CSides Monthly Security Meetups

CSides Monthly Security Meetups provide an opportunity to listen to and share security research within the Canberra region. The meeting occurs normally on the 3rd Friday of every month. Each meetup consists of 1-2 talks of around 30 mins each. Talks start at 6pm and are followed by some socialising at a local pub.

New attendees are welcome, just come along! (There are no entry fees, and no tickets to book)

The talks at CSides are technical. CSides welcomes new and interesting speakers to present - the topic will be on a technical or security issue. As a speaker you can be an expert, a student, someone learning a new area or maybe a regular speaker on the conference circuit, but we also love to have new and occasional speakers. Please contact one of the organisers below if you are interested in speaking.

You are very welcome to propose running activites other than talks, such as hands-on workshops, an infosec quiz or something else relevant to our techie audience!

Location:
Room N101
CSIT Building ANU

Acton ACT 2601

Time:

6.00pm

Afterwards:
Wig & Pen
William Herbert Place,

Canberra ACT 2601

Organisers:
Silvio Cesare
Kylie McDevitt

Future Dates:

Friday 17th August

Talks: 1. RFID (?), 2. Javascript deobfuscation

Friday 21st September

Talks: 1. Threat Modelling, 2. Malware Reversing

Friday 19th October

Talks: 1. Torgo & c4tler, 2. Reversing USB

Friday 9th November

Talks: 1. Phys Pentest, 2. Intro to binary patching

Please ensure you come around to the back of the building, no one can enter through the front after 5pm. Please refer to the following map

Friday 20th July 2018

Talk 1: Physical Security Auditing

IT Audit - Tick and flick checks for your network, right? What sort of things does an Internal Audit team do. European financial centres use their internal audit functions for penetration testing, physical security checks and red teaming activites. Mark will tell some of the stories of his time working in an Internal Audit function in Europe.
Mark Prior
Mark started off as a systems administrator looking after Novell and AS/400 systems, he moved into Windows and Linux administration and happily did this until 2013 when he had the option to try working in IT security and has been trying to become more than a script kiddy since then. He also enjoys it when he gets a chance to do physical security testing.

Talk 2: Optimum Corpus Design for Fuzzing

An important pre-fuzzing step is to choose which seeds you want to use in your fuzzing campaign. Too many seeds is very bad because most seeds are pretty similar to one another. Too few and you don't have enough diversity for the fuzzer to explore new behaviours. In this talk we look at how to conduct optimum corpus design and introduce two new open source tools to do this: Moonshine and Moonbeam.
Shane Magrath
Shane Magrath is a security researcher in Defence Science and Technology Group. His interests revolve around how to conduct large scale fuzzing campaigns and how to automate as much of this as possible.

To be updated when talks are announced, subscribe to our mailing list

* indicates required

Past Talks:

Friday 15th June 2018

Talk 1: Control Systems Cyber Security
There is an increased focus on critical infrastructure control systems cybersecurity in the world. This presentation will give an introduction to control systems cybersecurity concepts and directions.
Ken
Talk 2: Using VProbes to detect crashes in VMs
VProbes is a dynamic instrumentation system developed by VMware. It is used to provide observability into both virtual machines running on VMware hypervisors, and the hosts themselves. It was developed for internal use in applications such as debugging, tracing, and performance profiling. This talk presents an investigative project on the use of VProbes as a tool for detecting program crashes in virtual machines, and providing diagnostic information relating to the crash; specifically in cases where access to the operating system is limited. The hardware-level systems involved in program crashes will be discussed, as will the operating system-level procedures which determine how to respond.
Sam Wade
Sam Wade is an undergraduate student at the ANU, studying majors in maths, computer science, and electronics engineering. He is also an intern at the ACSC, where the project discussed in this talk was undertaken.

Friday 18th May 2018

Talk 1: Locksport – getting fully sick with a pick
As long as locks have been around, there have been people trying to unlock them without the key. This has been done for reasons including curiosity, criminal Intent, and as a trade. This talk takes a sneak-peek into why (and how) locks can be picked, taking a detour into the efficacy of locksport, its relation to security and the controversy surrounding it. Warning! This talk may contain a shameless plug for Canberra Locksport
Michael O’Flaherty
Michael O’Flaherty (MOF) is just an IT Sec guy who likes to pick locks and is a massive fan of the long bio.
Talk 2: Bug Hunting in Open Source Software
For most of the year, I've been performing code review against a variety of open source software including kernel code and userland applications. As such, I've found numerous vulnerabilities in userland Linux and the Linux, FreeBSD, and NetBSD kernels. I've even been streaming some of the code review sessions on twitch and YouTube and holding public code review group meets at the InfoSect hackerspace, generally finding security vulnerabilities in every session. This presentation looks at some of these vulnerabilities, as well as making the case that this type of research has value in academia.
Dr Silvio Cesare
Dr Silvio Cesare is the Director of Education and Training for Cyber Security at UNSW Canberra @ ADFA. He is also the co-organizer of BSides Canberra, CSides, and InfoSect.