CSides Monthly Security Meetups
CSides Monthly Security Meetups provide an opportunity to listen to and share security research within the Canberra region. The meeting occurs normally on the 3rd Friday of every month. Each meetup consists of 1-2 talks of around 30 mins each. Talks start at 6pm and are followed by some socialising at a local pub.
New attendees are welcome, just come along! (There are no entry fees, and no tickets to book)
The talks at CSides are technical. CSides welcomes new and interesting speakers to present - the topic will be on a technical or security issue. As a speaker you can be an expert, a student, someone learning a new area or maybe a regular speaker on the conference circuit, but we also love to have new and occasional speakers. Please contact one of the organisers below if you are interested in speaking.
You are very welcome to propose running activites other than talks, such as hands-on workshops, an infosec quiz or something else relevant to our techie audience!
- Room 1.33
Bldg 145 (New Cyber building) ANU
Acton ACT 2601
- Wig & Pen
William Herbert Place,
Canberra ACT 2601
- Kylie McDevitt
21st June 2019
19th July 2019
16th August 2019
13th September 2019
4th October 2019
15th November 2019
Please ensure you come around to the back of the building, no one can enter through the front after 5pm. Please refer to the following map
Friday 17th May 2019
Talk 1: BSidesCbr 2019 CTF
This year's BSides Capture the Flag was designed and built by the @CybearsCTF
team, previous winners of the competition from 2016 to 2018. In this talk we'll discuss the ideals of designing novel puzzles, and the realities of delivering them to an audience of several hundred players. We'll do walkthroughs of some of this year's challenges to help those who didn't get a chance to play at BSides understand how we approach problem solving and what kind of skillsets can be leveraged in these competitions.
Matt, who commits as hypersphere, has been playing CTFs with Cybears since BSides 2016 and was on staff for the 2019 competition. He wrote the ROT -13 and Fixie Bike Website challenges this year, and was sort of (definitely) responsible for the great CTF infrastructure fire of 2019.
Torgo, who commits as Torgo, has been playing CTFs with Cybears since forever. He built the CTF testing infrastructure framework and the stringalong, serially-cool, numberstation, and secelf challenges. He was also responsible for putting out the great CTF infrastructure fire of 2019.
Talk 2: Coccinelle for Bug Discovery in C Source Code
In this talk, I use a tool called coccinelle to discover bugs in C
source code. Coccinelle uses a Semantic Patch Language and takes code
templates to identify and, if desired, make patches to the relevant
source code. The Linux kernel team use coccinelle to prevent bug
patterns in git commits. I've written over 50 templates that describe
the majority of bugs listed in the SEI CERT C Coding Standard. From
this, I've scanned 500 random packages in Ubuntu and found numerous
bugs. I've also looked at every package in the Ubuntu 18.04 LTS
repository and pulled out every SUID binary and its associated source.
I automated this approach and have regular and frequent scans of these
packages to identify accidental introduction of bugs. Finally, I've
used the NSA released reversing tool Ghidra to decompile binaries in
headless mode. I've dumped firmware from embedded devices uses the
BUSSide, extracted filesystem images with binwalk, decompiled relevant
non x86 system binaries, and passed the source code to my Coccinelle
scripts. Overall, coccinelle is tool that makes writing custom and
generic static analysis tools for source code practical for many
Dr Silvio Cesare is the Managing Director at specialist training
provider, InfoSect (http://infosectcbr.com.au
). He has worked in
technical roles and been involved in computer security for over 20
years. This period includes time in Silicon Valley in the USA, France,
and Australia. He has worked commercially in both defensive and
offensive roles within engineering. He was previously the Director for
Education and Training at UNSW Canberra Cyber, ensuring quality
content and delivery. He is also the co-founder of CSides and BSides Canberra -
Australia’s largest cyber security conference. He has a Ph.D. from
Deakin University and has published within industry and academia, gone
through academic research commercialisation, and authored a book
(Software Similarity and Classification, published by Springer).