CSides Monthly Security Meetups
CSides Monthly Security Meetups provide an opportunity to listen to and share security research within the Canberra region. The meeting occurs normally on the 3rd Friday of every month. Each meetup consists of 1-2 talks of around 30 mins each. Talks start at 6pm and are followed by some socialising at a local pub.
New attendees are welcome, just come along! (There are no entry fees, and no tickets to book)
The talks at CSides are technical. CSides welcomes new and interesting speakers to present - the topic will be on a technical or security issue. As a speaker you can be an expert, a student, someone learning a new area or maybe a regular speaker on the conference circuit, but we also love to have new and occasional speakers. Please contact one of the organisers below if you are interested in speaking.
You are very welcome to propose running activites other than talks, such as hands-on workshops, an infosec quiz or something else relevant to our techie audience!
- Location:
- Room 1.33
Bldg 145 (New Cyber building) ANU
Acton ACT 2601
- Time:
-
6.00pm
- Afterwards:
- Badger & Co
Joplin Lane Kambri Precinct,
ANU
- Organisers:
- Kylie McDevitt
Silvio Cesare
Future Dates:
Returning in 2020
From 2018 we have been located in the new Cyber Building opposite the Computer Science building. Please refer to the following
map, our location is marked with a red cross.
Friday 15th November 2019
Talk 1: The Evolution of Heap Exploitation in Linux
In the year 2000, a memory corruption bug was generically exploited in Netscape Navigator that took advantage of a buffer overflow in dynamically allocated memory known as the heap. This initiated the next 20 years of heap corruption attacks. The attack, known as the unlink technique, no longer works, but the heap today is a main target for exploitation in the modern era.
This talk will look at the evolution of heap exploitation in Linux. Linux now uses an allocator known as ptmalloc, but over the past 20 years, the heap allocator as evolved as attacks have come and gone and many mitigations have been incorporated.
The original unlink technique gave attackers the ability to write what they wanted where in memory they wanted. It was a powerful primitive, and we'll see that such a primitive generally doesn't exist any more. We'll look at a variety of techniques including those often referred to as "House of.." attacks which give other primitives and that can lead to arbitrary code execution.
Memory corruption has been a bane of systems security for decades and we'll see in this talk that heap exploitation has evolved over the past 20 years. In fact, heap exploitation is still possible and is an active area of research on modern Linux.
Silvio Cesare
Dr Silvio Cesare is the Managing Director at InfoSect. He has worked in technical roles and been involved in computer security for over 20 years. This period includes time in Silicon Valley in the USA, France, and Australia. He has worked commercially in both defensive and offensive roles within engineering. He has reported hundreds of software bugs and vulnerabilities in Operating Systems kernels. He was previously the Director for Education and Training at UNSW Canberra Cyber, ensuring quality content and delivery. In his early career, he was the scanner architect and a C developer at Qualys. He is also the co-founder of BSides Canberra - Australia’s largest cyber security conference. He has a Ph.D. from Deakin University and has published within industry and academia, is a 4-time Black Hat speaker, gone through academic research commercialisation, and authored a book (Software Similarity and Classification, published by Springer).
Talk 2: Reverse Engineering with Christian Giuffre
Christian Giuffre
Past Talks:
Friday 13th September 2019
Talk 1: Electronic Hardware Design
This talk will cover the process of designing, manufacturing, and assembling electronic hardware, with a focus on how to use KiCad to design and layout a PCB. Using a keyboard Josh designed as an example, aspects of the process such as circuit design, PCB layout and assembly, along with programming and mechanical design will be demonstrated, with the goal of providing an overview of the process for anyone interested in designing their own hardware.
Josh Johnson
Josh is passionate about electronic design and spends far too much time designing boards and writing firmware. He is currently in his final semester of university, and is looking forward to joining the real world next year with a product development role in automotive.
Talk 2: Reverse Engineering with bioinformatics
This is a hand-wavy tour of similarities, differences, and opportunities that exist between bioinformatics and other communities sharing vaguely similar goals:
- advance understanding of complex, opaque systems as quickly and efficiently as possible
- discover surprising or non-obvious system properties, such as emergent behaviours "at scale" that resist localized, one-off, or small-scale analysis
- identify which are the relevant or dominant factors influencing system properties of interest
- apply this understanding in order to modify, exploit, harden, or adapt to these systems effectively
This talk is brought to you by a non-expert mostly wanting to share how some biologists work (circa ~2012 anyway), and where some workflow/analysis isomorphisms with software engineering appear to be.
I'll argue that biologists are perhaps the ultimate reverse engineers and how some of their communities collaborate or effectively build on each other's work to achieve a lot with very little. Along the way, we'll walk through a couple of Kubernetes analysis problems and try to answer the question, "if this was biology, what would a bioinformatician do"?
Paul
Paul spends most of his time avoiding mastery of anything in particular under the guise of being a generalist and a technical debt collector. Paul has worked in R&D at small companies (oilfield instrumentation: gas chromatography, gamma spectroscopy; software defined radio), was a bioinformatics plumber at CSIRO for a few years, and these days - in between wrangling software into operational usefulness - dabbles in security of Linux-based things.
Friday 16th August 2019
Talk 1: Incident Response Exercises
Computers are exceptionally good at taking instructions and making very fast, very precise mistakes very reliably. Humans are conceptually similar but interpret their inputs and decide on courses of action based on experience.
I’ll discuss the value in performing incident response exercises to expose participants to experiences and processes in a safe environment. These synthetic experiences can be devised against specific goals for the organisation or individual with measurable outcomes. Observations under these conditions can be used to develop participants capacity for handling real-world events.
Kirk
Kirk is a Security Consultant at TSS Cyber in Canberra, joining the team after 10 years in Air Force ICT. He has worked training exercises, drills and training programs for the military and has been a Dungeon Master for most of his life. He has completed degrees in Training and Development, Information Management and a Master of Cyber Security.
Friday 26th July 2019
Talk 1: Extracting crypto routines with Ghidra – Get the firehose
Ever bricked a phone? Not a fun experience. Even when you have no fastboot, adb and a black screen – don’t worry, there is still hope. Some vendors provide tools that allow you to unbrick an un-brickable phone, but when you do this, it opens up a whole new attack surface. These tools are often bundled with Firehose programmers – which give you much more capability than just re-flashing a phone. This talk is about how I used Ghidra to extract a Firehose programmer for a OnePlus 5 phone by reverse engineering a firmware updater. I will also talk about QualComm’s Emergency Download (EDL) mode, Firehose programmers and how to peek/poke memory before you even get to Android.
Peter Rankin
Peter Rankin is a secure software developer for Azimuth. Outside of work he enjoys making devices do things they shouldn’t and then never using them. Peter has previously worked as a software engineer for Penten and the Australian Department of Defence.
Friday 21st June 2019
Talk 1: Shaving the Yak
This talk will take the audience through the journey of reverse engineering a wireless telemetry system. Highlights will include a demonstration using open source analysis tools and a software defined radio to receive and analyse a digital radio signal.
Phil
Phil has worked for a US multinational telecommunications vendor, a military systems integrator and several small Australian companies. He has participated as a member of various industry/government cybersecurity working groups. He has a passion for fusing software, electronics, hardware and emerging radio technology. He also has an unhealthy interest in cryptography
Talk 1: BSidesCbr 2019 CTF
This year's BSides Capture the Flag was designed and built by the
@CybearsCTF team, previous winners of the competition from 2016 to 2018. In this talk we'll discuss the ideals of designing novel puzzles, and the realities of delivering them to an audience of several hundred players. We'll do walkthroughs of some of this year's challenges to help those who didn't get a chance to play at BSides understand how we approach problem solving and what kind of skillsets can be leveraged in these competitions.
Matt
Matt, who commits as hypersphere, has been playing CTFs with Cybears since BSides 2016 and was on staff for the 2019 competition. He wrote the ROT -13 and Fixie Bike Website challenges this year, and was sort of (definitely) responsible for the great CTF infrastructure fire of 2019.
Torgo
Torgo, who commits as Torgo, has been playing CTFs with Cybears since forever. He built the CTF testing infrastructure framework and the stringalong, serially-cool, numberstation, and secelf challenges. He was also responsible for putting out the great CTF infrastructure fire of 2019.
Talk 2: Coccinelle for Bug Discovery in C Source Code
In this talk, I use a tool called coccinelle to discover bugs in C
source code. Coccinelle uses a Semantic Patch Language and takes code
templates to identify and, if desired, make patches to the relevant
source code. The Linux kernel team use coccinelle to prevent bug
patterns in git commits. I've written over 50 templates that describe
the majority of bugs listed in the SEI CERT C Coding Standard. From
this, I've scanned 500 random packages in Ubuntu and found numerous
bugs. I've also looked at every package in the Ubuntu 18.04 LTS
repository and pulled out every SUID binary and its associated source.
I automated this approach and have regular and frequent scans of these
packages to identify accidental introduction of bugs. Finally, I've
used the NSA released reversing tool Ghidra to decompile binaries in
headless mode. I've dumped firmware from embedded devices uses the
BUSSide, extracted filesystem images with binwalk, decompiled relevant
non x86 system binaries, and passed the source code to my Coccinelle
scripts. Overall, coccinelle is tool that makes writing custom and
generic static analysis tools for source code practical for many
people.
Silvio Cesare
Dr Silvio Cesare is the Managing Director at specialist training
provider, InfoSect (
http://infosectcbr.com.au). He has worked in
technical roles and been involved in computer security for over 20
years. This period includes time in Silicon Valley in the USA, France,
and Australia. He has worked commercially in both defensive and
offensive roles within engineering. He was previously the Director for
Education and Training at UNSW Canberra Cyber, ensuring quality
content and delivery. He is also the co-founder of CSides and BSides Canberra -
Australia’s largest cyber security conference. He has a Ph.D. from
Deakin University and has published within industry and academia, gone
through academic research commercialisation, and authored a book
(Software Similarity and Classification, published by Springer).