CSides Monthly Security Meetups

CSides Monthly Security Meetups provide an opportunity to listen to and share security research within the Canberra region. The meeting occurs normally on the 2nd Friday of every month. Each meetup consists of 1-2 talks of around 30 mins each. Talks start at 6pm and are followed by some socialising at a local pub.

New attendees are welcome, just come along! (There are no entry fees, and no tickets to book)

The talks at CSides are technical. CSides welcomes new and interesting speakers to present - the topic will be on a technical or security issue. As a speaker you can be an expert, a student, someone learning a new area or maybe a regular speaker on the conference circuit, but we also love to have new and occasional speakers. Please contact one of the organisers below if you are interested in speaking.

You are very welcome to propose running activites other than talks, such as hands-on workshops, an infosec quiz or something else relevant to our techie audience!

Canberra Rex Hotel
150 Northbourne Ave

Braddon ACT 2612



Swan & King Bar
Canberra Rex Hotel
Kylie McDevitt
Silvio Cesare

Future Dates:

No more dates scheduled for 2023, but get ready for BSidesCbr 2023!

Friday 12th May 2023

Talk 1: Introduction to SAML and its Security

SAML is one of the key protocols used to perform Single Sign-On. Especially for enterprises who...
ACKCHYUALLY!!! SAML is a Markup Language, like HTML... You don't code in HTML, you don't SSO with SAML.
Ok, thanks for the clarification. In this talk we are going to look at how SAML is used to provide Single Sign-on and what security issues can arise.
Louis Nyffenegger
Louis Nyffenegger is a security engineer based in Melbourne, Australia. He used to perform pentest, architecture and code review. Louis is the founder of PentesterLab, a learning platform for web penetration testing.

To be updated when talks are announced, subscribe to our mailing list

* indicates required

Past Talks:

Friday 28th April 2023

Talk 1: Code Analysis with Databases
We use databases for storing, querying, and analyzing data. But what if our database stored code? Then, you could write your code analysis via rules describing “what” the analysis produces, rather than defining algorithms for “how” to perform the analysis. This approach is called declarative static analysis, and is the basis of tools like CodeQL. This talk will look at the key ideas and technologies behind declarative static analysis (in particular, the Datalog programming language). It won’t be all theory; we’ll also build our own security tooling along the way.
Adrian Herrera
Adrian is a security researcher at Interrupt Labs, where he builds tools for vulnerability research. Before joining Interrupt Labs, Adrian was a researcher at the Defence Science and Technology Group. Adrian is also completing a PhD at the Australian National University. He swears he’ll finish his thesis “in the next month or so”.

Friday 10th March 2023

Talk 1: IoT Malware
David will present some new IOT malware he discovered, by accident, on a wifi photo frame purchased at a physical store right here in Canberra. He will describe the tools and techniques used to locate and extract the malware from its hiding place deep in the firmware of the device.
David Collett
David is a Software Developer within the Digital Surveillance Collection branch at the Australian Federal Police and formerly worked for ASD. He has 20yrs experience in the computer security field.

Friday 3rd February 2023

Talk 1: Attacking the heap allocator in musl-libc
This talk is a dive into the new malloc implementation in musl, a lightweight alternative to glibc that is commonly found in docker containers and some embedded devices. Musl takes an interesting approach to memory management, which has effectively killed some common classes of heap vulnerabilities. We will discuss how these changes have improved on security, and follow up by demonstrating some ways in which the allocator's internal data structures can be corrupted to gain more powerful exploit primitives.
Daniel Wood
Daniel is a vulnerability researcher at InfoSect with a background in penetration testing and software development. His interests include hacking.

Friday 11th November 2022

Talk 1: Looking into security and privacy of the Galaxy SmartTag
Many smartphone devices now days have some sort of 'Find My Device' feature that helps the owner locate their lost devices. Companies such as Apple and Samsung have further extended this feature using the concept of crowd-sourced finding, which allows the owner to locate their lost devices remotely without requiring the lost device to have an active internet connection. This extended feature will be referred to as Offline Finding (OF). Typically, an OF network consists of 3 types of devices:
  1. Offline/lost device: emits Bluetooth Low Energy (BLE) data
  2. Online/finder device: scans for BLE data from lost devices and reports the approximated location of any found lost device to a location server
  3. Owner device: receives location updates of their lost device(s) from the server
Samsung has one of the largest OF networks, which consists of hundreds of million devices participating actively for location tracking, which follows that security and privacy flaws within such a "ubiquitous" network may cause extensive impact. This talk will primarily focus on the Galaxy SmartTag, which is a small BLE tracker released by Samsung in 2021. We will look at some close-sourced details of the Galaxy SmartTag's OF protocols, BLE implementation, security and privacy flaws discovered throughout my research on SmartTags.
Tingfeng Yu
Tingfeng is a comp sci undergrad at ANU, working on the Machine Learning specialization and a Mathematics minor. Tingfeng has always been interested in cyber security. The research project on Bluetooth security allowed her to further explore her interests in this field. Some of her other interests include digital art, boxing, rock climbing, sk8ting, and PIGEONS.
Talk 2: Case Studies in Embedded VR
This talk examines InfoSect's VR process from bug discovery to exploit development on embedded devices. We use a combination of manual code review, binary reverse engineering, fuzz testing, and program static analysis to discover bugs. After bug discovery, we set up an environment to verify the bug and develop an exploit. Finally, we test that our exploit works on the live device. This talk looks at these stages and gives case studies that highlight the processes.
Dr Silvio Cesare
Dr Silvio Cesare is the Managing Director at InfoSect. He has worked in technical roles and been involved in computer security for over 20 years. This period includes time in Silicon Valley in the USA, France, and Australia. He has worked commercially in both defensive and offensive roles within engineering. He has reported hundreds of software bugs and vulnerabilities in Operating Systems kernels. He was previously the Director for Education and Training at UNSW Canberra Cyber, ensuring quality content and delivery. In his early career, he was the scanner architect and a C developer at Qualys. He is also the co-founder of BSides Canberra - Australia’s largest cyber security conference. He has a Ph.D. from Deakin University and has published within industry and academia, is a 4-time Black Hat speaker, gone through academic research commercialisation, and authored a book (Software Similarity and Classification, published by Springer).

Friday 14th October 2022

Talk 1: ICS@home
Smart Homes are so passe - Industrial Control Systems (ICS) are where it's at! After all, why do it with an arduino and a sensor when you could use a Programmable Logic Controller, Human Machine Interface, and Ladder Logic instead? Courtney will be talking through her attempts to monitor her garden hydration levels using an ICS, and how you can do it too.
Courtney has been working in cyber security for nearly ten years, and in that time, has been a software developer, project support officer, security systems assessor, and a cyber security researcher. Over the last 2 years she has become particularly interested in how to secure industrial control systems.
Talk 2: Cognitive hacking is a cyber security threat
We know disinformation can amplify social tensions and unsettle communities, but to what degree can it be intentionally weaponised on a population without it’s knowledge? Cognitive hacking is a cyberattack using disinformation and online influence activities across social media, the internet and networking infrastructure to manipulate our perceptions and exploit psychological vulnerabilities to shape our thinking and change our behaviour. This makes cognitive hacking a real cyber security threat with solutions part of the cyber environment.
Steven Coomber
Steven Coomber is a Senior Manager Cyber with Synergy. As an intelligence professional he has previously worked in the National intelligence Community across counter-terrorism, counter-espionage and technical capabilities. He has written two disinformation white papers with the University of Melbourne on developing capabilities to assess and counter disinformation with citizen intelligence using AI augmented collective analytics.

Friday 9th September 2022

Talk 1: Variant Analysis to Detect Bugs
Variant analysis is a technique to discover software defects based on variants of known bug patterns. This talk compares the effectiveness of different static analysis tools to detect these variants, and the advantages and disadvantages of static variant analysis more broadly.
Sam Hinwood
By day, Sam is in his final semester of his undergraduate at the Australian National University, studying sociology and cybersecurity. By other days, Sam is a security researcher at InfoSect.
Talk 2: Phil and Sash's Most Excellent Adventure in Security Engineering
Sasha and Phil will present on two separate experiences with Project Zero and Zero Trust.
Sash will go through some public vulnerability disclosures at a Health Tech Unicorn circa 2015-2015 that were Responsible (Project Zero) and Irresponsible (!!); and how the security team Engineered the way out, kept Product Engineer velocity, upheld customer trust, and saw the team release firmware to over a million customers. What did Public and Private bounties miss versus what we knew? Did researchers keep up with us? Can you eat a FitBit? All will be answered!
Skip to present day, Google ate FitBit and Phil will speak about some hazy edges around zero trust, managing security at scale using optimisations to work around limitations with hardware processing power. Can you get all 3 of cost, speed and quality at once? Can we eat cake and more?
Phillip Grasso and Sasha Biskup
Phillip has been with CBA (Commonwealth Bank) since 2021 and prior to that spent 14 years at Google running software, networks SRE and infrastructure teams.
Sasha has been with CBA since 2022 and leads security teams, baby seals and likes computers.

Friday 12th August 2022

Talk 1: Pointer Authentication on the M1
This talk will discuss an exploit mitigation technique in modern ARM processors called Pointer Authentication or PAC. We'll discuss some experiments and conjectures on how Apple has implemented PAC on their M1 chips.
Cipher is an avid CTF player for the Cybears CTF team. Every CTF he says he will learn more about reverse engineering and vulnerability research, before solely focusing on cryptography challenges. Cipher has also helped run the BSides CBR CTF for the last two events.
Talk 2: GetInjectedThreadEx - improved heuristics for suspicious thread creations
Since its debut in 2017, Get-InjectedThread.ps1 has been a blue team staple for identifying suspicious threads via their start addresses. However, red teams have subsequently identified low-cost evasion techniques to counteract this - obfuscating their shellcode threads with start addresses within legitimate modules.
This talk will outline the memory artifacts that each evasion leaves behind and the development of an updated script which may be used to detect them.
John Uhlmann
John (he/him) is a Security Research Engineer at Elastic, where he focuses on scalable Windows in-memory malware detection. Prior to this he did similar work at the Australian Cyber Security Centre.

Friday 8th July 2022

Talk 1: How Can We Effectively Test Transient Execution Mitigations
Since the bombshell of Spectre and Meltdown dropped on the public in January 2018, there's been a steady trickle of new transient execution vulnerabilities over the years - with the recent BHI/Spectre-BHB (CVE-2022-0001 & CVE-2022-0002) as a timely reminder that this exploit class is the gift that keeps giving. Hardware mitigations have been introduced with new CPU generations, but plenty of mitigations still exist in software, typically flushing various bits of state when switching between privilege boundaries. In the ongoing conflict between security and performance, how can we reliably know that out mitigations are working? We can write tests, but mitigation testing is tricky. Exploits that abuse microarchitectural details are inherently finicky, so making a functional test that you can run everywhere isn't easy. You can instead only test if a mitigation is correctly applied, but that doesn't tell you if it actually works against an attack. In this talk, Russell will discuss pros and cons of different testing methods, detail what's currently being used by the community, and look at how we could potentially do better in the future.
Russell Currey
Russell Currey is a software engineer at IBM, leading the kernel hardening effort for Linux on POWER Systems. Russell primarily works on kernel memory protection features and automated testing of vulnerability mitigations. He also runs the public continuous integration services for Linux on POWER upstream development, and is a regular speaker at linux.conf.au.
Talk 2: Beautiful Snowflakes - Fingerprinting shared libraries for speedy offset hunting
Every time I write an exploit in pwntools, I'm kind of disappointed by how long it can take to leak enough information about a remote program to discover the offsets I need for ret2* or ROP gadgets. Given an address leak and some arbitrary read construction for a target ELF, the usual process for finding and identifying shared libraries in memory can require a significant number of reads. For remote exploitation or complex/fragile reads, this can impact on both speed and stability. In the era of BIG DATA, it seems like we should be able to do better. This talk covers an adventure in corpus building; fingerprinting approaches; and leveraging those to more effectively identify libraries loaded on a remote target with fewer reads than traditional approaches.
Matt B (maybe)
Matt is your host for the evening and somehow snuck his name onto the speaker list. Someone stop this man! During the work week, he is a security researcher with InfoSect, and on the side he tries to find time to build/play CTF with Cybears, skateboarding bears, and now skateboarding roombear (this is getting weird). Also talk to him about rhythm games :sunglasses-emoji:

Friday 10th June 2022

Talk 1: Strike Force Weenamana
A case study from the digital forensics team leader attached to a joint New South Wales Police and Australian Federal Policy strike force investigating firearms trafficking on the dark net.
Simon Smalley
Simon is a red team cyber security expert with experience in National Intelligence, the Military, and Law Enforcement. He holds a master of Cyber Security (Advanced Tradecraft) with Excellent from UNSW ADFA. He is an OSCP, eCPPT, GSLC, GSNA and IRAP assessor #1308. As a former NSW Police office, Simon has worked in counter-terrorism and special tactics, investigations and digital forensics.
Talk 2: Evolution of State-based Offensive Cyber Operations
This talk examines the use of offensive cyber operations (those which manipulate, deny, degrade or destroy) by looking at how the activities of various states and their tactics in the space have evolved over time. It will include a first look at how Russian forces have used cyber operations during the 2022 invasion of Ukraine.
Tom Uren
Tom writes the Seriously Risky Business policy-focussed cyber security newsletter ( https://srslyriskybiz.substack.com/ ) and is a Senior Fellow at the Australian Strategic Policy Institute (ASPI). He was formerly a Senior Analyst in ASPI's Cyber Policy Centre where he contributed to various projects including on offensive cyber capabilities; information operations; the Huawei debate in Australia; and, most recently, end-to-end encryption. Prior to ASPI, Tom worked on cyber-related issues in the Australian Department of Defence. Tom's formal training is as a scientist and he has a degree in Biochemistry and Molecular Biology.

Friday 13th May 2022

Talk 1: Open Source Cloud Management
This talk covers the details of an open source application for CSPM (Cloud Security Posture Management), and execution through all life-cycle phases for Cloud Estate. We will look at some of the templates developed, how to use them and how to develop your own.
Kieran Rimmer
Kieran is a co-founder and CTO of StackQL. You can find him on LinkedIn and the project on GitHub
Talk 2: E-Voting - Fool me once, shame on you...
This talk will cover as much information about the security, and particularly cryptography, of electronic voting systems as time allows. It will start with a brief discussion of what the systems tend to look like and what security is typically expected. A few examples will be given of errors in real systems, concluding with a discussion of where the field goes from here.
Thomas Haines
Thomas is a lecturer at ANU who loves breaking and fixing e-voting systems. Thomas' work focuses on the security of cryptography in the wild and the applications of formal methods to cryptography.

Friday 8th April 2022

Talk 1: Intro to 3D Printing
There's never been a better time to get into 3D printing. This talk will cover:
  • a brief history of 3D printing from the 1940s to present day,
  • the three most common types of 3D printing currently available to hobbyists and what you can do with them,
  • why you should care about 3D printing, and
  • how to get started and what to expect in terms of budget and effort investments.
Cat is a software security engineer by day, who loves making and breaking things by night. Their hobbies include almost anything you can do with your hands.
Talk 2: Windows x64 Stack Walking - Same Same, but Different
This talk covers the differences between x86 and x64 stack walking on Windows – and the implications for security folks.
John Uhlmann
John is currently a security researcher at Elastic, and formerly at the ACSC.

Friday 11th March 2022

Talk 1: Abusing Public Infrastructure to BYO VirusTotal for Email
In this talk we'll discuss how public-facing email infrastructure can be abused to build a novel email evaluation capability that encompasses an array of targets and secure email gateway technologies. Building this capability has been greatly simplified through development of an open-source project called Phishious. We'll showcase how Phishious exploits a common misconfiguration to leak sensitive information from mail receivers, that ultimately provides the user with information on whether or not their phishing material would end up in the target's mailbox.
Sebastian Salla
Seb is a Security Professional who loves all things related to Cloud and Email Security. When not working his day job, he's frequently trying to find novel techniques that bypass email security controls.
Talk 2: Diamond in the SIEM - Improving the Building Blocks of Security Alert Monitoring
While Pat was taking an in-home holiday (thanks to the apocalypse), he decided to revolutionise the world of Security Information and Event Management (SIEM). Come along for a journey of discovery that traverses event collection, detection development, and user experience; that chronicles how you too can develop your own SIEM that brings a new dimension to computer security. This will not be a serious talk, but hey, you might enjoy it and learn something regardless!
Pat works as a Senior Security Researcher at a large international security organisation and has spoken at numerous international conferences such as BSides Canberra and DEFCON. This is not one of those talks.

Friday 11th February 2022

Talk 1: Immersive 3D for Network Traffic Analysis
This research covers the long, but ultimately un-successful so far, attempt to display computer network traffic in a 3D abstraction that can be more than just a gimmick for management fascination.
Daniel Clark
Daniel has been working in computer security within government since 1999 and is currently working on a part time PhD in cyber security. The software at the heart of this research, Scanmap3D, has been available open-source on Source Forge since 2003.
Talk 2: Exploiting Browsers
This talk takes a bug in a JS Engine and provides an example of the work required to develop it into a browser exploit.
Dr Silvio Cesare
Silvio is best known for his steak cooking and being Kylie's partner. He also wrote about some linux elf stuff in the 90s that is still referenced, has spoke at Blackhat a few times, has a PhD, worked in a few roles and likes to teach and share knowledge. Can you just google him? The next time he speaks at CSides he will get his abstract & bio to Kylie early so she doesn't have to write it for him. ;)

Friday 18th June 2021

Talk 1: eBPF - The coolest-newest kid in town
extended Berkeley Packet Filters (eBPF) is quickly becoming the hottest-newest addition to the Linux Kernel.
With its ability to dynamically trace code execution and efficiently route packets, it is quickly becoming the major system to replace software-defined firewalls, routers, and system tracers, thanks to investment by cloud-native giants like Google and Netflix.
This talk will give an overview of eBPF, and how it can be used for everything from packet capturing, to malware analysis, bug hunting, and even malware. eBPF is becoming a must-know system for Linux developers and security specialists, so come along to learn what eBPF is, why I think it's so dope, and how to start making and using eBPF Programs and tools. Also it's coming to Windows (sorta)!
Pat is an awesome partner to his wife, a hilarious dad to his daughter, and a dedicated ball fetcher to his dog.
When he's not spending time doing those things, he's a senior security researcher at a public cybersecurity company. Having previously worked as a developer of mission-critical systems, he now helps threat hunters uncover and stop advanced actors across the globe.
Talk 2: Cybears Present: A Review of some 2021 BSides CTF Puzzles
The Cybears returned to BSides Canberra in 2021 to run the Capture the Flag competition. This talk will include run throughs of some of our favourite challenges, discussion on how we approach puzzle design and how new players can