CSides Monthly Meetups

CSides Monthly Security Meetups provide an opportunity to listen to and share security research within the Canberra region. The meeting occurs normally on the 2nd Friday of every month. Each meetup consists of 1-2 talks of around 30 mins each. Talks start at 6pm and are followed by some socialising at a local pub.

New attendees are welcome, just come along! (There are no entry fees, and no tickets to book)

The talks at CSides are technical. CSides welcomes new and interesting speakers to present - the topic will be on a technical or security issue. As a speaker you can be an expert, a student, someone learning a new area or maybe a regular speaker on the conference circuit, but we also love to have new and occasional speakers. Please contact one of the organisers below if you are interested in speaking.

You are very welcome to propose running activites other than talks, such as hands-on workshops, an infosec quiz or something else relevant to our techie audience!

Location:	Canberra Rex Hotel 150 Northbourne Ave Braddon ACT 2612
Time:	6.00pm
Afterwards:	Swan & King Bar Canberra Rex Hotel
Organisers:	Kylie McDevitt Silvio Cesare

Future Dates:

13th February 2026: Physical Layer Security (Frank)
13th March 2026
10th April 2026
8th May 2026
12th June 2026

Friday 9th January 2026

Grub bootloader bugs and framework

Grub is the bootloader most commonly used in Linux desktops and servers. A bug in grub can be used for either bypassing secure boot, or maintaining persistence across a reboot once root has been achieved. This talk looks at a variety of bugs found in grub. I'll also discuss a framework for disabling secure boot utilising the grub configuration language. This is made more difficult that typical programming idioms aren't supported in the configuration language. For example, arithmetic is not native to the language, which makes mining memory difficult and hinders programming constructs such as iteration. However, arithmetic can be achieved through the use of the configuration langauge when it implements regular expressions and text substitution.

Dr Silvio Cesare

Dr Silvio Cesare is a founder and Director at InfoSect, a vulnerability research company. He has worked in technical roles and been involved in computer security for over 29 years. This period includes time in Silicon Valley in the USA, France, and Australia. He has worked commercially in both defensive and offensive roles within engineering. He was previously the Director for Education and Training at UNSW Canberra Cyber, ensuring quality content and delivery. In his early career, he was the lead architect and developer for the startup Qualys, now the industry standard in vulnerability management. He has a Ph.D. from Deakin University and has published in academia, having been cited over 1000 times on google scholar. He is a 4-time speaker and also a trainer at the international industry leading Black Hat conference. He has taken his University research through commercialisation and authored a book (Software Similarity and Classification, published by Springer).

For email updates on events, please subscribe:

Past Talks:

Friday 14th November 2025

Against Imperva's wishes, I made 10000 kids

Collecting data from the game of Pokemon Go involves bulk creation of accounts. In order to combat bots and other abusers of the game, a cloud WAF is used to prevent mass account sign-ups. This talk outlines some cheap techniques that can be used to bypass anti-bot measures employed by Imperva and other similar security platforms.

Aeriana Lawler (Shiny Skitty)

Aeriana Lawler (Shiny Skitty) is a Linux sysadmin who these days [unfortunately] works in cyber security auditing. In their spare time, Skitty likes to level the playing field in Pokemon Go by developing tools to annoy spoofers in the game.

Back to Home