Details
| When | Friday 30th of June 2023 |
| Where | Room 219, Level 2, 234 Queensberry St, Carlton |
| Time | 6:00 PM |
| After Talks | The Last Jar - 616 Elizabeth St, Melbourne |
| @ruxmon | |
| Meetup | Ruxmon Meetup |
Notification List
Please sign up to our email notification list for advanced notification of planned Ruxmon events and presentation details.
Presentations
PwnAssistant - Controlling /home's via a Home Assistant RCE - Victor and Joseph
As smart devices and home automation technology continues to increase in popularity, so do the risks associated with it. In this talk we explore the attack surface of the open source automation ecosystem Home Assistant and outline how we discovered a pre-authenticated RCE vulnerability. We'll dive deep into how the vulnerability works, the impact, and the various bypasses for the patches made to fix it.
Breakdance Workshop - Luke Jahnke
Luke will either put on a breakdance clinic or talk about an interesting security related topic. We are not sure yet.
Archive
| When | Title | Speaker | Materials |
|---|---|---|---|
Friday 28th February 2020 |
Web Crypto 101: ECB - Marcio Almeida |
Marcio Almeida |
Not available |
Friday 28th February 2020 |
Entomology 101 |
Louis Nyffenegger |
Slides |
Friday 29th November 2019 |
JIT-Spray in Mozilla Firefox |
Breno Dario |
Not available |
Friday 29th November 2019 |
Where's Your Head At! |
Louis Nyffenegger |
Not available |
Friday 25th October 2019 |
When (your|their) IPS lies to you |
Barry Anderson |
Not available |
Friday 25th October 2019 |
Gone Phishing/Viral: How to achieve organic traffic to the Nth degree using counter-advertising, feel-good non-fake news |
Mike Monnik |
Not available |
Friday 25th October 2019 |
Breaking into Chinese language dictionaries(如何破解中文电子词典的内容) |
Peter Ross |
Not available |
Friday 25th October 2019 |
Please. Make the Slackware stop. |
seven |
Not available |
Thursday 26th September 2019 |
The NeverEnding Story of a bug - Web(un)Logic |
pimps |
Not available |
Thursday 26th September 2019 |
Security as Convenience: When safe is also easier |
Ulisses Albuquerque |
Not available |
Thursday 26th September 2019 |
SQL Injection |
Luke Jahnke |
Not available |
Friday 30th August 2019 |
$vendor 0day |
Brendan Scarvell |
Not available |
Friday 30th August 2019 |
Command injection and restriction bypass on IoT device |
Harold |
Not available |
Friday 30th August 2019 |
Pimps is the most annoying friend that someone can have... So I'm here! |
j |
Not available |
Friday 30th August 2019 |
This vulnerability is doo doo |
Justin Steven |
Not available |
Friday 30th August 2019 |
OK, You're Leet - What Now |
Marc Bown |
Not available |
Friday 30th August 2019 |
Hack the Mac |
Neelakanteswara Rao Patnaik Baggam (Neel) |
Not available |
Friday 30th August 2019 |
Supply Chain Attacks: What are my options? |
Riley Baird |
Not available |
Friday 31st May 2019 |
Little Black Book of Libc: Exploring the security properties of multiple libc implementations |
mercy |
Not available |
Friday 29th March 2019 |
Choo Choo, All Aboard The Ruby Train! |
Louis Nyffenegger |
Not available |
Friday 26th October 2018 |
A Modular Approach to Red Team Payloads |
Lloyd Simon |
Not available |
Friday 31st August 2018 |
Security Measures in OpenSSH |
Damien Miller |
Not available |
Friday 27th July 2018 |
Side-Stepping Defensive Measures in a Windows 10 Enterprise Environment |
XTreeGold |
Not available |
Friday 29th June 2018 |
Offensive Tricks 0x00: Turning XXE into RCE on Java Environments |
Marcio Almeida |
Not available |
Friday 29th June 2018 |
Ruby Deserialization |
Luke Jahnke |
Not available |
Friday 25th May 2018 |
Overview of Cryptonote |
Kee Jeffreys, Jack Murray |
Not available |
Friday 25th May 2018 |
Electron.js - turning XSS into RCE |
Brendan Scarvell |
Not available |
Friday 27th April 2018 |
How to improve your threat research, YARA + KLara |
Noushin Shabab |
Not available |
Friday 27th April 2018 |
Adventure Time Cont. |
Joaquim Espinhara |
Not available |
Friday 23rd March 2018 |
JWT == insecurity ?? |
Louis Nyffenegger |
Not available |
Friday 23rd March 2018 |
Not available | ||
Friday 25th August 2017 |
BitcoinCTF III |
Luke Jahnke |
Not available |
Friday 25th August 2017 |
Building a SOC for fun and profit |
Barry Anderson |
Not available |
Friday 28th July 2017 |
Keyboard cowboys - Herding shells |
Eldar Marcussen |
Not available |
Friday 28th July 2017 |
Not available | ||
Friday 30th June 2017 |
Internal Pentest: from z3r0 to h3r0 |
Marcio Almeida |
Not available |
Friday 30th June 2017 |
Not available | ||
Friday 26th May 2017 |
Advancements in p455w0rd cr4ck1n6 |
John Gerardos |
Not available |
Friday 26th May 2017 |
Not available | ||
Friday 28th April 2017 |
The Application security aspect of cyber is very, very tough |
Louis Nyffenegger and Ash Fox |
Not available |
Friday 28th April 2017 |
Not available | ||
Friday 31st March 2017 |
UniFi'd Ownage - Centralised and Automated Network Management |
Tim Noise |
Not available |
Friday 31st March 2017 |
Not available | ||
Friday 26th August 2016 |
Making GDB fun again |
Chris Alladoum |
Not available |
Friday 26th August 2016 |
Not available | ||
Friday 27th May 2016 |
The Devopsification of IT Security |
Barry Anderson |
Not available |
Friday 27th May 2016 |
Uncaging Faraday |
Ulisses Albuquerque |
Not available |
Friday 29th April 2016 |
Swimming drunk in a croc infested billabong: Practical Exploitation of DROWN |
Tim Noise |
Slides |
Friday 29th April 2016 |
Enterprise Wi-Fi Recon: rEAPing the benefits |
Luke McDonnell |
Slides |
Friday 18th March 2016 |
American Fuzzy Lop - fuzzing like there's no tomorrow |
Joaquim Espinhara |
Not available |
Friday 18th March 2016 |
Web Application Security |
Louis Nyffenegger |
Slides |
Friday 25th September 2015 |
What's your Zodiac Sign? |
Kayne Naughton |
Not available |
Friday 25th September 2015 |
Not available | ||
Friday 28th August 2015 |
Hacking Web Apps like a pimp |
Chris Alladoum |
Not available |
Friday 28th August 2015 |
You probably DO need a cryptographic hash function |
Michael Samuel |
Not available |
Friday 31st July 2015 |
Security Anti-Patterns |
Barry Anderson |
Slides |
Friday 31st July 2015 |
Journey from research to exploit |
Tim Noise |
Not available |
Friday 12th June 2015 |
Hacking trends, types of attacks, cool and interesting technical details |
Mike Smith - CTO Akamai Technologies |
Not available |
Friday 12th June 2015 |
Not available | ||
Friday 29th May 2015 |
QEMUing up a storm: why QEMU is awesome for doing embedded stuff |
Peter Fillmore |
Not available |
Friday 29th May 2015 |
BitcoinCTF II - The Shadow and the Flame |
Luke Jahnke |
Not available |
Friday 24th April 2015 |
Introduction to security code review for the web |
Louis Nyffenegger |
Slides |
Friday 24th April 2015 |
Opening garage doors with an iPhone and HackRF: Adventures in Software-defined Radio |
Hubert Seiwert |
Not available |
Friday 27th March 2015 |
Building an FPGA-based Glitcher to Defeat Hardware |
Silvio Cesare |
Not available |
Friday 27th March 2015 |
Bug Bounties -- What's the Story? |
Nathaniel Wakelam |
Not available |
Friday 1st August 2014 |
Why would a geek leak? |
Thomas Drake & Jesselyn Radack |
Not available |
Friday 1st August 2014 |
Not available | ||
Friday 27th June 2014 |
Post-Snowden OpenSSH |
Damien Miller |
Not available |
Friday 27th June 2014 |
Rogue Containers – A Virtual Disk Escape |
Shanon Olsson |
Not available |
Friday 30th May 2014 |
Git Money: Snatching Source Trees |
Tim Noise |
Not available |
Friday 30th May 2014 |
B.R.E.A.M. (A.K.A the Blockchain Ruins Everything Around Me) |
Kayne Naughton |
Not available |
Friday 28th March 2014 |
Avocent Virtual Media Pwnage |
Michael Sameul |
Not available |
Friday 28th March 2014 |
Pager Security |
Andrew Horton |
Slides |
Friday 28th February 2014 |
RuxLox |
Topy |
Not available |
Friday 28th February 2014 |
Goto Fail: Apple SSL broken again |
Hubert Seiwert |
Not available |