CSides Monthly Meetups

CSides Monthly Security Meetups provide an opportunity to listen to and share security research within the Canberra region. The meeting occurs normally on the 2nd Friday of every month. Each meetup consists of 1-2 talks of around 30 mins each. Talks start at 6pm and are followed by some socialising at a local pub.

New attendees are welcome, just come along! (There are no entry fees, and no tickets to book)

The talks at CSides are technical. CSides welcomes new and interesting speakers to present - the topic will be on a technical or security issue. As a speaker you can be an expert, a student, someone learning a new area or maybe a regular speaker on the conference circuit, but we also love to have new and occasional speakers. Please contact one of the organisers below if you are interested in speaking.

You are very welcome to propose running activites other than talks, such as hands-on workshops, an infosec quiz or something else relevant to our techie audience!

Location:	Canberra Rex Hotel 150 Northbourne Ave Braddon ACT 2612
Time:	6.00pm
Afterwards:	Swan & King Bar Canberra Rex Hotel
Organisers:	Kylie McDevitt Silvio Cesare

Future Dates:

2nd May 2025: Android bug walkthrough (Angus), Quantum Crypt (Luke O'Connor)
6th Jun 2025: Cole Cornford, Leslie Cartwright

Thursday 17th April 2025

An Introduction to Post-Quantum Cryptography

A large-scale quantum computer has the ability to break all current public-key cryptography used on the internet. Does one exist already? If not, what would it take to build one? What are the cryptographic and cyber security communities doing to mitigate this threat? What do I need to do to prepare for the coming crypto-pocalypse?
These questions and more will hopefully be answered in a high level discussion on physics, computing and mathematics. (No prior knowledge of physics, computing or mathematics required!).

Cipher

Cipher is an avid CTF player for the Cybears CTF team with a background in cryptography. Every CTF he says he will learn more about reverse engineering and vulnerability research, before solely focusing on cryptography challenges. Cipher has also helped run the BSides CBR CTF for the last four events.

For email updates on events, please subscribe:

Past Talks:

Friday 14th March 2025

String Handling Bugs in C

This talk will look at the many ways string handling in the C programming language can go wrong.

Dr Silvio Cesare

Dr Silvio Cesare is a founder and CTO at InfoSect, a vulnerability research company. He has worked in technical roles and been involved in computer security for over 29 years. This period includes time in Silicon Valley in the USA, France, and Australia. He has worked commercially in both defensive and offensive roles within engineering. He was previously the Director for Education and Training at UNSW Canberra Cyber, ensuring quality content and delivery. In his early career, he was the lead architect and developer for the startup Qualys, now the industry standard in vulnerability management. He has a Ph.D. from Deakin University and has published in academia, having been cited over 800 times on google scholar. He is a 4-time speaker and also a trainer at the international industry leading Black Hat conference. He has taken his University research through commercialisation and authored a book (Software Similarity and Classification, published by Springer)

Friday 21st February 2025

Why is Rust Safe

Google, Microsoft and others have estimated that over 70% of severe security vulnerabilities in memory-unsafe codebases are due to memory safety bugs. Rust is a memory-safe language suitable for system-level programming. Rust guarantees thread safety, no memory corruption and no undefined behaviour, without imposing the performance overhead of a garbage collector. How does it do that? In this talk we reinvent Rust's concept of Ownership, which enables it to make these guarantees at compile-time.

Ben Williamson

Ben graduated from engineering at UQ in 1996, and has spent eight years working in Silicon Valley. His background spans embedded development, safety-critical systems, browser security, network security and cryptographic protocols. He recently resigned from Apple, where he worked on autonomous systems, iCloud Keychain sync protocols, and a Rust implementation of IPsec that secures network traffic across Apple's data centres. He also developed and ran Apple's internal Rust training since 2015.

Hacking a Smart Camera for Fun and no Profit

In October last year, InfoSect competed in Pwn2Own Ireland. They focussed their efforts on three devices, successfully exploiting two of them. This talk is about the third, unhacked device - the Synology TC500 smart camera. It discusses the process of finding a format string vulnerability in the firmware, how it could be exploited to gain a reverse shell, and the experience of competing in Pwn2Own.

Sam Hinwood

By day, Sam is a vulnerability researcher at InfoSect. By night, Sam is asleep.

Friday 24th January 2025

Enhancing Embedded Security Assessments

IoT devices have become pervasive in the way we live and interact with the world. In order to provide security assessments on the wide variety of devices on the market, InfoSect has had to expand their capabilities. This talk will walk through InfoSect’s improved process for performing security assessment on embedded devices.

Kylie McDevitt

Kylie McDevitt is a security researcher at her own company, InfoSect, specialising in Linux and embedded devices. Before starting at InfoSect, she was a Technical Director at the Australian Signals Directorate (ASD). Kylie graduated from ANU with a Bachelor of Engineering and worked for Australia’s largest telco as a radio engineer in MobileNet before moving into computer security, where she has been for the last 16 years. She has a Masters in Computer Networking, as well as multiple industry certifications. Kylie has taught as a casual lecturer at UNSW Canberra and spends her free time organising community events such as BSides Canberra and the CSides monthly security meetup.

Friday 22nd November 2024

Educational Purposes Only - How I accidentally stopped a massive school data breach without annoying the government (too much)

Over the last few years, the ACT Education Directorate has embarked on an ambitious identity and cloud migration project, moving tens of thousands of students into a digital education suite. Along the way, several security vulnerabilities and system misconfigurations have led to some funny, strange, or sometimes seriously scary results. Educational Purposes Only covers how Miles uncovered, experienced, and reported many of these throughout his time as a public school student, while highlighting how difficult it can be for security researchers to have their findings taken seriously by Australian governments still finding their cybersecurity wings.

Miles Greenwark

Miles Greenwark is a Canberra-based software engineer and an independent security researcher tackling large, interesting problems in the identity and security space in the private and public sectors. Since school, he has been fascinated by the security of IT systems, and how to bypass them in no uncertain terms. Miles hopes that by strengthening Australia's sovereign cybersecurity capability and incentivising researchers to do the work they love, we can cut off the disastrous tsunami of data breaches that Australia has been consistently experiencing for the last few years.

Exploiting a device at Pwn2Own 2024

In October 2024 the InfoSect team attended Pwn2Own in Cork Ireland. This talk will take a deep dive into the bug and exploit that was developed for one of the successful compromises.

Rami

Rami is a senior vulnerability researcher at InfoSect.