/### / ### / / ############/ ### #/ / ######### ## ## # / # ## ## ## / ## ## ## / ### /### ## ## /## /### ## ## / ### / ## ## / ### / #### / ## ## / ###/ ## ##/ / ## ###/ ## ## ## ## ## ## / #### ## ## ## ## ## ## / ### ## ## ## ## ## ## ## ### ## # / ## ## ## ###### ### ### / ## /# ## ## ### /### ## ######/ ####/ ## ### / ## ### / / #### / ### ### ## ##/ ## ##/ ###/ [ Main ] [ CFP ] [ FAQ ] [ Tickets ] [ Venue ] [ About ] [ T-Shirts ] [ Speakers ] [ Talks ] [ Sponsors ] [ Prog ] A Small Chain of Security Bugs Gone Astray (AKA why XSS can be worse than you think) ~~~~~ Hugh Davenport ~~~~~ Security bugs can range in damage from small stuff, all the way to big stuff. Some people only focus on the large stuff, and the smaller stuff can go unnoticed. This talk will give a real world example of a project that had a small bug, that allowed a larger bug to happen, which allowed a larger bug, which ... BAM ... shell Speaker Origin: New Zealand Bio: Studied at Victoria University of Wellington, graduating with a ME in Software Engineering this May. Worked for a year and a half at a Wellington software development company, and was involved on the security team of a small open source project. Recently moved to a Wellington security consultant firm. Team Farmtress 2: Farming for Profit in Valve's War-Themed Hat Simulator ~~~~~ Dr Greg Baatard ~~~~~ Online FPS Team Fortress 2 has a sprawling economy that's every bit as intricate as the game itself. This talk dives into the process of setting up multiple game accounts to generate resources which can be turned into profit. Lockin and Poppin ~~~~~ Brian Tisdale ~~~~~ Come and learn the theory of poppin locks, looking at interesting locks. Also: locks. Understanding the Human Body in Order to Break it An Introduction to Brazilian Jiu-Jitsu Fundamentals. ~~~~~ Matt Lambie ~~~~~ Brazilian jiu jitsu shot to the top of the martial arts stack when Royce Gracie showed grappling's dominance in the very first UFCs. In the 20 years since those first events, submission grappling has continued to grow and develop and remains the best foundation for a legitimate self defence platform. Known as "the gentle art", jiu jitsu is appealing to those who value the application of movement, technique, resilience and intelligence over sheer size and brute strength. Anonymous Post-Compromise Control via Tor Hidden Services ~~~~~ David Taylor ~~~~~ This talk covers how a compromised system can be controlled via the Tor network, providing the aggressor with anonymity, as well as a flexible and useful (albeit slow) control channel. Hardware hacking and stretching the Parrot ARDrone platform to the limit ~~~~~ Chris Courtis, James McCutcheon, Grant Boxall and Jacob King ~~~~~ A discussion on the state of Autonomous UAV robotics with reference to the Parrot ARDrone and how far the platform can be pushed using hardware hacking. Digital Forensics Awareness Week (why it should be a thing) ~~~~~ Chris Courtis and Lex Burke ~~~~~ Part 1: A presentation from the Ersnt and Young Digital Forensics team on what the discipline of Digital Forensics is and how it relates to Information Security Practitioners. It gives special emphasis to why every single person in the Information Security field should have an awareness of Digital Forensics and when it is used. Part 2: A discussion about some of the common misconceptions in comparative image anaylsis, image fakery (its not as effective as you think), and how image forensics can be applied to digital forensic problem solving. (Also a furious endorsement of CSI:Miami and why the forensics field is both seriously over- estimated by criminals and under-estimated by the general public) Watering Hole Exploitation ~~~~~ Jody Melbourne ~~~~~ This talk will discuss the rise in use of watering hole attacks by (allegedly) state actors, and the various ways this technique can be tweaked by blackhats. Also discussed will be methods to simulate an attack against a hardened target site using whitebox client-side penetration testing. Privacy & The Big Brothers ~~~~~ Chris Hanratty ~~~~~ Information about us all is being harvested, crunched, created, bought, sold and used in many ways. By whom, and for what ends? Yesterday, today and most importantly, tomorrow. Was Orwell right, do we now live in the era of the big brother? ICANN & the DNS Root ~~~~~ Dave Cake ~~~~~ A brief overview of what ICANN is, the ICANN DNS policy process, coming changes to the domain name system including many new top level domains, some security challenges from new top level domains, and a brief explanation of why it is really difficult to DDOS the DNS root servers. DIY b0tn3t with a Student Budget ~~~~~ pi3ch ~~~~~ The presenter's research experiment to host, command and control a botCloud Urban Surveying, Exploring and Adventuring ~~~~~ Wez ~~~~~ What are the different reasons behind Urban Exploring? Wes will talk about the challenge levels for exploration, the risks, security involved and will show us some neat pictures. The Dark Side of Social Media - Dual Use Platforms ~~~~~ Dr Simon O'Rouke ~~~~~ This talk will discuss some of the dual uses for data uploaded into social media platforms. It covers that volume of private and compromising data including private photographs, comments and financial details that people showcase on their profiles. This can include specific biometric data from photographs and their movement history from geotagging. Emergent 'Extreme Analytics' data mining interfaces are enabling those using them to predict future movements and patterns for individuals. The line between 'open source' and expectation of privacy will be discussed and differing viewpoints discussed. This discussion will also include a Wikileaks release in which metadata identifying sources was not not removed prior to public release, raising significant ethical and moral questions for the whistle blowing website. Phreaking in a post copper world, a discussion on VoIP hacking and fraud. ~~~~~ Kai ~~~~~ Computer Hacking/Cracking has traditionally been viewed as a methodology for gaining access to equipment and information. But what about when it's used as access to resources worth millions of dollars? VoIP is increasingly becoming the de-facto methodology for both private and business communication around the globe. With the migration to VoIP we expose all the vulnerabilities of the traditional telephony system without any of the protections afforded by dedicated circuits and copper lines. This talk focuses on the current state of VoIP hacking and Fraud worldwide and discusses some of the more common methodologies utilised in exploiting VoIP vulnerabilities. The Role of Hackers and the Internet in Campaigns for Social Justice and Change ~~~~~ Peter Dreisiger ~~~~~ Over the past decade, Internet-based systems have played an increasingly important role in humanitarian, social justice and political campaigns. Social networking and self check-in systems have allowed authorities, NGOs and members of the public to track and respond to outbreaks of disease and violence in near real-time. Sites like Twitter, Facebook and YouTube have also helped large groups of people self-organise protests, and provide running updates of events independently of the mainstream media. However, it seems less common for Internet-based systems to be used to collate documentary evidence over longer periods of time, to share skills, or to provide otherwise independent groups with a shared form of organisational memory. While some of this is, undoubtedly, due to concerns about privacy and confidentiality, the lack of suitable frameworks and infrastructure is another factor — as is, perhaps, the lack of a deeper collaboration between activists and hackers. In this presentation, we will look at several types of reporting and aggregation systems, and describe how open source software could make a significant difference in the areas of information gathering and community coordination. We will also discuss some of the ways in which open source developers and hackers could work more closely with activists and advocacy groups — both day-to-day, and on more strategic projects — and how a better understanding of technology could encourage campaigners to use these tools more effectively and powerfully. WithIn The Groove: How To Be A Dick To Your Arcade ~~~~~ Cameron Ball ~~~~~ Signing and running custom Lua code on an ITG arcade machine to get free credits and other junk. YEAAAAAAH Cyberwar and the Real World ~~~~~ Sheldon Gill ~~~~~ There has been talk about cyberwarfare and the potential for digital conflict for decades now. What isn't so obvious to many is that it began years ago. In this talk I look at StuxNet, its history and what that can tell us. I'll touch on the current political landscape, including White House policy and other issues. The publicity of this has brought attention to our SCADA and other industrial control systems. We'll look at how such systems are constructed, run and the numerous vulnerabilities there-in. You might get an insight into why Obama is escalating the issue of "cyber-terrorism" Diversity in Hacking ~~~~~ Steph and Kai ~~~~~ Steph and Kai will talk about some of the issues faced in the hacking scene and culture in regards to diversity.