Melbourne

Details

When Thursday 26th September 2019
Where 402 Swanston Street, RMIT City Campus: Building 12, floor 13, room 2
Time 6:00 PM
After Talks Kicks, Level 1, 450 Elizabeth St, Melbourne
Organisers Luke
Contact @ruxmon
Meetup.com Event Page https://www.meetup.com/meetup-group-BPNYjOrM/events/264979098
Save Event

Notification List

Please sign up to our email notification list for advanced notification of planned Ruxmon events and presentation details.

Location

402 Swanston Street, RMIT City Campus: Building 12, floor 13, room 2


Presentations

The NeverEnding Story of a bug - Web(un)Logic - pimps

Level: Intermediate

This lightning talk aims to explain the NeverEnding Story of an unsecure XML Deserialization bug in weblogic that can lead to unauthenticated RCE. The history of this bug starts in 2017 under the CVE-2017-3506 and got its latest bypass in 2019 as CVE-2019-2729. An exploit that was written by the speaker to exploit all those CVEs will also be demonstrated.

Bio

TheGoonies team member.


Security as Convenience: When safe is also easier - Ulisses Albuquerque

Level: Beginner

By providing known-good and safe preset building blocks for infrastructure, libraries and architecture patterns, security controls can be piggybacked in resources which make developers' jobs easier. During this talk we will discuss an implementation of this pattern and how hook points for security can be easily identified and leveraged, especially in cloud-first environments.

Bio

Ulisses (@urma) is a security engineer with a passion for automation, pipelines and collaboration between red and blue teams


SQL Injection - Luke

Level: Intermediate

Some interesting things to do with SQL injection.

Bio

Also a team member of TheGoonies.



Archive

When Title Speaker Materials

Friday 31st May 2019

Little Black Book of Libc: Exploring the security properties of multiple libc implementations

mercy

Not available

Friday 29th March 2019

Choo Choo, All Aboard The Ruby Train!

Louis Nyffenegger

Not available

Friday 26th October 2018

A Modular Approach to Red Team Payloads

Lloyd Simon

Not available

Friday 31st August 2018

Security Measures in OpenSSH

Damien Miller

Not available

Friday 27th July 2018

Side-Stepping Defensive Measures in a Windows 10 Enterprise Environment

XTreeGold

Not available

Friday 29th June 2018

Offensive Tricks 0x00: Turning XXE into RCE on Java Environments

Marcio Almeida

Not available

Friday 29th June 2018

Ruby Deserialization

Luke Jahnke

Not available

Friday 25th May 2018

Overview of Cryptonote

Kee Jeffreys, Jack Murray

Not available

Friday 25th May 2018

Electron.js - turning XSS into RCE

Brendan Scarvell

Not available

Friday 27th April 2018

How to improve your threat research, YARA + KLara

Noushin Shabab

Not available

Friday 27th April 2018

Adventure Time Cont.

Joaquim Espinhara

Not available

Friday 23rd March 2018

JWT == insecurity ??

Louis Nyffenegger

Not available

Friday 23rd March 2018

Not available

Friday 25th August 2017

BitcoinCTF III

Luke Jahnke

Not available

Friday 25th August 2017

Building a SOC for fun and profit

Barry Anderson

Not available

Friday 28th July 2017

Keyboard cowboys - Herding shells

Eldar Marcussen

Not available

Friday 28th July 2017

Not available

Friday 30th June 2017

Internal Pentest: from z3r0 to h3r0

Marcio Almeida

Not available

Friday 30th June 2017

Not available

Friday 26th May 2017

Advancements in p455w0rd cr4ck1n6

John Gerardos

Not available

Friday 26th May 2017

Not available

Friday 28th April 2017

The Application security aspect of cyber is very, very tough

Louis Nyffenegger and Ash Fox

Not available

Friday 28th April 2017

Not available

Friday 31st March 2017

UniFi'd Ownage - Centralised and Automated Network Management

Tim Noise

Not available

Friday 31st March 2017

Not available

Friday 26th August 2016

Making GDB fun again

Chris Alladoum

Not available

Friday 26th August 2016

Not available

Friday 27th May 2016

The Devopsification of IT Security

Barry Anderson

Not available

Friday 27th May 2016

Uncaging Faraday

Ulisses Albuquerque

Not available

Friday 29th April 2016

Swimming drunk in a croc infested billabong: Practical Exploitation of DROWN

Tim Noise

Slides

Friday 29th April 2016

Enterprise Wi-Fi Recon: rEAPing the benefits

Luke McDonnell

Slides

Friday 18th March 2016

American Fuzzy Lop - fuzzing like there's no tomorrow

Joaquim Espinhara

Not available

Friday 18th March 2016

Web Application Security

Louis Nyffenegger

Slides

Friday 25th September 2015

What's your Zodiac Sign?

Kayne Naughton

Not available

Friday 25th September 2015

Not available

Friday 28th August 2015

Hacking Web Apps like a pimp

Chris Alladoum

Not available

Friday 28th August 2015

You probably DO need a cryptographic hash function

Michael Samuel

Not available

Friday 31st July 2015

Security Anti-Patterns

Barry Anderson

Slides

Friday 31st July 2015

Journey from research to exploit

Tim Noise

Not available

Friday 12th June 2015

Hacking trends, types of attacks, cool and interesting technical details

Mike Smith - CTO Akamai Technologies

Not available

Friday 12th June 2015

Not available

Friday 29th May 2015

QEMUing up a storm: why QEMU is awesome for doing embedded stuff

Peter Fillmore

Not available

Friday 29th May 2015

BitcoinCTF II - The Shadow and the Flame

Luke Jahnke

Not available

Friday 24th April 2015

Introduction to security code review for the web

Louis Nyffenegger

Slides

Friday 24th April 2015

Opening garage doors with an iPhone and HackRF: Adventures in Software-defined Radio

Hubert Seiwert

Not available

Friday 27th March 2015

Building an FPGA-based Glitcher to Defeat Hardware

Silvio Cesare

Not available

Friday 27th March 2015

Bug Bounties -- What's the Story?

Nathaniel Wakelam

Not available

Friday 1st August 2014

Why would a geek leak?

Thomas Drake & Jesselyn Radack

Not available

Friday 1st August 2014

Not available

Friday 27th June 2014

Post-Snowden OpenSSH

Damien Miller

Not available

Friday 27th June 2014

Rogue Containers – A Virtual Disk Escape

Shanon Olsson

Not available

Friday 30th May 2014

Git Money: Snatching Source Trees

Tim Noise

Not available

Friday 30th May 2014

B.R.E.A.M. (A.K.A the Blockchain Ruins Everything Around Me)

Kayne Naughton

Not available

Friday 28th March 2014

Avocent Virtual Media Pwnage

Michael Sameul

Not available

Friday 28th March 2014

Pager Security

Andrew Horton

Slides

Friday 28th February 2014

RuxLox

Topy

Not available

Friday 28th February 2014

Goto Fail: Apple SSL broken again

Hubert Seiwert

Not available

Supported By