Brisbane

Details

When Friday 17th April 2015
Where Red Hat Brisbane, Level 1, 193 North Quay
Time 6:00 PM
After Talks Transcontinental Hotel, 482 George Street
Organisers Steve Glass, David Jorm
Contact brisbane@ruxmon.com
Save Event

Notification List

Please sign up to our email notification list for advanced notification of planned Ruxmon events and presentation details.

Location

We hold meetings from February through October. Summer break November through January.

Red Hat office, 193 North Quay, Brisbane. Take the lift to level 1. If the lift is locked, take the stairs on the right hand side.


Presentations

Internet-wide Survey of TLS Diffie-Hellman(-Merkle) Ephemeral Keys - Russ Albee (Wasabi)

Level:

TLS/SSL is the encryption protocol used to protect web communications (e.g. banking websites), commonly referred to by most people as "HTTPS".  Forward secrecy is used to generate a unique one-time session key independent of the server's private key to protect current and past encrypted communications.  You likely use both these daily, but do you actually know how they work?  More importantly are you aware of the ways in which they might not work as you expected? 
This talk will start with a quick primer on symmetric and asymmetric ("public key") encryption and forward secrecy, and then move into an in-depth explanation of how the TLS Protocol Version 1.2 (RFC 5246) works.  It will cover the history, standards, protocols, handshake process, and the record layer with a hex by hex breakdown of an example Client Hello message.  The talk will finish with a discussion of the findings of my  research project on Diffie-Hellman Ephemeral keys. Should include a live demonstration of tools available at www.ssllabs.com website.

Bio

Russ Albee (Wasabi) is a security consultant specialising in penetration testing and vulnerability assessments.  He has a strong background in system administration with over a decade of experience.  He has previously served in both technical and intelligence roles in the US military and as a Police Constable with the Western Australia Police.  Russ holds a MInfTech (Security) degree from QUT where he completed a major research project into the cryptographic security of TLS/SSL, specifically the randomness of ephemeral keys used during Diffie-Hellman Ephemeral (DHE) key exchange.  He is a Yank by birth, Aussie by choice.

A Tutorial Introduction to Hacking Go Card - Steve Glass

Level:

Go Cards is a stored payment card used for public transport throughout  Brisbane and SE Queensland. What data do these cards hold? Can they be hacked? Is it possible to get free travel? Steve will present a lightning talk (i.e. much shorter than he normally talks for) on some of the security and privacy issues presented by Go Cards.

Bio

Steve is a security researcher and software developer as well as chapter organizer for Brisbane Ruxmon. When time allows he plays the trumpet.


Archive

When Title Speaker Materials

Friday 17th April 2015

Internet-wide Survey of TLS Diffie-Hellman(-Merkle) Ephemeral Keys

Russ Albee (Wasabi)

Not available

Friday 17th April 2015

A Tutorial Introduction to Hacking Go Card

Steve Glass

Not available

Not available

Not available

Friday 19th September 2014

Java Attack Vectors

David Jorm

Not available

Friday 19th September 2014

How TLS/SSL and forward secrecy works (or doesn't for that matter...)

Russ Albee (Wasabi)

Not available

Friday 18th July 2014

Meterpreter Internals

OJ Reeves

Not available

Friday 18th July 2014

Phishing and IFrame Attacks

Jason Becker

Not available

Friday 20th June 2014

OpenWRT

Parth Shukla

Slides

Friday 20th June 2014

Virtualization for Hackers

Justin Steven

Not available

Friday 2nd May 2014

Loxfun @ Ruxmon

Robert "Bull" Winkel

Not available

Friday 2nd May 2014

Mobile Insecurity

Steve Glass

Slides

Friday 4th April 2014

Pentesting iOS applications

Michael Gianarakis

Slides

Friday 4th April 2014

Docker Security

Trevor Jay

Not available

Friday 7th March 2014

Stealing Bitcoin

Justin Steven

Not available

Friday 7th March 2014

OSCP

OJ Reeves

Not available

Friday 7th February 2014

Victims: a system for tracking and identifying known-vulnerable components in Java, Python and Ruby

David Jorm

Not available

Friday 7th February 2014

Sitting at the Big Kids Table

Silas Barnes

Not available

Supported By