Talks will be announced in two phases, on 18th Sept and 2nd Oct. The current schedule may be subject to change.

Quick List


TitleBootstrapping InfoSec for Hacktivists
AbstractAs hackers and activists, we have a lot of power and many vulnerabilities. And as we act not just as lone hackers but in working groups, our infosec practices can expose not only ourselves but our associates. Acting with power, responsibility, and as much safety as possible means we need good operational security for whole communities, whether they're publishing citizen journalism and leaked information, challenging censorship and copyright law, or taking direct political action locally or internationally. This talk will walk us through some cultural frameworks and technical tools created by and for emerging hacker communities. Who are we? Who will dislike our actions? What channels might they use? And how can we treat them as bugs, and route around them?
LocationSat 17 0915 @ The Opera House
Duration45 mins
NameLiz Henry
OriginSan Francisco, USA
BioLiz sports purple hair just to confuse evolutionary psychologists, tries to cause very specific trouble, and looks just swell in a tuxedo. She's been writing on the internet since 1990, which is longer than some of you have been able to dress yourselves. Somehow, she still has hope for humanity.

TitleNFC Redux
AbstractNFC Redux takes a look at the changes that have occurred in the Mobile NFC world since the last Kiwicon. The talk will include:
  • Updates on the tech and security
  • A new tool release
  • Some crowd-sourcing research
LocationSat 17 1000 @ The Opera House
Duration30 mins
NameNick von Dadelszen
OriginWellington, NZ
BioNick von Dadelszen is a director of Lateral Security. Nick has been performing professional pen testing for over 12 years and has managed several successful penetration testing teams. He has worked with the majority of large corporates and Government agencies in New Zealand and is a regular at Wellington ISIG meets (well not so regular since his first second child), and on #kiwicon.

TitleLogin Timing Attacks for Mischief and Mayhem
AbstractTiming attacks are relatively well known in the shady recesses of the caves I assume cryptographers hide in. However less is known by us security and hacker folk. I intend to rectify this injustice by answering a simple question - Can a timing attack be used on a remote web app to guess a hashed password faster than a simple brute force attack? To this end I have pondered, coded, tested, sweated, cried, pondered some more, tested, cried again and coded until I have the tool to answer the question! Ha! This talk will outline the tool, the technique, and its limitations. They said it couldn't be done, I say watch my talk and find out.
LocationSat 17 1100 @ The Opera House
Duration30 mins
NameAdrian Hayes
OriginWellington, NZ
BioAdrian does security things on behalf of his corporate overlords, His focus is on web things and crypto things, but dabbles in all the things. Adrian enjoys OWASP chapter meetings (he is the Wellington leader after all), and long walks on the beach.

TitleFrom Revenue Assurance to Assurance: The Importance of Measurement in Computer Security
AbstractIn the 19th century, Lord Kelvin supposedly said "If you cannot measure it, you cannot improve it" (although this was probably a later invention). When you're working with Victorian-era steam engines this isn't so hard, but it gets tougher with modern technology. After wandering around the age of steam for awhile, this talk looks at the problem that telcos faced in the 1990s when they found that, to their considerable surprise, their billing systems were incapable of properly managing mobile phone billing. The result was the field of revenue assurance, a systematic effort to measure and evaluate the performance of mobile phone systems, at least as it applied to billing users. With computer security things get even worse: If you can't measure it, you don't even know whether it's working or not. The rest of the talk looks at various failures of measurement in the field of computer security and applies lessons from the area of revenue assurance to computer security mechanisms. NB: Talk contains both the phrase "leverage the synergy of the cloud" *used legitimately* and a cute kitteh picture.
LocationSat 17 1130 @ The Opera House
Duration30 mins
NamePeter Gutmann
OriginAuckland, NZ
BioFiltered down from the stars millenia ago

TitleSifting through Twitter

The security community has heavily adopted social-media such as Twitter. However, the ratio of valuable information to noise is very high which makes it hard to use efficiently and has many limitations

This presentation will demonstrate an online tool which can identify trending IT security items amongst the global community and can also build dynamic timelines of public vulnerabilities to help overcome limitations of manually maintained vulnerability repositories such as NVD. This presentation will also take a look at demographic specific trends, measuring vulnerability hype, and identifying technical vulnerability write-ups over many languages and social networks.

LocationSat 17 1315 @ The Opera House
Duration30 mins
NameMatt Jones
BioMatt is an Australian security researcher with current interests in vulnerability analysis, machine learning, and security visualisation. He runs Volvent Security performing code audits for major vendors to security assessments and consulting for a mix of organisations. On the side he helps out organising the Ruxcon and Breakpoint security conferences.

TitleBiohacking: Why is my kitten glowing?
AbstractPlants are awesome, so are mushrooms, even though they technically aren't plants. Bacteria and viruses are also cool. What if we could take the cool bits from one kingdom and mash them with the bits from another to make cool stuff (like glowing kittens!)? Well, a few years back some guys who had been working with too may mushrooms worked out a way that we can. Some call it genetic modification, others call it biohacking. Ultimately, everything has DNA at its core, so the possibilities are endless! Cats with horns!!! But how does it all work? How do we take bits from one animal (like cats), and combine them with bits from another (like goats)? This talk will explain the science behind biohacking, look at what type of gear you need, and explain why some cats glow like jellyfish.
LocationSat 17 1345 @ The Opera House
Duration45 mins
NameAndrew Woodward
BioThe Trees

Title\m/ ROP and ROLL \m/

What's the point in sending your latest 0day exploit module down the wires when the shellcode decoder stub can be generically discovered. Generic ROP chains extenuate this issue as they end up becoming lengths of static DWORDS that can be easily detected through network monitors or AV signatures.

ROP and ROLL is a proof of concept demonstration of ROP chain mutation or modification in an attempt to remove likelihood of easy detection and the loss of your latest java bug.

LocationSat 17 1430 @ The Opera House
Duration30 mins
OriginAuckland, NZ
BioApparently antic0de was once technical. After his most recent conference talk where he was placed in the 'management stream' and fouled his voicebox with terms such as 'thought leader','policy use' and 'compliance', antic0de is now wanting to clear his name before it's too late.

TitleFirehoses and Asbestos Pants: Security at Microsoft from Response to Lifecycle
AbstractIn the ten years since the Trustworthy Computing memo, we've learned a few things at Microsoft about the processes an organization needs to have in place to respond to security vulnerabilities and incidents. This talk will share many of those lessons with you - from that initial report to building the next version of the product. There will be military metaphors and card games.
LocationSat 17 1500 @ The Opera House
Duration30 mins
NameLeigh Honeywell
OriginRedmond WA, USA
BioAfter her exile from Canada, Leigh Honeywell joined Trustworthy Computing at Microsoft and is now a program manager with the Microsoft Security Engineering Center. She's an advisor to the Ada Initiative because she cares about gender issues in open technology and culture, and to the SecTor conference because Canada deserves security too :(

TitleManaged Service Pwnage
AbstractOutsourcing IT support to MSPs has become popular among twenty-something CIOs in recent years as a way to keep costs down and bonuses up. But the software used by the MSP industry to manage your workstations and servers is terminally FUBAR. ITT we examine three of the top MSP platforms, poking holes in each - leading to shells aplenty, rm -rf, and more.
LocationSat 17 1600 @ The Opera House
Duration30 mins
OriginAuckland, NZ
Bio                                                                       , Cartel                                                                                                                     .                             Kiwicon 2,                                                               .

TitleMaster Phishing: Writing a Phish That Won't Get You Busted (or, How To Bust Phishers)

Phishing has been going on forever, but of late it's gone from 419 scams to exploit kits, while becoming more prevalent and (occasionally) more sophisticated in the process. This talk will break down, from an attacker's perspective:

  • * Getting your phish past Gmail, Yahoo, Hotmail, etc.: spam traps are for suckers
  • * How to make people more likely to click your phish
  • * Not getting busted by pesky web filters and IDS systems
  • * Picking a quality host for your payload

Live examples will be used to demonstrate points of phisher failure and general "doing it wrong and getting busted by network security pros" throughout. The audience will also be given a chance to poke fun at legitimate emails that look phishy, and thus help blur the line between "it's OK to click on everything I get in my inbox!" and "maybe I should be suspicious of this link randomly delivered to my email address." White hats throughout the room should take notice of subtly delivered, newly proposed logic for generic detection of phishing attacks.

P.S. Those curious about the proposed speaker's style are encouraged to read for an example of him trolling a 419 scammer. Equivalent technically oritented lulz will be present throughout this talk.

LocationSat 17 1630 @ The Opera House
Duration30 mins
NameAlex Kirk
OriginWashington DC, USA
BioAlex Kirk is a senior researcher with the Sourcefire Vulnerability Research Team (VRT), and the head of that group's Awareness, Education, Guidance, and Intelligence Sharing (AEGIS) program, which is designed to increase direct collaboration between Sourcefire customers, the Snort user community, and the VRT in the interests of improved detection and coverage. In his 8 years with the VRT, Alex has become one of the world's leading experts on Snort rules, and has honed skills in reverse engineering, network traffic analysis, and systems security. He contributed a pair of Snort-related chapters to "Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century," and is a regular contributor to the widely-read VRT blog ( His current major technical project at Sourcefire involves automated collection of network data generated by malicious binaries, including Android packages, and analysis of that data for detection purposes.

TitleUnder The Radar Web App Recon
AbstractWhether you’re part of the next LulzSec trying to loot a defence contractor or you’re a QSA doing pre-engagement scoping, being able to hunt down security vulnerabilities and perform reconnaissance against a web application with zero chance of being detected is useful. This talk will cover off what types of things you can find (as well as the limitations) when poking around in someone else’s web app appearing as nothing more than a regular web browser, and will be accompanied by the release of a tool for doing this.
LocationSat 17 1700 @ The Opera House
Duration30 mins
NameDean "tecnik" Jerkovich
OriginMelbourne, Australia
BioDean is a security consultant with NCC Group, specializing in all things intrusion: penetration testing and incident response. Dean spends the majority of his time poking around web applications and networks throughout Australia where he's currently living amongst deadly spiders and crocodiles. At any one time there's a 98% chance he hasn't had enough coffee.

TitleThree Guys With Ponytails Talk About Security
AbstractTotal eclipses, dinner chats, and missed connections brought about this talk. Noted security and crypto experts, Jon Callas, Peter Gutmann, and Nicko van Someren will talk about what's going on in security and cryptography today and also answer questions. All three of them are known for their snark and humor as well as technical expertise. Icons will be shattered, sacred cows made into juicy burgers.
LocationSat 17 1730 @ The Opera House
Duration30 mins
NameJon Callas, Peter Gutmann, Nicko van Someren
OriginUnsure, but permitted by export regulations
BioJon Callas is an software engineer, inventor, cryptographer, and entrepreneur. He is a co-founder of PGP Corporation and Silent Circle. He is a designer of security products that have won major innovation awards from The Wall Street Journal and others. He is a co-author of the Skein finalist for SHA3. He has worked on everything from operating systems to user experience on everything from PDP-11s to iPhones.
Peter Gutmann is a professional paranoid at the Department of Computer Science at the University of Auckland. He is an expert in the lack of security in just about everything around today. He has written security systems, broken security systems, been an arms courier, and written about how to do security wrong and right.
Nicko van Someren is co-founder of nCipher, one of the major developers of secure hardware before being bought by Thales. He has built secure execution systems, found keys stashed in corners, built security routers, and build digital media devices. He is a fellow of both the Royal Academy of Engineering and the British Computer Society.

TitleExchanging Demands
AbstractSmart phones and other portable devices are increasingly used with Microsoft Exchange to allow people to check their corporate emails or sync their calendars remotely. Exchange has an interesting relationship with its mobile clients. It demands a certain level of control over the devices, enforcing policy such as password complexity, screen timeouts, remote lock out and remote wipe functionality. This behavior is usually accepted by the user via a prompt when they first connect to Exchange. However, the protocol for updating these policies provides very little in the way of security and is quickly accepted by the device, often with no user interaction required. In this talk we will focus on the remote wipe functionality and how a potential attacker could abuse this functionality to remotely wipe devices that are connected to Exchange. By impersonating an Exchange server and sending appropriate policy updates through a simple script we are able to erase all data on devices remotely without any need for authentication. The presentation will explain how this can be accomplished and show proof of concept code for Android & iOS devices. There will be demos.
LocationSun 18 0915 @ The Opera House
Duration30 mins
NamePeter Hannay
OriginPerth, Australia
BioPeter Hannay is a PhD student, researcher and lecturer based at Edith Cowan University in Perth Western Australia. His PhD research is focused on the acquisition and analysis of data from small and embedded devices. In addition to this he is involved in smart grid research and other projects under the banner of the ECU Security Research Institute.

TitleAttacking Audio One Time Passwords at 1100Hz
AbstractAudio one time passwords systems are commonly used in mobile banking / finance systems in developing countries to leverage the high levels of not-smart mobile phone ownership in rural areas. The research described in this talk employs; signal processing, audio plugins, phreaking concepts, cryptanalysis and war dialling, to develop a methodology for analysis and implement an attack against audio one time password systems.
LocationSun 18 0945 @ The Opera House
Duration30 mins
NameGraeme Neilson and Shingirayi Padya
OriginWellington, NZ
BioGraeme is a security researcher for Aura Information Security (AIS) in New Zealand. He has talked at security conferences around the globe including BlackHat, CanSecWest, and H2HC on topics such as developing rootkits for firewalls and the security implications of quantum cryptography. Shingi also works for AIS, and when not plotting how to take over African telcos, spends most of his days pentesting.

TitleOpen source security response

Open source means that commits are publicly visible, patches are shared upstream and discussion is via public forums. This is antithetical to the needs of embargoed security flaws, where opacity and secrecy is key prior to releasing a patch. Handling patches in a secure fashion using the open source model is a balancing act between openness and confidentiality. This talk will explain how it is done, covering the handling of embargoed flaws, private communication channels used by open source developers, committing patches upstream and communicating with users. The result is significantly greater transparency around released patches, with full source code and documentation available, as opposed to patches for proprietary software which are often limited to a mysterious updated binary, a CVSS score and a vague description.

Video with hand puppets outlining the talk:

LocationSun 18 1015 @ The Opera House
Duration30 mins
NameDavid Jorm
BioDavid is the lead security response engineer for Red Hat's middleware division (JBoss). He has spoken at Ruxcon,, JUDCon, SAGE-AU and OSDC.

TitleThe tale of a Firefox bug
AbstractThis talk will discuss 100% reliable exploitation of CVE-2011-2371 (found by Chris Rohlf) by turning it into an infoleak and using no heap spraying teqniqz. There won't be any spamming the address space and relying on the sayonara ROP chain - this will instead go over how exploit writers are supposed to ball to produce quality and reliable exploits. All relevant Firefox internals will be discussed. I'll also have a bit of a whinge about Firefox while I have a large group of people in front of me.
LocationSun 18 1115 @ The Opera House
Duration30 mins
OriginSydney, Australia
BioThoth loves cottage cheese very much, but dislikes chives.

TitleBluetooth sniffing with Ubertooth
AbstractBluetooth traffic analysis is hard. While 802.11 and Zigbee have promiscuous mode on commodity hardware, Bluetooth packet sniffing is hampered by pseudo-random frequency hopping between packets as well as data whitening, integrity and CRC checks based on unknown device state. Using entirely open source hardware and software, we are now able to calculate the internal state from received packet and hop frequency 1600 times per second to monitor the connection between arbitrary devices. Demos - finding non-discoverable devices, recovering internal device state, sniffing packets, Bluetooth low energy sniffing if time allows (and if I can find some devices).
LocationSun 18 1145 @ The Opera House
Duration45 mins
NameDominic Spill
OriginMelbourne, Australia
BioDominic has been trying to build a promiscuous Bluetooth sniffer since 2007, so we can assume it's hard. In July 2012 he took over as lead developer on project Ubertooth in an attempt to add features such as frequency hopping. This talk shows the fruits of that work.

TitleGhost Riders in your WLAN
AbstractWar driving has been around for a very, very long time, however it has been missing a few key things. Mainly leather, Judas Priest and Motorcycles. 'Ghost riders in your LAN' is a talk based around overclocking the wardriving game by introducing gasoline, angle grinders, cheap wifi gear and a build price smaller than your slightly more exorbitant weekend bender. This talk is a collaboration between and Stray Rats Custom Motorcycles. I will be covering the details of how to build a wifi-attack-cycle from ground up - from electronics and cheap-and-cheerful heads up displays to the bike modifications required to mount all the tech and look awesome while terrorizing your local neighborhood TP-LINKs. Ride the metal monster, breathing deauth and fire. Closing in with vengeance broadcasting high. This is the WifiKiller.
LocationSun 18 1345 @ The Opera House
Duration30 mins
NameDenis Andzakovic
OriginAuckland, NZ
BioDenis Andzakovic is a Security Consultant with, a security consultancy based in Auckland, Wellington and Singapore. He is also the founder of Stray Rats Custom Motorcycles, a small Auckland customs outfit specializing in violating bikes, old and new, in the best of ways.

TitleAbruptly Mangle the Web
AbstractUnsatisfied with current Web application mass-destruction tools, Thiebaud created a genuine(tm) nephew of Scapy for HTTP. Did you ever need to inject an xml-double_urlencoded-base64 payload in the middle of a cookie header to exploit an SQL injection? If so, you know that this can be a pain with existing tools and how "quickly" forge your own script might take longer than you thought. This talk will sum up the general state of web application pentest tools, their weaknesses and present Abrupt and how its design solves some of these issues. Finally, working, useful examples will be demonstrated on how to use it for your day job or your discreet night-time activities.
LocationSun 18 1415 @ The Opera House
Duration30 mins
NameThiébaud Weksteen
OriginMelbourne, Australia
BioThiébaud is a Security Consultant at Securus Global.

TitleThe Mysterious Case Of The Shrinking Pentest Toolkit
AbstractGordon Moore once said that "The complexity for minimum component costs has increased at a rate of roughly a factor of two per year..." We have no idea what that means, but since he said it we've noticed that computers keep getting smaller, faster and cheaper. Over the past few years, we've seen a lot of tiny, low power single board computers make their way into the hands of hobbyists - and hackers. Capable of running a mainstream OS and software - usually Linux - the potential for these devices as tools of hackery is wide and varied. Andrew will talk about some of things he's done with these diminutive devices, some of the commercially sold miniature hack tools, and will demo some of his own gadgets, including the OpenMoko FreeRunner, BeagleBoard and the recently famous Raspberry Pi.
LocationSun 18 1445 @ The Opera House
Duration30 mins
NameAndrew "lizardb0y" Stephen
OriginWellington, NZ
BioAndrew is a corporate security sellout by day, but by night he tinkers with gadgets, collects early home computers and watches a bit of telly. Having programmed his first computer at age 9 he abandoned programming in his early 20's to become a network monkey and Unix Sysadmin. Mainly because, as a programmer, he was actually supposed to deliver something. For the past decade and a bit Andrew's been pretending to specialise in information security, a pretence he's maintained by working as a security architect, studying security, and speaking publically about business security issues. His greatest wish is to con somebody else into paying his mortgage while he dons argyle sweater, horn-rimmed glasses and quietly curates a museum of computing history.

Titlein2securITy - What we did last year and other mad ideas <strike>for world domination</strike>
AbstractTwelve months ago, Brett Moore lamented future of NZ security. "Oh where is the next generation" he cried (well he asked in his serious voice while drinking beer). Eleven months and three weeks ago, beer was consumed, the future discussed and ideas were laughed at. Eleven months, two weeks and six days ago, hangovers were nursed, realisations occurred and planning began. One website, 40 articles, 5 writers, 185 members, 18 mentoring pairs, 15 + videos and a 200 person national tour later... and we may have created something a little bit special. In this talk, Laura will showcase what in2securITy is, why it exists and what it has acheived in the past 12 months. If that isn't enough, she will also share the vision of in2securITy in the 12 months to come, what we will achieve for NZ, what we need to get there and why you won't want to miss a second of it.
LocationSun 18 1515 @ The Opera House
Duration15 mins
NameLaura "ladynerd" Bell
OriginAuckland, NZ
Bio"A shy and retiring wall flower..." is one of the many phrases that have never been used to describe Laura. Since moving to NZ in 2011, she founded and runs in2securITy as well as working as a security consultant for Lateral Security. She knows what free time and hobbies are, she read about them in a book somewhere. It had a lot of pictures.

TitleDo not ask for whom the panopticon watches, it watches for thee.
AbstractOur beloved government is continuing its mission to ensure that the internet is a wonderful fantasy land full of only nice things. An update on the government internet filter, where copyright law is going, the Law Commission's Digital Harms bill and the new internet censor, the Police's automated license plate recognition, website censorship and everything else that us paranoid types worry about.
LocationSun 18 1600 @ The Opera House
Duration15 mins
NameThomas Beagle
BioCo-founder of Tech Liberty ( Not registered with the NZKC.

TitleHacker History: Dmitry and the DMCA
AbstractLast year, one of the iPhone talks tabled the question "who's heard of Elcomsoft", and maybe 1/3rd of those present responded. Given Elcomsoft's prominent role in the trials and lamentations of Dmitry Skylarov at the conclusion of Defcon 9, and the subsequent furor in the hacker/code-is-speech crowd, it rather shocked me that few seemed to be aware of this. Main focus are the issues with Dmitry's arrest and the abuse of the DMCA by Adobe (will likely touch on the issues with the DMCA and code-as-speech assuming time permits, but it's not the primary issue).
LocationSun 18 1615 @ The Opera House
Duration15 mins
NameEd Hintz
OriginWellington, NZ
BioHung around since the days of Apple II, BBS's, telnet, and gopher. First gained NZ notoriety as "The tcpdump guy" at NZNOG 04. Was rather heavily involved from day 1 in the Free Dmitry movement at the time, and shared a few homebrews with Alex Katalov and Dmitry in celebration of his release from charges. Been there, done that, got the tshirt and photos.

TitleI Love You Sweet Leaf
Abstract"Straight people don't know, what you're about
They put you down and shut you out
You gave to me a new belief
And soon the world will love you sweet leaf"
LocationSun 18 1620 @ The Opera House
Duration15 mins
NameBodhi Sativa
OriginWainuiomata, NZ
BioIt is the year 1986 when Body Sativa pries open his third eye, and understands the cosmic interconnectedness of the world; an echo of the future, deep in the past.

TitleBit flipping, favicons, and what the hell is your browser actually doing?
AbstractThe results of analyzing a year of weblogs from several bitflipped versions of a popular .nz website and the subsequent investigation into what browsers will happily download without telling you. A few WTFs for sure
LocationSun 18 1635 @ The Opera House
Duration15 mins
NameBlair "trogs" Harrison
OriginWellington, NZ
BioTrogs is a shady-looking sysadmin from Wellington. Previously he has talked about that fibre optic stuff we all love, but he seems to have moved up the stack a bit this year. He will happily accept free beers.

AbstractThe OSINT OPSEC tool monitors multiple 21st Century OSINT sources (largely social media) real-time for keywords, then analyses the results, generates alerts, and maps trends of the data, finding all sorts of info people probably don't want others to see... The OSINT OPSEC tool can have many applications, ranging from checking if your employees and public servants know when to STFU, knowing within minutes when your latest customer DB has been dumped, to aggregating a whole heap of passports, credit cards, and residency permits... I'll be demonstrating the tool live and releasing it at the 'con.
LocationSun 18 1645 @ The Opera House
Duration15 mins
NameBrendan "hyprwired" J
OriginWellington, NZ
BioCurrently working in App Support/Systems Administration by day, amateur security enthusiast by night.

AbstractIn a world with firesheep, mitmproxy and sslstrip, does anything important still go over http? Well...
LocationSun 18 1700 @ The Opera House
Duration15 mins
NameKirk Jackson
OriginWellington, NZ
BioKirk Jackson is a security architect at Xero, makers of the world's easiest online accounting software. He has experience building and breaking large-scale web applications.

TitleDemonic Possession of Browsers. BeEF Issue #666
AbstractThe venerable internet browser has a mechanism for preventing its subversion by one domain of another. So called, Same Origin Policy. In this talk we'll explore situations where this mechanism breaks down. - Can an afflicted browser eviscerate your internal networks? - Can mobile apps become be turned, to ransack your cloud data?
LocationSun 18 1715 @ The Opera House
Duration15 mins
NameMike Haworth
OriginWellington, NZ
BioChief Information Exorcist for Aura