SecurityBsides Australia
When: Tuesday, 15th of May 2012
Where: Gold Coast, Queensland at the AusCERT Conference
Time: 6:30-8:30pm
Cost: Free for folks attending AusCERT like last year
Venue: Gardenia Room, Royal Pines
http://maps.google.com.au/maps?f=q&source=s_q&hl=en&geocode=&q=royal+pines+resort,+gold+coast&aq=&sll=-25.335448,135.745076&sspn=45.660664,80.068359&ie=UTF8&hq=royal+pines+resort,&hnear=Gold+Coast+Queensland&ll=-27.998873,153.399525&spn=0.042591,0.078192&z=14&iwloc=A
Schedule - Tuesday, 15/5/2012
6:oopm AusCERT welcome cocktails kicks off.
Direct link to the AusCERT 2012 schedule is here FYI sports fans:
http://conference.auscert.org.au/conf2012/program_main.html
Time |
Presenter |
Topic
|
6:30pm |
Marc Bown
Trustwave SpiderLabs APAC
|
Paper Title:
Sharing the Love: Forensics in Shared Hosting Environments
Today, everyone who is anyone has a website. Many of these sites are located on cheap, shared hosting space. A single shared hosting server can be host to thousands of websites. On a single server there can be sites hosting pictures of kittens with witty captions, e-commerce sites that collect payment card information and sites dedicated to plans to take over the world.
It turns out that when a company's web hosting budget is just cents per day, their security budget if often even smaller. As a result, compromises of these shared hosting environments is not uncommon. For forensic investigators though, these shared hosting environments are pretty unfriendly places.
For one thing, you're very unlikely to be able to get a full disk image of that compromised server. Even the dodgiest of hosting providers will usually see the privacy implications of giving you access to more than one of their customers' details.
For another – many of the artefacts you are used to relying on (e.g. Web access logs) are completely missing in these low cost environments. Logging = disk space = money, so they are kept for the minimum period possible.
In this talk I'll cover my experience working in shared hosting environments. I'll talk about how to acquire evidence from these environments, when kicking down the door and physically taking the server isn't an option. I'll detail some of the evidence sources I've discovered to be useful in recent investigations, as well as how to analyse them.
I'll also be running through the most common attack vectors that I have seen and showing you how to detect them quickly and easily.
|
7:00pm |
Graeme "wily" Bell
Assurance
|
Title:
Doctor Strangelock ...or: How I learned to stop worrying and love the key.
Wily Kubrick discusses the arms race that is physical security. Through an analysis of patents from 1865 to the present day, some very cool -- and ridiculous -- lock security features are discussed. If you are yet to migrate to RFID implants to open your house, office and car, this talk may be of interest to you.
Presenter Bio: Graeme "wily" Bell is a Senior Consultant with Assurance Pty Ltd, with a background in UNIX, network and infrastructure security. In his spare time Graeme enjoys photography and self-indulgent piano solos. He has presented at information security conferences and run lockpicking workshops. He once got caught in a set of (seized) handcuffs trying to show off to a pretty girl.
|
7:30pm |
Loukas Kalenderidis
Assurance
|
Title:
DE MYSTERIIS DOM JOBSIVS (EFI Threats to Mac OS X)
Abstract:
The EFI firmware used in Intel Macs and other modern systems presents some interesting possibilities for rootkit developers.
This presentation will provide a full account of how an EFI-‐based rootkit might work. We will begin with some background on the EFI architecture -‐ what it does, how it works, and how we can leverage EFI to inject code into the Mac OS X kernel or attack the user directly. We will then detail how a kernel payload might work, employing a number of rootkit techniques that can be used within the XNU kernel.
Finally, we will discuss the possibilities for rootkit persistence that are presented by EFI. This presentation will leave the audience with an understanding of the ways in which EFI can be used in a modern Mac OS X rootkit.
A portion of this material was previously presented at Ruxcon 2011 and Kiwicon V in 2011 (on kernel rootkit techniques) and SyScan 2012, however, the focus of this talk is on ongoing EFI research.
Presenter Bio:
Loukas Kalenderidis is Principal Consultant at Assurance Pty Ltd, a former software engineer, long time Mac fanboy, avid musician, and aficionado of the world's beers (all of them). Loukas has previously presented at Ruxcon, Kiwicon, SyScan 2012 and SAGE‐AU events.
|
|
|
|
Invite your friends by posting this hash tag on twitter: "#bsidesau" or follow @bsidesau
Want to talk @ BSidesAU
Please submit your talk topic and the synopsis to securitybsidesau@gmail.com. Depending on the number of presentations submitted we are aiming for 30min presentations in length, but the aim is to try and fit folks in if we can.
BSidesAU General Information
The biggest Security conference in Australia each year is AusCERT and we love it so much we thought we'd try fit in some extra sessions for the folks who think that too much security is never enough!!!!
We have been given the support from the AusCERT organisers again this year to run BSidesAU again. There is a change in the running schedule for AusCERT this year as you've all probably noticed and we are fitting in with this new format. So BSidesAU will be run alongside the welcome cocktails event. That's right sports fans BSidesAU + Cocktails == (can you dig it)
If your new to what Security BSides is all about, please check out http://www.securitybsides.com for further information about what BSides is all about.
Event Photo's
Looking for any volunteer's again to take some snaps an let us know where to get at them and we'll post those URL(s) back on this wiki. Alternatively the @bsidesau or #bsidesau "twitter machine" should be able to get this done.
Venue Info
- The room can seat about 25 and it'll be first come first seated on the day.
Please let us know if you'd like to help out and/or sponsor in some small way.
Planners and talk submission reviewers (in no particular order)
- Craig Lawson (@craiglawson)
- Stephen MacDonald (@ozsmac)
- Drazen Drazic (@DDrazic)
- Clinton Smith
- Neal Wise (@y011)
Comments (0)
You don't have permission to comment on this page.