This month, we’re having a joint-meetup with Sydney (https://www.meetup.com/SecTalks/events/270873788/), Melbourne, and even some of our overseas friends. Join us virtually, and hang-out with us about the cybers over cyberspace. This presentation is open to all who are interested in attending, you don’t have to be from Melbourne, Sydney, or Australia for that matter. Watch the awesome talks below on YouTube, and join the conversation/meetup with other attendees via our social video conference. We’re trying something new. Details below:

-> YouTube: https://youtu.be/fWcQijiZ4-0
-> VidCon Social: [ TBD ]

• Talks -
  ========================================
  Having more than one string to your bow
  ========================================

Abstract

I'm not sure how your day job works, but mine almost always never goes to plan. Simple tasks somehow blow out of proportion, what worked yesterday no longer works today and all this while you have an extremely tight deadline to actually find some answers. Some days you've got to be nimble, some days you've got to be stubborn, but most of all you need an array of knowledgebase articles and virtual machines just to make it.

Basically if an artefact can make your day hard, it will.
This is what I also love about my job and why every day I learn something new. Particularly this year I've been able to start coming up with different ways to analyse artefacts and information, this talk will go through some of my thought patterns, ideas, processes and lessons learnt during some of the engagements i've worked on this year.

Speaker Bio: Shanna Daly ( @Caccia7r1c3 )
Shanna started working in information security by accident back in 2001 and has never turned back. Continuing that pattern of making it by accident she managed to find her way into an IR team and that’s where her love of DFIR was born, and that’s where she decided that she would stay and continue her passion for it. In 2019 she started her own DFIR company in Australia and continues to work in the field she loves.

===========================================================
The Joy of Memory Corruption: Modern Browser Exploitation

Abstract

If you've done the OSCP, or competed in a pwnable challenge in a CTF, you've probably been exposed to buffer overflows and memory corruption. How different is exploiting a classic stack smash to exploiting modern-day software such as a web browser that uses strong exploit mitigations? What skills are required to exploit 0day bugs?
This talk will walk through the exploitation techniques required to gain code execution in modern Firefox using the Spidermonkey JavaScript Engine. I'll inject an artificial vulnerability into the latest version of Spidermonkey to give me a relative (OOB) read/write memory corruption bug. I'll leverage this restricted memory corruption bug into increasingly powerful exploit primitives, culminating into popping calc with arbitrary code and command execution.
If you want insight into exploitation against modern targets then attend this talk

Speaker Bio: Dr. Silvio Cesare ( @silviocesare )
Dr Silvio Cesare is the Managing Director at InfoSect and the co-founder of BSides Canberra.

NB: This is the same event that is on the Sydney & Melbourne Meetup. We’re cross-posting to keep everyone informed. :)