wade is an undergraduate student at the ANU, studying majors in maths, computer science, and electronics engineering. He is also an intern at the ACSC, where the project discussed in this talk was undertaken.
Friday 18th May 2018
Talk 1: Locksport – getting fully sick with a pick
As long as locks have been around, there have been people trying to unlock them without the key. This has been done for reasons including curiosity, criminal Intent, and as a trade.
This talk takes a sneak-peek into why (and how) locks can be picked, taking a detour into the efficacy of locksport, its relation to security and the controversy surrounding it.
Warning! This talk may contain a shameless plug for Canberra Locksport
Michael O’Flaherty
Michael O’Flaherty (MOF) is just an IT Sec guy who likes to pick locks and is a massive fan of the long bio.
Talk 2: Bug Hunting in Open Source Software
For most of the year, I've been performing code review against a variety of open source software including kernel code and userland applications. As such, I've found numerous vulnerabilities in userland Linux and the Linux, FreeBSD, and NetBSD kernels. I've even been streaming some of the code review sessions on twitch and YouTube and holding public code review group meets at the InfoSect hackerspace, generally finding security vulnerabilities in every session. This presentation looks at some of these vulnerabilities, as well as making the case that this type of research has value in academia.
Dr Silvio Cesare
Dr Silvio Cesare is the Director of Education and Training for Cyber Security at UNSW Canberra @ ADFA. He is also the co-organizer of BSides Canberra, Schedule, and InfoSect.