CSides Monthly Security MeetupsNote: Due to COVID-19, CSides monthly meets will be running live, online until further notice
CSides Monthly Security Meetups provide an opportunity to listen to and share security research within the Canberra region. The meeting occurs normally on the 3rd Friday of every month. Each meetup consists of 1-2 talks of around 30 mins each. Talks start at 6pm and are followed by some socialising
New attendees are welcome, just come along! (There are no entry fees, and no tickets to book)
The talks at CSides are technical. CSides welcomes new and interesting speakers to present - the topic will be on a technical or security issue. As a speaker you can be an expert, a student, someone learning a new area or maybe a regular speaker on the conference circuit, but we also love to have new and occasional speakers. Please contact one of the organisers below if you are interested in speaking.
You are very welcome to propose running activites other than talks, such as hands-on workshops, an infosec quiz or something else relevant to our techie audience!
- YouTube Live https://youtu.be/eUBZFOVFvjE
Bldg 145 (New Cyber building) ANU
Acton ACT 2601
- BSidesCbr Slack #csides
Badger & Co
Joplin Lane Kambri Precinct,
- Kylie McDevitt
Heap Exploitation (Jayden)
Friday 21st August 2020
Talk 1: KPB – Bringing together the best bits of Kaitai Struct and Google Protocol BuffersKaitai Struct is a great tool that can be used to easily define all kinds of binary messages – but only supports de-serialising. Google Protocol Buffers generates code for both serialising and deserialising – but only supports its own binary format. This poses limitations for developers such as myself, looking to easily serialise non-protobuf binaries without serious workarounds.
This led me to develop the Kaitai Protocol Buffer (or KPB), my Frankenstien tool which combines the useful features offered by Google Protocol Buffers and Kaitai Struct to create a more powerful tool – one that supports serialising and deserialising in complex binary formats.
This tool uses Kaitai Struct yaml files and generates protobuf style code.
Peter RankinPeter Rankin is a secure software developer and vulnerability researcher for Azimuth. Outside of work he enjoys making devices do things they shouldn’t and then never using them. Recent tinkerings include porting a NES emulator to the ESP8226 chip and writing his own Nintendo Joycon driver for the Linux kernel. Peter has previously worked as a software engineer for Penten and the Australian Department of Defence.
He has volunteered for BSides Canberra the last 3 years and wrote the firmware for the 2019 BSides badge - the “Nopia 1337”. He is volunteering again this year and has supported development of the BSides 2020/2021 badge firmware.
Email: [email protected]
Talk 2: Modern Communication NetworksThis talk takes a brief look at some of the emerging changes to communication networks and their security consequences.
Kylie McDevittKylie McDevitt graduated from ANU with a Bachelor of Engineering and worked for Australia’s largest Telco as a radio engineer in MobileNet before moving into computer security, where she has been for the last 11 years. She has a Masters in Computer Networking as well as multiple industry certifications. Kylie has lectured at UNSW Canberra and spends her free time organising community events such as BSides Canberra and the CSides monthly security meetup.
Friday 10th July 2020
Talk 1: OSINT'ing at ScaleOSINT is any form of intelligence freely and easily available. This intelligence can come from news, social media, government databases, weather, geo-imagery, etc. Ben will be taking a deep dive into finding this intelligence at a scale a human cannot compete with, and will use Covid-19 as the example. The talk will cover why we might want to capture this data, how we capture this data, and what we do once we've got it.
Ben MenziesBenzies - began his career at the age of 17 where he was lucky to get himself an apprenticeship for the school he was also studying at. After a few years of working and learning, earned him a diploma in network engineering. Since then Ben has worked his way through different levels in IT, starting from desktop support, small business consulting, server support, gateway security engineer, cyber security consulting, to currently a security engineer. Each step in Ben's career has been security focused finding his true passion in IT when he became a gateway engineer. It was here Ben became more involved in the Cyber Security community and has continued to grow that passion since.
Talk 2: Entomology 101In this talk, Louis is going to cover some of the methods you can use to manage your collection of bugs.
Louis NyffeneggerLouis Nyffenegger is a security engineer based in Melbourne, Australia.He is the founder of PentesterLab, a learning platform for web penetration testing.
Friday 19th June 2020
Talk 1: What Makes Cryptography Secure?Cryptography is an absolutely essential part of the bedrock for electronic security. Each and every day, every human with an Internet connection relies on staggering amounts of cryptographic research that makes sure they're talking to the right server and nobody else can read what they're saying. Why can we put so much faith in cryptography? Because a lot of people much cleverer than any of us spent a lot of time thinking about what it means for cryptography to be secure!
In this talk, Eleanor will show you how cryptographers think about security. They will explain exactly what we mean and do not mean when we say that an algorithm is "secure", and show you how to interpret these guarantees. They will finish with a proof that one particular system -- ElGamal -- satisfies one of the strongest such guarantees. For the practical-minded, the takeaway will be "exactly what can I trust cryptography to do?" For everybody, they will show you that cryptography is not forbidden sorcery, and give you a taste for what's out there.
Eleanor is a second-year Master's student at the University of Melbourne, researching applied cryptography in the context of verifiable voting with Vanessa Teague. They are interested in literally everything which is possibly the ultimate of blessings and curses, and intend to pursue a PhD starting next year. When they don't have their nose buried in a textbook (which is rare), they enjoy musical theatre, karate, and roleplaying games.
Talk 2: Transitioning Cyber Security to a Mission Risk Mindset (aka, why the new ISM is better)The Australian Signals Directorate has recently removed all traditional references to “should” and “must” from the Information Security Manual. This means that there are no longer a defined set of security controls that must be in place to achieve accreditation of secure and classified networks. This represents a transition in the way that the government treats cyber security, and will enable and delegate the responsibility for government and industry partners to determine their own cyber security risk, their risk appetite, and in turn use these to determine what security controls they need to implement to achieve an accepted level of risk. This presentation discusses the impact of these changes, as well as the industry wide transition from a compliance or “checklist” based cyber security strategy, to one more in line with traditional business or mission risk.
Iain DicksonIain is a “data scientist” who has fallen into the Cyber profession. He has previously worked as a Cyber Security Research Engineer, and as a Cyber Threat Intelligence Technical Lead for the Australian Government. He is currently the Cyber Technical Lead for Leidos Australia, leading cyber security projects across the organisation.
Talk 3: Security and privacy of Bluetooth-based contact tracing appsThis talk will be a quick introduction to Bluetooth-based contact tracing, mostly focusing on Australia's COVIDSafe app. In particular, we'll look at some of the security and privacy issues that were discovered during analysis of this app, how they were found, and how they were subsequently addressed in COVIDSafe.
Jim MussaredJim works on the MicroPython project, and is one of the authors of MicroPython's Bluetooth implementation. Before that, he worked in high school computer science education at Grok Learning, distributed systems and cloud storage at Google Australia, and industrial process control and monitoring systems at ISS Group.
Friday 22nd May 2020
Talk 1: ThreatPursuit VMIn this short presentation I will introduce and walkthrough the setup of ThreatPursuitVM. TPVM is a dedicated threat intel virtual machine with the primary goal to enable the community with a freely accessible toolkit to research evil. Aimed anywhere between juniors to seasoned pros across a diverse range of roles or skillsets e.g (“malware analysts, defensive cyber operations, intelligence analysts, data scientists”) with capability. The types of things you can do include;
- Collecting, analyse and pivot across multiple open-sourced intelligence source feeds
- Harvest and share indicators/feeds across a community
- Emulate adversarial behaviours to create or validate playbooks
- Leverage or develop machine learning algorithms & train models on intrusion data
- Visualise, model and explore cyber-led crime networks
- Create yara rules, IOCs and produce finished intelligence products
- And so on..
Dan KennedyDan currently is a Senior Analyst at Mandiant Threat Pursuit Team, where he researches, hunts and creates adversarial tradecraft for emulation. Is also a graduate from Charles Sturt University AGSPS and an Australian Army Reservist.
Talk 2: Attacks against secure heap allocatorsThis talk will look at attacks against several hardened heap allocators. These secure allocators try to limit the effect of heap corruption and prevent exploitation. We'll discover that even these secure allocators have weaknesses.
The first secure allocator to be examined is Android's Scudo, which uses checksums of chunk headers and internal secrets. I'll show that with an infoleak and the use of an SMT solver, we can create an unlimited number of fake chunk headers with the correct checksums.
We'll also look at the Linux kernel heap allocator which, until recently, used a free list pointer obfuscation technique based around an internal secret. I developed an attack to reveal the secret and was subsequently involved in a set of patches to mitigate the attack. I'll also look at the IsoAlloc secure allocator, which until this week had a variant of the same weakness.
Finally, I'll look at a theoretical attack against the current Linux heap allocator based around what's known in crypotography as bit-flipping. While unlikely, we'll see that the Linux kernel is susceptible to this exotic technique.
If memory corruption or heap allocators interest you, so might this talk!
Dr Silvio Cesare is the Managing Director at InfoSect. He has worked in technical roles and been involved in computer security for over 20 years. This period includes time in Silicon Valley in the USA, France, and Australia. He has worked commercially in both defensive and offensive roles within engineering. He has reported hundreds of software bugs and vulnerabilities in Operating Systems kernels. He was previously the Director for Education and Training at UNSW Canberra Cyber, ensuring quality content and delivery. In his early career, he was the scanner architect and a C developer at Qualys. He is also the co-founder of CSides and BSides Canberra – Australia’s largest tehnical cyber security conference. He has a Ph.D. from Deakin University and has published within industry and academia, is a 4-time Black Hat speaker, gone through academic research commercialisation, and authored a book (Software Similarity and Classification, published by Springer).