/###           /        ###       /                   
 /  ############/          ###    #/                    
/     #########             ##    ##                    
#     /  #                  ##    ##                    
 ##  /  ##                  ##    ##                    
    /  ###          /###    ##    ##  /##       /###    
   ##   ##         / ###  / ##    ## / ###     / #### / 
   ##   ##        /   ###/  ##    ##/   /     ##  ###/  
   ##   ##       ##    ##   ##    ##   /     ####       
   ##   ##       ##    ##   ##    ##  /        ###      
    ##  ##       ##    ##   ##    ## ##          ###    
     ## #      / ##    ##   ##    ######           ###  
      ###     /  ##    /#   ##    ##  ###     /###  ##  
       ######/    ####/ ##  ### / ##   ### / / #### /   
         ###       ###   ##  ##/   ##   ##/     ###/    
                                                        



[ Main ] [ CFP ] [ FAQ ] [ Tickets ] [ Venue ] [ About ]

[ T-Shirts ] [ Speakers ] [ Talks ] [ Sponsors ] [ Prog ]




A Small Chain of Security Bugs Gone Astray (AKA why XSS can be worse 
than you think)
~~~~~
Hugh Davenport
~~~~~
Security bugs can range in damage from small stuff, all the way to big stuff.
Some people only focus on the large stuff, and the smaller stuff can go
unnoticed. This talk will give a real world example of a project that had a
small bug, that allowed a larger bug to happen, which allowed a larger bug,
which ... BAM ... shell Speaker Origin: New Zealand Bio: Studied at Victoria
University of Wellington, graduating with a ME in Software Engineering this May.
Worked for a year and a half at a Wellington software development company, and
was involved on the security team of a small open source project. Recently moved
to a Wellington security consultant firm.



Team Farmtress 2: Farming for Profit in Valve's War-Themed Hat Simulator
~~~~~
Dr Greg Baatard
~~~~~
Online FPS Team Fortress 2 has a sprawling economy that's every bit as intricate
as the game itself.  This talk dives into the process of setting up multiple
game accounts to generate resources which can be turned into profit.



Lockin and Poppin
~~~~~
Brian Tisdale
~~~~~
Come and learn the theory of poppin locks, looking at interesting locks. Also:
locks.



Understanding the Human Body in Order to Break it
An Introduction to Brazilian Jiu-Jitsu Fundamentals.
~~~~~
Matt Lambie
~~~~~
Brazilian jiu jitsu shot to the top of the martial arts stack when Royce Gracie
showed grappling's dominance in the very first UFCs. In the 20 years since those
first events, submission grappling has continued to grow and develop and remains
the best foundation for a legitimate self defence platform. Known as "the gentle
art", jiu jitsu is appealing to those who value the application of movement,
technique, resilience and intelligence over sheer size and brute strength.



Anonymous Post-Compromise Control via Tor Hidden Services
~~~~~
David Taylor
~~~~~
This talk covers how a compromised system can be controlled via the Tor network,
providing the aggressor with anonymity, as well as a flexible and useful (albeit
slow) control channel.



Hardware hacking and stretching the Parrot ARDrone platform to the limit
~~~~~
Chris Courtis, James McCutcheon, Grant Boxall and Jacob King
~~~~~
A discussion on the state of Autonomous UAV robotics with reference to the
Parrot ARDrone and how far the platform can be pushed using hardware hacking.



Digital Forensics Awareness Week (why it should be a thing) 
~~~~~
Chris Courtis and Lex Burke
~~~~~
Part 1: A presentation from the Ersnt and Young Digital Forensics team on what
the discipline of Digital Forensics is and how it relates to Information
Security Practitioners. It gives special emphasis to why every single person in
the Information Security field should have an awareness of Digital Forensics and
when it is used.

Part 2: A discussion about some of the common misconceptions in comparative
image anaylsis, image fakery (its not as effective as you think), and how image
forensics can be applied to digital forensic problem solving. (Also a furious
endorsement of CSI:Miami and why the forensics field is both seriously over-
estimated by criminals and under-estimated by the general public)



Watering Hole Exploitation
~~~~~
Jody Melbourne
~~~~~
This talk will discuss the rise in use of watering hole attacks by (allegedly)
state actors, and the various ways this technique can be tweaked by blackhats.
Also discussed will be methods to simulate an attack against a hardened target
site using whitebox client-side penetration testing.



Privacy & The Big Brothers
~~~~~
Chris Hanratty
~~~~~
Information about us all is being harvested, crunched, created, bought, sold 
and used in many ways.  By whom, and for what ends?  Yesterday, today and most
importantly, tomorrow.  Was Orwell right, do we now live in the era of the big
brother?



ICANN & the DNS Root
~~~~~
Dave Cake
~~~~~
A brief overview of what ICANN is, the ICANN DNS policy process, coming changes
to the domain name system including many new top level domains, some security 
challenges from new top level domains, and a brief explanation of why it is 
really difficult to DDOS the DNS root servers. 



DIY b0tn3t with a Student Budget
~~~~~
pi3ch
~~~~~
The presenter's research experiment to host, command and control a botCloud



Urban Surveying, Exploring and Adventuring
~~~~~
Wez
~~~~~
What are the different reasons behind Urban Exploring? Wes will talk about
the challenge levels for exploration, the risks, security involved and will
show us some neat pictures.


The Dark Side of Social Media - Dual Use Platforms
~~~~~
Dr Simon O'Rouke
~~~~~
This talk will discuss some of the dual uses for data uploaded into social media
platforms. It covers that volume of private and compromising data including
private photographs, comments and financial details that people showcase on
their profiles. This can include specific biometric data from photographs and
their movement history from geotagging. Emergent 'Extreme Analytics' data mining
interfaces are enabling those using them to predict future movements and
patterns for individuals. The line between 'open source' and expectation of
privacy will be discussed and differing viewpoints discussed. This discussion
will also include a Wikileaks release in which metadata identifying sources was
not not removed prior to public release, raising significant ethical and moral
questions for the whistle blowing website.



Phreaking in a post copper world, a discussion on VoIP hacking and fraud.
~~~~~
Kai
~~~~~
Computer Hacking/Cracking has traditionally been viewed as a methodology for
gaining access to equipment and information. But what about when it's used as
access to resources worth millions of dollars?

VoIP is increasingly becoming the de-facto methodology for both private and
business communication around the globe. With the migration to VoIP we expose
all the vulnerabilities of the traditional telephony system without any of the
protections afforded by dedicated circuits and copper lines. This talk focuses
on the current state of VoIP hacking and Fraud worldwide and discusses some of
the more common methodologies utilised in exploiting VoIP vulnerabilities.



The Role of Hackers and the Internet in Campaigns for Social Justice and Change
~~~~~
Peter Dreisiger
~~~~~
Over the past decade, Internet-based systems have played an increasingly
important role in humanitarian, social justice and political campaigns. Social
networking and self check-in systems have allowed authorities, NGOs and members
of the public to track and respond to outbreaks of disease and violence in near
real-time. Sites like Twitter, Facebook and YouTube have also helped large
groups of people self-organise protests, and provide running updates of events
independently of the mainstream media. However, it seems less common for
Internet-based systems to be used to collate documentary evidence over longer
periods of time, to share skills, or to provide otherwise independent groups
with a shared form of organisational memory. While some of this is, undoubtedly,
due to concerns about privacy and confidentiality, the lack of suitable
frameworks and infrastructure is another factor — as is, perhaps, the lack of a
deeper collaboration between activists and hackers.

In this presentation, we will look at several types of reporting and aggregation
systems, and describe how open source software could make a significant
difference in the areas of information gathering and community coordination. We
will also discuss some of the ways in which open source developers and hackers
could work more closely with activists and advocacy groups — both day-to-day,
and on more strategic projects — and how a better understanding of technology
could encourage campaigners to use these tools more effectively and powerfully.


WithIn The Groove: How To Be A Dick To Your Arcade
~~~~~
Cameron Ball
~~~~~
Signing and running custom Lua code on an ITG arcade machine to get free 
credits and other junk. YEAAAAAAH



Cyberwar and the Real World
~~~~~
Sheldon Gill
~~~~~
There has been talk about cyberwarfare and the potential for digital conflict 
for decades now. What isn't so obvious to many is that it began years ago. 
In this talk I look at StuxNet, its history and what that can tell us. I'll 
touch on the current political landscape, including White House policy and 
other issues. The publicity of this has brought attention to our SCADA and 
other industrial control systems. We'll look at how such systems are 
constructed, run and the numerous vulnerabilities there-in. You might get an 
insight into why Obama is escalating the issue of "cyber-terrorism"




Diversity in Hacking
~~~~~
Steph and Kai
~~~~~
Steph and Kai will talk about some of the issues faced in the hacking scene
and culture in regards to diversity.