Quick List


TitleSo Redacted Right Now
AbstractThis one time, [[ REDACTED ]] and I was all like [[ REDACTED ]]
LocationThu 10 0915 @ The St James Theatre
Duration15 mins
NameRear Admiral REDACTED
OriginCamp Obscurity, VIC, AU
BioI'm bad, I'm nationwide.

TitleThe Internet of Garbage Things
AbstractThe Internet of Things was obviously going to be an utter screaming disaster as companies who made shitty embedded devices decided to (a) put them on the internet and (b) put them inside your home. But (spoiler) it's actually pretty much worse than you might imagine. We'll go over a bunch of devices with a range of hilariously dreadful security flaws, ranging from baby monitors to coffee machines, and culminating in an attack that threatens the very core of the American Dream. Is US democracy itself put at risk by shoddy embedded development? Could cyberterrorists destroy what Americans hold most dear?
(Dear Department of Homeland Security: the above is hyperbole please don't seize us at the border)
LocationThu 10 0930 @ The St James Theatre
Duration15 mins
NameMatthew "mjg59" Garrett & Paul McMillan
OriginOakland, CA, Murica
BioMatthew Garrett cracked his Blu-ray player so he could watch a copy of Hackers from the wrong region. Now he's able to ssh into his light switches. He's a security developer at CoreOS, which still confuses him because all his actual qualifications are in fruitfly dissection.
Paul McMillan works on security for clouds and open source projects. When he's not breaking the internet at scale, he enjoys cocktails and photography.

TitleHack the AO: Cyber th***ht lea***ship on the battlefield
AbstractWhilst the marketeering of "military grade cyber technology" complete with flashing lights and complementing music videos takes place, anyone who has ever interacted in the defence space is left to ponder what the heck is going on. I figured it would be worthwhile to explore not only this concept of "Cyber" but perhaps to offer some of my own thoughts as to where its proponents need to be going.
LocationThu 10 0945 @ The St James Theatre
Duration30 mins
BioFaz is a hacker, consultant, boat person and nerd who has made the pilgrimage to Kiwicon since 2009.

TitleFear and Loathing on your Desk: BadUSB, and what you should do about it
AbstractFor over 15 years USB has been the universal computing peripheral interface. In simpler times the host computer and the USB device trusted each other, and so USB implementations historically placed little emphasis on security issues. But what if malicious firmware were loaded into a USB device? How can you protect yourself from BadUSB?
This talk will review public implementations of BadUSB, and (the distinct lack of) available defensive techniques. A hardware gadget will then be presented to make most of your problems...disappear. Along the way we will cover embedded ARM development toolchains, and there might even be a demo and/or actual hardware on show.
LocationThu 10 1015 @ The St James Theatre
Duration30 mins
NameRobert Fisk
OriginAuckland, NZ
BioRobert is an electronic engineer in Auckland, New Zealand. With an interest in defensive measures for targeted users, he has decided to stand up and use the Force for Good.

TitleStaying Anonymous Online with Containers
AbstractThe easiest way to deploy and run tor proxies, vpns, tor relays, etc in containers. With an extra highlight on a Native Docker plugin for Tor that will automatically route all container traffic through tor when a container is run with it. Basically remove all the pain of setting up and tearing down iptables rules, DNS routing etc.
LocationThu 10 1130 @ The St James Theatre
Duration30 mins
OriginSan Francisco, CA, Murica
BioType casted as the person who runs everything in containers including desktop apps. Docker maintainer. Tor fanatic. Has been described as a "Weird sunbeam of awesome".

TitleThe Password Hashing Competition
AbstractThe secure storage of passwords on servers has been a long-standing problem that rears its head again and again (coughAshley Madisoncough). In 2013 a group of security people lead by cryptographer Jean-Philippe Aumasson initiated the Password Hashing Competition (PHC), an attempt to design a new, state-of-the-art password-processing algorithm using the competitive process that gave us AES and SHA-3. This talk looks at the recently-completed PHC process, both from the technical side (it inspired enormous advances in the state of the art in password-processing design) as well as the ins and outs of running a competitive process to select an algorithm that has to withstand attack by CPUs, GPUs, FPGAs, and ASICs (think Bitcoin miners), not to mention a peanut gallery of geeks all over the world. The focus of the talk is more on the mechanisms of the selection process and the decisions and tradeoffs that were made than on the low-level technical details.
LocationThu 10 1200 @ The St James Theatre
Duration30 mins
NamePeter Gutmann
OriginAuckland, NZ
BioPeter Gutmann is a researcher in the Department of Computer Science at the University of Auckland working on design and analysis of cryptographic security architectures and security usability. He helped write the popular PGP encryption package, has authored a number of papers and RFC's on security and encryption, and is the author of the open source cryptlib security toolkit, "Cryptographic Security Architecture: Design and Verification" (Springer, 2003), and an upcoming book on security engineering. In his spare time he pokes holes in whatever security systems and mechanisms catch his attention and grumbles about the lack of consideration of human factors in designing security systems.

TitleMultipath Madness, MPTCP, and Beyond - feat HTTP evasive fragmentation
AbstractMultiPath TCP (MPTCP) is an extension to TCP that works over existing networks and improves networks perform better for end users.
It seems to unsettle network operators, and scare network security practitioners, but is fascinating to security people. When we discussed MPTCP's network security implications at Black Hat USA 2014 we found an annoying number of people thought that blocking MPTCP would keep the status quo.
They were wrong... While MPTCP uncovered some new techniques at filter and inspection evasion, what isn't so obvious is that related techniques have been possible for years - without using MPTCP.
In this talk, I briefly discuss MPTCP and its implications, and then discuss how to undertake similar attacks over HTTP by abusing HTTP range requests.
As well as introducing tools and techniques abusing HTTP range requests, we produce HTTP requests that end before they start and only truly start after they end.
LocationThu 10 1345 @ The St James Theatre
Duration30 mins
NameKate Pearce
OriginWellington, NZ
BioCatherine Pearce (@secvalve) is a Senior Security Consultant at Cisco. She refuses to specialize and as a result spends some time security testing, some time helping the builders, and sometime dreaming about breaking a better world.

TitleRed Teaming "Enemy of the State"
AbstractAs information security threats continue to grow in prevalence and sophistication, having a clear, holistic measure of your organization’s security measures is critical. Traditional security testing does not always accurately reflect the true tactics, tradecraft or simple pure grit and determination of your adversary. Red teaming is the process of viewing a problem from an adversary or competitor’s perspective. Using a range of structured creative and critical thinking techniques, a red team challenges assumptions and recognizes vulnerabilities from an outsider’s perspective in order to make an organization more effective and secure. Possibly the most sophisticated cyber actors are state-sponsored attackers. This presentation is about how to red team like a nation state by demonstrating the real threat from a state-sponsored attacker on high value target company. We will show that what makes state-sponsored actors so successful is their dedication to the reconnaissance and weaponization steps of the cyber kill chain. Red Team Alternate Reality Testing (ART) mimics these cyber kill chain steps in real-life threat scenarios to test all aspects of a company’s security “ technical, physical and social. Specifically we will show how state-sponsored attackers undertake reconnaissance, both online (OSINT) and physically (surveillance) on a company and its employees. We will then show how these attackers weaponize their reconnaissance to determine specific threat vectors: external threats, insider threat (and the threats nobody knows are there), in order to successfully compromise and command and control a target.
LocationThu 10 1415 @ The St James Theatre
Duration45 mins
BioWayne is an experienced security tester, having conducted security assessments for a range of leading Australian and international organisations. Wayne is one of Australia’s leading social engineering specialists, earning a perfect score at the 2010 Defcon Social Engineering Tournament. Wayne has unique expertise in Red Team Assessments, Physical Security and Social Media Security, and has presented to a number of organisations and government departments on the current and future state of the cyber security landscape in Australia and overseas.

TitlePractical SMEP Bypass Techniques on Linux
AbstractThe Linux kernel has always been an appealing target for exploit developers due to the exploitation complexity associated with user space processes (ASLR, NX, Canaries, Fortify, RELRO, etc.). Common ret2usr (return-to-user) attacks typically redirect kernel control flow to data residing in user space: a corrupted function or data structure pointer that triggers a privilege escalation payload in user space. These attacks were successful until around 2013 before the introduction of 3rd generation Intel Core processors (Ivy Bridge) with SMEP support. SMEP (Supervisor Mode Execution Protection) is a hardware feature that prevents attempts to execute code (at CPL = 0) residing in user space pages. This kernel-hardening approach is now widely adopted and effectively mitigates common exploitation patterns of kernel vulnerabilities.
This presentation introduces practical Linux SMEP bypasses involving in-kernel ROP and spraying techniques. We will demonstrate how to convert an existing exploit code to a fully weaponised SMEP-aware exploit. This talk will concentrate on a specific kernel vulnerability and OS version to demonstrate the bypass but the exploitation techniques presented are generic and can be applied to other Operating Systems that employ explicit sharing of the virtual address space among user processes and the kernel.
LocationThu 10 1500 @ The St James Theatre
Duration45 mins
NameVitaly Nikolenko
OriginSydney, Australia
BioVitaly is a security researcher specialising in malware analysis and exploit development. He has a solid academic background in programming languages, algorithms and cryptography. He is currently focused on Linux kernel exploitation techniques (SMEP/SMAP, ASLR bypasses) and the associated countermeasures. He currently works as a pentester and has performed countless penetration tests for large financial and governmental institutions.

TitleModern Corporate Wifi Rustling
AbstractCorporate wireless hacking is hardly the new frontier, but there's still root in them thar hills.
In this talk we'll discuss some common corporate wireless deployment antipatterns, with an in-depth focus on a particular weakness that is as common as cornbread. We'll go over some options for hornswoggling clients, some custom tooling for targeted attacks, as well as some rootin' tootin' mass pwnage.
LocationThu 10 1630 @ The St James Theatre
Duration30 mins
OriginAuckland, NZ
BioChris is a cyber-consultant for Insomnia Security, where he breaks other people's cyberstuff and writes cyber-reports about it. Previously a Linux sysadmin and polyglot developer, he now exacts his revenge on technologies that have wronged him.

TitleAdventures in glitching PIC microcontrollers to defeat firmware copy protection
AbstractGlitching is a non-invasive fault injection attack. For microcontrollers, the clock and the voltage are typical vectors for glitching. In some previous talks, I came across PIC microcontrollers that were found in home alarm systems and remote keyless entry keyfobs. These PICs had copy protection enabled. Defeating that copy protection and getting the code and data would be pretty useful . It would allow me to hunt for vulnerabilities in firmware. In this talk, I’ll document my approach and results having built a glitcher to attack these PIC microcontrollers. I tried clock glitching and voltage glitching using an FPGA coded with Verilog, a Pickit3 PIC programmer and custom electronics. I didn’t get a complete result, but so far I’ve been able to defeat the data protection. This gives me a first step into defeating the code protection. Who knows, maybe I’ll have a complete break come Kiwicon?
LocationThu 10 1700 @ The St James Theatre
Duration45 mins
NameSilvio Cesare
OriginCanberra, Australia
BioDr. Silvio Cesare is the Director of Anti-Malware Engineering at Qualys where he is commercialising his Ph.D. on malware detection and is an adjunct lecturer on Reverse Engineering Malware at the Australian Defence Force Academy (ADFA/UNSW). Silvio is also author of the book Software Similarity and Classification, published by Springer. He has worked in industry within Australia, France and the United States. This work includes time as the scanner architect of Qualys - now the world's largest vulnerability assessment company. He is currently studying part-time in a Master of Engineering (Digital Systems and Telecommunications) at the ANU. He hosts the popular panel discussion at Ruxcon and ran the Hardware Hacking Village this year. He is an organiser of Ruxmon, and lives in Canberra, Australia.

TitleThe Nihilist’s Guide to Wrecking Humans and Systems
AbstractThe fault of the computer system is that it can only follow instructions. The fault of the human is that it can only make judgement calls. When we think about this in relation to information security, it presents an interesting opportunity to destructively combine the two and use it for evil.
We often assume that out of all the elements within our organisations and systems, people are most likely to expose us to risk. People create technical systems and people man these systems. The problem? We almost always focus on human and technical threats as separate risks and don’t consider the harm that can be done when combined.
Together, we will explore how social engineering can be used in conjunction with technical attacks to create sophisticated and destructive attack chains, share some real world scenarios and talk about what we’re doing wrong to protect against these threats. We will show you how a seemingly innocent phone call can lead to complete internal network compromise, how a purposely bad phishing email can be utilised to your benefit, and how people are generally bad at trust and computers.
LocationThu 10 1745 @ The St James Theatre
Duration45 mins
NameChristina Camilleri (@0xkitty) and Shubs Shah (@infosec_au)
OriginSan Francisco, CA and Vancouver, BC
BioChristina and Shubs are two young hackers from Sydney, Australia. Now residing in San Francisco, CA and Vancouver, BC respectively, they found themselves working for the same company as security analysts - Bishop Fox, a cool security consulting firm.
Christina likes cats, breaking things and whisky.
Shubs likes cats, bug bounties and absinthe.

TitleSwinging From the Cyberlier: How to Hack Like Tomorrow Doesn't Exist Without Flying Sideways of Regulations
AbstractWe are at risk of entering the age of hacker prohibition, where only in an 0day speakeasy will you be able to speak freely of neat hacks. Belly up to the bar and drink in the knowledge of proposed cybersecurity regulations like the Wassenaar Arrangement that classifies "intrusion software technology" as an export-controlled dual-use cyberweapon of doom (PEW PEW!!). Stunt hackers both help and hurt the cause as they drive up vendor and consumer awareness of all the security problems they face when code is in cars and planes, but also drive a flailing legislative knee-jerk of proposed anti-hacking legislation - like putting on the One RingZero and attracting the mighty gaze of the Eye of Cyberlaw. Katie Moussouris will share insights from working closely with policy makers and human rights organizations from across the globe and explore changes to the regulations, how they affect security researchers, and what you can do about it. Bottoms up!
LocationFri 11 0915 @ The St James Theatre
Duration30 mins
NameKatie Moussouris
BioKatie Moussouris is the Chief Policy Officer for HackerOne, a platform provider for coordinated vulnerability response & structured bounty programs, though she is open to suggestions on how to make her title abbreviation C3PO because for once, these actually are the droids you're looking for.

She is a noted authority on vuln disclosure & advises lawmakers, customers, & researchers to legitimize & promote security research & help make the internet safer for everyone.

Katie fights for your right to party at ring zero, and get paid for it.

TitleBuilding the Internet of Wrongs
AbstractThe Internet of Things is an essential part of the modern cyberlifestyle, but for douchebag hipsters, there's a yet-to-be-overhyped cyber-top-knot-fedora-tastic term you've probably never heard of: The INTERNET OF WRONGS (IoW). IoW will change the way you antagonize people, forever, if not for at least the length of my talk.
In this talk I'll try to cover off 3 (time permitting) different IoW devices I have built and loved, using nothing more than off-the-shelf equipment and questionable life choices and show you, YES YOU (but possibly not you) how you can:
  • Passively aggressively disrupt Mac-loving douchebags who harp on about the amazing battery life of aforementioned Mac owning douchebags
  • Disrupt rich hipsters at independent festivals by stopping them from being able to share selfies online to show their friends they were there
  • Siphon off delicious sweet cyber data via dedicated mitm devices in a mostly difficult to detect manner.
If there's time and I've finished it by then, I'll also show my personal Schwiftifier(tm) that will allow you and others to get schwifty with no additional software*!
*Except for installing a signed driver on windows, but works without one on mac or linux. It's a legit driver, what's not to love?
LocationFri 11 0945 @ The St James Theatre
Duration45 mins
NameSteve Lord
OriginBasingrad, UK
BioI'm Steve (hello), I break things in my day job, build things in the evenings and co-founded 44CON (, the UK's most awesomest cyberdingling event. I like beer and ducks, OpenWRT and Arduino.

AbstractREDACTED talking about REDACTED things
LocationFri 11 1030 @ The St James Theatre
Duration15 mins

TitleFace Off - Hiding in plain sight
AbstractThe only way for mass surveillance to scale is through automated signal detection, indexing and annotation of raw surveillance data. Computer vision and machine learning algorithms today can do close to real-time face detection on a raspberry pi. As such, these techniques can economically be applied at scale for mass surveillance of public video feeds.

In our dystopic future of automatically flagging individuals of interest, such automated signal detection seems likely to become more common rather than less (at least in jurisdictions that devalue privacy relative to "national and economic security"). This talk will explore how face detection and recognition algorithms work, demonstrate what failure modes exist for common techniques, and how to exploit them.
LocationFri 11 1130 @ The St James Theatre
Duration30 mins
OriginWellington, NZ
Bioferrouswheel is a person of many hats. He started off building large-scale ecological simulations for his PhD, then got drawn into helping build a artificial general intelligence framework called OpenCog, this was later integrated with unscripted, next-generation AI computer game characters in Hong Kong.
More recently there was some entrepreneurial rah rah activity, returning to New Zealand, and building giant spinning death traps for the Wellington Lux light festival. Also some backend software development to pay the bills.

TitleThe New South Wales iVote System: Security Failures and Verification Flaws in a Live Online Election
AbstractIn the world's largest-ever deployment of online voting, the iVote Internet voting system was trusted for the return of 280,000 ballots in the 2015 state election in New South Wales. During the election, we performed an independent security analysis of parts of the live iVote system and uncovered severe vulnerabilities that could be leveraged to manipulate votes, violate ballot privacy, and subvert the verification mechanism. These vulnerabilities do not seem to have been detected by the election authorities before we disclosed them, despite a pre-election security review and despite the system having run in a live state election for five days. One vulnerability, the result of including analytics software from an insecure external server, exposed some votes to complete compromise of privacy and integrity. At least one parliamentary seat was decided by a margin much smaller than the number of votes taken while the system was vulnerable. We also found fundamental protocol flaws, including vote verification that was itself susceptible to manipulation. This incident underscores the difficulty of conducting secure elections online and carries lessons for voters, election officials, and the e-voting research community.
LocationFri 11 1200 @ The St James Theatre
Duration30 mins
NameVanessa Teague
OriginMelbourne, Australia
BioVanessa Teague is a Senior Lecturer in the Department of Computing and Information Systems at at The University of Melbourne. She did her Bachelor's Degree at The University of Melbourne and her Ph.D. in cryptography and game theory at Stanford University. Her main research interest is in electronic voting, with a focus on cryptographic schemes for end-to-end verifiable elections and a special interest in complex voting schemes such as STV. She was a major contributor to the Victorian Electoral Commission's end-to-end verifiable electronic voting project, the first of its kind to run at a state level anywhere in the world, joint work with Chris Culnane, Peter Ryan and Steve Schneider. She recently discovered, with Alex Halderman, serious security vulnerabilities in the NSW iVote Internet voting system. She is on the advisory board of Verified Voting and has been co-chair of the USENIX Electronic Voting Technologies Workshop and the International conference on E-voting and identity. She also spends a lot of time explaining to parliamentarians and electoral officials that requirements for transparency, privacy and verifiability apply to computerised voting too.

TitleAlarming your Neighbours
AbstractSoftware defined radio hardware and software has become cheap and easily accessible. If your neighbours are protecting their supplies of frozen mince and vegie pies, with an AS/NZS standards compliant wireless alarm system installation, a raid on these provisions is within the realm of possibility.
Techniques for interacting with these types of alarms are widely available online, but these only tend to be lab based techniques, with little discussion of, or translation into, what's needed for real world usage.

This briefing will outline the groundwork, utensils and mitigations required, to successfully zero in, identify, and meddle with your neighbours wireless alarm fortifications in the real world.

Special attention will be given to:
  • The Current Situation (equipment and techniques)
  • The Issues (identified during field testing)
  • The Proposed Actions (in the real world, for alarming your neighbours)

    Allergen warning: This briefing will contain traces of nutty code.
LocationFri 11 1345 @ The St James Theatre
Duration15 mins
OriginWellington, NZ
BioAfter being stationed at some electronic security outposts, bitrat was called into battle on another "everything is broken" technology front, where her special skills in digital-gaffer-tape-ry are well utilized. Note: bitrat cannot be found online as bitrat, for obscurity reasons.

TitleForging a New Identity AKA Begrudingly Embracing SEO
AbstractSo you've got something in your past you don't want everyone knowing about. Maybe you got caught with your hand stuck in a honeypot or your script kiddy past is catching up with you.

No matter your reason, creating a new identity is full of hidden gotchas. Google has the memory of an elephant and even if we're careful, ""big data"" analysis can deanonymise anyone but the most paranoid. We're going to explore some of the issues and mitigation techniques from a somewhat unusual angle: coming out as transgender.
LocationFri 11 1400 @ The St James Theatre
Duration15 mins
OriginWellington, NZ
BioMegan is an unreformed web developer and a level 9 skeleton warrior. When she isn't slaying injustices for trans people in New Zealand, she works as a senior Rails developer at an aptly named company called Rabid in Wellington. (She's actually really nice)

Title"Coin" up the Khyber
AbstractWe all love startups - especially ones that are tackling the serious problems like laundry and drinking cups. How about one that lets you ""clone"" your magstripe credit and debit cards onto one handy magstripe device? Sounds like an excellent idea!

So i'll be presenting a little application that'll let you load anyone's card onto this device, be it from your own wallet or from a dump from

I'll run through how it works and why this maybe should have been run past someone not from SF.
LocationFri 11 1415 @ The St James Theatre
Duration15 mins
NamePeter Fillmore
OriginMelbourne, Australia
BioPeter has presented at a lot of conferences on stuff like creating #1 hit records, stealing children's toys and stealing credit cards.

He can be found designing inappropriate PCBs, writing shoddy software that should never be put into production and ruining it for everybody.

TitleHilarious bullshit in Golang
AbstractGolang is a pretty cool language to write software in if you apply some self control, don't look too hard at things, and treat it like a less pisspoor python or rubby instead of a systems language. But what about the machinery that gets invoked to let you build your Webscale Brand? The userland language is ok, but what about it's std library, and it's compiler?

richo will take you on a tour of some of the more terrifying parts of Go's internals, rant about his feelings, and hopefully make you feel just a little bit less comfortable every time you touch or interact with a Go project.
LocationFri 11 1430 @ The St James Theatre
Duration15 mins
Namerichö butts
OriginSan Francisco, CA, Murica
BioHas often been asked "Hey, aren't you that guy Moxie?" only to reply, sadly "No".

TitleA Bitter Story of Aftermarket Vehicle Tracking & Control
AbstractIt's a dreary morning in the windy city with subpar transport from your location. You walk into the electronics store after purchasing your 3 owner Nissan Pulsar, they say money talks, but on your budget, maybe not so much.

You smile glumly to the 20-something university engineering student working part-time for a probably distant future in the same dead-end job. Something about ""GPS"" and ""Car Tracking"" you say to him, as if it's some alternative to the insurance you're going to get later anyway, or maybe it's just the personal paranoia of living in a lower-middle class suburb that you feel the need to abide to.

You arrive home with a suspiciously cheap looking device that you attempt to wire into your Pulsar to some success, letting you now track it's location on a website and turn off the starter motor at your will with a text message from your phone, and perhaps some other things too. ""Was it really worth the $200 you just spent?"", you think to yourself, vaguely recalling a drunken conversation at the pub, about how you could get the same thing off some online chinese store for a tenth of the price.

This story and it's many, many, similar counterparts, are part of something more sinister, and something much worse than the face value of the devices and services offered. Suffice to say, if you've fallen prey to one of these devices, you should attend this talk."

LocationFri 11 1445 @ The St James Theatre
Duration15 mins
NameLachlan (skooch) Temple
OriginWellington, NZ

TitleMetadata retention law and internet dating in Australia vs New Zealand
AbstractLife is hard for a security professional. The endless emails, the buzz of your devices alerting you to wily's latest tweet and the constant reminder that the only reason you go home is to water your tomatoes.

And now, its getting even harder. In this world of fancy technology, its hard to find someone to love, and its even harder when you have to be behind seven proxies :(

Let's talk about some of the changes in Australia, and look in envy at our cousins across the ocean who have the luxury of internet dating
LocationFri 11 1500 @ The St James Theatre
Duration15 mins
OriginPerth, Australia
BioAn Australian who grows more vegetables than one person can eat. Looking for someone to share in the Greek salad.

AbstractA tale of two cyber soldiers who made a joke over dinner and accidentally discovered a vulnerability better than they could ever have imagined. They will take you on a wild journey from XOR ciphers, to barcodes, and over engineered proof of concepts. Full of dead ends and bad decisions, be entertained by their first security adventure.
LocationFri 11 1515 @ The St James Theatre
Duration15 mins
NameJeremy and Ryan
OriginAuckland, NZ
BioJeremy and Ryan are cyber engineers who enjoy the renaissance of 1980s computing that is embedded development (4K of RAM is heaps, alright?). By day they build embedded hardware and software and dream of a day where C is a dead language and writing linker files is no longer a thing. By night, they sleep mostly, but occasionally find the time to build more embedded hardware and software.

TitlePractical PHP Object Injection
AbstractWhile many in infosec may have heard of object injection, not a lot of people have experience exploiting it. This talk will examine the state of PHP object injection in widely used PHP libraries at present; which libraries are vulnerable, and which libraries have useful classes that let you turn that unserialize() into remote code execution.

While not a new class of vulnerability, object injection is not covered anywhere near as much as typical web application vulnerability classes, but can have severe consequences when successfully exploited.

The talk will kick off with some background theory, and progress through the process of finding object injection, building weaponised POP chains, and utilizing those POP chains for successful object injection exploitation in some widely used PHP libraries today.
LocationFri 11 1615 @ The St James Theatre
Duration30 mins
OriginWellington, NZ
Biohyprwired (aka Brendan Jamieson) is a security consultant for Insomnia Security, based out of Wellington. He is active in the .nz infosec community, having spoken at Wellington's ISIG and been involved in previous Kiwicons; as a speaker, trainer, and event organiser [of last year's Hamiltr0n CTF (and this year's sequel)].

TitleThe Art of Fuzzing Without Fuzzing
AbstractPURSUANT TO: Cyber Munitions, Creation Of
KEYWORDS: Cyber; War; Cyberwar; Death, Merchants Of

With the growing popularity of usable guided fuzzing tools like AFL, it is time to revisit some old assumptions. Fuzzing researchers have always pointed out the importance of starting corpora, but exactly HOW important are they? We should be spending more of our time on corpus generation and less on fuzzing slow, annoying, GUI targets. But, just HOW GOOD can we make them? What if we didn't need to fuzz those annoying targets all? This is a summary of a few months research into Corpus Driven Fuzzing, or, as I like to call it, Fuzzing Without Fuzzing.
LocationFri 11 1645 @ The St James Theatre
Duration45 mins
NameBen Nagy
OriginAdelaide, Australia
BioTHIS SPACE INTENTIONALLY LEFT BLANK (for now, nagy. You'll keep)