Speaker: Noam Rathaus
Title: Why today's security researchers cannot just publish vulnerabilities
Description: In today's world there is a great difficulty for researchers to be researchers, during the lecture we will cover the problems faced by security researchers in getting their discoveries published and out there while not getting sued, getting paid and having fun out of the whole process. We will cover why there is a need in transparent vulnerability brokers and why bug bounties don't work.
Title: L2 Attacks against Virtual Devices
Description: The growth of datacentre consolidation and on-demand compute has shifted the direction of computer networks to virtualisation. With the increasing popularity of programmable networks such as Cisco ACI and VMware NSX and the industry-wide push towards network automation, we are seeing more and more networks pushed down towards the hypervisor and implemented as virtual switches. This talk investigates traditional network attacks done against network hardware and how they apply to the virtualised network successors. I will cover L2 ARP attacks, VLAN hopping and STP. I will also cover an introduction and preliminary investigation into the new protocols underlying SDN.
Title: How much will you give me for this talk?
Description: Anecdotes from a recovering pawn addict. C_Sto spent 5 years hustling suckers, in this talk you will find out how to hack some sweet prices; both when buying, and selling products at your friendly neighborhood converter of dollars.
Speaker: swarley and l0ss
Title: We still have no idea how to hack a Furby Connect
Description: On the morning of New Year’s Day 1965, children’s TV presenter Soupy Sales encouraged his young viewers to steal money from their sleeping parents wallets and mail it to him. Follow along as l0ss & swarlz try to figure out how to repeat the feat using this season’s hottest robotic annoyance, the Furby Connect. This hit toy offers fun-for-the-whole-family features like IN-APP-PURCHASES (TM), Bluetooth connectivity, LCD panel eyeballs, and a whole suite of invasive sensors to allow Hasbro to track your spawn as they grow into acceptable consumers. Also, Furby now comments on the pornography you’re watching on your iPad! ALSO HE NEVER SHUTS UP GODDAMN HE DOESN’T SHUT THE FUCK UP EVER.
Title: Satellites and the skies
Description: In this talk I will go into the basics of listening do satellites as well as low earth orbit Communications using off the shelf hardware such as realtek SDR dongles and low cost satellite antennas you should walk away with a basic understanding and know how to setup your own satellite receiving station and packet Decoder
Title: Hacking into the Holographic Reality
Description: Augmented reality has expanded from the realm of novelty with the release of consumer HUD devices such as HoloLens, and programming for them is surprisingly easy. Whether you're navigating a Unix system or contacting your only hope for a demolition project, the holograms of the future are here.
Speaker: Lilly Ryan
Title: Scientific Hooliganism
Description: "In 1903, Guglielmo Marconi prepared to unveil his world-first, long-distance wireless communication technology to the Royal Institution in London. He was looking forward to roaring success, scientific acclaim, and a string of wealthy new customers - but he didn’t count upon falling victim to the first hack in history.
This is a tale of business secrets, flame wars, stage magic, and magnificent sideburns, direct from the records of Edwardian England.
The talk highlights several of the lessons that the infosec community can still learn from the fateful events of 1903. Marconi’s tale is a master class in the worst ways to behave as a tech company, as well as being a delightful introduction to the art of vulnerability reporting."
Speaker: aaron & sudosammy
Title: Jabbing at the tubez
Description: Let's build and run security checks against lots of stuff! - services exposed, certificate strength, presence on threat and malware serving registers, breach registers etc. and see what the WA government looks like from the Internet. This is an OSINT talk for OSINT stuff.
Title: Onionland Explorers!
Description: "An introduction to Tor, an introduction to Onionland! We'll discuss the basics of how Tor works, attacks against it, how people have been caught while using Tor in the past, and how you might be able to use Tor to preserve your anonymity.
We'll cover some of the basic tools you might be touching, like Tails and Onionscan."
Title: A tribute to last years pulled talk
Description: "So, with about 10 minutes before I had to board a flight, I was given instructions to ""walk away"" or expect to get sued by an over zealous shitweasel for a vendor just for turning up.
I thought it would be a great idea to explain a bit of the what happened, display at least one screenshot of the affected product that I now have explicit permission to do so, and also talk through another instance where a vendor & their customers actually cared and pulled some critical infrastructure off the internet. "
Title: Don't forget to breath
Description: A short talk about how infosec industry is trying to stop you from being happy. During this talk I will try to play the devils advocate and tell you why a lot of stuff coming from infosec industry does not apply for your everyday user (or everyday usage). I will go even further and say that it is actively harming the users without any clear benefit.
Title: Human Polygraph
Description: Detect deception by identifying micro-expressions! Spot verbal and non-verbal cues of deception in body language! Accuse family and friends of being filthy liars based on how they blink! By the end of this talk you *will* understand how body language and micro-expressions can be used as a tool to help detect damn lies
Title: Chasing the dragon/bear/maths guys
Description: There is a lot of news and hype about the big APT attacks against large/well known targets and the damage they do. However, there is many more attacks against the little orgs that can provide valuable lessons and knowledge for companies here. Ray will go through a recent case and go through what they group did and how to defend/prepare yourself. The lessons learnt from this and other cases need to be applied by companies in Australia before they get hosed as badly as this org.
Title: From Chump to Trump: Privilege Escalation By Stealing Elect^H^H^H^H Domain Credentials
Description: A rapid-fire listing of (damn near) every way to steal domain credentials in Active Drectory so you too can fill that fatherly-approval shaped hole in your heart with the title of Presi^H^H^H^H^H Domain Admin.
Title: A simple story of BoxCryptor
Description: aquaman is back for the 0xVth year running speaking at WAHCKon. The talk will be about a proprietary file encryption overlay software called Boxcryptor. Version 1 of it was completely compatible with encfs (a linux fuse file system). Version 2 they suddenly swept a lot under the rugs and changed their system. It brings up the question, is it still secure? This talk will tell you all.
Title: See how you could lose control of your data with this one weird trick
Description: Computers trust other computers. But they probably shouldn't.
Title: Image Inception
Description: "Someone has inserted a fake photo of you on a computer but... unfortunately for them, you have a very particular set of skills. Skills acquired over a long career that make yourself a nightmare for people using Photoshop and copy paste. This talk covers the following steps:
1. Proving your innocence
2. Finding who framed you
The third step is probably illegal, so we won't talk about it here. "
Title: Wonderful world of p455w0rd cr4ck1n6
Description: "With the explosion in readily available computing power, serious password cracking efforts are now much more affordable and within reach of adversaries. Complex password policies have been developed in attempt to ensure passwords are harder to crack, but do they really address the issue?
In this presentation, we will explore the current techniques behind storing password hashes as well as how cracking these passwords may be possible on consumer hardware, or even outsourced to a cheap cloud server with access to a GPU.
We will discuss different attack methods and detail the budget an attacker would require to obtain access to the hardware required – often much cheaper than you think!
The presentation will include a live password cracking demo and a discussion on how to better store and select for more attack-resistance passwords.