CSides Monthly Security Meetups

CSides Monthly Security Meetups provide an opportunity to listen to and share security research within the Canberra region. The meeting occurs normally on the 3rd Friday of every month. Each meetup consists of 1-2 talks of around 30 mins each. Talks start at 6pm and are followed by some socialising at a local pub.

New attendees are welcome, just come along! (There are no entry fees, and no tickets to book)

The talks at CSides are technical. CSides welcomes new and interesting speakers to present - the topic will be on a technical or security issue. As a speaker you can be an expert, a student, someone learning a new area or maybe a regular speaker on the conference circuit, but we also love to have new and occasional speakers. Please contact one of the organisers below if you are interested in speaking.

You are very welcome to propose running activites other than talks, such as hands-on workshops, an infosec quiz or something else relevant to our techie audience!

Room N101
CSIT Building ANU

Acton ACT 2601



Wig & Pen
William Herbert Place,

Canberra ACT 2601

Kylie McDevitt
Silvio Cesare

Future Dates:

Friday 21st September

Talks: 1. Threat Modelling, 2. Malware Reversing

Friday 19th October

Talks: 1. Torgo & c4tler, 2. Reversing USB

Friday 9th November

Talks: 1. Phys Pentest, 2. Intro to binary patching

Please ensure you come around to the back of the building, no one can enter through the front after 5pm. Please refer to the following map

Friday 17th August 2018

Talk 1: Proxcards

After hastily buying a proxmark to replace the fob for his girlfriends new apartment he’d just lost, tsujamin decided to answer a life long question of his: “How do 90 minute transfers work on Action bus cards?”. This presentation is a summary of the state of MIFARE Classic hacking, a case study of the implementation and challenges faced by a widely deployed proxcard application and a demo of what transport card data could be inadvertently used for. Hopefully it will serve as an easy introduction to the approaches other researchers can take when analysing proxcards either recreationally or during security engagements.
tsujamin is a Canberra based infosec practitioner and software engineering graduate. Starting out as a blue teamer, he has worked in threat intel, built a threat hunting team and worked his lifetime share of 4am incident response calls. He now enjoys red teaming, catching buses with RFID kit in his pockets and not being arrested by ACT police.

Talk 2: JavaScript Deobfuscation

JavaScript code can be hard enough to read and understand, even when it’s been well engineered. Now imagine that you’re a malware analyst who needs to understand some malicious JavaScript that has been purposefully obfuscated; what do you do? One approach is to add instrumentation and do a dynamic analysis, but in doing so we may miss important details. Another approach is to perform a static analysis and try to undo the obfuscation. This talk is about the later, and explores how we can borrow techniques from compiler theory and functional programming to build a deobfuscator for malicious JavaScript.
Adrian Herrera
Adrian Herrera is a cyber security researcher at the Defence Science and Technology Group and a visiting researcher at the Australian National University. His research interests are in applying program analysis techniques from academia to solve practical reverse engineering problems.

To be updated when talks are announced, subscribe to our mailing list

* indicates required

Past Talks:

Friday 20th July 2018

Talk 1: Physical Security Auditing
IT Audit - Tick and flick checks for your network, right? What sort of things does an Internal Audit team do. European financial centres use their internal audit functions for penetration testing, physical security checks and red teaming activites. Mark will tell some of the stories of his time working in an Internal Audit function in Europe.
Mark Prior
Mark started off as a systems administrator looking after Novell and AS/400 systems, he moved into Windows and Linux administration and happily did this until 2013 when he had the option to try working in IT security and has been trying to become more than a script kiddy since then. He also enjoys it when he gets a chance to do physical security testing.
Talk 2: Optimum Corpus Design for Fuzzing
An important pre-fuzzing step is to choose which seeds you want to use in your fuzzing campaign. Too many seeds is very bad because most seeds are pretty similar to one another. Too few and you don't have enough diversity for the fuzzer to explore new behaviours. In this talk we look at how to conduct optimum corpus design and introduce two new open source tools to do this: Moonshine and Moonbeam.
Shane Magrath
Shane Magrath is a security researcher in Defence Science and Technology Group. His interests revolve around how to conduct large scale fuzzing campaigns and how to automate as much of this as possible.

Friday 15th June 2018

Talk 1: Control Systems Cyber Security
There is an increased focus on critical infrastructure control systems cybersecurity in the world. This presentation will give an introduction to control systems cybersecurity concepts and directions.
Talk 2: Using VProbes to detect crashes in VMs
VProbes is a dynamic instrumentation system developed by VMware. It is used to provide observability into both virtual machines running on VMware hypervisors, and the hosts themselves. It was developed for internal use in applications such as debugging, tracing, and performance profiling. This talk presents an investigative project on the use of VProbes as a tool for detecting program crashes in virtual machines, and providing diagnostic information relating to the crash; specifically in cases where access to the operating system is limited. The hardware-level systems involved in program crashes will be discussed, as will the operating system-level procedures which determine how to respond.
Sam Wade
Sam Wade is an undergraduate student at the ANU, studying majors in maths, computer science, and electronics engineering. He is also an intern at the ACSC, where the project discussed in this talk was undertaken.

Friday 18th May 2018

Talk 1: Locksport – getting fully sick with a pick
As long as locks have been around, there have been people trying to unlock them without the key. This has been done for reasons including curiosity, criminal Intent, and as a trade. This talk takes a sneak-peek into why (and how) locks can be picked, taking a detour into the efficacy of locksport, its relation to security and the controversy surrounding it. Warning! This talk may contain a shameless plug for Canberra Locksport
Michael O’Flaherty
Michael O’Flaherty (MOF) is just an IT Sec guy who likes to pick locks and is a massive fan of the long bio.
Talk 2: Bug Hunting in Open Source Software
For most of the year, I've been performing code review against a variety of open source software including kernel code and userland applications. As such, I've found numerous vulnerabilities in userland Linux and the Linux, FreeBSD, and NetBSD kernels. I've even been streaming some of the code review sessions on twitch and YouTube and holding public code review group meets at the InfoSect hackerspace, generally finding security vulnerabilities in every session. This presentation looks at some of these vulnerabilities, as well as making the case that this type of research has value in academia.
Dr Silvio Cesare
Dr Silvio Cesare is the Director of Education and Training for Cyber Security at UNSW Canberra @ ADFA. He is also the co-organizer of BSides Canberra, CSides, and InfoSect.