CSides Monthly Security Meetups

CSides Monthly Security Meetups provide an opportunity to listen to and share security research within the Canberra region. The meeting occurs normally on the 2nd Friday of every month. Each meetup consists of 1-2 talks of around 30 mins each. Talks start at 6pm and are followed by some socialising at a local pub.

New attendees are welcome, just come along! (There are no entry fees, and no tickets to book)

The talks at CSides are technical. CSides welcomes new and interesting speakers to present - the topic will be on a technical or security issue. As a speaker you can be an expert, a student, someone learning a new area or maybe a regular speaker on the conference circuit, but we also love to have new and occasional speakers. Please contact one of the organisers below if you are interested in speaking.

You are very welcome to propose running activites other than talks, such as hands-on workshops, an infosec quiz or something else relevant to our techie audience!

Location:
Canberra Rex Hotel
150 Northbourne Ave

Braddon ACT 2612

Time:

6.00pm

Afterwards:
Swan & King Bar
Canberra Rex Hotel
Organisers:
Kylie McDevitt
Silvio Cesare

Future Dates:

8th July

Russell

12th August

PAC Talk

9th September

Sasha

14th October

Courtney

11th November

TBA

9th December

TBA

Get ready for BSidesCbr 2023

Friday 10th June 2022

Talk 1: Strike Force Weenamana

A case study from the digital forensics team leader attached to a joint New South Wales Police and Australian Federal Policy strike force investigating firearms trafficking on the dark net.
Simon Smalley
Simon is a red team cyber security expert with experience in National Intelligence, the Military, and Law Enforcement. He holds a master of Cyber Security (Advanced Tradecraft) with Excellent from UNSW ADFA. He is an OSCP, eCPPT, GSLC, GSNA and IRAP assessor #1308. As a former NSW Police office, Simon has worked in counter-terrorism and special tactics, investigations and digital forensics.

Talk 2: Evolution of State-based Offensive Cyber Operations

This talk examines the use of offensive cyber operations (those which manipulate, deny, degrade or destroy) by looking at how the activities of various states and their tactics in the space have evolved over time. It will include a first look at how Russian forces have used cyber operations during the 2022 invasion of Ukraine.
Tom Uren
Tom writes the Seriously Risky Business policy-focussed cyber security newsletter ( https://srslyriskybiz.substack.com/ ) and is a Senior Fellow at the Australian Strategic Policy Institute (ASPI). He was formerly a Senior Analyst in ASPI's Cyber Policy Centre where he contributed to various projects including on offensive cyber capabilities; information operations; the Huawei debate in Australia; and, most recently, end-to-end encryption. Prior to ASPI, Tom worked on cyber-related issues in the Australian Department of Defence. Tom's formal training is as a scientist and he has a degree in Biochemistry and Molecular Biology.

To be updated when talks are announced, subscribe to our mailing list

* indicates required

Past Talks:

Friday 13th May 2022

Talk 1: Open Source Cloud Management
This talk covers the details of an open source application for CSPM (Cloud Security Posture Management), and execution through all life-cycle phases for Cloud Estate. We will look at some of the templates developed, how to use them and how to develop your own.
Kieran Rimmer
Kieran is a co-founder and CTO of StackQL. You can find him on LinkedIn and the project on GitHub
Talk 2: E-Voting - Fool me once, shame on you...
This talk will cover as much information about the security, and particularly cryptography, of electronic voting systems as time allows. It will start with a brief discussion of what the systems tend to look like and what security is typically expected. A few examples will be given of errors in real systems, concluding with a discussion of where the field goes from here.
Thomas Haines
Thomas is a lecturer at ANU who loves breaking and fixing e-voting systems. Thomas' work focuses on the security of cryptography in the wild and the applications of formal methods to cryptography.

Friday 8th April 2022

Talk 1: Intro to 3D Printing
There's never been a better time to get into 3D printing. This talk will cover:
  • a brief history of 3D printing from the 1940s to present day,
  • the three most common types of 3D printing currently available to hobbyists and what you can do with them,
  • why you should care about 3D printing, and
  • how to get started and what to expect in terms of budget and effort investments.
Cat
Cat is a software security engineer by day, who loves making and breaking things by night. Their hobbies include almost anything you can do with your hands.
Talk 2: Windows x64 Stack Walking - Same Same, but Different
This talk covers the differences between x86 and x64 stack walking on Windows – and the implications for security folks.
John Uhlmann
John is currently a security researcher at Elastic, and formerly at the ACSC.

Friday 11th March 2022

Talk 1: Abusing Public Infrastructure to BYO VirusTotal for Email
In this talk we'll discuss how public-facing email infrastructure can be abused to build a novel email evaluation capability that encompasses an array of targets and secure email gateway technologies. Building this capability has been greatly simplified through development of an open-source project called Phishious. We'll showcase how Phishious exploits a common misconfiguration to leak sensitive information from mail receivers, that ultimately provides the user with information on whether or not their phishing material would end up in the target's mailbox.
Sebastian Salla
Seb is a Security Professional who loves all things related to Cloud and Email Security. When not working his day job, he's frequently trying to find novel techniques that bypass email security controls.
Talk 2: Diamond in the SIEM - Improving the Building Blocks of Security Alert Monitoring
While Pat was taking an in-home holiday (thanks to the apocalypse), he decided to revolutionise the world of Security Information and Event Management (SIEM). Come along for a journey of discovery that traverses event collection, detection development, and user experience; that chronicles how you too can develop your own SIEM that brings a new dimension to computer security. This will not be a serious talk, but hey, you might enjoy it and learn something regardless!
PatH
Pat works as a Senior Security Researcher at a large international security organisation and has spoken at numerous international conferences such as BSides Canberra and DEFCON. This is not one of those talks.

Friday 11th February 2022

Talk 1: Immersive 3D for Network Traffic Analysis
This research covers the long, but ultimately un-successful so far, attempt to display computer network traffic in a 3D abstraction that can be more than just a gimmick for management fascination.
Daniel Clark
Daniel has been working in computer security within government since 1999 and is currently working on a part time PhD in cyber security. The software at the heart of this research, Scanmap3D, has been available open-source on Source Forge since 2003.
Talk 2: Exploiting Browsers
This talk takes a bug in a JS Engine and provides an example of the work required to develop it into a browser exploit.
Dr Silvio Cesare
Silvio is best known for his steak cooking and being Kylie's partner. He also wrote about some linux elf stuff in the 90s that is still referenced, has spoke at Blackhat a few times, has a PhD, worked in a few roles and likes to teach and share knowledge. Can you just google him? The next time he speaks at CSides he will get his abstract & bio to Kylie early so she doesn't have to write it for him. ;)

Friday 18th June 2021

Talk 1: eBPF - The coolest-newest kid in town
extended Berkeley Packet Filters (eBPF) is quickly becoming the hottest-newest addition to the Linux Kernel.
With its ability to dynamically trace code execution and efficiently route packets, it is quickly becoming the major system to replace software-defined firewalls, routers, and system tracers, thanks to investment by cloud-native giants like Google and Netflix.
This talk will give an overview of eBPF, and how it can be used for everything from packet capturing, to malware analysis, bug hunting, and even malware. eBPF is becoming a must-know system for Linux developers and security specialists, so come along to learn what eBPF is, why I think it's so dope, and how to start making and using eBPF Programs and tools. Also it's coming to Windows (sorta)!
Pat
Pat is an awesome partner to his wife, a hilarious dad to his daughter, and a dedicated ball fetcher to his dog.
When he's not spending time doing those things, he's a senior security researcher at a public cybersecurity company. Having previously worked as a developer of mission-critical systems, he now helps threat hunters uncover and stop advanced actors across the globe.
Talk 2: Cybears Present: A Review of some 2021 BSides CTF Puzzles
The Cybears returned to BSides Canberra in 2021 to run the Capture the Flag competition. This talk will include run throughs of some of our favourite challenges, discussion on how we approach puzzle design and how new players can