Ruxmon Lightning Talks (August)

This is a past event

92 people went

Details

Ruxmon is a free monthly event where speakers from the local security community share their knowledge on a security topic ranging from introductory/beginner level to more advanced topics.

This month we are trying a new format with lightning talks (max 10 minutes).

Post-talks socialising and drinks are nearby at Captain Melville (34 Franklin St).

$vendor 0day - Brendan Scarvell

This presentation will talk about the process of discovering an undisclosed method to bypass authentication and gain remote code execution on a number of $vendor devices.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Command injection and restriction bypass on IoT device - Harold

Harold will be walking you through a vulnerability published earlier in the year, on a conference media device, including how he bypassed restricted use of special characters, the challenges involves and how he ended up exploiting the command injection.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Pimps is the most annoying friend that someone can have... So I'm here! - j

Quick (10 minutes) introduction to Variant analysis. Let's talk about how we can use previous known bugs to find new similar vulnerabilities in the same codebase or across different codebases using Semmle QL.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

This vulnerability is doo doo - Justin Steven

We'll take a quick look at a garbage 0day code execution bug in a popular IDE that probably won't get anyone (sensible) owned, encourage people to think twice before opening untrustworthy source code in an IDE, and implore people to stop 👏 using 👏 system() 👏

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

OK, You're Leet - What Now - Marc Bown

As an industry we tend to fetishize technical skills. Many of us spend our time and training budgets on trying to become the next Marc Dowd or Tavis Ormandy. But most companies out there don't need Dowd's or Ormandy's - they need regular shmoes to deal with regular security problems.

In this talk I'll talk about some of the best security people that I've worked with and what made them great. I'll share details on the diverse set of skills that I think that good security people need to have.

If I succeed, you all will be convinced that we should all be investing in developing our non-technical skills, as well as our technical skills, in order to move the industry forward.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Hack the Mac - Neelakanteswara Rao Patnaik Baggam (Neel)

In this talk I will demonstrate the way Mac OS can be fooled by changing the name of the exploit file to give access to perform some important operations like using the camera, microphone etc. The remote administration tool I'm going to use in this presentation is developed by me.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Supply Chain Attacks: What are my options? - Riley Baird

Supply chain attacks take you by surprise. You spend so much time securing your network only to be pwned because a trusted source just sent you malware. This talk explains the scope of the supply chain threat and discusses real-world examples. Furthermore, we discuss measures which users, organisations and developers can take to minimise their exposure to this risk.