CSides Monthly Meetups

CSides Monthly Security Meetups provide an opportunity to listen to and share security research within the Canberra region. The meeting occurs normally on the 2nd Friday of every month. Each meetup consists of 1-2 talks of around 30 mins each. Talks start at 6pm and are followed by some socialising at a local pub.

New attendees are welcome, just come along! (There are no entry fees, and no tickets to book)

The talks at CSides are technical. CSides welcomes new and interesting speakers to present - the topic will be on a technical or security issue. As a speaker you can be an expert, a student, someone learning a new area or maybe a regular speaker on the conference circuit, but we also love to have new and occasional speakers. Please contact one of the organisers below if you are interested in speaking.

You are very welcome to propose running activites other than talks, such as hands-on workshops, an infosec quiz or something else relevant to our techie audience!

Location:	Canberra Rex Hotel 150 Northbourne Ave Braddon ACT 2612
Time:	6.00pm
Afterwards:	Swan & King Bar Canberra Rex Hotel
Organisers:	Kylie McDevitt Silvio Cesare

Future Dates:

14th Mar 2025: TBA
11th Apr 2025: TBA
9th May 2025: TBA
6th Jun 2025: TBA

Friday 21st February 2025

Why is Rust Safe

Google, Microsoft and others have estimated that over 70% of severe security vulnerabilities in memory-unsafe codebases are due to memory safety bugs. Rust is a memory-safe language suitable for system-level programming. Rust guarantees thread safety, no memory corruption and no undefined behaviour, without imposing the performance overhead of a garbage collector. How does it do that? In this talk we reinvent Rust's concept of Ownership, which enables it to make these guarantees at compile-time.

Ben Williamson

Ben graduated from engineering at UQ in 1996, and has spent eight years working in Silicon Valley. His background spans embedded development, safety-critical systems, browser security, network security and cryptographic protocols. He recently resigned from Apple, where he worked on autonomous systems, iCloud Keychain sync protocols, and a Rust implementation of IPsec that secures network traffic across Apple's data centres. He also developed and ran Apple's internal Rust training since 2015.

Hacking a Smart Camera for Fun and no Profit

In October last year, InfoSect competed in Pwn2Own Ireland. They focussed their efforts on three devices, successfully exploiting two of them. This talk is about the third, unhacked device - the Synology TC500 smart camera. It discusses the process of finding a format string vulnerability in the firmware, how it could be exploited to gain a reverse shell, and the experience of competing in Pwn2Own.

Sam Hinwood

By day, Sam is a vulnerability researcher at InfoSect. By night, Sam is asleep.

For email updates on events, please subscribe:

Past Talks:

See more past CSides talks at https://bsidescbr.com.au/archive.html

Friday 24th January 2025

Enhancing Embedded Security Assessments

IoT devices have become pervasive in the way we live and interact with the world. In order to provide security assessments on the wide variety of devices on the market, InfoSect has had to expand their capabilities. This talk will walk through InfoSect’s improved process for performing security assessment on embedded devices.

Kylie McDevitt

Kylie McDevitt is a security researcher at her own company, InfoSect, specialising in Linux and embedded devices. Before starting at InfoSect, she was a Technical Director at the Australian Signals Directorate (ASD). Kylie graduated from ANU with a Bachelor of Engineering and worked for Australia’s largest telco as a radio engineer in MobileNet before moving into computer security, where she has been for the last 16 years. She has a Masters in Computer Networking, as well as multiple industry certifications. Kylie has taught as a casual lecturer at UNSW Canberra and spends her free time organising community events such as BSides Canberra and the CSides monthly security meetup.

Friday 22nd November 2024

Educational Purposes Only - How I accidentally stopped a massive school data breach without annoying the government (too much)

Over the last few years, the ACT Education Directorate has embarked on an ambitious identity and cloud migration project, moving tens of thousands of students into a digital education suite. Along the way, several security vulnerabilities and system misconfigurations have led to some funny, strange, or sometimes seriously scary results. Educational Purposes Only covers how Miles uncovered, experienced, and reported many of these throughout his time as a public school student, while highlighting how difficult it can be for security researchers to have their findings taken seriously by Australian governments still finding their cybersecurity wings.

Miles Greenwark

Miles Greenwark is a Canberra-based software engineer and an independent security researcher tackling large, interesting problems in the identity and security space in the private and public sectors. Since school, he has been fascinated by the security of IT systems, and how to bypass them in no uncertain terms. Miles hopes that by strengthening Australia's sovereign cybersecurity capability and incentivising researchers to do the work they love, we can cut off the disastrous tsunami of data breaches that Australia has been consistently experiencing for the last few years.

Exploiting a device at Pwn2Own 2024

In October 2024 the InfoSect team attended Pwn2Own in Cork Ireland. This talk will take a deep dive into the bug and exploit that was developed for one of the successful compromises.

Rami

Rami is a senior vulnerability researcher at InfoSect.