CSides Monthly Security Meetups

CSides Monthly Security Meetups provide an opportunity to listen to and share security research within the Canberra region. The meeting occurs normally on the 3rd Friday of every month. Each meetup consists of 1-2 talks of around 30 mins each. Talks start at 6pm and are followed by some socialising at a local pub.

New attendees are welcome, just come along! (There are no entry fees, and no tickets to book)

The talks at CSides are technical. CSides welcomes new and interesting speakers to present - the topic will be on a technical or security issue. As a speaker you can be an expert, a student, someone learning a new area or maybe a regular speaker on the conference circuit, but we also love to have new and occasional speakers. Please contact one of the organisers below if you are interested in speaking.

You are very welcome to propose running activites other than talks, such as hands-on workshops, an infosec quiz or something else relevant to our techie audience!

Location:
Room 1.33
Bldg 145 (New Cyber building) ANU

Acton ACT 2601

Time:

6.00pm

Afterwards:
Wig & Pen
William Herbert Place,

Canberra ACT 2601

Organisers:
Kylie McDevitt
Silvio Cesare

Future Dates:

21st June 2019

19th July 2019

Incident Planning

16th August 2019

13th September 2019

4th October 2019

15th November 2019

Please ensure you come around to the back of the building, no one can enter through the front after 5pm. Please refer to the following map

Friday 17th May 2019

Talk 1: BSidesCbr 2019 CTF

This year's BSides Capture the Flag was designed and built by the @CybearsCTF team, previous winners of the competition from 2016 to 2018. In this talk we'll discuss the ideals of designing novel puzzles, and the realities of delivering them to an audience of several hundred players. We'll do walkthroughs of some of this year's challenges to help those who didn't get a chance to play at BSides understand how we approach problem solving and what kind of skillsets can be leveraged in these competitions.
Matt
Matt, who commits as hypersphere, has been playing CTFs with Cybears since BSides 2016 and was on staff for the 2019 competition. He wrote the ROT -13 and Fixie Bike Website challenges this year, and was sort of (definitely) responsible for the great CTF infrastructure fire of 2019.
Torgo
Torgo, who commits as Torgo, has been playing CTFs with Cybears since forever. He built the CTF testing infrastructure framework and the stringalong, serially-cool, numberstation, and secelf challenges. He was also responsible for putting out the great CTF infrastructure fire of 2019.

Talk 2: Coccinelle for Bug Discovery in C Source Code

In this talk, I use a tool called coccinelle to discover bugs in C source code. Coccinelle uses a Semantic Patch Language and takes code templates to identify and, if desired, make patches to the relevant source code. The Linux kernel team use coccinelle to prevent bug patterns in git commits. I've written over 50 templates that describe the majority of bugs listed in the SEI CERT C Coding Standard. From this, I've scanned 500 random packages in Ubuntu and found numerous bugs. I've also looked at every package in the Ubuntu 18.04 LTS repository and pulled out every SUID binary and its associated source. I automated this approach and have regular and frequent scans of these packages to identify accidental introduction of bugs. Finally, I've used the NSA released reversing tool Ghidra to decompile binaries in headless mode. I've dumped firmware from embedded devices uses the BUSSide, extracted filesystem images with binwalk, decompiled relevant non x86 system binaries, and passed the source code to my Coccinelle scripts. Overall, coccinelle is tool that makes writing custom and generic static analysis tools for source code practical for many people.
Silvio Cesare
Dr Silvio Cesare is the Managing Director at specialist training provider, InfoSect (http://infosectcbr.com.au). He has worked in technical roles and been involved in computer security for over 20 years. This period includes time in Silicon Valley in the USA, France, and Australia. He has worked commercially in both defensive and offensive roles within engineering. He was previously the Director for Education and Training at UNSW Canberra Cyber, ensuring quality content and delivery. He is also the co-founder of CSides and BSides Canberra - Australia’s largest cyber security conference. He has a Ph.D. from Deakin University and has published within industry and academia, gone through academic research commercialisation, and authored a book (Software Similarity and Classification, published by Springer).

To be updated when talks are announced, subscribe to our mailing list

* indicates required