WAHCKon Perth 2014
Perth's First Hacker Con
[ home ] || [ sponsors ] || [ cfp ] || [ schedule ]
[ talks ] || [ speakers ] || [ venue ] || [ contact ]
[ BUY TICKETS ]
Database Breach Investigations
Databases store the digital "crown jewels" for most organisations and are high value targets yet many wouldn't know if they've been breached or not. Where would you look? How would you look? What are the indicators of compromise? This talk will answer these questions and provide direction on processes and procedures for database breach investigations and document the undocumented.
Analysing Pager Messages for Fun and Profit
What started out as an introductory foray into RF has turned into a research project analysing some of the messages still flying through the air on the ol' pager networks. This talk will look at historically well-known issues with the design and implementation of paging networks as well as current issues in terms of information disclosure and social engineering attack vectors.
Detecting TOR Traffic Through Handshake Analysis
Exploring the possibility of detecting Tor within network traffic, through the analysis of handshakes.
Shooting Clay Pidgins
Instant Messaging and communicating on the internet is a lot different in 2014 as it's dominated by large platforms such as Facebook and Google. It's important for there to be mature end-to-end IM clients supporting encryption that are also implemented safely to not risk the integrity of your end-point. This presentation will look at the security maturity and threat landscape for some of the most popular IM clients available at the moment.
Bitcoin: Or how I almost starved to death
How I plan to be a crazy person while using bitcoin So after the large amounts of news from 2013 about bitcoin, basically everyone knows about it... right? NO. IT APPEARS NOT. To resolve this, I have started on a crazy endeavour, which is to live off bitcoin for a month. Now as I live in the sticks in Wellington, NZ, basically no-one accepts it currently. My mission, whether I choose it or not, is to advocate merchants to start accepting. I will target the necessities:
rent (my landlord is nice..), expenses (I already pay net with it!), food (well, gotta eat right?), gas (to drive everywhere), water (ahem, beer).
This talk will go through the process of doing all this, and how far I have achieved.
Two Steps Forward, One Step Back (On the Difficulty of Validating your Legitimacy as a Browser Extension and other Browser Break-dancing)
Playing around with Raspberry Pi Projects
Paul will be talking about a bunch of weird and wahcky embedded projects.
Bending the Light, Optical Trickery in the 21st Century
Delving into layer 2 and below, this talk explains a bit about how those bits of glass that connect our offices and homes
to the world actually work, what you should be worried about, and how you can protect yourself.
Don't worry, it's easy to follow, and might help you make sense of all that NSA Snowden PRISM etc hoo ha.
Originally this talk was given at Kiwicon 4 in 2010 but I'll give it a bit of polish for the Wahckon audience.
Microsoft Kinect - From Hax to Official Encouragement
After its release in 2010, hackers managed to hook up the Kinect hardware designed for Xbox 360 to a standard PC to interact with it. After seeing this success, Microsoft released an official SDK in 2011 and improved hardware designed for commercial use in 2012. A growing library of official sample applications has followed this progression and a new model is just on the horizon. This talk will focus on my experience as a developer for this platform as it has evolved out of an open source hacker community into the mainstream.
Sorry about my sexist robot, and how to get frisked at the airport (image recognition and biometrics)
An introduction into the world of image and signal processing within biometrics, and a fascinating battle with a sexist camera. This talk addresses some of the current philosophical as well as technical challenges in creating a camera that knows who you are.
Exploiting the User Vulnerability
This topic explores how the individuals within the business are the threat to security. This includes insider threat, lack of knowledge and training initiatives.
Threat Landscape Review 2014
In this talk Palo Alto Networks will discuss our annual threat landscape review released April 2014
* What types of threats we are seeing across our 16,000 customers networks ?
* What are the applications we see are most commonly used to mask malware and its associated traffic?
No suit, no tools, no budget, no worries.
In similar vain to "hacking naked", naked forensics will cover practical ways to use tools available on any computer to achieve similar outcomes to those that typically require expensive toolkits and forensic labs.
For Windows machines, I will look at ways to use Robocopy (the most badass Windows utility in the world), the Event Viewer, MSConfig, internal metadata and Registry viewer to extract evidence. I will also look at zero dollar forensic imaging tools that are portable (like FTK Imager Lite)
For Unix/Linux based machines, I will look at DD and its forensic variants, dcfldd and dc3dd.
If time permits, I will also look at the viability of doing warm boot and cold boot attacks to acquire RAM, using only things that are available to a home user.
I may also rage about the lack of jailbreaks for the new iPhones, which prevents even experienced investigators with the most expensive tools available from taking physical images of them.
What do we do about a problem like Certificate Authorities?
A summary of the problems with the current certificate authority system, from well known problems like subversion by authorities, and hacking of CAs, to endemic problems with the infrastructure that supports it (such as why most browser warnings do more harm than good), to upcoming problems such as name collision with new TLDs, followed by a survey of the known attempts to find a solution, and an attempt to show which ones need and deserve our support.
How I owned Microsoft and why they claim the vulnerability is a feature, not a flaw
Web based email systems may be a source of pristine digital evidence because of the perceived difficulty of client tampering with messages stored inside the email account. I demonstrate that such assumption is wrong in the case of Windows Live Hotmail. Windows Live Mail synchronises messages on client-side computers with the Hotmail server, benefiting users wishing to synchronise their email accounts and personal devices. However, this synchronisation opens an exploit for wrongdoers to tamper with existing email messages and attachments as well as facilitating the insertion of fabricated messages. The exploit process enables persistent storage of tampered and fabricated messages on the Hotmail server. The exploitation favours both account owners and wrongdoers who gain unauthorised access of others’ accounts. Even if tampering were suspected, we anticipate some difficulties in validating messages to determine their reliability and relevance. We predict, with trepidation, that the exploit process will become commonplace and pose greater challenges to the cyber forensics examiner and legal practitioner during investigations and legal proceedings. Regrettably, the exploit complements the existing arsenal of tools for email forgery. More ominously, it provides opportunity for traceless injection of illicit material/malware onto any machine synchronised with the Hotmail account. Furthermore, the exploit works similarly for Google’s Gmail, Yahoo mail and Bigpond email systems. When Microsoft was contacted with the results of the vulnerability discovery, the response was a virtual shrug of the shoulders......shudder
Manipulating Human Minds: The Psychological side of Social Engineering
Since security is based on trust in authenticity as well as trust in protection, the weakest link in the security chain is often between the keyboard and chair - we have a natural human willingness to accept someone at his or her word. This talk will focus on the psychological and physical involvement of social engineering, and look at manipulation and the social influencing techniques that are able to exploit the behaviour of others - the dangerous, often overlooked aspects of social engineering. It will examine underhanded, deceptive and abusive tactics which can convince people to perform actions or divulge confidential information.
Discovering your Network
In order to secure your network, you need to know what’s actually there. Right now. You need to know when things change as soon as possible. You also know the documentation is incomplete (at best). We need a system that can discover what’s out there and report back. Configuration management? DevOps? That’s the top down. What about the bottom up? There’s information on your network no-one is paying heed to: ARP and LLDP. There’s an open source project looking at acquiring this data and making it available... massively scalable discovery with low overhead, low traffic.
Human Interfaces for Geeks
As technical professionals we excel at understanding protocols, standards, file-formats, and APIs. Whenever there is a doubt as to the correct way to do things, one merely needs to read the fine manual or source code.
Unfortunately the reference manual for humans was lost a long time ago, and the source code is poorly documented. We've been struggling with inter-human communication ever since.
Paul Fenwick will present his findings at reverse-engineering the human communication protocol.
[ facebook ] || [ twitter ] || [ email ] || [ 2013 site ]