Cyber BlueCon Meetup #0x0C

## BlueCon#0x0C - Event Details

A Cyber Security event for the community, by the community.
Join us on Wednesday, 14th May 2025 at Stone & Chalk Melbourne for the May Cyber Blue Team Meetup!
Follow us on LinkedIn: Cyber BlueCon LinkedIn
This meetup features a technical talk and workshop led by experienced members of the cybersecurity industry, plus a chance to connect with fellow professionals in the field.

### 📅 Event Info

• Date: Wednesday, 14th May 2025
• Time: 5:30 PM – 7:30 PM AEST
• Location: Stone & Chalk Melbourne – 121 King Street
• Cost: Free (registration essential)
• Registration Link: https://www.eventbrite.com.au/e/1352309958489?aff=oddtdtcreator

### 💻 What to Bring

• A laptop with PowerShell and browser access
• Tools like CyberChef, PowerShell ISE, or VS Code
• Pre-configured lab guide and malware sample (to be emailed to registered attendees)

### 🌍 International Livestream Watch Parties

• Accra, Ghana: 8:00–10:00 AM GMT
  Registration Link:https://www.eventbrite.com.au/e/1352296738949?aff=oddtdtcreator
• Lagos & Abuja, Nigeria: 9:00–11:00 AM WAT
  Registration Link: https://www.eventbrite.com.au/e/1352309436929?aff=oddtdtcreator

***

## BlueCon#0x0C

Nothing to See Here: Unmasking Deception Through Anomaly Hunting

### 📝 Event Description

Cyber attackers no longer rely solely on stealth—they blend in. This session will explore how defenders can uncover hidden threats through anomaly detection and reverse engineering.
You’ll begin with a deep dive into detection strategies for identifying unusual behaviour, then roll up your sleeves for a hands-on workshop focused on dissecting a PowerShell-based stealer script.

***

### 🎤 Presentation: Detecting the Undetectable

Speaker: Jack Thomson – Security Analyst at Sekuro
Jack shares his journey from audio engineering to cybersecurity and now threat hunting at Sekuro. His presentation covers the identification of contextual, frequency-based, and protocol anomalies in large environments and how threat hunters can leverage Splunk and behavioural baselines to surface suspicious patterns.
Jack holds certifications in:

• BTL1
• Mosse Threat Hunting
• Practical Threat Hunting (Applied Network Defense)
• 13Cubed Linux Certification
• Waifu University – Xintra Labs

***

### 🛠️ Workshop: Reverse Engineering an Obfuscated PowerShell Stealer

Facilitator: Nathan Curnow – Cyber Defence Analyst at Sekuro & Technical Instructor at CyberLynk
Nathan brings a wealth of practical expertise from SOC operations, malware analysis, and security automation. In this workshop, he will lead participants through analysing an obfuscated PowerShell script inspired by the Lumar Stealer.
Nathan’s certifications include:

• Network+
• Security+
• CCNA
• BTL1

***

### 🧪 Workshop Overview

A technical walkthrough of reversing a PowerShell-based stealer with multiple obfuscation layers. Understand common scripting threats and how adversaries bypass detection.

### ✅ Workshop Objectives

• Deobfuscate layered PowerShell malware
• Detect AMSI bypass and encoded commands
• Identify LOLBins and credential theft mechanisms
• Extract IOCs and map attacker behaviours
  Apply hunting techniques to script-based attacks

***

### 🎓 Learning Outcomes

Attendees will leave with the ability to:

• Reverse engineer and document script-based threats
• Understand modern obfuscation and evasion tactics
• Detect and respond to scripting-based malware
• Think critically about anomalous “normal” activity

***

### 🏆 Prizes

Participants can win:

• Sponsor giveaways
• Free lab access or training discounts - CyberLynk
• Recognition for top analysis or fastest deobfuscation

***

Interested in submitting an application to speak at future BlueCon events? You can apply here. Interested in volunteering? Let us know at the event.