CSides Monthly Security Meetups

CSides Monthly Security Meetups provide an opportunity to listen to and share security research within the Canberra region. The meeting occurs normally on the 3rd Friday of every month. Each meetup consists of 1-2 talks of around 30 mins each. Talks start at 6pm and are followed by some socialising at a local pub.

New attendees are welcome, just come along! (There are no entry fees, and no tickets to book)

The talks at CSides are technical. CSides welcomes new and interesting speakers to present - the topic will be on a technical or security issue. As a speaker you can be an expert, a student, someone learning a new area or maybe a regular speaker on the conference circuit, but we also love to have new and occasional speakers. Please contact one of the organisers below if you are interested in speaking.

You are very welcome to propose running activites other than talks, such as hands-on workshops, an infosec quiz or something else relevant to our techie audience!

Location:
Room 1.33
Bldg 145 (New Cyber building) ANU

Acton ACT 2601

Time:

6.00pm

Afterwards:
Badger & Co
Joplin Lane Kambri Precinct,

ANU

Organisers:
Kylie McDevitt
Silvio Cesare

Future Dates:

13th September 2019

Maintenance Programming vs RE

4th October 2019

IR

15th November 2019

From 2018 we have been located in the new Cyber Building opposite the Computer Science building. Please refer to the following map, our location is marked with a red cross.

Friday 16th August 2019

Talk 1: Incident Response Exercises

Computers are exceptionally good at taking instructions and making very fast, very precise mistakes very reliably. Humans are conceptually similar but interpret their inputs and decide on courses of action based on experience. I’ll discuss the value in performing incident response exercises to expose participants to experiences and processes in a safe environment. These synthetic experiences can be devised against specific goals for the organisation or individual with measurable outcomes. Observations under these conditions can be used to develop participants capacity for handling real-world events.
Kirk
Kirk is a Security Consultant at TSS Cyber in Canberra, joining the team after 10 years in Air Force ICT. He has worked training exercises, drills and training programs for the military and has been a Dungeon Master for most of his life. He has completed degrees in Training and Development, Information Management and a Master of Cyber Security.

Talk 2: TBA

To be updated when talks are announced, subscribe to our mailing list

* indicates required

Past Talks:

Friday 26th July 2019

Talk 1: Extracting crypto routines with Ghidra – Get the firehose
Ever bricked a phone? Not a fun experience. Even when you have no fastboot, adb and a black screen – don’t worry, there is still hope. Some vendors provide tools that allow you to unbrick an un-brickable phone, but when you do this, it opens up a whole new attack surface. These tools are often bundled with Firehose programmers – which give you much more capability than just re-flashing a phone. This talk is about how I used Ghidra to extract a Firehose programmer for a OnePlus 5 phone by reverse engineering a firmware updater. I will also talk about QualComm’s Emergency Download (EDL) mode, Firehose programmers and how to peek/poke memory before you even get to Android.
Peter Rankin
Peter Rankin is a secure software developer for Azimuth. Outside of work he enjoys making devices do things they shouldn’t and then never using them. Peter has previously worked as a software engineer for Penten and the Australian Department of Defence.

Friday 21st June 2019

Talk 1: Shaving the Yak
This talk will take the audience through the journey of reverse engineering a wireless telemetry system. Highlights will include a demonstration using open source analysis tools and a software defined radio to receive and analyse a digital radio signal.
Phil
Phil has worked for a US multinational telecommunications vendor, a military systems integrator and several small Australian companies. He has participated as a member of various industry/government cybersecurity working groups. He has a passion for fusing software, electronics, hardware and emerging radio technology. He also has an unhealthy interest in cryptography

Friday 17th May 2019

Talk 1: BSidesCbr 2019 CTF
This year's BSides Capture the Flag was designed and built by the @CybearsCTF team, previous winners of the competition from 2016 to 2018. In this talk we'll discuss the ideals of designing novel puzzles, and the realities of delivering them to an audience of several hundred players. We'll do walkthroughs of some of this year's challenges to help those who didn't get a chance to play at BSides understand how we approach problem solving and what kind of skillsets can be leveraged in these competitions.
Matt
Matt, who commits as hypersphere, has been playing CTFs with Cybears since BSides 2016 and was on staff for the 2019 competition. He wrote the ROT -13 and Fixie Bike Website challenges this year, and was sort of (definitely) responsible for the great CTF infrastructure fire of 2019.
Torgo
Torgo, who commits as Torgo, has been playing CTFs with Cybears since forever. He built the CTF testing infrastructure framework and the stringalong, serially-cool, numberstation, and secelf challenges. He was also responsible for putting out the great CTF infrastructure fire of 2019.
Talk 2: Coccinelle for Bug Discovery in C Source Code
In this talk, I use a tool called coccinelle to discover bugs in C source code. Coccinelle uses a Semantic Patch Language and takes code templates to identify and, if desired, make patches to the relevant source code. The Linux kernel team use coccinelle to prevent bug patterns in git commits. I've written over 50 templates that describe the majority of bugs listed in the SEI CERT C Coding Standard. From this, I've scanned 500 random packages in Ubuntu and found numerous bugs. I've also looked at every package in the Ubuntu 18.04 LTS repository and pulled out every SUID binary and its associated source. I automated this approach and have regular and frequent scans of these packages to identify accidental introduction of bugs. Finally, I've used the NSA released reversing tool Ghidra to decompile binaries in headless mode. I've dumped firmware from embedded devices uses the BUSSide, extracted filesystem images with binwalk, decompiled relevant non x86 system binaries, and passed the source code to my Coccinelle scripts. Overall, coccinelle is tool that makes writing custom and generic static analysis tools for source code practical for many people.
Silvio Cesare
Dr Silvio Cesare is the Managing Director at specialist training provider, InfoSect (http://infosectcbr.com.au). He has worked in technical roles and been involved in computer security for over 20 years. This period includes time in Silicon Valley in the USA, France, and Australia. He has worked commercially in both defensive and offensive roles within engineering. He was previously the Director for Education and Training at UNSW Canberra Cyber, ensuring quality content and delivery. He is also the co-founder of CSides and BSides Canberra - Australia’s largest cyber security conference. He has a Ph.D. from Deakin University and has published within industry and academia, gone through academic research commercialisation, and authored a book (Software Similarity and Classification, published by Springer).