BSides Brisbane is a conference that provides a platform for first-time speakers, students, new and experienced professionals an environment to present their work in a friendly and welcoming environment.
Event Details
Saturday, 13th July 2024
Time left:
Schedule
This year we will be putting on two separate tracks of content across the day. Each session and track can be viewed below. More details available by hovering over the talk title.
Please note this schedule is still in a draft state and is subject to change.
Track 1 Sessions
| Time | Speaker | Talk Title | Duration |
|---|---|---|---|
| 08:00 | Doors and Check In Open | All day | |
| 08:45 | Josh & Brodie | Welcome to BSides Brisbane 2024 | 15 mins |
| 09:00 | Cristina Cifuentes | Keynote: From Student of Compilation to Mother of Decompilation -- 30 years edition In this keynote presentation, Cristina will give a retrospective on her decompilation PhD work, the growing interest on this technology throughout the past three decades, examples of commercial uses of decompilation, and conclude with an application of decompilation to develop a malware analysis tool. | 60 mins |
| 10:00 | Brendan Scarvell | Hacking the Netcomm NF20MESH Router ..again This presentation follows on from research performed on the Netcomm NF20 Mesh router presented at BSides Brisbane 2023. Brendan will walk through the methodology used to identify the vendor's fixes for the previous vulnerabilities, and how a bypass was identified which resulted in unauthenticated remote code execution. | 30 mins |
| 10:30 | Morning Tea Break Grab a free coffee from the Cafe thanks to Ricki and the CyberSec People team! | 15 mins | |
| 10:45 | Ryan Williams | Simboxes & Scams - The Long Road to SS7 Ryan joins us to discussed the unauthorised utilisation of sim boxes (SIM banks), which are known to circumvent established telecommunication protocols, leading to substantial revenue deficits for telecom operators. These are the long-line trawlers of smishing campaigns globally and those we see arrested for sim box crime are just the tip of a very well organised and technically capable iceberg. Join Ryan, as he takes us back stage for a better look at the who, what and how of a little know global industry. | 30 mins |
| 11:15 | John Uhlmann | Kernel ETW is the best ETW When Microsoft introduced Kernel Patch Protection, security vendors were constrained in their ability to monitor the kernel. Given the limited number of kernel extension points provided by Microsoft they were increasingly compelled to rely on asynchronous Event Tracing for Windows (ETW) events for after-the-fact visibility of kernel actions on behalf of malware. Given this reliance, the documentation of these telemetry sources is unfortunately somewhat sparse. To compensate I’ve needed to write or modify tools to overcome these limitations and uncover useful ETW events. With a focus on kernel telemetry, this talk will cover this multi-year journey and my open-source contributions to making ETW knowledge more accessible for security practitioners. | 45 mins |
| 12:00 | Lunch Time Break A number of lunch options are open around the campus. | 60 mins | |
| 13:00 | Cameron Fairbairn | From Past to Present: The Evolution of Command and Control During this presentation, Cameron will explore the evolution of Command and Control (C2) traffic in cybersecurity through the lens of the MITRE ATT&CK framework and the evolution of adversary techniques. Attendees will gain insights into the historical context, current strategies, and how understanding the MITRE ATT&CK framework enhances our ability to identify and mitigate C2 traffic, equipping them with a deeper understanding of this critical cybersecurity topic. | 45 mins |
| 13:45 | Warren James | Detection Engineering, the why's, what's and how it fits into the bigger picture What is detection engineering and why should I care? Ever wonder how those SOC alerts are created? This session will look into the topic of detection engineering, what it is comprised of and how it fits into the cyber landscape. Take a look at the basics of detection engineering and then follow a worked example from creation through to adversary simulation to production deployment. | 60 mins |
| 14:45 | Andy Yang | A Journey from Pentest to Red Team Operation The increasing recognition of the effectiveness of red teaming in mitigating security vulnerabilities and building resilience has led to a trend towards it in cybersecurity. This presentation provides a comprehensive exploration of the transition from traditional penetration testing to advanced Red Team Operations. It will offer insights to cybersecurity professionals who wish to move into the red team space and teach them how to prepare for the career path. The real-world story will also tell you how to build your red team capability. | 45 mins |
| 15:30 | Afternoon Tea Break Don't forget to hydrate! | 15 mins | |
| 15:45 | Jess 'GirlGerms' Dodson | When it SIEMs like you're doing it all wrong… Are you a blue-teamer? Do you see yourself as working in SecOps or being a security analyst or engineer? Do you spend a lot of time in your SIEM and assorted security tools? Do you often think that you could be doing things better... or that your tools could be doing things better? If you answered yes to any of the above, this is the talk for you. | 45 mins |
| 16:30 | Kaif Ahsan & Kumar Soorya | Live Hacking Marathon: Breaking The Supply Chain Kaif and Soorya will be playing the characters of two hackers who are out to make a quick buck. They will perform 3 exploit demos on a fictional company "Everything Cyber", who’s supply chain is everything but secure. They will showcase how from a vulnerable open source library, to dependency confusion attacks, to misconfigured build pipelines, an attacker can compromise an application and gain access to the underlying environments infrastructure and production secrets. Each of the demos is representative of a type of supply chain attack and is inspired by real-life incidents. | 60 mins |
| 17:30 | nomad | CTF Close Out Final results presented for the CTF. | 15 mins |
| 17:45 | Brodie & Josh | Conference Close Out | 15 mins |
Track 2 Sessions
| Time | Speaker | Talk Title | Duration |
|---|---|---|---|
| 08:00 | |||
| 08:45 | |||
| 09:00 | |||
| 10:00 | Kelsey-Lee Stay | There's a 'U' in security team Viewing everyone in the organisation as part of the security team is one of the most important approaches we can take in mitigating security risks. | 30 mins |
| 10:30 | Morning Tea Break Grab a free coffee from the Cafe thanks to Ricki and the CyberSec People team! | 15 mins | |
| 10:45 | Jim Burger | Is the future really "passwordless"? Exploring WebAuthN and Passkeys In this presentation, we'll take a down-to-earth exploration of the concept of a "passwordless" future, focusing on the practical realities of technologies like WebAuthN and passkeys. We'll discuss the motivations behind moving away from traditional passwords and the potential benefits for both users and organizations. Through a balanced examination of the strengths and limitations of WebAuthn and passkeys, we'll aim to provide a clearer understanding of whether a passwordless future is achievable and what challenges lie ahead. | 45 mins |
| 11:30 | Ben Gittins | Getting Comfortable in the Grey: an argument for generalists in cyber security This talk seeks to examine the unique advantages of teams of security generalists working alongside those of specialists. It will take attendees on a journey following the lifecycle and processes of generalist teams. It aims to promote an industry made up of people with diverse and unique backgrounds. | 30 mins |
| 12:00 | Lunch Time Break A number of lunch options are open around the campus. | 60 mins | |
| 13:00 | Cole Cornford | AppSec Tales and Fails Cole will tell tales about heroes and villains in the appsec discipline. Anyone who has worked in the space will see these people in their everyday roles. This talk is equal parts narrative and fun, as well as practical lessons so that you too don't fall into these tropes! | 30 mins |
| 13:30 | Nick Young | Cyber Security Strategy: A 3 Step Guide Cyber Security Strategy exists as the lesser-known sibling of red/blue team, GRC, and architecture. This session aims to simplify the process of building a security strategy by outlining a methodical approach to crafting a cyber security strategy in three straightforward steps. | 30 mins |
| 14:00 | Bec Caldwell | Ecosystems of Safety: Pollen, Perspectives, and Predicting Cyber Threats This talk explores the diversity of risk in decision-making through a case study of an urban planning error that led to health issues for residents due to a lack of diversity. The same principle applies to cybersecurity, where a homogeneous approach can lead to vulnerabilities. The session emphasises the importance of diverse experiences and backgrounds in strengthening our security landscape. Just as a single type of tree caused city-wide health issues, a lack of diversity in cybersecurity can expose us to risks. Understanding how diversity can fortify the human aspect of security is key to improving security awareness. | 30 mins |
| 14:30 | Paul McCarty | The "Holy Trinity" of Offensive Security Practices: How bug bounty, penetration testing and red teaming can work together to deliver security "Nirvana" for your organisation Offensive security, a proactive approach to identifying IT vulnerabilities, involves different ways to essentially "hack yourself". Offensive security is becoming more prevalent as cyberattacks increase and organizations look for ways to stay ahead of the bad guys. It includes three major practices: penetration testing, bug bounty programs, and red teaming. Penetration testing uncovers vulnerabilities in a system over a set period, while red teaming emulates real-world attacks on specific systems. Bug bounty programs involve external researchers identifying vulnerabilities for cash rewards. These three practices, can be leveraged by organizations together to deliver some really amazing results. When done right, I call this ecosystem the "holy trinity of offensive security," as it provides valuable insights and help secure systems against potential threats. | 30 mins |
| 15:00 | Kristine Sihto | Clash of the Jargon - Simplify for understanding Jargon. It's bad. And it's everywhere. Not just cybersecurity - every sector, every industry, every business has its own brand of jargon. And sometimes, they war. Specialised terminology may be holding you back from real communication. Sometimes, cybersecurity people can't even understand other cybersecurity people! Kristine will dive into the great abyss of ever-expanding acronyms and terms and explain how to build connection with real people. | 30 mins |
| 15:30 | Afternoon Tea Break Don't forget to hydrate! | 15 mins | |
| 15:45 | Andrew Rooke | Alternative Cyber Careers - Solution and Enterprise Security Architecture Solutions and Enterprise Architecture make up two critical areas for effective cyber security control and management within an Organisation. During this presentation, Andrew will provide the audience with perspective on architecture based cyber security career pathways, their value, and why they may be of interest. | 45 mins |
| 16:30 | Nicole Murdoch | Where Inventors Need to Start We aim to answer the first question asked by every entrepreneur with an idea, business, invention, product, expansion plan, or start-up - where to start. | 60 mins |
Workshop Sessions
| Time | Tutor | Workshop Title | Duration |
|---|---|---|---|
| 08:00 | All day | ||
| 08:45 | 15 mins | ||
| 09:00 | Warren Finch (APNIC) | Open Lawful Intercept - Session 1a Are you interested how law enforcement and government are implementing lawful intercept technology? This hands-on tutorial is an overview of Lawful Interception, and how to deploy open-source software called OpenLI in an Internet Service Providers (ISP) network. | 90 mins |
| 10:30 | Break | 15 mins | |
| 10:45 | Warren Finch (APNIC) | Open Lawful Intercept - Session 1b Are you interested how law enforcement and government are implementing lawful intercept technology? This hands-on tutorial is an overview of Lawful Interception, and how to deploy open-source software called OpenLI in an Internet Service Providers (ISP) network. | 75 mins |
| 12:00 | Lunch Time Break A number of lunch options are open around the campus. | 60 mins | |
| 13:00 | Warren Finch (APNIC) | Security Monitoring with Wazuh - Session 1a Security is a broad topic that affects many aspects relating to end-users, applications, and infrastructure. The objective of this tutorial is to give a snapshot of one of the hands-on labs that is part of the 3- or 5-day network security workshops. On completion, you will be able to install Wazuh, the security platform that provides unified XDR and SIEM protection for endpoints and cloud workloads. | 150 mins |
| 15:30 | Break | 15 mins | |
| 15:45 | Warren Finch (APNIC) | Security Monitoring with Wazuh - Session 1b Security is a broad topic that affects many aspects relating to end-users, applications, and infrastructure. The objective of this tutorial is to give a snapshot of one of the hands-on labs that is part of the 3- or 5-day network security workshops. On completion, you will be able to install Wazuh, the security platform that provides unified XDR and SIEM protection for endpoints and cloud workloads. | 45 mins |