• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Stop wasting time looking for files and revisions. Connect your Gmail, DriveDropbox, and Slack accounts and in less than 2 minutes, Dokkio will automatically organize all your file attachments. Learn more and claim your free account.

View
 

BSides Australia

SecurityBsides Australia 

 

When:      Tuesday, 15th of May 2012

Where:     Gold Coast, Queensland at the AusCERT Conference

Time:       6:30-8:30pm

Cost:        Free for folks attending AusCERT like last year

 

Venue:      Gardenia Room, Royal Pines

http://maps.google.com.au/maps?f=q&source=s_q&hl=en&geocode=&q=royal+pines+resort,+gold+coast&aq=&sll=-25.335448,135.745076&sspn=45.660664,80.068359&ie=UTF8&hq=royal+pines+resort,&hnear=Gold+Coast+Queensland&ll=-27.998873,153.399525&spn=0.042591,0.078192&z=14&iwloc=A

 

Schedule - Tuesday, 15/5/2012

 

6:oopm     AusCERT welcome cocktails kicks off.

Direct link to the AusCERT 2012 schedule is here FYI sports fans:

http://conference.auscert.org.au/conf2012/program_main.html

 

Time Presenter 

Topic 

6:30pm 

Marc Bown

Trustwave SpiderLabs APAC

Paper Title:

Sharing the Love: Forensics in Shared Hosting Environments

 

Today, everyone who is anyone has a website.  Many of these sites are located on cheap, shared hosting space.  A single shared hosting server can be host to thousands of websites.  On a single server there can be sites hosting pictures of kittens with witty captions, e-commerce sites that collect payment card information and sites dedicated to plans to take over the world.

 

It turns out that when a company's web hosting budget is just cents per day, their security budget if often even smaller.  As a result, compromises of these shared hosting environments is not uncommon.  For forensic investigators though, these shared hosting environments are pretty unfriendly places.

 

For one thing, you're very unlikely to be able to get a full disk image of that compromised server.  Even the dodgiest of hosting providers will usually see the privacy implications of giving you access to more than one of their customers' details.

 

For another – many of the artefacts you are used to relying on (e.g. Web access logs) are completely missing in these low cost environments.  Logging = disk space = money, so they are kept for the minimum period possible.

 

In this talk I'll cover my experience working in shared hosting environments.  I'll talk about how to acquire evidence from these environments, when kicking down the door and physically taking the server isn't an option.  I'll detail some of the evidence sources I've discovered to be useful in recent investigations, as well as how to analyse them.

 

I'll also be running through the most common attack vectors that I have seen and showing you how to detect them quickly and easily.

 
7:00pm 

Graeme "wily" Bell

Assurance 

Title:

Doctor Strangelock ...or: How I learned to stop worrying and love the key.


Wily Kubrick discusses the arms race that is physical security. Through an analysis of patents from 1865 to the present day, some very cool -- and ridiculous -- lock security features are discussed. If you are yet to migrate to RFID implants to open your house, office and car, this talk may be of interest to you.

Presenter Bio:
Graeme "wily" Bell is a Senior Consultant with Assurance Pty Ltd, with a background in UNIX, network and infrastructure security. In his spare time Graeme enjoys photography and self-indulgent piano solos. He has presented at information security conferences and run lockpicking workshops. He once got caught in a set of (seized) handcuffs trying to show off to a pretty girl. 

7:30pm 

Loukas Kalenderidis

Assurance 

Title:

DE MYSTERIIS DOM JOBSIVS (EFI Threats to Mac OS X)

Abstract:

The EFI firmware used in Intel Macs and other modern systems presents some interesting possibilities for rootkit developers.

This presentation will provide a full account of how an EFI-­‐based rootkit might work. We will begin with some background on the EFI architecture -­‐ what it does, how it works, and how we can leverage EFI to inject code into the Mac OS X kernel or attack the user directly. We will then detail how a kernel payload might work, employing a number of rootkit techniques that can be used within the XNU kernel.

Finally, we will discuss the possibilities for rootkit persistence that are presented by EFI. This presentation will leave the audience with an understanding of the ways in which EFI can be used in a modern Mac OS X rootkit.

A portion of this material was previously presented at Ruxcon 2011 and Kiwicon V in 2011 (on kernel rootkit techniques) and SyScan 2012, however, the focus of this talk is on ongoing EFI research.

Presenter Bio:

Loukas Kalenderidis is Principal Consultant at Assurance Pty Ltd, a former software engineer, long time Mac fanboy, avid musician, and aficionado of the world's beers (all of them). Loukas has previously presented at Ruxcon, Kiwicon, SyScan 2012 and SAGE­‐AU events. 


 

 

 

Invite your friends by posting this hash tag on twitter: "#bsidesau" or follow @bsidesau  

 

 

Want to talk @ BSidesAU

 

Please submit your talk topic and the synopsis to [email protected]  Depending on the number of presentations submitted we are aiming for 30min presentations in length, but the aim is to try and fit folks in if we can.

 

BSidesAU General Information

 

The biggest Security conference in Australia each year is AusCERT and we love it so much we thought we'd try fit in some extra sessions for the folks who think that too much security is never enough!!!!

 

We have been given the support from the AusCERT organisers again this year to run BSidesAU again.  There is a change in the running schedule for AusCERT this year as you've all probably noticed and we are fitting in with this new format.  So BSidesAU will be run alongside the welcome cocktails event.  That's right sports fans BSidesAU + Cocktails == (can you dig it)

 

If your new to what Security BSides is all about, please check out http://www.securitybsides.com for further information about what BSides is all about.

 

 

Event Photo's

Looking for any volunteer's again to take some snaps an let us know where to get at them and we'll post those URL(s) back on this wiki.  Alternatively the @bsidesau or #bsidesau "twitter machine" should be able to get this done.

 

Venue Info

 

  • The room can seat about 25 and it'll be first come first seated on the day.  

 

Please let us know if you'd like to help out and/or sponsor in some small way.

 

Planners and talk submission reviewers (in no particular order)

 

  • Craig Lawson (@craiglawson)
  • Stephen MacDonald (@ozsmac)
  • Drazen Drazic (@DDrazic)
  • Clinton Smith
  • Neal Wise (@y011)

 

Comments (0)

You don't have permission to comment on this page.