CrikeyCon is a community-led conference targeting those with an interest in information security around South East Queensland and beyond.
The informal style of the event is designed to facilitate knowledge sharing between all participants. CrikeyCon consists of presentations and demonstrations by industry professionals, security wizards, and enthusiasts alike.
CrikeyCon is run on a costs recovery basis, with surplus funds donated to worthy registered charities in the greater Brisbane area.FAQ Code of Conduct
Embassy Craft Beer Bar, 214 Elizabeth St, Brisbane
The crikey crew present the opening and CTF starting.!
Public cloud, fundamentally changes the security equation for both attackers and defenders. Practically every piece of the cloud is instrumented, logged, and being analyzed at the network layer, host level, and everything in between – by default, all the time. For the attacker, there is no place to hide. One errant connection or detected compromise of a host anywhere in the cloud can quickly be blocked or inoculated throughout the rest of the cloud in seconds. For the defender, scale dictates that everything needs to be automated and exceptions may be manually handled once before being learned by an AI responder.
Catherine and Fiona are security newbies in the world of bleepbloops. As their hunger for more knowledge on Security Testing grows, they attempt to chomp into the cyber realm of ordering pizza. Pull up a chair, grab a slice* and prepare yourself for a feast!
During a recent penetration test, we identified a vulnerability that allowed us to download a full heap memory dump from the application server. This presentation will examine the vulnerability itself, the structure of the heap dump, and the tools available for analyzing it. Using a sample application, we will show the potential to extract critical information from such a memory dump, and provide some ideas for future research.
Time to get some coffee!
Communication across the network is core business for most organisations and in fact the entire Internet. But what happens when a hacker messes with the interconnects we rely on? This talk will overview vulnerabilities known in popular routing protocols. The presentation will explain how the protocols work and demonstrate the effectiveness (or not) of the vulnerabilities.
The market for cyber insurance is expected to reach $14 Billion by 2022. Many companies, large and small, have purchased it already or are in the process of evaluating. Technical information security professionals are being asked to participate in this process with little to no background information on the commercial insurance industry as a whole, and more specifically the cyber insurance market. Many insurance carriers are piling into the market but is there a lack of real and valuable data are they instead focused on increasing market share and profitability. Cyber insurers need to focus on pricing this risk correctly, otherwise the financial risk could devastate market participants. What data would be more useful for cyber insurers to better understand, price and write this risk? This talk will explore an (hopefully not boring) overview insurance industry as a whole, specific cyber policies that are currently being written, how this risk is priced, what data would be more useful for insurers to use to underwrite and an overall focus on what cyber insurance can do for the cyber security industry as a whole.
Food food food
Yep so I asked my friend if I could hack her and she said yes. This is about what worked, what went wrong, all the flubs I made, and how to not suffer the same fate as her. Also Mario's green brother is there, and then that part takes a sinister turn.
In my first year in information security I got obsessed with a couple of little bugs…and after following said bugs down the proverbial rabbit hole ended up with novel RCE in SQL and UXSS in Microsoft Edge. MySQL/Maria DB are now patched and Edge is due to be patched in January. The talk will take the audience on a journey from discovering an innocent looking bug and through the process of understanding what is causing the bug and the lateral thinking used to result in big bugs. The talk will include live demonstration + a little Autohotkey.
this presentation we will discuss the limitations of existing Open Source approaches, then present the Scribery project, an end-to-end session recording solution with features.
The presentation will centre on the demonstration of a hdmi and usb hid mitm dropbox for client site assessments, with some history of the different versions of the project.
In this talk I will explain some of the many tools and techniques of the fascinating field of red teaming physical security and give you my own thoughts on what is actually useful versus what is a complete waste of money and space.
Machine learning is cool right now. Whether you’re an AV firm struggling to detect meterpreter, a CIO for an ICO working out how you can legitimately work the terms “machine learning” and “blockchain” into the same sentence, or developing a robot that doesn’t walk itself into a pond, AI and machine learning is hot on everyone’s minds.
This talk is the result of a small personal side project for better understanding CT logs and how they may be used. It resulted in crunching some decent sized data sets (numerous terabytes of compressed data) to extract certificate data relevant for work in NZ & AU, contemplating this datasets use and relevance for both blue and red teams.