Kiwicon 2038AD >>>
  • Home
  • About
    • Sponsors
    • The Crüe
  • News
  • The Con
    • Schedule
    • Talks
    • Events
    • Venues
      • The Michael Fowler Centre Foyer, Ground Floor
      • The Michael Fowler Centre
      • The Malthouse
      • Secret Underground Lair
      • The Michael Fowler Centre Foyer, Level 1
      • Unconfirmed Location
      • Auldhouse
      • The Kiwicon Afterparty
    • CFP
    • Training
      • A Cat, a Dog, and a Roast Turkey: Whats in your Threat Model?
      • Defensive DevOps
      • Information Security Incident Handling Exercise
      • Let's be bad people!
      • Applied Physical Attacks on Embedded and IoT Systems
      • Red Team Master Class
      • Intro to Badge Hacking
      • Textile Hacking
      • Bluetooth Low Energy Hacking 101
      • Lock Picking 101
    • Other
    • Te Kuiti Warrior
    • Parasites
    • Kuracon
    • CTF
    • VR/VX shenanigans
  • FAQ
    • Code of Conduct
  • Buy
    • Contact
    • Ticket Waitlist
    • CFP
    • CTF
    • Events
    • Kuracon
    • Other
    • Parasites
    • Schedule
    • Talks
    • Te Kuiti Warrior
    • Training
    • Venues
    • VR/VX shenanigans

    Talks

    Details

    TitleRegrets
    AbstractThis talk will be on the regrets from building Docker. Recently I have been working a level abstraction above Docker (ie. Kubernetes) and I have a lot of regrets about the way Docker was designed based off seeing how people without a background of Linux primitives use the tool. This talk will cover all the design regrets of Docker and how they are being propagated into other tools causing them to not be as secure as they could be. Join me as I go through all the regrets of software that is now sadly everywhere...
    LocationFri 16 0915 @ The Michael Fowler Centre
    Duration30 mins
    NameJessie Frazelle
    OriginUS
    BioSoftware engineer, hacker, containerizer, haver of regrets about softwarez.

    Titlevmpklōn – Creation of a VMProtect Clone
    AbstractThis talk will discuss our research into VMProtect virtualization technology, which ultimately led to the creation of a VMProtect clone. VMProtect is a commercial-grade software protection platform which greatly increases the difficulty in reverse engineering samples. One feature of VMProtect is instruction virtualization, where original x86 instructions are transformed into a VMProtect-style virtualization. This talk will cover stack based virtual machines, VMProtect basics, writing a disassembler, recovery of x86 translations, and creation of a VMProtect clone.
    LocationFri 16 0945 @ The Michael Fowler Centre
    Duration30 mins
    NameJon Erickson
    OriginUSA
    BioJon Erickson is a senior staff reverse engineer within the Flare team at FireEye. Before joining FireEye, Jon made the rounds with various government contractors and before that served in the United States Air Force. Jon has worked in the security industry for more than 15 years and has a master’s degree from George Mason University. Jon has spoken at numerous conferences including Blackhat Asia, CodeBlue, and SyScan 360. He’s contributed to a number of CVE’s and continuously works to help new security researchers better themselves within the field.

    TitleApathy and Arsenic: a Victorian Era lesson on fighting the surveillance state
    AbstractWhat does expensive Victorian era wallpaper have in common with a Cambridge Analytica Facebook quiz?

    Why is the GDPR like a trip to a seaside resort?

    How could a cryptoparty have anything to do with a rare book in a library in Michigan?

    attacus - historian, privacy advocate, and penetration tester - walks you through a two hundred year old method for fighting the surveillance state, based on the advocacy led by 19th century scientists to abolish the domestic use of arsenic. You will learn about the tireless efforts used by anti-arsenic activists to change the public perception of arsenic, Cory Doctorow's theory of Peak Indifference, the lives ruined by data breaches, and how to sustain the recent public shift from ""I have nothing to hide"" to ""I value my privacy"".

    This session will offer suggestions for developers and other interested folks on how to gather data ethically, how to behave when a data breach occurs, and how to help everyday people have more power over their own information.

    Come along and enjoy a plate of biscuits while you take in stories of murder, mismanagement, and mendacity, and learn how to keep up the fight against mass surveillance now that the tide is turning.
    LocationFri 16 1100 @ The Michael Fowler Centre
    Duration30 mins
    Nameattacus
    OriginMelborne, Australia
    BioThe deposed monarchs of Neverwas had a nearly foolproof plan for regaining their thrones: present a child whom not even the most fanatical anarcho-syndicalist could deny looked absolutely rockin' in a tiara. While they achieved this goal, attacus quests after knowledge rather than the crown. Since she became a pentester she has accepted that she will never be able to find the Grail. In spite of this, attacus continues to seek after strange and hermeutic secrets. She knows more about historical assholes than Hieronymous Bosch.

    TitleIntroducing "moriarty", a tool for automated smart contract symbolic execution vulnerability discovery and exploit synthesis
    Abstract"In the grim future of 2018, there is only war... and the cypherpunks won. if Timothy May was actually dead he'd be cackling in his grave by now. Bitcoin billionaires, smart contracts, end-to-end encryption, onion routing, obscure darkweb forums full of Bulgarian fraud pimps touting their latest autoshop software... it's certainly an exciting time to be alive. Ethereum is a cryptocurrency designed for the execution of ""smart contracts"", where code controls the flow of finance from one account to another. Putting programs in direct control of millions of non-repudible crypto-dollars... what could possibly go wrong? "Moriarty"" is a tool for the vulnerability analysis of ethereum smart contracts, where only one vulnerability actually counts --- stealing cold hard cash. Using the dark arts of symbolic execution, Moriarty can automatically find vulnerabilities and synthesise exploits ""on the fly"". Additionally, Moriarty sweeps the entire ethereum blockchain & contract space in order of potential income to maximise profit, in a purely proof-of-concept kind of way.

    This presentation will discuss the engineering of such a tool from first principles, along with tips, tricks and optimizations as yet unknown in ""other"" more generic symbolic execution frameworks.

    As we used to say back in the day, ""for information reasons only"".
    LocationFri 16 1130 @ The Michael Fowler Centre
    Duration30 mins
    NameCaleb "alhazred" Anderson
    OriginMelborne, Australia
    BioAlhazred's name is a killing word. He enjoys long walks on the beach, the bellows breath of cinnamon, subtle aldehydes ... acids ... performance poetry and collecting HR complaints. In his spare time he works for Context Information Security as a sort-of kind-of foreman, cracking the spiked whip deep within the infosec mines. He was recently promoted from lead consultant to lead consultant.

    TitleFeeding the Beast: Network Insurgency
    AbstractThere's a metric bucketload of cool technology and awesome tools out there to support red team engagements, both physical and digital. But what about the *people* on the red team? Can you actually train someone to think and act like an adversary, rather than relying on 'experience', Twitter poopposting, or CEH/CISSP? Can you distil how different approaches refine and improve the way they think and act, rather than just their technical skills? Short answer: Yes! Long answer: Yeeeeeeesssss! (also with 30 minutes of talking)

    Red Teams wanting to boost their capabilities and simulating more realistic and effective adversaries will be introduced to using F3EAD - a US Special Operations Forces targeting methodology – as a framework for training and engagement.

    F3EAD is a targeting methodology developed to support counter insurgency operations characterised by complex environments and rapidly-moving adversaries. On a more abstract level, it is designed to allow a large, slow-moving organisation with cumbersome decision-making processes to act/react far more rapidly when confronted by an agile, quick enemy. Although relevant from a Blue Team perspective (threat hunting), it can also be adapted for Red Teams to build a simple, effective framework to conduct engagements with. It's not prescriptive, nor does it encourage ticking boxes for the sake of it, rather it emphasises adaptive and flexible engagement.
    LocationFri 16 1201 @ The Michael Fowler Centre
    Duration30 mins
    Namesyngularity0
    OriginAU
    BioOrganiser of SecTalks Canberra, consumer of energy drinks, slayer of digital dragons. Really bad at computers.

    TitleLessons from game consoles and the coming security apocalypse
    AbstractThere are few computing devices that are more attacked on an ongoing basis than game consoles. People want to cheat to win, want to prove their cred, and want to play free games. Over the years, I've seen some interesting things, and have come to the conclusion that computing in general needs to make some serious changes in order to stay viable in the future
    LocationFri 16 1345 @ The Michael Fowler Centre
    Duration30 mins
    NameBoyd Multerer
    OriginWellington (Formerly USA)
    BioTBD

    TitleLiving w/o the Land - Active Directory attacks from Linux
    AbstractPowershell and C# has been the new hotness for 5-6 years now, but with all the AI this and Machine Learning that, one rarely wants to throw that much of your toolkit on disk or even in-memory. Time to head back to the network! This talk will be detailing how directly or via pivots, one can do many of the same recon and attacks against Active Directory with existing tools, and more easily, a new tool.
    LocationFri 16 1415 @ The Michael Fowler Centre
    Duration45 mins
    NameMubix
    OriginUS
    BioMubix (Rob Fuller) is a Senior Red Teamer. His professional experience starts from his time on active duty as United States Marine. He has worked with devices and software that run gambit in the security realm. He has a few certifications, but the titles that he holds above the rest is FATHER, HUSBAND and United States Marine.

    TitleGhosts in the Browser: Backdooring with service workers
    AbstractService workers are all the rage for progressive web apps nowadays. This talk will take a look at Service Workers from a different perspective. We'll talk about ways to abuse them by exploiting XSS issues. We'll cover how to create a pseudo browser backdoor with service workers as well as some of its limitations. The talk will include demos as demonstration of the attacks, and will introduce various defence mechanisms against them.
    LocationFri 16 1500 @ The Michael Fowler Centre
    Duration30 mins
    NameClaudio Contin & Emmanuel Law
    OriginNZ & US
    BioClaudio is a security consultant with ZX Security in Wellington. Before working in security, he spent several years developing web applications. He made small contributions to BEeF framework (http://beefproject.com/) and Gophish (https://getgophish.com/) open source projects.

    Emmanuel Law (@libnex) used to be a consultant in Wellington. He's now a security engineer in the Bay Area.

    TitleMayday, Mayday, Mayday - Safe Harbor, no more
    AbstractCONTENT WARNING: THIS TALK TOUCHES ON SOME VERY SENSITIVE ISSUES, AN INTRO TO THE TALK WILL COVER POSSIBLE TRIGGERS & TOPICS.

    You get your e-mail with Google, you host your code on Github, you run your cluster with Amazon Web Services, you deliver content through Cloudflare and you receive your payments through Stripe and what’s the one thing all of these companies have in common? They were founded in the United States.

    What would happen if you suddenly lost your livelihood because of legislation that another country passed? Would your company be able to survive a legislation change that prevented you from using these services?

    I’ll be talking about the current state of internet legislation, the importance of legislation like Section 230 (Safe Harbor) of the Communication & Decency Act and the ramifications that recently passed legislation is having on the sex and technology industry.
    LocationFri 16 1530 @ The Michael Fowler Centre
    Duration30 mins
    NameEliza Sorensen (@zemmiph0bia)
    OriginAU
    BioEliza is a co-founder of Assembly Four, which created sex worker friendly social network Switter.at and inclusive sex worker advertising platform Tryst.link.

    TitleDHCP is hard
    AbstractDHCP is a 25 years old network protocol supported by almost every network capable device in existence. However, even the most popular implementations of this protocol still contain exploitable vulnerabilities such as OOB writes, use-after-frees or command injections.

    In this talk I'm going to discuss the attack surface provided by the protocol, highlight a number of vulnerabilities I discovered while looking at popular DHCP implementations and try to find reasons why writing a safe implementation of such a seemingly simple protocol is such a hard task. The presentation ends with a deep dive into the exploitation of one of the discovered bugs and a live demo.
    LocationFri 16 1645 @ The Michael Fowler Centre
    Duration30 mins
    NameFelix Wilhelm
    OriginDE
    BioFelix Wilhelm is a Security Engineer at Google focusing on cloud and virtualization security.
    He has discovered vulnerabilities in widely used products ranging from hypervisors and open source network daemons to enterprise software and security appliances.
    He has presented his research at numerous security conferences including Infiltrate, Syscan, Blackhat, Troopers, HITB and 44Con.

    TitleGetting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at Scale
    AbstractYou’ve heard about cloud, big data, server-less infrastructure, web scale, and other buzzwords that cause VCs to throw money at people - but how does this help you? If you’re getting bored going over the same checklist in your pentests then you’re missing out on what some of these new technologies can offer you. Using some of the newer cloud technologies not only can you automate all of your workflows, but you can do so with almost zero maintenance at a low cost with almost infinite scalability! This talk will show you how to blow conventional pentesters out of the water using some cool new technologies along with a little bit of trickery.

    Some of the topics we’ll go over include: * Cheap and scalable rainbow tables with BigQuery, 5TB in 10 seconds * SQS & Lambda, like Burp Intruder but 10K QPS * Scalable GPU Clusters on the cheap with Spot Instances and Elastic Beanstalk * Cloud exit nodes, rotating IPs via Elastic Beanstalk and nano instances * Cost effective fuzzing with Elastic Beanstalk and Spot Instances
    LocationFri 16 1715 @ The Michael Fowler Centre
    Duration30 mins
    Namemoloch & mandatory
    OriginUS / AU
    BioMandatory - Security Engineer with a passion for web and internet security. Moloch - I like computers.

    TitleSecuring a World of Physically Capable Computers
    AbstractComputer security is no longer about data; it’s about life and property. This change makes an enormous difference, and will shake up our industry in many ways.
    First, data authentication and integrity will become more important than confidentiality.
    And second, our largely regulation-free Internet will become a thing of the past.
    Soon we will no longer have a choice between government regulation and no government regulation. Our choice is between smart government regulation and stupid government regulation. Given this future, it’s vital that we look back at what we’ve learned from past attempts to secure these systems, and forward at what technologies, laws, regulations, economic incentives, and social norms we need to secure them in the future.
    LocationFri 16 1745 @ The Michael Fowler Centre
    Duration45 mins
    NameBruce Schneier
    OriginUS
    BioBruce Schneier is an internationally renowned security technologist, called a "security guru" by the Economist.
    He is the author of 14 books -- including the New York Times best-seller Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World -- as well as hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram" and blog "Schneier on Security" are read by over 250,000 people.
    Schneier is a fellow at the Berkman Klein Center for Internet and Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; and an advisory board member of EPIC and VerifiedVoting.org.
    He is also a special advisor to IBM Security and the Chief Technology Officer of IBM Resilient.

    TitleMoving Fast and Securing Things
    AbstractIn a world where autonomy flourishes, a perpetual stream of new ideas gets executed. As the manifestations of dreams move into our beautiful world, how can we ensure that the safety of its inhabitants is not compromised for progress? How do we create a process that recognizes the unique humanity of builders, makers, and coders? How do we enforce security without spiraling into a dystopian authoritarian force with a boot on the neck of valiant developers everywhere?

    At Slack, we’re certainly not perfect. And we recognize that as they are not yet full cyborgs, our human developers are going to make mistakes. Learn about the ways that we set our security teams up for success while still getting cool new stuff out the door as fast as our teams can dream it up...err, and write the code, QA test it, build it and ship it. But still. It’s a fast process. And we want to secure it.

    “Process” is often seen as a antithetical to the fast-moving nature of startups; security processes, in particular, can be regarded as a direct impediment to shipping cool features. On the other hand, the security of an organization and its users shouldn’t be disregarded for the sake of speed. Striking a balance between security and nimble development is a vital aspect of an application security team. At Slack, we have implemented a secure development process which has both accelerated development and allowed us to scale our small team to cover the features of a rapidly growing engineering organization.

    This presentation will illuminate both our Secure Development Lifecycle (SDL) process and the tooling that we have open-sourced, as well as provide analysis of how the process has worked thus far, and where we'd like to take it. We'll discuss our deployment of a flexible framework for security reviews, including a lightweight self-service assessment tool, a checklist generator, and most importantly a messaging process that meets people where they are already working. We’ll show how it’s possible to encourage a security mindset among developers, while avoiding an adversarial relationship.
    LocationSat 17 0900 @ The Michael Fowler Centre
    Duration30 mins
    NameKelly Ann
    OriginUS
    BioKelly Ann is a security engineer on the Product Security team at Slack, where she works on vulnerability assessments of Slack features, as well as educational materials for security best practices for developers. Before joining Slack, Kelly was a penetration tester at NCC Group, and she was previously an eco-pirate protecting endangered species.

    Prior to studying Web Application Development and Penetration Testing, Kelly worked in Intelligence and Investigations for nearly 15 years, working undercover and coordinating covert operations enforcing environmental and animal welfare legislation. Her experience in Operational and Information Security led her to spend four years with Sea Shepherd, mostly on the flagship. Her proudest accomplishment is crafting the media strategy that forced former NZ PM John Key to hold a press conference denouncing the Japanese whaling fleet in which he is clearly miserable that he has been forced to do so. She held the highest level security clearance, working with confidential sources and evading high-tech tracking by state actors, poachers in Antarctica, and pirates in Somali waters. She led a complex 16-month covert campaign involving multiple ships spanning the globe, navigating international waters and international diplomacy, developing and implementing all security procedures and protocols, and most importantly, maintaining the safety of all ships and crew.

    Kelly holds degrees in both Media & Communications Strategy and Gender Studies and graduated from Hackbright Academy. She teaches operational and information security workshops with civil liberties organizations, and has won first place in a social engineering Capture the Flag hosted by Women in Security and Privacy (WISP).

    TitleCyber defence exercises - how to make it cool?
    AbstractTechnical cyber defence exercises are typically conducted in a Cyber Range, hosting hundreds of servers, workstations, network devices, etc.
    Usually the setup is replicating a typical office environment with mailservers, fileservers, webservers, workstations and other typical business IT infrastructure.
    Soon this type of exercise might get boring and people might lose the motivation to participate year by year.

    What about making the exercise environment bit more fancy by integrating some special systems like Power Grid, Mobile Networks, drones, cars etc?
    What are the main challenges setting up these systems?
    What additional skills it would train?
    What are the attack vectors?
    How to visualise these systems to the wider audiences?
    How to keep balance between the learning curve and showcase.
    How to scale special systems and how to avoid just toys.
    NATO CCDCOE has conducted the largest technical international life fire cyber defence exercise Locked Shield for almost 10 years whereby in recent years several dedicated special systems have given a totally new look and feel to the exercise.
    LocationSat 17 0930 @ The Michael Fowler Centre
    Duration30 mins
    NameRaimo Peterson
    OriginEE
    BioRaimo Peterson is Chief of the Technology Branch at the NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE).
    Before his current assignment, he held diverse IT security management, leadership and expert positions for Siemens in Germany, South-Africa and Estonia.
    He has worked on large international IT security projects for the telecommunication industry and for the public sector. In his current position, Raimo leads a group of researchers focusing on technical aspects of cyber defence, especially on monitoring, penetration testing, malware analysis, digital forensics and inductrial control systems. Raimo holds a Diploma in Telecommunications from the Tallinn Technical University. Besides the leadership tasks, in current position Raimo Peterson has been driving the development of the critical infrastructure systems and integrating them into the cyber range and cyber defence exercises

    TitleGetting Shells from JavaScript: offensive JavaScript techniques for red teamers
    AbstractAppSec is often very heavily focused on pre-exploitation. Frameworks like BeEF break this norm a little and can be used as tools to move laterally from the browser, to implant malware on adjacent machines.

    Unfortunately, performing network reconnaissance with JavaScript becomes tricky if the victim doesn't keep the tab open for long.

    This presentation will discuss relatively new features of JavaScript that have made it easier for sophisticated threat actors to craft JavaScript payloads that target internal network vulnerabilities.

    We'll also show new reconnaissance techniques traditionally used by red teams, post-malware implant, that can be used to get a foothold onto a network from a browser, pre-malware implant.

    This presentation will thread together the following techniques to highlight how HTML and JavaScript are more dangerous than ever:

    • CSRF to gain footholds into internal networks
    • WebRTC for internal network reconnaissance
    • Service Workers to help reduce the likelihood of arbitrary JavaScript being detected or halted
    • Bug Bounty programs as a means of exploitation
    • Certificate Transparency and other modern sub-domain reconnaissance techniques to refine where to target your CSRF payloads
    • Looking for vulnerabilities in open source internal tools is much easier to do than looking for vulnerabilities in edge facing assets

    We'll also show some real examples of this, crafting external payloads that target internal assets at large companies, and we'll show how responsible disclosure for intranet facing bugs typically gets resolved.
    LocationSat 17 1045 @ The Michael Fowler Centre
    Duration45 mins
    NameDylan Ayrey and Christian 'xntrik' Frichot
    OriginAU
    BioDylan is a security engineer, who in his free time authors lots of open source projects, such as truffleHog. He graduated college in 2015 and has been working in security ever since. Dylan has presented on a number of topics from lingering TLS certificate issues, to finding secrets, at conferences such as Toorcon, DEFCON, BSidesSF.

    Christian 'xntrik' Frichot is an application security person who spends his free time trying to avoid computers. Currently working to secure self-driving cars in SF, Christian used to contribute a lot to BeEF, and has helped put together words for The Browser Hacker's Handbook. He's also been fortunate enough to present at wonderful events such as Kiwicon, DEFCON, CactusCon & BSidesSF

    TitleOverwatch Cyber-Espionage Tool
    Abstract

    In the last few years we have seen a number of classified documents leaked from Wikileaks. This includes the data dump from the CIA’s entire hacking arsenal, which has been named “Vault 7”.

    With parts of the dumps redacted and without access to the code base this will apparently make it harder for would-be hackers and governments to mimic the agency’s tool's.

    So being a would be hacker and always dreaming and wanting my own cyber espionage weapon. This one quote from Charlie Miller constantly ringing in my ears “The difference between script kiddies and professionals is the difference between merely using other people's tools and writing your own."

    I will present and demonstrate how I tried to develop my own cyber espionage weapon using “Vault 7” leaks as a development base.

    I will discuss and demonstrate the development life cycle and how the “Vault 7” leaks helped me determine possible code base and testing metrics. I will show how the leaks allowed me to plan and begin my journey into my own personal cyber espionage weapon.

    During my presentation I will discuss my requirements and how I tested my new toy in my lab environment (Family & Friends) and then in real world Red Team Assessments, discussing the lessons learnt from real world testing.

    I will then take the plunge into the dark abyss and after talking the talk. I will walk the walk and demonstrate live, my new espionage weapon.

    LocationSat 17 1130 @ The Michael Fowler Centre
    Duration45 mins
    NameWayne
    OriginAU
    BioWayne has conducted security assessments for a range of leading Australian and international organisations. Wayne has unique expertise in Red Team Assessments, Physical, Digital and Social and has presented to a number of organisations and government departments on the current and future state of the security landscape in Australia and overseas.

    TitleTracing the Watchers: practical tooling
    AbstractEveryone knows that listening to the police scanner is legal.* Less well known: every time a radio transmits, encrypted or not, it broadcasts its location to anyone who is listening properly. We know governments use this technique extensively (protip: don't use a satphone in a warzone).

    In the year 2038, this power devolves to the people. This is a practical introduction, with released code, of a system for publishing realtime multilateration fixes on a map, for a live public safety radio system.

    Stingray is so 2018.



    *(in the US, your mileage (kilometerage?) will vary in other countries)
    LocationSat 17 1330 @ The Michael Fowler Centre
    Duration30 mins
    NamePaul McMillan
    OriginUS
    BioPaul McMillan secures clouds for a living. In his spare time, he enjoys cocktails and solving impossible problems.

    TitleArbitrary code execution, I choose you!
    AbstractDid you hear about the arbitrary code execution hardware vulnerability in the Nintendo Switch discovered earlier in the year ?
    Pretty major fail by Nintendo, huh? In this talk we’re going to delve into this vulnerability in more detail and look at some other notorious home console security fails over the years from Nintendo, Sega, et al.
    LocationSat 17 1400 @ The Michael Fowler Centre
    Duration15 mins
    NameSarah Young
    OriginAU
    BioSarah is a security architect based in Melbourne who has previously lived and worked in New Zealand, the UK and Europe. In her current role, Sarah helps enterprises move their stuff into the cloud securely. She spends most of her spare time speaking at security conferences in various parts of the world, eating hipster brunches and/or high teas and spending a disproportionate amount of her income on travel. She is still holding out hope that - despite the obvious blockers - either Justin Trudeau or Prince Harry will become her husband one day.

    TitleMūrere me te haumarutanga
    AbstractIn Kiwicon's first ever father and son bilingual presentation, we will attempt to introduce some of the te reo Māori words for infosec concepts as well as explaining how/why those words were chosen.
    LocationSat 17 1415 @ The Michael Fowler Centre
    Duration15 mins
    NameChris Cormack
    OriginNZ
    Bio${ ./sharrow-bio --generate }

    TitleRed Cell - Mimicking Threat Actors for Realistic Responses
    AbstractMany organisations make use of offensive security exercises to test their security posture - including Google.
    As part of testing of Google’s Detection and Response capability, engineers undertake a variation of this testing, mimicking the behavior and techniques of real-world, highly sophisticated adversaries.
    This talk discusses Google’s approach to these exercises, why they’re important, and how other organisations can benefit from this approach.
    LocationSat 17 1430 @ The Michael Fowler Centre
    Duration15 mins
    NameBrendan Jamieson
    OriginNZ
    BioBrendan Jamieson (@hyprwired) is a Security Engineer at Google, working as part of Sydney’s Detection and Response team.
    He spends his days developing and maintaining signals, tools, and infrastructure used by the Detection Team, and hunting for sophisticated actors.
    Prior to Google, he worked as a Senior Security Consultant at Insomnia Security in New Zealand.

    TitleSet Theory for Hackers
    AbstractWhy is your anti-phishing training largely pointless, but some parts of it essential? Why is your network a noxious swamp? Why is remote attestation in all its forms doomed? It's basic maths.
    LocationSat 17 1445 @ The Michael Fowler Centre
    Duration15 mins
    Namepruby
    OriginNZ
    BioWay back in the sands of time, pruby remembers innocent days of actually building things, when he ended the day with another Rube Goldberg machine for his commercial overlords, and colleagues were full of optimistic hope. Enough nostalgia Tim, get back to driving your wrecking ball.

    TitleHacking and the law: The year is actually still 1998
    AbstractA short précis on the interaction between NZ law and hacking. The theme of the conference is twenty years into the future. The main premise of this talk is that our legal system is still playing catch up, and is stuck at least 20 years in the past.
    LocationSat 17 1500 @ The Michael Fowler Centre
    Duration15 mins
    NameFelix Geiringer
    OriginNZ
    BioFelix Geiringer is an experienced barrister. He is based in Wellington and known for doing a lot of high profile cases. He recently acted for Nicky Hager's in his case against the NZ Police.

    TitleDigital identity: decentralised and self-sovereign
    AbstractIt's 2038, and technology has become ubiquitous, and seamlessly interwoven with human existence. Authentication is a solved problem, your identity is something you control. Definitely gone are the days in which you remembered passwords of increasing complexity in a race against identity thieves, just so you could convince a remote party that a record in their database was in fact about you, every day anew. There aren't many at the pub anymore who ""get"" jokes about SMS for 2FA, either. The last instance of classical identity theft was decades ago, and machine-learning-backed continuous authentication has even rendered the $5 wrench insufficient.

    The most recent iterations of the Privacy Act, and the GDPR have finally put the nail in the coffin of data-as-an-asset, especially when relating to the identities of people and machines. Data have been a huge liability since the late 2010s already, and it was only getting worse as autonomous vehicles took to the roads, our homes became electrified with IoT, and artificial intelligences had made industry 4.0 their own. Digital and physical identities had long merged, and any number of factors would come into play whenever you were identified in any given context, virtually, or in meatspace. People no longer had their bank accounts compromised, or phone contracts taken over; Now it was their whole existence on the line.

    At times there were glimpses of hope around externalizing identity storage to distributed ledgers, such as ""the blockchain"", hypermeshes, and quantum meta-coils, but those just brought their own sets of problems. What people were quick to realise was that ""data on the blockchain"" were like herpes (not many people at the pub will remember this joke nowadays, either), and nobody felt comfortable with leaving an indelible trail of themselves out there. ""We won't put *actual* data on there"", they said. ""It'll be fun"", they said. But similar to how there used to be a time when you were worried about employers seeing those party photos on social media, people felt like their own identities were not something that belonged to them anymore, given the way in which distributed ledger technology essentially required system-wide consensus on each and every identity statement you ever wanted to make, not make, change, or remove.

    Market research has shown that people want sovereignty in being able to identify however they would like in any given context, without the risk to presuppose your identity in one context through choices you've made in another. Furthermore, it became obvious that any concept of centralized (consented, albeit distributed) trust to suit all needs was only ever an illusion, and a shift of the problem into other spheres. Nobody doubts the authority of the several central instances, such as the smart contract handing out your universal base income. Especially if the choice to trust them is yours alone. But your identity is actually fluid, and so much more than any one of those representations of yourself.

    In this short presentation, I offer an alternative approach to decentralized digital identity I've been involved with (since the late 2010s). We use all the same cutting-edge crypto as everyone else, but we're leaving it up to each and everyone who consumes data to decide whom they'd like to trust. And because the only central entity that ever deals with all your data is yourself, we're placing full control over your identity back into your own hands."
    LocationSat 17 1515 @ The Michael Fowler Centre
    Duration15 mins
    NameMartin Krafft
    OriginDE
    BioMartin treasures his (and your) privacy, and believes that decentralisation is the next industrial revolution (that is if machine learning ever properly manages to claim 4.0).
    He loves blockchain, but doesn't regard it as the holy grail. He actually finds projects such as Scuttlebutt much more exciting, and hopes that his girls will grow up in a peer-to-peer digital world, in control of their privacy.
    He's currently focusing his energy on shaking up the digital identity space currently inhabited by countless BaaS approaches ("blockchain as a solution").

    TitleThe day the carnival came to town
    AbstractThe mid-2018 attempted speaking visit by members the Canadian alt-right caused Twitter discussions among tens of thousands of accounts. This talk shows the unfolding patterns of influence, identifies features that caused NZers at the time to go "this is not normal", and draws some lessons on how to resist future offshore influence campaigns.
    LocationSat 17 1530 @ The Michael Fowler Centre
    Duration15 mins
    NameDavid Hood
    OriginNZ
    BioDavid Hood is a software trainer and data analyst. To get a sense of him, look at thoughtfulnz on Twitter

    TitleScRooters - disrupting the electric scooter market
    AbstractElectric scooter companies have started cropping up all over the US. Competing largely on brand recognition and how many scooters you can fit in a small chunk of public space, are there actually more meaningful differences between the multiple companies all apparently trying to do the same thing? Shocking nobody, the answer is yes.

    This presentation will explore the APIs provided by multiple vendors, using them to leak information that gives significant insight into the competitive abilities and success of each company. It'll also explore cases where they're probably providing far more information than they should do, including the ability to figure out where people who work for the US government live. And, of course, it'll include an examination of the network and physical security of the devices and discuss whether all the vendors are equivalently competent (spoiler: they're not)
    LocationSat 17 1545 @ The Michael Fowler Centre
    Duration15 mins
    NameMatthew Garrett
    OriginGB
    BioThe important thing that I want people to know about me is that I trust sharrow to write me a bio.

    TitleTestastretta Operetta
    Abstract"Computers are responsible for everything. EVERYTHING. Power plants? Computers. Makin' juice? Also computers. That deep sadness inside IT jerks? 100% computers. Computers are also responsible for hosing gasoline down the throats of Bologna's bright red flagship motorcycles, but does this technology actually improve security? And what does it mean for those of us throwing wrenches at this garbage?

    This talk is an introduction to the wonderful world of automotive hacking. I've managed to get my filthy mitts on three generations of Testastretta powered Ducati superbike and this talk is going to take a look at the digital voodoo that makes them tick, as well as how the security has progressed over the years. We'll look into the components that make a modern motorcycle go and how to bit-smith them to your nefarious gear-head needs. The talk will cover the various ECU firmware, how the components communicate, how to find 'em, how to reverse 'em and a bunch of fun networking stuff ALA CANBUS and KWP2000.

    Witness digital sacrifices to the gods of speed in the pursuit of phenomenal cosmic power. Observe the wonders of firmware extraction, protocol reversing and budget-constrained performance tuning. You'll learn about the tools and techniques needed to hack your own automotive junk, precious horsepower will be unlocked and tuning with a hex editor will become second nature. Honest."
    LocationSat 17 1645 @ The Michael Fowler Centre
    Duration30 mins
    NameDoI
    OriginNZ
    BioDoI is a creature of meat and bone.
    A pathetic bag of flesh who refuses to cease his meddling.
    Security consultant bio-automata @ Pulse Security by day, automotive necromancer by night.

    TitleServer Room Selfies: When physical security goes wrong
    AbstractWhat if someone could just walk in off the street and physically help themselves to your organisation's most prized assets and information? Physical security is a crucial part of information security, and yet many organisations are blissfully unaware of how vulnerable they are.

    This talk will cover a few physical security engagements I was involved in - the vulnerabilities we found, some of the tools and techniques we used to exploit them, and the impact this had on the target organisations. Featuring some fairly ridiculous door bypass strategies, a bunch of complete flukes, and a fair bit of nearly getting caught.
    LocationSat 17 1715 @ The Michael Fowler Centre
    Duration30 mins
    NameLogan Woods
    OriginNZ
    BioLogan is a Security Consultant at Aura Information Security. His speciality is being places he shouldn't, whether it's by picking locks, hiding in toilets, or just outright lying to people.

    Talks

    • Jessie Frazelle: Regrets
    • Jon Erickson: vmpklōn – Creation of a VMProtect Clone
    • attacus: Apathy and Arsenic: a Victorian Era lesson on fighting the surveillance state
    • Caleb "alhazred" Anderson: Introducing "moriarty", a tool for automated smart contract symbolic execution vulnerability discovery and exploit synthesis
    • syngularity0: Feeding the Beast: Network Insurgency
    • Boyd Multerer: Lessons from game consoles and the coming security apocalypse
    • Mubix: Living w/o the Land - Active Directory attacks from Linux
    • Claudio Contin & Emmanuel Law: Ghosts in the Browser: Backdooring with service workers
    • Eliza Sorensen (@zemmiph0bia): Mayday, Mayday, Mayday - Safe Harbor, no more
    • Felix Wilhelm: DHCP is hard
    • moloch & mandatory: Getting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at Scale
    • Bruce Schneier: Securing a World of Physically Capable Computers
    • Kelly Ann: Moving Fast and Securing Things
    • Raimo Peterson: Cyber defence exercises - how to make it cool?
    • Dylan Ayrey and Christian 'xntrik' Frichot: Getting Shells from JavaScript: offensive JavaScript techniques for red teamers
    • Wayne: Overwatch Cyber-Espionage Tool
    • Paul McMillan: Tracing the Watchers: practical tooling
    • Sarah Young: Arbitrary code execution, I choose you!
    • Chris Cormack: Mūrere me te haumarutanga
    • Brendan Jamieson: Red Cell - Mimicking Threat Actors for Realistic Responses
    • pruby: Set Theory for Hackers
    • Felix Geiringer: Hacking and the law: The year is actually still 1998
    • Martin Krafft: Digital identity: decentralised and self-sovereign
    • David Hood: The day the carnival came to town
    • Matthew Garrett: ScRooters - disrupting the electric scooter market
    • DoI: Testastretta Operetta
    • Logan Woods: Server Room Selfies: When physical security goes wrong
    © 2018 Kiwicon Heavy Industries