• SecTalks SYD0x2E (46th) - Blue Team vs Red Team Panel Discussion

    #Panel Discussion Doors open at 6pm, with a 6:15pm start. Hear from seasoned cyber security professionals on both sides of the fence, sharing their experiences, advice to those wanting to get into the industry, and war stories from different engagements. Introducing our panellists: Blue Team: - Matt Dunham: Matt Dunham is a Managed Defense Consultant for FireEye and is a former Senior Security Analyst and Shift Lead in the Managed Defense SOC. Matt has 15 years’ experience in IT and has focused on security for the last 8. Prior to joining FireEye, Matt was the Incident Response Lead for the Australian Digital Health Agency, which is the government body that is responsible for the safety of every Australian citizen’s online medical record. Matt wrote and implemented the Agency’s Incident Response Plan in conjunction with their service provider. In years past he has worked at a couple of MSP's, and as a Systems Administrator, spending late nights behind a terminal questioning his life choices. - Darren Bilby: Darren is a Security Engineering Manager in Google's Enterprise Infrastructure Protection team, he manages a global team from here in Sydney. In his 12 years at Google he has worked many roles including Tech Lead for Incident Response, Software Engineer and Manager of Detection for Europe. - Andre Fucs de Miranda: With over 20 years of experience on (Information) Cyber Security, Andre has spent good part of his life securing information systems around the globe. Although Andre was one of the first researchers to predict the rise of digitally signed modular malware – a critical characteristic of modern “APTs” – his real passion are the social-economic aspects of information security and the eternal quest for efficiency in cyber security operations. Red Team: - Lukasz Gogolkiewicz: Lukasz is the Head of Assurance for Context Information Security, a leading global security consultancy. He is a proficient penetration tester with over 10 years’ experience in the information technology/security realm. He has background in network engineering, specialising in large data and carrier networks. Lukasz has worked in a variety of sectors, and utilising his network engineering background, Lukasz specialises in corporate and data network security, particularly around Microsoft Windows domain and hybrid cloud implementations. Lukasz has strong security community ties, with helping run CrikeyCon Brisbane as well as being a co-founder of TuskCon. - Berne Campbell: Berne is a Security Researcher at elttam. He has over a decade of professional experience in both offensive and defensive roles. He enjoys (over-) engineering elegant solutions, solving challenges, honing his craft and sharing with others. - Ryan Broadfoot: Ryan is the Principal Consultant for Privasec RED, their elite hacking team. Ryan spends his time guiding organisations to better understand, evaluate and improve their cybersecurity defences against the latest emerging threats. A long history of Espresso over-use has powered Ryan’s 20+ years in IT, learning from industry elites and consistently studying and researching the latest technological dangers and deceptions. # CTF There won't a CTF game in this session. We are organising a second session just for CTFs. Stay tuned. # Sponsors - PwC Sydney (https://pwc.to/2FcpqF4) - elttam (https://bit.ly/2XYwxK9): an Australian specialised IT security firm that provides independent security consulting and training services. - Atlassian Sydney (https://bit.ly/2OUPAkk): Atlassian currently has a job opening in Sydney for a Senior Security Intelligence Analyst. Think this could be right for you? Check out the job posting here: https://bit.ly/2OUPAkk - Amazon Information Security Sydney (http://bit.ly/2Cr4SIt) - Google Sydney (https://bit.ly/2IiKrCm) - ServiceNow (https://bit.ly/2uP0XRD)

    8
  • SecTalks SYD Ninja Night NN0x00 (1st)

    Tyro Fintech Hub

    ***** Attention: the event is held at a DIFFERENT VENUE ***** # Ninja night This is first SecTalks Sydney Ninja night (CTF game). There is no presentation at a Ninja Night. This is a session where you show off your ninja skills. A typical evening goes like this, we rock up at the venue, write our name down, get randomly assigned to a team, CTF challenge is presented to all the teams, we start doing cool shit and have fun hacking. The objective is to solve the CTF in 60 minutes and the first team who solves the challenge will be a winner and will present their way through the challenge in the same session (or next session). ## Agenda A. Solutions to past CTF(s) 2. Team generation III. CTF challenges: There will be two CTF challenges, one for beginners and the other one is the usual challenge. ## Be prepared 1) Bring your laptop. B) Internet access may not be provided. You may want to bring your own wifi dongles or tether to your iPwns. F) Have a hypervisor software, e.g. VMWare player, Virtual box. It is necessary for running some CTF challenges and workshops. 4) Based on the number of participates for the CTF, the group may be divided into teams. PREPARE TO MAKE NEW FRIENDS. We will try to team up beginners with gurus. Those that want to go solo are still welcome to do so. five: This is a learning exercise for everyone. The idea is to think about problems, make friends and have fun. Don't treat it like a competition. If this is your first time participating in a CTF, check out SecTalks CTF 101 presentations https://www.sectalks.org/ctf101/ VI- The winner is the first team who solves the challenge. The winner will win the praise and admiration of fellow attendees. Gentle prods and hints will be offered during the session to move things along if people get stuck. The goal is to learn, not to beat your head against a wall for days on end. 7: Have fun. Learn. Mentor if you are able to. Participate, or just socialise. This is supposed to be a fun, learning event for the security and hacker community. 8. Doors are open from 6:00 pm and the presentation starts at 6:15 pm. Light refreshments are available at the venue. # Sponsors Tyro Payments (https://bit.ly/sectalkstyro): an Australian financial "fintech" institution specialising in merchant credit, debit and EFTPOS acquiring. elttam (https://bit.ly/2TIKdum): an Australian specialised IT security firm that provides independent security consulting and training services. Atlassian, Sydney (https://bit.ly/2TIKdum): an Australian enterprise software company that develops products for software developers, project managers, and content management. Google, Sydney Australia (https://bit.ly/2FaDcs5) Amazon, Sydney Australia (https://amzn.to/2Y5Kzth)

    2
  • SecTalks SYD0x2D (45th) - The Misconceptions of Open Source Intelligence

    # Presentation The Misconceptions of Open Source Intelligence I'll be talking about my experience in OSINT and the common misconceptions that arise around this, along with showing some tools and methods i've used in real life missing persons cases. This will be followed by a small practical component (i.e. a demonstration) that attendees are able to follow along themselves on their laptops during the session. by V3rbaal volunteers her time working in Open Source Intelligence for missing persons. She also organises Blue Team Village at DEFCON and the local Australian DEFCON group DC011612. # CTF There won't a CTF game in this session. We are organising a second monthly session just for CTFs. Stay tuned. More info will be announce soon. # Sponsors Venue and catering PwC Sydney (https://pwc.com.au) CTF Servers and online hosting elttam (https://elttam.com.au): an Australian specialised IT security firm that provides independent security consulting and training services. CTF prizes Atlassian Sydney (https://atlassian.com): an Australian enterprise software company that develops products for software developers, project managers, and content management. Doors are open from 6:00 pm and the first presentation starts at 6:15 pm. Light refreshments are available at the venue.

  • SecTalks SYD0x2C (44th) - 802.15.4 War Driving

    PwC Australia

    # Presentation [masked] War driving This is a 30 minute talk going through[masked] war driving and exploration, what has/hasn't worked when planning, and some of the cool things I've by Edward Farrell runs Mercury ISS, a bad arse cybersecurity practice based in Sydney. # CTF There won't a CTF game in this session. We are organising a second monthly session just for CTFs. Stay tuned. More info will be announce soon. # Sponsors Venue and catering PwC Sydney (https://pwc.com.au) CTF Servers and online hosting elttam (https://elttam.com.au): an Australian specialised IT security firm that provides independent security consulting and training services. CTF prizes Atlassian Sydney (https://atlassian.com): an Australian enterprise software company that develops products for software developers, project managers, and content management. Doors are open from 6:00 pm and the first presentation starts at 6:15 pm. Light refreshments are available at the venue.

    4
  • CryptoAUSTRALIA/DC011612/SecTalks end of year catch-up

    # End of the Year Party! Like previous years, join us for our end of the year catch-up with our friends at CryptoAUSTRLIA and DC011612. # Thanks again to our 2019 Sponsors Venue and catering PwC Sydney (https://pwc.com.au) CTF Servers and online hosting elttam (https://elttam.com.au): an Australian specialised IT security firm that provides independent security consulting and training services. Speaker prizes Tyro Payments (https://tyro.com): an Australian financial "fintech" institution specialising in merchant credit, debit and EFTPOS acquiring. CTF prizes Atlassian Sydney (https://atlassian.com): an Australian enterprise software company that develops products for software developers, project managers, and content management. # Links Feedback: https://www.bit.ly/sectalks18feedback Speaker CFP: https://j.mp/sectalkscfp Sponsorship: email [masked] . we are looking for sponsors for 2019. IRC: irc.sectalks.org:6697 (SSL) channel: #sectalks Slack invite: email [masked] with the meeting number that you have attended. Archive: https://github.com/sectalks SecTalks T-Shirts: https://sectalks.spreadshirt.com.au Note: Unlike past 10 sessions, there will not be sponsored food or drink at the venue.

  • SecTalks SYD0x2A (43rd) - Subdomain Takeovers, Detection, Exploitation & Defence

    #1: SecTalks SYD0x30 (43rd) - Subdomain Takeovers, Detection, Exploitation & Defence Covering an often forgotten element of cloud based security this talk aims to cover what a subdomain takeover is, how it differs from typical domain takeovers, vulnerable services within Microsoft Azure, Amazon AWS, and other cloud based offerings, and what organisations can put in place to help to defend against such attacks. The intention of this talk is to leave participants with a grounding knowledge in how they can go about discovering current subdomain takeovers within their own organisations, and defensive measures that they can take against them. ----- Michael Skelton is a Senior Security Consultant for NCC Group who has recently spoken on a number of security topics at BSides Canberra, BSides Perth, SecTalks Brisbane and AISA Sydney. Topics covered have included SharePoint Security, performing live hacking sessions for various groups, and recently covering subdomain takeover discovery and attacks. A founding developer on the Subfinder project Michael brings a wealth of knowledge to the subdomain takeover space, and has been helping to develop new techniques for discovering and defending against such takeovers. #2: CTF SYD0x26 Walk-through and SYD0x28 CTF (60min) Solution to the previous CTF will be presented and there will be a CTF game. Whether you are a guru at CTFs or a complete beginner, you will have fun. If you wish to play, follow the steps below, otherwise feel free to come by, listen to the talks and network. As always: 1) Bring your laptop. B) Internet access may not be provided. You may want to bring your own wifi dongles or tether to your iPwns. F) Have a hypervisor software, e.g. VMWare player, Virtual box. It is necessary for running some CTF challenges and workshops. 4) Based on the number of participates for the CTF, the group may be divided into teams. PREPARE TO MAKE NEW FRIENDS. We will try to team up beginners with gurus. Those that want to go solo are still welcome to do so. five: This is a learning exercise for everyone. The idea is to think about problems, make friends and have fun. Don't treat it like a competition. If this is your first time participating in a CTF, check out LiveOverflow's video as an introduction lesson to what it's all about: https://www.youtube.com/watch?v=8ev9ZX9J45A VI- The winner is the first team who solves the challenge. The winner will win the praise and admiration of fellow attendees. Gentle prods and hints will be offered during the session to move things along if people get stuck. The goal is to learn, not to beat your head against a wall for days on end. 7: Have fun. Learn. Mentor if you are able to. Participate, or just socialise. This is supposed to be a fun, learning event for the security and hacker community. 8. Know how to run OpenVPN client on your system. This may be required to access CTF server(s). Doors are open from 6:00 pm and the first presentation starts at 6:15 pm. Light refreshments are available at the venue. # Sponsors Venue and catering PwC Sydney (https://pwc.com.au) CTF Servers and online hosting elttam (https://elttam.com.au): an Australian specialised IT security firm that provides independent security consulting and training services. Speaker prizes Tyro Payments (https://tyro.com): an Australian financial "fintech" institution specialising in merchant credit, debit and EFTPOS acquiring. CTF prizes Atlassian Sydney (https://atlassian.com): an Australian enterprise software company that develops products for software developers, project managers, and content management.

    1
  • SecTalks SYD0x29 (42nd) - Bitcoin Honeypot

    PWC (new office location in CBD)

    #1: SecTalks SYD0x29 (42nd) - Bitcoin Honeypot - Leaving a wallet on the floor of the Internet Developed a Bitcoin Full Node Honeypot that sits on the internet awaiting attackers. The Bitcoin Full Node has a JSON RPC port bound to localhost which I developed a honeypot to open it up to the internet and deceive attackers into connecting and trying to steal money from the wallet. This is a talk about how to develop a honeypot from a deception point of view as well as the results of leaving it sitting on the internet and having attackers try to steal money from it. ----- Gordon Draper ackground in utilities and electrical engineering, moved to cybersecurity consulting for penetration testing and security architecture. Now run Fort Safe Cybersecurity Consultancy in Australia. #2: CTF SYD0x26 Walk-through and SYD0x28 CTF (60min) Solution to the previous CTF will be presented and there will be a CTF game. Whether you are a guru at CTFs or a complete beginner, you will have fun. If you wish to play, follow the steps below, otherwise feel free to come by, listen to the talks and network. As always: 1) Bring your laptop. B) Internet access may not be provided. You may want to bring your own wifi dongles or tether to your iPwns. F) Have a hypervisor software, e.g. VMWare player, Virtual box. It is necessary for running some CTF challenges and workshops. 4) Based on the number of participates for the CTF, the group may be divided into teams. PREPARE TO MAKE NEW FRIENDS. We will try to team up beginners with gurus. Those that want to go solo are still welcome to do so. five: This is a learning exercise for everyone. The idea is to think about problems, make friends and have fun. Don't treat it like a competition. If this is your first time participating in a CTF, check out LiveOverflow's video as an introduction lesson to what it's all about: https://www.youtube.com/watch?v=8ev9ZX9J45A VI- The winner is the first team who solves the challenge. The winner will win the praise and admiration of fellow attendees. Gentle prods and hints will be offered during the session to move things along if people get stuck. The goal is to learn, not to beat your head against a wall for days on end. 7: Have fun. Learn. Mentor if you are able to. Participate, or just socialise. This is supposed to be a fun, learning event for the security and hacker community. 8. Know how to run OpenVPN client on your system. This may be required to access CTF server(s). Doors are open from 6:00 pm and the first presentation starts at 6:15 pm. Light refreshments are available at the venue. # Sponsors Venue and catering PwC Sydney (https://pwc.com.au) CTF Servers and online hosting elttam (https://elttam.com.au): an Australian specialised IT security firm that provides independent security consulting and training services. Speaker prizes Tyro Payments (https://tyro.com): an Australian financial "fintech" institution specialising in merchant credit, debit and EFTPOS acquiring. CTF prizes Atlassian Sydney (https://atlassian.com): an Australian enterprise software company that develops products for software developers, project managers, and content management.

  • SecTalks SYD0x28 (41st) - Hacking Law Firms with Abandoned Domain Names

    PWC (new office location in CBD)

    #1 Hacking Law Firms with Abandoned Domain Names Email is an essential service for all businesses, including legal practices. Email is not only a primary communication channel but also required for registering with online services and profession-specific portals. When law firms merge or wind-up, internet domain names are often abandoned, allowing anyone to re-register and take ownership of the former firm’s domain name. The new owner can then, among other things take control of the former firm’s email services. In this talk, we explore how we managed to gain access to, or reset passwords for online services and profession-specific portals. These online services store documents, emails and other information relating to a legal practice, including financial details, personal information, confidential information and client-legal privileged information. We also make recommendations as to measures legal practices and other businesses can take to stop this threat. ----- Gabor Szathmari is a cybersecurity expert with over ten years experience, having worked in both private and public sectors. He has helped numerous big-name clients with data breach investigations and security incident management. In his professional life, Gabor helps businesses, including many small and mid-size legal practices improve their cybersecurity at Iron Bastion. He is also the president of CryptoAUSTRALIA, the leading authority promoting a society where all Australians can learn to defend their privacy #2: CTF SYD0x26 Walk-through and SYD0x27 CTF (60min) Solution to the previous CTF will be presented and there will be a CTF game. Whether you are a guru at CTFs or a complete beginner, you will have fun. If you wish to play, follow the steps below, otherwise feel free to come by, listen to the talks and network. As always: 1) Bring your laptop. B) Internet access may not be provided. You may want to bring your own wifi dongles or tether to your iPwns. F) Have a hypervisor software, e.g. VMWare player, Virtual box. It is necessary for running some CTF challenges and workshops. 4) Based on the number of participates for the CTF, the group may be divided into teams. PREPARE TO MAKE NEW FRIENDS. We will try to team up beginners with gurus. Those that want to go solo are still welcome to do so. five: This is a learning exercise for everyone. The idea is to think about problems, make friends and have fun. Don't treat it like a competition. If this is your first time participating in a CTF, check out LiveOverflow's video as an introduction lesson to what it's all about: https://www.youtube.com/watch?v=8ev9ZX9J45A VI- The winner is the first team who solves the challenge. The winner will win the praise and admiration of fellow attendees. Gentle prods and hints will be offered during the session to move things along if people get stuck. The goal is to learn, not to beat your head against a wall for days on end. 7: Have fun. Learn. Mentor if you are able to. Participate, or just socialise. This is supposed to be a fun, learning event for the security and hacker community. 8. Know how to run OpenVPN client on your system. This may be required to access CTF server(s). Doors are open from 6:00 pm and the first presentation starts at 6:15 pm. Light refreshments are available at the venue. # Sponsors Venue and catering PwC Sydney (https://pwc.com.au) CTF Servers and online hosting elttam (https://elttam.com.au): an Australian specialised IT security firm that provides independent security consulting and training services. Speaker prizes Tyro Payments (https://tyro.com): an Australian financial "fintech" institution specialising in merchant credit, debit and EFTPOS acquiring. CTF prizes Atlassian Sydney (https://atlassian.com): an Australian enterprise software company that develops products for software developers, project managers, and content management.

    6
  • SecTalks SYD0x27 (40th) - Heaps of Fun

    PWC (new office location in CBD)

    #1: Heaps of Fun - A Beginner's Look at Linux Heap Exploitation So you've smashed the stack and caged the canary - what's next? In this talk we cover the basics of glibc malloc on linux and how we go about exploiting it. An introduction to bug classes such as UAF, heap BOF, double frees and more will be provided - and a focus will be made on CTF style applications. However, what is discussed is applicable (with more elbow grease) to real software. (Technical Level: Intermediate to Advanced) Glenn McGuire (glem) is a banana bread fanatic who likes messing with computers #2: CTF SYD0x26 Walk-through and SYD0x27 CTF (60min) Solution to the previous CTF will be presented and there will be a CTF game. Whether you are a guru at CTFs or a complete beginner, you will have fun. If you wish to play, follow the steps below, otherwise feel free to come by, listen to the talks and network. 1) Bring your laptop. B) Internet access may not be provided. You may want to bring your own wifi dongles or tether to your iPwns. F) Have a hypervisor software, e.g. VMWare player, Virtual box. It may be necessary for running some CTF challenges. 4) Based on the number of participates for the CTF, the group may be divided into teams. PREPARE TO MAKE NEW FRIENDS. We will try to team up beginners with gurus. Those that want to go solo are still welcome to do so. five: This is a learning exercise for everyone. The idea is to think about problems, make friends and have fun. Don't treat it like a competition. VI- The winner is the first team who solves the challenge. The winner will win the praise and admiration of fellow attendees. Gentle prods and hints will be offered during the session to move things along if people get stuck. The goal is to learn, not to beat your head against a wall for days on end. 7: Have fun. Learn. Mentor if you are able to. Participate, or just socialise. This is supposed to be a fun, learning event for the security and hacker community. # Sponsors Venue and catering PwC Sydney (https://pwc.com.au) CTF Servers and online hosting elttam (https://elttam.com.au): an Australian specialised IT security firm that provides independent security consulting and training services. Speaker prizes Tyro Payments (https://tyro.com): an Australian financial "fintech" institution specialising in merchant credit, debit and EFTPOS acquiring. CTF prizes Atlassian Sydney (https://atlassian.com): an Australian enterprise software company that develops products for software developers, project managers, and content management. Doors are open from 6:00 pm and the first presentation starts at 6:15 pm. Light refreshments are available at the venue.

  • SecTalks SYD0x26 (39th) - Detection at Scale

    PWC (new office location in CBD)

    #1: Detection at Scale Security detection often feels like being stuck in an endless cycle. Acquire new data, sift through the data, get overloaded, drive new automation initiatives to get us out of our backlog, and then we break stuff all over again. What if detection at scale wasn’t this at all? What if our job wasn’t to process logs at all? The Google Detection & Response team would like to show you how we are reframing our perspective of what security engineers should be experts in. Stepping back from the day to day analysis of endless log sources. Instead, we research new detection ideas and codify those into a framework supported by end to end testing. Examples of how real Google security engineers approach this idea included. Kris Hunt is the manager of the Sydney arm of the Google Detection & Response team He has focused on the detection side of security for the past 15 years and today, his role is to lead teams of security engineers who innovate and evolve Alphabet’s detection systems to match the ever increasing sophistication of attackers. #2: CTF SYD0x25 Walk-through and SYD0x26 CTF (60min) Solution to the previous CTF will be presented and there will be a CTF game. Whether you are a guru at CTFs or a complete beginner, you will have fun. 1) Bring your laptop. B) Internet access may not be provided. You may want to bring your own wifi dongles or tether to your iPwns. F) Have a hypervisor software, e.g. VMWare player, Virtual box. It is necessary for running some CTF challenges. 4) Based on the number of participates for the CTF, the group may be divided into teams. PREPARE TO MAKE NEW FRIENDS. We will try to team up beginners with gurus. Those that want to go solo are still welcome to do so. five: This is a learning exercise for everyone. The idea is to think about problems, make friends and have fun. Don't treat it like a competition. If this is your first time participating in a CTF, check out LiveOverflow's video as an introduction lesson to what it's all about: https://www.youtube.com/watch?v=8ev9ZX9J45A VI- The winner is the first team who solves the challenge. The winner will win the praise and admiration of fellow attendees. Gentle prods and hints will be offered during the session to move things along if people get stuck. The goal is to learn, not to beat your head against a wall for days on end. 7: Have fun. Learn. Mentor if you are able to. Participate, or just socialise. This is supposed to be a fun, learning event for the security and hacker community. 8. Know how to run OpenVPN client on your system. This may be required to access CTF server(s). Doors are open from 6:00 pm and the first presentation starts at 6:15 pm. Light refreshments are available at the venue.