The final Kiwicon 8 talk line up:
- Morgan Marquis-Boire: Eve, Mallory, Ocean's 11, and Jack Bauer: Adversaries Real and Imagined
- Alec Stuart-Muirk: Breaking Bricks and Plumbing Pipes: Cisco ASA a Super Mario Adventure
- narc0 & wepiv: Asymmetric Defense, and your buyers guide to Threat Intelligence
- Matthew 'mjg59' Garrett: Seeing Blu
- Jim Cheetham & Paul Campbell: OneRNG - a verifiable and Open Hardware Random Number Generator from NZ
- Laura "ladynerd" Bell: Eradicating the Human Problem
- Rich Smith: Security the Etsy way: Effective security in a continuous deployment culture
- @rantyben & @thegrugq: COMSEC - Beyond Encryption
- William "AmmonRa" Turner: MitMing GSM with criminal intent
- Richo & Mike Ryan: Building a hipster catapult, or how2own your skateboard
- hypatia & hashoctothorpe: R00t Causes: complex systems failures and security incident response
- Ian "MCP" Latter: ThruGlassXfer: The TV people? Do you see them?
- Peter Gutmann: Cyberwar before there was Cyber: Hacking WWII Electronic Bomb Fuses
- Christian "@xntrik" Frichot: BeEF for Vegetarians (Hooked Browser Meshed-Networks with WebRTC)
- Robert "Bull" Winkel: An Image is Worth 1000 Frauds – Detecting Fake Images and Videos
- Christina "0xkitty" Camilleri: Manipulating Human Minds: The Psychological Side of Social Engineering
- William "AmmonRa" Turner: Recap of the aftermath of last year's bus hacking
- Paul Ash: The National Cyber Security Strategy and the Connect Smart Partnership – building a secure, trusted and resilient cyber environm
- Caleb "alhazred" Anderson: I know what you did last Wednesday: exploitation of the humble apartment video intercom
- snare: Voltron: Defender of the Universe
- Pruby: Random() Adventures in Minecrosoftcraft
- Marissa Johnpillai: Legal loopholes
- Joxean "@matalaz" Koret : Breaking AV software
- Matt Nippert & David Fisher: Hackers and Hacks, or: How I Learned to Stop Worrying and Love the MSM
|Title||Eve, Mallory, Ocean's 11, and Jack Bauer: Adversaries Real and Imagined|
|Abstract||In a post-Snowden world, it seems everywhere you turn you are faced with nation-state hacking, global network adversaries, hardware interdiction, baseband exploits, firmware backdoors, network injection, cyborg aliens, and a plethora of other threats. Once the realm of the underground, the black market, and intelligence agencies, intrusion and implant capabilities are now sold at trade shows for dictator pocket change. This talk will discuss the nature of targeted and untargeted surveillance, exploitation and intelligence gathering contrasted with the dangers faced by high risk users. We'll examine the commercialization of offensive technologies and the targeting of journalists, human rights workers, and activists. Drawing on original research and first hand case studies, this talk will discuss attacks on real people by real adversaries while attempting to provide a useful framework to enable sane operational security planning.|
|Location||Thu 11 0915 @ The St James Theatre|
|Origin||San Francisco, USA|
|Bio||Morgan Marquis-Boire is a researcher and raconteur. From the dark underground of Auckland's goth scene, he now acts as the director of security for First Look Media. He still wears mirrorshades after dark.
He is also a senior researcher and technical advisor at a couple of places like the EFF that are way more important than Kiwicon. His research on surveillance, censorship, and the targeting of activists and journalists, often documented side by side with his massive physique, has been featured in numerous print and online publications.
Although the founder of First Look Media, Glen Greenwald, was described by our head of state as being a henchman, Morgan is gracious enough to bring a certain taut pertness to his henchman's henchman's jumpsuit.
|Title||Breaking Bricks and Plumbing Pipes: Cisco ASA a Super Mario Adventure|
When Super Mario looks at your average network topology diagram he sees opportunity in those bricks and adventure in those pipes! Join Mario as we target the Cisco ASA firewall on our way to rescue Princess Peach from Bowser's Castle.
Chaining no less than three previously unknown exploits we will remotely compromise the perimeter Cisco ASA firewall. Then, using the firewall's built-in NAT functionality we will explore the possibility of moving laterally while evading anomaly and flow analytics based network intrusion detection.
This talk will explore the inner workings of the Cisco ASA appliance and present opportunities for further exploit development and the placement of reboot persistent rootkits. This presentation will have you question the security of your network security devices and leave you asking if we should hold security vendors to a higher standard.
|Location||Thu 11 1000 @ The St James Theatre|
|Bio||Alec has been working in the network security industry for more than ten years. For the first five years, he worked on the front line acting as level three support for clients often troubleshooting obscure bugs and issues alongside the major firewall vendors. Since that time he has continued working with these vendors and their products as a network security architect, designing end to end solutions in the enterprise. All the while Alec has never stopped questioning the underlying technology, what makes these products tick and what secures the security product.|
|Title||Asymmetric Defense, and your buyers guide to Threat Intelligence|
2 guys, 1 talk... wepiv and narc0sis are going to tag team this presentation WWF styles, just like its the 80's. This talk is a collection of ideas and concepts from wepiv and narc0sis' rage sessions about the snake oil being hawked today, and branded as threat intelligence.
wepiv will dive into the scaling effects in network attack and defence, the asymmetrical advantages for defenders, and how to implement them in your network from both an architecture and operational perspective. narc0sis will explain why information sharing is dead, why information exchange is the next revolution for defenders, and how threat intelligence and asymmetric defence underpin this revolution.
|Location||Thu 11 1115 @ The St James Theatre|
|Name||narc0 & wepiv|
wepiv has led diverse technical and strategic efforts in network and product security for government agencies and fortune 50 enterprises. wepiv specializes in security architecture, adversary emulation, network analysis, attack methodologies, incident response, threat intelligence and product security. He has spoken at numerous conferences including RECON, DerbyCon, BSides PDX, BSides Vancouver and BSides Seattle.
narc0sis $dayjob involves working in security response and drinking lots of koolaid. Originally from the land of the long white cloud, narc0sis now resides in the somewhat 'smokey' clouds of Seattle, and he gets warm fuzzies working on security automation and enabling information exchange.
It's 2014 and people still care about DVD and Blu-ray region encoding. The number of easily-modifiable players has decreased. Companies will charge you to re-chip players to let you watch your legally purchased goods. But in a world where it's cheaper to throw Linux on a Chinese SoC than it is to design anything yourself, a world where most people's idea of DRM is "stick it in a kernel driver", a world where nobody can write secure code to save their fucking life, is there an easier way?
|Location||Thu 11 1200 @ The St James Theatre|
|Name||Matthew 'mjg59' Garrett|
|Origin||San Francisco, USA|
|Bio||Matthew Garrett has a PhD in genetically modifying fruitflies, so gives zero fucks when a Blu-ray player tries to tell him what to do.|
|Title||OneRNG - a verifiable and Open Hardware Random Number Generator from NZ|
|Abstract||The OneRNG is a USB serial device that collects high-quality entropy from its own hardware, and feeds it back to your OS for fun, profit and a need for speed. A combination of Open Hardware and Open Source, you can verify the device isn't lying to you (hello NSA) and isn't BadUSB. It even has its own tinfoil hat ... http://onerng.info/|
|Location||Thu 11 1345 @ The St James Theatre|
|Name||Jim Cheetham & Paul Campbell|
|Bio||Jim works in Infosec at the University of Otago; Paul has been designing and building hardware realtime crypto systems for years.|
|Title||Eradicating the Human Problem|
|Abstract||People are a problem. We are tangled balls of emotional detritus that masquerades as a trusted member of society. Underneath this lacquered veneer of respectability however writhes a tiny pink squishy ball of vulnerability - the root of all evil, well the root of security issues anyway.
Let me tell you a story, let me bend your brain and make you feel uncomfortable. I want to show you why we are all our own worst enemies, why we should never ever be trusted and why security people are the worst of them all.
Then, I will cross the creepy line and introduce AVA, the first prototype automated human vulnerability scanner. A tool for automatically mapping networks of people, attacking them and measuring the results. A tool for spotting the weak link in an organisation.
A tool to help remove the squishy human element of human security. This is the future, a first step towards a greater good or a dystopian nightmare.
|Location||Thu 11 1415 @ The St James Theatre|
|Name||Laura "ladynerd" Bell|
|Bio||Laura is a reformed software developer, penetration tester, amateur python juggler and repeat meddler. She talks a lot and has been known to have opinions. She is the founder and lead consultant at SafeStack.io, a specialist agile information security company and lives in Auckland with her husband and daughter.|
|Title||Security the Etsy way: Effective security in a continuous deployment culture|
|Abstract||Effective security teams know that understanding people is just as important as understanding technology, and that to achieve security of an organisation requires that the security function is constructive in problem solving and not to just block innovation. Much has been spoken about Etsy's engineering culture, and how continuous deployment and 'devops' have been embraced and developed, but how does security operate in such an environment? This talk will discuss the progressive tools, techniques and approaches the Etsy security team follows to provide security while not destroying the freedoms of the engineering culture that we all love so much. Topics will cover the building of an effective security organisation that is people rather than technology centric, and one that positions security to facilitate problem solving with fellow engineers rather than blocking progress through the fear of changing risk. The end result being a more honest and inclusive security approach, as opposed to the more common situation of a perception of security that becomes increasingly divergent from reality as engineers work to circumvent the imposed security constraints. Discussions and demonstrations of some of the novel tooling developed and released as open source by Etsy will also be discussed time permitting.|
|Location||Thu 11 1500 @ The St James Theatre|
|Origin||New York, USA|
|Bio||Rich is the Director of Security at Etsy where he leads the fearless band of cyber-guardians that defend Etsy's members, sellers and knitted good from the evils of the Interwebs - Cross-site-stitching and sequin-injection are all taken in stride daily. Before Etsy Rich spent the previous 10 years focussed offensive R&D and consulting and holding positions at a variety of companies including Immunity Inc., Kyrus Technology and HP Labs culminating in the co-founding of a research focussed consultancy called Syndis in Iceland. In his spare time Rich like beer, noisy music and Python.|
|Title||COMSEC - Beyond Encryption|
Have you ever wanted someone to just cut to the chase and tell you which secure messaging app to use? If so, you will probably hate this talk.
We can't really discuss OPSEC without getting into threat modelling, and that takes ages. Communications Security, on the other hand, can be considered a little more generally. That's not to say, however, that one can simply magic up a list of assorted tools, pick some arbitrary checkboxes and then produce a set of rankings. That would be stupid. In this talk we run over the core principles of COMSEC, examining real-world successes and failures. Then, based on that, we'll get into a detailed analysis of considerations and concrete options for tooling.
SPOILER: None of the options are Cryptocat.
|Location||Thu 11 1630 @ The St James Theatre|
|Name||@rantyben & @thegrugq|
|Origin||Anywhere without an extradition treaty, ASIA|
@rantyben is a hacker warrior poet, with a lineage of verse spanning from the opening of the eEye through to modern treatise on pig nuts (not a metaphor; Ben deals only in the literal.) Ben spends his time ranting drunkly with equal vehemence towards bad grammar, SMT Solvers and whatever infosec trend is So Hot Right Now.
If @rantyben is a hacker warrior poet, @thegrugq is more... a hacker eastern european arms bazaar?
|Title||MitMing GSM with criminal intent|
|Abstract||In the past year, AmmonRa 'acquired' a [REDACTED] system. Using a software-defined-radio, and open source software, the communications of this device can be intercepted and modified. The black hat uses of this are obvious.|
|Location||Thu 11 1715 @ The St James Theatre|
|Name||William "AmmonRa" Turner|
"A fucking menace"
Ed Note: Previous winner of the Kiwicon award for "most likely to be arrested after his talk"
|Title||Building a hipster catapult, or how2own your skateboard|
|Abstract||Mike and Richo do hilarious and nasty things to a skateboard. Bask in their revelry as they prove that paying several thousand dollars for a Bluetooth-controlled mechanical spear you stand on is actually a poor choice. There'll be banter about bluetooth, the release of some internal tooling to make this work possible, a couple of live demos probably culminating in some poor bastard getting hurt|
|Location||Thu 11 1745 @ The St James Theatre|
|Name||Richo & Mike Ryan|
|Origin||San Francisco, USA|
|Bio||richo is a flat duck enthusiast from Melbourne, who hangs out in SF with the cool kids most of the time. mike ryan is a computer jerk from california who actually does this crap for a living. seriously **2 grand** for a wireless skateboard?!|
|Title||R00t Causes: complex systems failures and security incident response|
Devops (or SRE etc) is a booming buzzword these days among mammals who run services. One of the things those mammals are rediscovering is that complex systems have complex failures, that all your base are complex systems, and that assuming a single cause of failure is doin it rong.
We’ll talk about better techniques in incident retrospectives, cool civil engineering disasters, comp.risks, how this is like defense in depth, and why it’s awesome when security and reliability teams are pals.
|Location||Fri 12 0915 @ The St James Theatre|
|Name||hypatia & hashoctothorpe|
|Origin||San Francisco, USA|
|Bio||hypatia reboots computers and makes hackerspaces. hashoctothorpe is a Social Justice Reliability Engineer.|
|Title||ThruGlassXfer: The TV people? Do you see them?|
ThruGlassXfer (TGXf) is a new and exciting technique to steal files from a computer through the screen with just a phone.
Any user that has screen and keyboard access to a shell (CLI, GUI or even a Web Management shell) in an enterprise IT environment has the ability to transfer arbitrary data, code and executables in and out of that environment without raising alarms, today. This includes staff, partners and suppliers, both on and off-shore. And implementation of best practice Data Center (Jump hosts), Perimeter / Remote Access (VPN, VDI, ..) and End Point Security (DLP, AV, ..) architectures have no effect on the outcome.
In this session I will take you from first principles to a full exploitation framework. At the end of the session you'll learn how build on this unidirectional file transfer and augment the solution into a full duplex communications channel (a virtual serial link) and then a native PPP link, from a user controlled device, through the remote enterprise- controlled screen and keyboard, to the most sensitive infrastructure in the enterprise.
This is an exciting and cross-discipline presentation that picks up the story in the DEC VT220 terminal era and will take you on a journey to exploiting modern enterprise security architectures. So join me, whatever your knowledge or skill-set and learn something interesting!
|Location||Fri 12 0945 @ The St James Theatre|
|Name||Ian "MCP" Latter|
|Bio||With more than 20 years in IT and over 15 of those in Security, Ian has worked across the Aerospace, Education, Finance, Government, Health and Telecommunications industries, in a number of multidisciplinary roles from Support to Systems Administration, from Security Officer to Pen-Tester and from Architect to his current Governance role. If he had spare time, Ian would be programming on any of the dozens of hobby software and robotics projects that remain unfinished, including the Barbie Car that he promised his daughter (wiser friends have advised that I finish this project before she's old enough to ask for a real Corvette).|
|Title||Cyberwar before there was Cyber: Hacking WWII Electronic Bomb Fuses|
|Abstract||While the Allies went to war with mechanical and chemical bomb fuses
whose origins dated back to the 19th century, Germany put a large amount of
effort in the 1920s and 1930s into designing and fielding high-tech electronic
fuses, which were far more reliable and versatile than standard chemical and
mechanical ones. This led to an ongoing arms race that lasted throughout most
of the war, with Allied bomb disposers coming up with increasingly ingenious
ways of hacking the fuses and German armourers countering with ever-more-
fiendish fuse designs. This talk covers the details of the contest between
the attackers and defenders, and time and OSH regulations permitting will
conclude with a demo of defusing a live 2000kg bomb[*].
[*] No it won't.
|Location||Fri 12 1015 @ The St James Theatre|
|Bio||Peter Gutmann is a researcher in the Department of Computer Science at the University of Auckland working on design and analysis of cryptographic security architectures and security usability. He helped write the popular PGP encryption package, has authored a number of papers and RFC's on security and encryption, and is the author of the open source cryptlib security toolkit, "Cryptographic Security Architecture: Design and Verification" (Springer, 2003), and an upcoming book on security engineering. In his spare time he pokes holes in whatever security systems and mechanisms catch his attention and grumbles about the lack of consideration of human factors in designing security systems.|
|Title||BeEF for Vegetarians (Hooked Browser Meshed-Networks with WebRTC)|
One of the biggest issues with BeEF is that each hooked browser has to talk to your BeEF server. What about all those vegetarian browsers that don’t want to touch your juicy BeEF? Don’t worry Internet-friends, those crazy pioneers at Google, Mozilla and Opera have solved this problem for you with the introduction of Web Real-Time Communications (WebRTC). Initially designed to allow browsers to stream multimedia to each other, the spec has made its way into most Chrome and Firefox browsers, not to mention it’s enabled by default.
Using this bleeding-edge web technology, we can now mesh all those hooked browsers in your organisation, funnelling all your BeEF comms through a single sacrificial sheep^H^H^H^Hcow. Leveraging WebRTC technologies (such as STUN/TURN and even the fact the RTC-enabled browsers on local subnets can simply UDP each other), meshing browsers together can really throw a spanner into an incident-responders work. The possibilities for a browser-attacker are fairly endless, channeling comms through a single browser, or, making all the browsers round-robin. This is just another tool tucked into your belt to try and initiate and maintain control over browsers.
This presentation will present a background into WebRTC, and then demonstrate (and release) the WebRTC BeEF extension.
|Location||Fri 12 1115 @ The St James Theatre|
|Name||Christian "@xntrik" Frichot|
|Bio||Christian is a Perth-based security pro and founder of Asterisk Information Security. One of the co-authors of the recently published Browser Hacker’s Handbook, and long-term code-funkerer of the BeEF project, Christian spends his time either ranting about appsec or pining to get behind his drumkit. Loves browsers and top hats. Christian has presented at pretty much every local-Perth security conference, and a few APAC OWASP events too.|
|Title||An Image is Worth 1000 Frauds – Detecting Fake Images and Videos|
Magazines with photo shoots of super slim super models... Dictators releasing images that show their military might... YouTubers releasing unbelievable videos of UFOs... Presidents providing copies of their birth certificates to prove they weren’t born overseas... “Amateur” videos capturing amazing stunts using construction site tools... Hundreds of people claiming they won the $100 million lotto, with photos to prove it... Professionals displaying a copy of their credentials, certifications, or qualifications online...
With the prevalence of CGI, Photoshop, and photo and video sharing sites, we are exposed to more and more images and videos where we are doubtful of their authenticity.
This presentation will cover the more popular techniques to uncover fake images and videos. Topical, humorous, and even Kiwicon-related images and videos will be demoed. Techniques covered include:
|Location||Fri 12 1200 @ The St James Theatre|
|Name||Robert "Bull" Winkel|
|Bio||Jr'er ab fgenatref gb ybir. Lbh xabj gur ehyrf naq fb qb V. N shyy pbzzvgzrag'f jung V'z guvaxvat bs. Lbh jbhyqa'g trg guvf sebz nal bgure thl. V whfg jnaan gryy lbh ubj V'z srryvat. Tbggn znxr lbh haqrefgnaq. Arire tbaan tvir lbh hc. Arire tbaan yrg lbh qbja. Arire tbaan eha nebhaq naq qrfreg lbh. Arire tbaan znxr lbh pel. Arire tbaan fnl tbbqolr. Arire tbaan gryy n yvr naq uheg lbh. Jr'ir xabja rnpu bgure sbe fb ybat. Lbhe urneg'f orra npuvat, ohg lbh'er gbb ful gb fnl vg. Vafvqr, jr obgu xabj jung'f orra tbvat ba. Jr xabj gur tnzr naq jr'er tbaan cynl vg. Naq vs lbh nfx zr ubj V'z srryvat. Qba'g gryy zr lbh'er gbb oyvaq gb frr. Arire tbaan tvir lbh hc. Arire tbaan yrg lbh qbja. Arire tbaan eha nebhaq naq qrfreg lbh. Arire tbaan znxr lbh pel. Arire tbaan fnl tbbqolr. Arire tbaan gryy n yvr naq uheg lbh. uggc://nh.yvaxrqva.pbz/va/eboregjvaxry|
|Title||Manipulating Human Minds: The Psychological Side of Social Engineering|
|Abstract||Since security is based on trust in authenticity as well as trust in protection, the weakest link in the security chain is often between the keyboard and chair - we have a natural human willingness to accept someone at his or her word. This talk will focus on the psychological and physical involvement of social engineering, and look at manipulation and social influencing techniques that are able to exploit the behaviour of others - the dangerous, often overlooked aspects of social engineering. It will examine underhanded, deceptive and abusive tactics which can convince people to perform actions or divulge confidential information and what can be done to prevent this.|
|Location||Fri 12 1345 @ The St James Theatre|
|Name||Christina "0xkitty" Camilleri|
|Bio||Christina works as an infosec consultant at BAE Systems by day and is a breaker of things by night. She has attended and presented at local and international conferences on social engineering and psychological manipulation and has won highest scoring OSINT report for two years in a row in the DEFCON Social Engineering CTF. She’s an active and passionate contributor in the infosec industry, and a strong believer in user privacy, free expression, and innovation. She also loves cats.|
|Title||Recap of the aftermath of last year's bus hacking|
|Abstract||A run down of what happened after my talk last year. Did I go to jail? What did the cops say that was revealed in the freedom of information act response? Why did it take 5 months for the site to be made available again? What crypto are the new metro cards going to use?|
|Location||Fri 12 1415 @ The St James Theatre|
|Name||William "AmmonRa" Turner|
"A fucking menace"
Ed Note: Previous winner of the Kiwicon award for "most likely to be arrested after his talk"
|Title||The National Cyber Security Strategy and the Connect Smart Partnership – building a secure, trusted and resilient cyber environm|
|Abstract||The National Cyber Policy Office is leading the development of a refreshed National Cyber Security Strategy due for completion in early 2015. The strategy will set the overall direction for addressing cyber security in New Zealand and outline key actions to be taken by government. Recognising that cyber is an issue that cuts across all parts of New Zealand, a partnership approach –through Connect Smart - will be central to the government’s response (see connectsmart.govt.nz). Paul Ash will discuss the cyber security challenges facing New Zealand and the opportunity for all New Zealanders to contribute to becoming a world leading, secure, trusted and resilient cyber environment.|
|Location||Fri 12 1430 @ The St James Theatre|
|Bio||Director of the National Cyber Policy Office, Department of the Prime Minister and Cabinet / @ConnectSmartNZ|
|Title||I know what you did last Wednesday: exploitation of the humble apartment video intercom|
|Abstract||I live in a building with over 700 apartments. Every apartment has a VOIP phone re-purposed as an apartment intercom. One rainy & hungover Sunday I decided to try and pop a shell on the device. A linux device, with a camera, connected to a network, in every one of the seven hundred apartments in my building. You can see where this is going.|
|Location||Fri 12 1445 @ The St James Theatre|
|Name||Caleb "alhazred" Anderson|
|Bio||Caleb has kicked around the scene long enough that someone finally gave him a job. After a brief stint in the military industrial complex, he now toils in the security mines for Context IS. He enjoys prison tattoos, spoken word poetry, and long walks on the beach with members of the GCSB.|
|Title||Voltron: Defender of the Universe|
One night in a fit of frustration with his debugging tools, snare hacked up a few hundred lines of python to make his life easier. Thus began the saga of Voltron. 10000-odd lines of code, a few complete rewrites, a vast quantity of Kraken, and a number of pub-hacking sessions with richo later, and his dream of an extensible console debugger UI has been realised.
In this talk snare will take a quick tour of Voltron, demonstrate how to extend it for your own evil purposes, and hopefully convince a few people to use it and contribute to it. There will also be a limited number of free hugs available.
|Location||Fri 12 1500 @ The St James Theatre|
|Bio||The scourge of Carpathia, the sorrow of Moldavia. Ruiner of CFP announcements, predator of puffins, "bad faith actor", and all-round squanchy guy|
|Title||Random() Adventures in Minecrosoftcraft|
|Abstract||2.5 billion dollars is a fair bit of money to spend on a game. It took about $1B for Elon Musk to launch a private space program including designing their own rocket engines from scratch, so it should go a fair way. Minecraft was obviously worth every cent. I will speak today about exploiting random number weaknesses to gain sweet server secrets from this fantabulous fantasy engine, and will be giving out code release treats. Let me know if you work out how to make a few billion from them.|
|Location||Fri 12 1515 @ The St James Theatre|
|Bio||Tim/pruby/whatever is not going to pretend to be a badass. If you undercharge him, he will hunt you down and PAY YOU BACK. He didn't have to bribe anyone to get in to the con this year, they let him in all legitimate like.|
|Abstract||Law aspires to be clear, unambiguous and standardised but in application is often vague, unpredictable and chancy. To what extent can grey areas of the law be exploited for politics, pleasure or profit? A tiki tour including examples from NZ and Oz in public order, fines, gambling, tax & more, plus practical tips.|
|Location||Fri 12 1530 @ The St James Theatre|
|Bio||Marissa is a qualified predator on human suffering and works in community legal centres, mostly in non-casework roles like education, research, writing and projects. Currently based in Melbourne, Marissa continues to cultivate a healthy respect for lawlessness and believes there can be no democracy without the capacity for dissent.|
|Title||Breaking AV software|
|Abstract||Antivirus software is a common component of today's computer systems ranging from home users to corporate and government servers. However, security issues related to the AV software itself are not usually considered when deploying such security solutions. Users are not fully conscious of the issues related to using AV software and some AV vendors do not put the required effort in securing their products. In this talk we will cover vulnerability discovery and remote exploitation of AV software. During the talk the details of a number of vulnerabilities, both 0days and recently fixed ones, will be published. The talk aims to raise the level of awareness about the security of AV software to both users and vendors.|
|Location||Fri 12 1630 @ The St James Theatre|
|Name||Joxean "@matalaz" Koret|
|Origin||Basque Country, Europe|
|Bio||Joxean Koret has been working for the past 14 years in many different computing areas. He started working as database software developer and DBA for a number of different RDBMS. Afterwards he got interested in reverse engineering and applied this knowdlege to the DBs he was working with, for which he has discovered dozens of vulnerabilities in products from the major database vendors, specially in Oracle software. He also worked in other security areas like malware analysis and anti-malware software development for an Antivirus company or developing IDA Pro at Hex-Rays. He is currently a security researcher in Coseinc.|
|Title||Hackers and Hacks, or: How I Learned to Stop Worrying and Love the MSM|
|Abstract||The notion of trust underpins much of what the media does: Whether readers trust what they read, and whether sources trust journalists not to burn them to the ground. The Rawshark saga - encompassing Gmail and Facebook hacks, Police raids, ministerial resignations, High Court injunctions and meters of quality news stories - gives an insight into how this process functions under conditions of high stress. Based on historic and [obviously sanitised] contemporary experience, this talk will let you know how the code of journalism works, the limits journalists go to protect sources and how quickly old media can learn new tricks.|
|Location||Fri 12 1715 @ The St James Theatre|
|Name||Matt Nippert & David Fisher|
|Bio||Fisher and Nippert are two of New Zealand's best-known investigative journalists and both now work for the New Zealand Herald. Fisher is a jack-of-all-trades, while Nippert focuses on corporate malfeasance. Fisher has been named best reporter twice in the New Zealand print awards, while Nippert is more a specialist bridesmaid come awards night. They both dealt with Rawshark during the 2014 election campaign and published numerous stories based on material provided.|