Talks will be announced in two phases, on 18th Sept and 2nd Oct. The current schedule may be subject to change.
|Title||Bootstrapping InfoSec for Hacktivists|
|Abstract||As hackers and activists, we have a lot of power and many
vulnerabilities. And as we act not just as lone hackers but in working
groups, our infosec practices can expose not only ourselves but our
associates. Acting with power, responsibility, and as much safety as
possible means we need good operational security for whole communities,
whether they're publishing citizen journalism and leaked information,
challenging censorship and copyright law, or taking direct political
action locally or internationally. This talk will walk us through some
cultural frameworks and technical tools created by and for emerging
hacker communities. Who are we? Who will dislike our actions? What
channels might they use? And how can we treat them as bugs, and route
|Location||Sat 17 0915 @ The Opera House|
|Origin||San Francisco, USA|
|Bio||Liz sports purple hair just to confuse evolutionary
psychologists, tries to cause very specific trouble, and looks
just swell in a tuxedo. She's been writing on the internet
since 1990, which is longer than some of you have been able to
dress yourselves. Somehow, she still has hope for humanity.|
|Abstract||NFC Redux takes a look at the changes that have occurred in the Mobile NFC world since the last Kiwicon. The talk will include:
- Updates on the tech and security
- A new tool release
- Some crowd-sourcing research
|Location||Sat 17 1000 @ The Opera House|
|Name||Nick von Dadelszen|
|Bio||Nick von Dadelszen is a director of Lateral Security. Nick has been performing professional pen testing for over 12 years and has managed several successful penetration testing teams. He has worked with the majority of large corporates and Government agencies in New Zealand and is a regular at Wellington ISIG meets (well not so regular since his |first second child), and on #kiwicon.
|Title||Login Timing Attacks for Mischief and Mayhem|
|Abstract||Timing attacks are relatively well known in the shady recesses of the caves I assume cryptographers hide in. However less is known by us security and hacker folk. I intend to rectify this injustice by answering a simple question - Can a timing attack be used on a remote web app to guess a hashed password faster than a simple brute force attack? To this end I have pondered, coded, tested, sweated, cried, pondered some more, tested, cried again and coded until I have the tool to answer the question! Ha! This talk will outline the tool, the technique, and its limitations. They said it couldn't be done, I say watch my talk and find out.
|Location||Sat 17 1100 @ The Opera House|
|Bio||Adrian does security things on behalf of his corporate overlords,
Security-Assessment.com. His focus is on web things and crypto things,
but dabbles in all the things. Adrian enjoys OWASP chapter meetings (he
is the Wellington leader after all), and long walks on the beach.|
|Title||From Revenue Assurance to Assurance: The Importance of Measurement in Computer Security|
|Abstract||In the 19th century, Lord Kelvin supposedly said "If you cannot measure it,
you cannot improve it" (although this was probably a later invention). When
you're working with Victorian-era steam engines this isn't so hard, but it
gets tougher with modern technology. After wandering around the age of steam
for awhile, this talk looks at the problem that telcos faced in the 1990s when
they found that, to their considerable surprise, their billing systems were
incapable of properly managing mobile phone billing. The result was the field
of revenue assurance, a systematic effort to measure and evaluate the
performance of mobile phone systems, at least as it applied to billing users.
With computer security things get even worse: If you can't measure it, you
don't even know whether it's working or not. The rest of the talk looks at
various failures of measurement in the field of computer security and applies
lessons from the area of revenue assurance to computer security mechanisms.
NB: Talk contains both the phrase "leverage the synergy of the cloud" *used
legitimately* and a cute kitteh picture.|
|Location||Sat 17 1130 @ The Opera House|
|Bio||Filtered down from the stars millenia ago|
|Title||Sifting through Twitter|
The security community has heavily adopted social-media such as
Twitter. However, the ratio of valuable information to noise is very
high which makes it hard to use efficiently and has many limitations
This presentation will demonstrate an online tool which can identify
trending IT security items amongst the global community and can also
build dynamic timelines of public vulnerabilities to help overcome
limitations of manually maintained vulnerability repositories such as
NVD. This presentation will also take a look at demographic specific
trends, measuring vulnerability hype, and identifying technical
vulnerability write-ups over many languages and social networks.
|Location||Sat 17 1315 @ The Opera House|
|Bio||Matt is an Australian security researcher with current interests in
vulnerability analysis, machine learning, and security visualisation.
He runs Volvent Security performing code audits for major vendors to
security assessments and consulting for a mix of organisations. On
the side he helps out organising the Ruxcon and Breakpoint security
|Title||Biohacking: Why is my kitten glowing?|
|Abstract||Plants are awesome, so are mushrooms, even though they technically aren't plants. Bacteria and viruses are also cool. What if we could take the cool bits from one kingdom and mash them with the bits from another to make cool stuff (like glowing kittens!)? Well, a few years back some guys who had been working with too may mushrooms worked out a way that we can. Some call it genetic modification, others call it biohacking. Ultimately, everything has DNA at its core, so the possibilities are endless! Cats with horns!!! But how does it all work? How do we take bits from one animal (like cats), and combine them with bits from another (like goats)? This talk will explain the science behind biohacking, look at what type of gear you need, and explain why some cats glow like jellyfish.|
|Location||Sat 17 1345 @ The Opera House|
|Title||\m/ ROP and ROLL \m/|
What's the point in sending your latest 0day exploit module down the wires
when the shellcode decoder stub can be generically discovered. Generic ROP
chains extenuate this issue as they end up becoming lengths of static DWORDS
that can be easily detected through network monitors or AV signatures.
ROP and ROLL is a proof of concept demonstration of ROP chain mutation or
modification in an attempt to remove likelihood of easy detection and the
loss of your latest java bug.
|Location||Sat 17 1430 @ The Opera House|
|Bio||Apparently antic0de was once technical. After his most recent conference
talk where he was placed in the 'management stream' and fouled his voicebox
with terms such as 'thought leader','policy use' and 'compliance', antic0de
is now wanting to clear his name before it's too late.|
|Title||Firehoses and Asbestos Pants: Security at Microsoft from Response to Lifecycle|
|Abstract||In the ten years since the Trustworthy Computing memo, we've learned a
few things at Microsoft about the processes an organization needs to
have in place to respond to security vulnerabilities and incidents.
This talk will share many of those lessons with you - from that
initial report to building the next version of the product. There will
be military metaphors and card games.
|Location||Sat 17 1500 @ The Opera House|
|Origin||Redmond WA, USA|
|Bio||After her exile from Canada, Leigh Honeywell joined Trustworthy Computing at Microsoft and is now a program manager with the Microsoft Security Engineering Center. She's an advisor to the Ada Initiative because she cares about gender issues in open technology and culture, and to the SecTor conference because Canada deserves security too :(|
|Title||Managed Service Pwnage|
|Abstract||Outsourcing IT support to MSPs has become popular among twenty-something CIOs in recent years as a way to keep costs down and bonuses up.
But the software used by the MSP industry to manage your workstations and servers is terminally FUBAR.
ITT we examine three of the top MSP platforms, poking holes in each - leading to shells aplenty, rm -rf, and more.
|Location||Sat 17 1600 @ The Opera House|
|Bio|| , Cartel .
Kiwicon 2, .|
|Title||Master Phishing: Writing a Phish That Won't Get You Busted (or, How To Bust Phishers)|
Phishing has been going on forever, but of late it's gone from 419 scams to exploit kits, while becoming more prevalent and (occasionally) more sophisticated in the process. This talk will break down, from an attacker's perspective:
- * Getting your phish past Gmail, Yahoo, Hotmail, etc.: spam traps are for suckers
- * How to make people more likely to click your phish
- * Not getting busted by pesky web filters and IDS systems
- * Picking a quality host for your payload
Live examples will be used to demonstrate points of phisher failure and general "doing it wrong and getting busted by network security pros" throughout. The audience will also be given a chance to poke fun at legitimate emails that look phishy, and thus help blur the line between "it's OK to click on everything I get in my inbox!" and "maybe I should be suspicious of this link randomly delivered to my email address." White hats throughout the room should take notice of subtly delivered, newly proposed logic for generic detection of phishing attacks.
P.S. Those curious about the proposed speaker's style are encouraged to read http://www.shitmylogssay.com/?p=10 for an example of him trolling a 419 scammer. Equivalent technically oritented lulz will be present throughout this talk.
|Location||Sat 17 1630 @ The Opera House|
|Origin||Washington DC, USA|
|Bio||Alex Kirk is a senior researcher with the Sourcefire Vulnerability Research Team (VRT), and the head of that group's Awareness, Education, Guidance, and Intelligence Sharing (AEGIS) program, which is designed to increase direct collaboration between Sourcefire customers, the Snort user community, and the VRT in the interests of improved detection and coverage. In his 8 years with the VRT, Alex has become one of the world's leading experts on Snort rules, and has honed skills in reverse engineering, network traffic analysis, and systems security. He contributed a pair of Snort-related chapters to "Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century," and is a regular contributor to the widely-read VRT blog (http://vrt-sourcefire.blogspot.com/). His current major technical project at Sourcefire involves automated collection of network data generated by malicious binaries, including Android packages, and analysis of that data for detection purposes.
|Title||Under The Radar Web App Recon|
|Abstract||Whether you’re part of the next LulzSec trying to loot a defence contractor or you’re a QSA doing pre-engagement scoping, being able to hunt down security vulnerabilities and perform reconnaissance against a web application with zero chance of being detected is useful. This talk will cover off what types of things you can find (as well as the limitations) when poking around in someone else’s web app appearing as nothing more than a regular web browser, and will be accompanied by the release of a tool for doing this.|
|Location||Sat 17 1700 @ The Opera House|
|Name||Dean "tecnik" Jerkovich|
|Bio||Dean is a security consultant with NCC Group, specializing in all things intrusion: penetration testing and incident response. Dean spends the majority of his time poking around web applications and networks throughout Australia where he's currently living amongst deadly spiders and crocodiles. At any one time there's a 98% chance he hasn't had enough coffee.|
|Title||Three Guys With Ponytails Talk About Security|
|Abstract||Total eclipses, dinner chats, and missed connections brought about this talk. Noted security and crypto experts, Jon Callas, Peter Gutmann, and Nicko van Someren will talk about what's going on in security and cryptography today and also answer questions. All three of them are known for their snark and humor as well as technical expertise. Icons will be shattered, sacred cows made into juicy burgers.|
|Location||Sat 17 1730 @ The Opera House|
|Name||Jon Callas, Peter Gutmann, Nicko van Someren|
|Origin||Unsure, but permitted by export regulations|
|Bio||Jon Callas is an software engineer, inventor, cryptographer, and entrepreneur. He is a co-founder of PGP Corporation and Silent Circle. He is a designer of security products that have won major innovation awards from The Wall Street Journal and others. He is a co-author of the Skein finalist for SHA3. He has worked on everything from operating systems to user experience on everything from PDP-11s to iPhones.
Peter Gutmann is a professional paranoid at the Department of Computer Science at the University of Auckland. He is an expert in the lack of security in just about everything around today. He has written security systems, broken security systems, been an arms courier, and written about how to do security wrong and right.
Nicko van Someren is co-founder of nCipher, one of the major developers of secure hardware before being bought by Thales. He has built secure execution systems, found keys stashed in corners, built security routers, and build digital media devices. He is a fellow of both the Royal Academy of Engineering and the British Computer Society.
|Abstract||Smart phones and other portable devices are increasingly used with Microsoft Exchange to allow people to check their corporate emails or sync their calendars remotely. Exchange has an interesting relationship with its mobile clients. It demands a certain level of control over the devices, enforcing policy such as password complexity, screen timeouts, remote lock out and remote wipe functionality. This behavior is usually accepted by the user via a prompt when they first connect to Exchange. However, the protocol for updating these policies provides very little in the way of security and is quickly accepted by the device, often with no user interaction required.
In this talk we will focus on the remote wipe functionality and how a potential attacker could abuse this functionality to remotely wipe devices that are connected to Exchange. By impersonating an Exchange server and sending appropriate policy updates through a simple script we are able to erase all data on devices remotely without any need for authentication. The presentation will explain how this can be accomplished and show proof of concept code for Android & iOS devices. There will be demos.|
|Location||Sun 18 0915 @ The Opera House|
|Bio||Peter Hannay is a PhD student, researcher and lecturer based at Edith
Cowan University in Perth Western Australia. His PhD research is focused
on the acquisition and analysis of data from small and embedded
devices. In addition to this he is involved in smart grid research and
other projects under the banner of the ECU Security Research Institute.|
|Title||Attacking Audio One Time Passwords at 1100Hz|
|Abstract||Audio one time passwords systems are commonly used in mobile banking / finance
systems in developing countries to leverage the high levels of not-smart mobile
phone ownership in rural areas. The research described in this talk employs;
signal processing, audio plugins, phreaking concepts, cryptanalysis and
war dialling, to develop a methodology for analysis and implement an attack
against audio one time password systems.
|Location||Sun 18 0945 @ The Opera House|
|Name||Graeme Neilson and Shingirayi Padya|
|Bio||Graeme is a security researcher for Aura Information Security (AIS) in New Zealand. He has talked at security conferences around the globe including BlackHat, CanSecWest, and H2HC on topics such as developing rootkits for firewalls and the security implications of quantum cryptography.
Shingi also works for AIS, and when not plotting how to take over African telcos, spends most of his days pentesting.|
|Title||Open source security response|
Open source means that commits are publicly visible, patches are
shared upstream and discussion is via public forums. This is
antithetical to the needs of embargoed security flaws, where opacity
and secrecy is key prior to releasing a patch. Handling patches in a
secure fashion using the open source model is a balancing act between
openness and confidentiality. This talk will explain how it is done,
covering the handling of embargoed flaws, private communication
channels used by open source developers, committing patches upstream
and communicating with users. The result is significantly greater
transparency around released patches, with full source code and
documentation available, as opposed to patches for proprietary
software which are often limited to a mysterious updated binary, a
CVSS score and a vague description.
Video with hand puppets outlining the talk:
|Location||Sun 18 1015 @ The Opera House|
|Bio||David is the lead security response engineer for Red Hat's middleware division (JBoss). He has spoken at Ruxcon, Linux.conf.au, JUDCon, SAGE-AU and OSDC.|
|Title||The tale of a Firefox bug|
|Abstract||This talk will discuss 100% reliable exploitation of CVE-2011-2371 (found by Chris Rohlf) by turning it into an infoleak and using no heap spraying teqniqz. There won't be any spamming the address space and relying on the sayonara ROP chain - this will instead go over how exploit writers are supposed to ball to produce quality and reliable exploits. All relevant Firefox internals will be discussed. I'll also have a bit of a whinge about Firefox while I have a large group of people in front of me.|
|Location||Sun 18 1115 @ The Opera House|
|Bio||Thoth loves cottage cheese very much, but dislikes chives.|
|Title||Bluetooth sniffing with Ubertooth|
|Abstract||Bluetooth traffic analysis is hard. While 802.11 and Zigbee have promiscuous
mode on commodity hardware, Bluetooth packet sniffing is hampered by
pseudo-random frequency hopping between packets as well as data whitening,
integrity and CRC checks based on unknown device state.
Using entirely open source hardware and software, we are now able to calculate
the internal state from received packet and hop frequency 1600 times per second
to monitor the connection between arbitrary devices.
Demos - finding non-discoverable devices, recovering internal device state,
sniffing packets, Bluetooth low energy sniffing if time allows (and if I can
find some devices).|
|Location||Sun 18 1145 @ The Opera House|
|Bio||Dominic has been trying to build a promiscuous Bluetooth sniffer since 2007,
so we can assume it's hard. In July 2012 he took over as lead developer on
project Ubertooth in an attempt to add features such as frequency hopping.
This talk shows the fruits of that work.|
|Title||Ghost Riders in your WLAN|
|Abstract||War driving has been around for a very, very long time, however it has
been missing a few key things. Mainly leather, Judas Priest and Motorcycles.
'Ghost riders in your LAN' is a talk based around overclocking the
wardriving game by introducing gasoline, angle grinders, cheap wifi gear
and a build
price smaller than your slightly more exorbitant weekend bender.
This talk is a collaboration between Security-Assessment.com and Stray
Rats Custom Motorcycles. I will be covering the details of how to build
a wifi-attack-cycle from ground up - from electronics and
cheap-and-cheerful heads up displays to the bike modifications required
to mount all the tech and look awesome while terrorizing your local
Ride the metal monster, breathing deauth and fire. Closing in with
vengeance broadcasting high. This is the WifiKiller.|
|Location||Sun 18 1345 @ The Opera House|
|Bio||Denis Andzakovic is a Security Consultant with
Security-Assessment.com, a security consultancy based in Auckland,
Wellington and Singapore. He is also the founder of Stray Rats Custom
Motorcycles, a small Auckland customs outfit specializing in violating
bikes, old and new, in the best of ways.|
|Title||Abruptly Mangle the Web|
|Abstract||Unsatisfied with current Web application mass-destruction tools, Thiebaud
created a genuine(tm) nephew of Scapy for HTTP. Did you ever need to inject
an xml-double_urlencoded-base64 payload in the middle of a cookie header to
exploit an SQL injection? If so, you know that this can be a pain with
existing tools and how "quickly" forge your own script might take longer
than you thought.
This talk will sum up the general state of web application pentest tools,
their weaknesses and present Abrupt and how its design solves some of these
issues. Finally, working, useful examples will be demonstrated on how to use
it for your day job or your discreet night-time activities.|
|Location||Sun 18 1415 @ The Opera House|
|Bio||Thiébaud is a Security Consultant at Securus Global.|
|Title||The Mysterious Case Of The Shrinking Pentest Toolkit|
|Abstract||Gordon Moore once said that "The complexity for minimum component
costs has increased at a rate of roughly a factor of two per year..."
We have no idea what that means, but since he said it we've noticed
that computers keep getting smaller, faster and cheaper. Over the past
few years, we've seen a lot of tiny, low power single board computers
make their way into the hands of hobbyists - and hackers. Capable of
running a mainstream OS and software - usually Linux - the potential
for these devices as tools of hackery is wide and varied.
Andrew will talk about some of things he's done with these
diminutive devices, some of the commercially sold miniature hack
tools, and will demo some of his own gadgets, including the OpenMoko
FreeRunner, BeagleBoard and the recently famous Raspberry Pi.|
|Location||Sun 18 1445 @ The Opera House|
|Name||Andrew "lizardb0y" Stephen|
|Bio||Andrew is a corporate security sellout by day, but by night he tinkers
with gadgets, collects early home computers and watches a bit of
telly. Having programmed his first computer at age 9 he abandoned
programming in his early 20's to become a network monkey and Unix
Sysadmin. Mainly because, as a programmer, he was actually supposed
to deliver something.
For the past decade and a bit Andrew's been pretending to specialise
in information security, a pretence he's maintained by working as a
security architect, studying security, and speaking publically about
business security issues. His greatest wish is to con somebody else
into paying his mortgage while he dons argyle sweater, horn-rimmed
glasses and quietly curates a museum of computing history.|
|Title||in2securITy - What we did last year and other mad ideas <strike>for world domination</strike>|
|Abstract||Twelve months ago, Brett Moore lamented future of NZ security. "Oh where is the next generation" he cried (well he asked in his serious voice while drinking beer).
Eleven months and three weeks ago, beer was consumed, the future discussed and ideas were laughed at.
Eleven months, two weeks and six days ago, hangovers were nursed, realisations occurred and planning began.
One website, 40 articles, 5 writers, 185 members, 18 mentoring pairs, 15 + videos and a 200 person national tour later... and we may have created something a little bit special.
In this talk, Laura will showcase what in2securITy is, why it exists and what it has acheived in the past 12 months. If that isn't enough, she will also share the vision of in2securITy in the 12 months to come, what we will achieve for NZ, what we need to get there and why you won't want to miss a second of it.|
|Location||Sun 18 1515 @ The Opera House|
|Name||Laura "ladynerd" Bell|
|Bio||"A shy and retiring wall flower..." is one of the many phrases that have never been used to describe Laura. Since moving to NZ in 2011, she founded and runs in2securITy as well as working as a security consultant for Lateral Security. She knows what free time and hobbies are, she read about them in a book somewhere. It had a lot of pictures.
|Title||Do not ask for whom the panopticon watches, it watches for thee.|
|Abstract||Our beloved government is continuing its mission to ensure that the
internet is a wonderful fantasy land full of only nice things. An
update on the government internet filter, where copyright law is
going, the Law Commission's Digital Harms bill and the new internet
censor, the Police's automated license plate recognition, website
censorship and everything else that us paranoid types worry about.|
|Location||Sun 18 1600 @ The Opera House|
|Bio||Co-founder of Tech Liberty (www.techliberty.org.nz). Not registered with the NZKC.|
|Title||Hacker History: Dmitry and the DMCA|
|Abstract||Last year, one of the iPhone talks tabled the question "who's heard of
Elcomsoft", and maybe 1/3rd of those present responded. Given
Elcomsoft's prominent role in the trials and lamentations of Dmitry
Skylarov at the conclusion of Defcon 9, and the subsequent furor in the
hacker/code-is-speech crowd, it rather shocked me that few seemed to be
aware of this. Main focus are the issues with Dmitry's arrest and the
abuse of the DMCA by Adobe (will likely touch on the issues with the
DMCA and code-as-speech assuming time permits, but it's not the primary
|Location||Sun 18 1615 @ The Opera House|
|Bio||Hung around since the days of Apple II, BBS's, telnet, and gopher.
First gained NZ notoriety as "The tcpdump guy" at NZNOG 04. Was rather
heavily involved from day 1 in the Free Dmitry movement at the time, and
shared a few homebrews with Alex Katalov and Dmitry in celebration of
his release from charges. Been there, done that, got the tshirt and photos.
|Title||I Love You Sweet Leaf|
|Abstract||"Straight people don't know, what you're about|
They put you down and shut you out
You gave to me a new belief
And soon the world will love you sweet leaf"
|Location||Sun 18 1620 @ The Opera House|
|Bio||It is the year 1986 when Body Sativa pries open his third eye, and
understands the cosmic interconnectedness of the world; an echo of the
future, deep in the past.|
|Title||Bit flipping, favicons, and what the hell is your browser actually doing?|
|Abstract||The results of analyzing a year of weblogs from several bitflipped versions of a popular .nz website and the subsequent investigation into what browsers will happily download without telling you. A few WTFs for sure|
|Location||Sun 18 1635 @ The Opera House|
|Name||Blair "trogs" Harrison|
|Bio||Trogs is a shady-looking sysadmin from Wellington. Previously he
has talked about that fibre optic stuff we all love, but he seems
to have moved up the stack a bit this year. He will happily
accept free beers.|
|Title||The OSINT OPSEC Tool|
|Abstract||The OSINT OPSEC tool monitors multiple 21st Century OSINT sources (largely social media)
real-time for keywords, then analyses the results, generates alerts, and maps trends of the data,
finding all sorts of info people probably don't want others to see...
The OSINT OPSEC tool can have many applications, ranging from checking if your employees and
public servants know when to STFU, knowing within minutes when your latest customer DB has
been dumped, to aggregating a whole heap of passports, credit cards, and residency permits...
I'll be demonstrating the tool live and releasing it at the 'con.|
|Location||Sun 18 1645 @ The Opera House|
|Name||Brendan "hyprwired" J|
|Bio||Currently working in App Support/Systems Administration by day, amateur security enthusiast by night.|
|Abstract||In a world with firesheep, mitmproxy and sslstrip, does anything important still go over http? Well...
|Location||Sun 18 1700 @ The Opera House|
|Bio||Kirk Jackson is a security architect at Xero, makers of the world's easiest online accounting software. He has experience building and breaking large-scale web applications.|
|Title||Demonic Possession of Browsers. BeEF Issue #666|
|Abstract||The venerable internet browser has a mechanism for preventing its
subversion by one domain of another. So called, Same Origin Policy.
In this talk we'll explore situations where this mechanism breaks down.
- Can an afflicted browser eviscerate your internal networks?
- Can mobile apps become be turned, to ransack your cloud data?|
|Location||Sun 18 1715 @ The Opera House|
|Bio||Chief Information Exorcist for Aura|