CSides Monthly Security MeetupsCSides Monthly Security Meetups provide an opportunity to listen to and share security research within the Canberra region. The meeting occurs normally on the 3rd Friday of every month. Each meetup consists of 1-2 talks of around 30 mins each. Talks start at 6pm and are followed by some socialising at a local pub.
New attendees are welcome, just come along! (There are no entry fees, and no tickets to book)
The talks at CSides are technical. CSides welcomes new and interesting speakers to present - the topic will be on a technical or security issue. As a speaker you can be an expert, a student, someone learning a new area or maybe a regular speaker on the conference circuit, but we also love to have new and occasional speakers. Please contact one of the organisers below if you are interested in speaking.
You are very welcome to propose running activites other than talks, such as hands-on workshops, an infosec quiz or something else relevant to our techie audience!
- Room N101
CSIT Building ANU
Acton ACT 2601
- Uni Pub
17 London Circuit,
Canberra ACT 2601
- Silvio Cesare
Friday 11th November 2016
Talk 1: Efficient Fuzzing? Sure we can do that...Fuzzing is a simple technique for finding software defects that are security interesting. Industrial fuzzing is simply doing ordinary fuzzing scaled out to many cores. Fuzzing's simplicity comes at a cost: it's very slow with a typical industrial campaign running for many months and involving hundreds of millions of fuzz tests. This is not surprising since fuzzing really is just a form of stochastic search. The question is can we make fuzzing an "optimal" search for defects using mathematical theories of "optimal stochastic control" and "reinforcement learning"?
In this talk I will give a simple explanation of these ideas and how we've employed them in the ACSC's industrial fuzzer "Sanity". I will talk about using modelling and simulation as a useful tool as well as the much under appreciated area of mathematics of "Multi Armed Bandit Theory". I will talk about our experimental trials on Sanity and what we've learned about "optimal fuzzing". My aim is to make a fun and interesting talk about how maths and science can be applied to cyber-security problems.
Shane MagrathShane Magrath received a B.E degree from the University of New South in 1990 and the a Ph.D degree from the University of Technology, Sydney in 2006. He is currently a researcher in the Australian Defence Science and Technology Group, in Canberra ACT. His interests are in software vulnerability discovery in general and more specifically, the methods by which we can automate at industrial scale software vulnerability assessments. He previously worked in DSTG as a military communications research with the goal of making network management as autonomous as possible.
Prior to completing the Ph.D, Dr Magrath had fifteen years experience in the ICT industry. He variously worked in network planning, design and construction of telecommunications networks. In 1998, Dr Magrath worked as a senior network designer for a IT outsourcing company where he worked in many projects involving WAN Technologies, LAN switching, IP, SNA, and Network Management in the banking and finance industry. Later as a Solutions Architect, he worked on both pre-sales and post-sales projects in the banking and aviation industry.
Talk 2: Who is lorax?The Australian Federal Police (AFP) case study provides a brief overview of the how a cyber-criminal utilised social media and the challenges that investigators come across when attempting to prove the identity of the offender.
Between 2012 and 2014 the AFP conducted a protracted investigation into online Issue Motivated Groups targeting Australian online major infrastructure in the lead up to the G20. During the investigation “lorax” was identified as the leader of “Australian Anonymous”. “lorax” used an online radio show and social media to attract a large following which he then advertised data breaches, intrusions and defacements whilst at the same time organised and incited hackers on the dark-net to commit further crimes. In May 2014 the AFP executed a search warrant on an individual in Western Australia believed to be “lorax”.
Proving identity, in all crime types, is difficult at the best of times, even more so in cybercrime. The analysis of “lorax’s” electronic devices, communications, social media and telephone intercept data correlated with IRC, Tweets and Facebook show that it would be unlikely that anyone else other than the offender could have advertise these computer intrusions and hacks under the name of “lorax”.
Jade Newman-AndrewsFederal Agent Jade Newman-Andrews has been with the Australian Federal Police for 10 years, the last four with Cyber Crime Operations. He is currently the AFP liaison officer at the Australian Cyber Security Centre.
Friday 14th October 2016
Talk 1: “Shiny Toys” vs Tools – Getting better value out of your detection tool suiteIn this talk I will discuss how to get better value out of your security detection tools including how to identify whether your tool is actually just a “shiny toy”. This talk will lay out a practical approach to evaluating your existing security detection tool suite which will in turn enable you to lay out a plan to improve their value.
Petrina OldsPetrina Olds is the Security Detection Technology Lead at Telstra and leads the strategic direction of their Security Detection tools. During her 4.5 years at Telstra she has worked with the Security Operations teams hunting for new malware infections and improving detection capability. She has also worked on the various SIEM (Security Incident Event Management) systems in Telstra to make them alert correctly using the incoming raw events. Prior to Telstra she spent 16 years with the Commonwealth Public Service working as a software engineer where she held a number of technical positions designing and developing new platforms and applications from standalone to enterprise using a variety of software languages and platforms.
Talk 2: Departed Communications: The Ways to Test them AggressivelySecuring communications is not easy, especially when they unify for enterprise collaboration. Unified Communications is widely used by larger organisations for video conferences, office collaboration, cloud services and mobile communications. However, response teams and security testers have limited knowledge of attack surfaces and threats in the wild. Due to this lack of understanding of modern UC security requirements; numerous service providers, larger organisations and subscribers are leaving themselves susceptible to toll fraud, robocall, TDoS and eavesdropping attacks. Corporate networks and systems may be also compromised through the clients connected to the UC services.
The talk aims to arm response and security testing teams with knowledge of cuttingedge attacks, testing techniques, tools and vulnerabilities for UC networks. The business impact of the UC attacks will be explained for various implementations, such as cloud services, commercial services, service provider networks and corporate communication.
Fatih OzavciFatih Ozavci is a Managing Consultant with Context Information Security and the author of the Viproy VoIP Pen-Test Kit, Viproxy MITM analyser and the VoIP Wars research series. He has fifteen years extensive experience in the field of information security as a leading security consultant, researcher and instructor.
His current research is focused on securing IMS and UC services, IPTV systems, mobile applications, mobility security testing, hardware hacking and BYOD/MDM analysis. He has discovered previously unknown (zero-day) security vulnerabilities and design flaws in IMS, Unified Communications, Embedded Devices, MDM, Mobility and SAP integrated environments and has published several security advisories for SAP Netweaver, Clicksoft Mobile, Cisco CUCM/CUCDM and Microsoft Skype for Business platforms.
Fatih has previously presented at major security conferences such as BlackHat USA’14 and ’15, Blackhat Europe’15, HITB Singapore 2015, Defcon 22 and 21, Troopers’15, Cluecon 2013 and Ruxcon 2013. He has provided VoIP and Mobility Security training at Defcon 23 and 24, AustCert 2014 and 2016, Kiwicon 2015 and Troopers’15.
Homepage : http://viproy.com/fozavci
Linkedin : https://au.linkedin.com/in/fozavci