Melbourne

Details

When Friday 30th August 2019
Where 445 Swanston Street, RMIT City Campus: Building 80, floor 5, room 12
Time 6:00 PM
After Talks Captain Melville, 34 Franklin St, Melbourne
Organisers Luke
Contact @ruxmon
Meetup.com Event Page https://www.meetup.com/meetup-group-BPNYjOrM/events/264109831/
Save Event

Notification List

Please sign up to our email notification list for advanced notification of planned Ruxmon events and presentation details.

Location

445 Swanston Street, RMIT City Campus: Building 80, floor 5, room 12


Presentations

$vendor 0day - Brendan Scarvell

Level: Intermediate

This presentation will talk about the process of discovering an undisclosed method to bypass authentication and gain remote code execution on a number of $vendor devices.

Bio

Brendan (@menztrual) is a Security Researcher at elttam who enjoys finding vulnerabilities in software and competing in CTFs with TheGoonies.


Command injection and restriction bypass on IoT device - Harold

Level: Beginner

Harold will be walking you through a vulnerability published earlier in the year, on a conference media device, including how he bypassed restricted use of special characters, the challenges involves and how he ended up exploiting the command injection.

Bio

Harold is a penetration tester at Hivint. In his spare time, he held a long standing record on hack-the-box. Harold found 2 CVE within the first year of being a penetration tester. He is also actively involved in the infosec community primarily on University campuses running workshops and presentations on behalf of RMIT.


Pimps is the most annoying friend that someone can have... So I'm here! - j

Level: Beginner

Quick (10 minutes) introduction to Variant analysis. Let's talk about how we can use previous known bugs to find new similar vulnerabilities in the same codebase or across different codebases using Semmle QL.

Bio

I'm just a latin American guy, with no money in the bank, no important relatives and from the countryside!


This vulnerability is doo doo - Justin Steven

Level: Beginner

We'll take a quick look at a garbage 0day code execution bug in a popular IDE that probably won't get anyone (sensible) owned, encourage people to think twice before opening untrustworthy source code in an IDE, and implore people to stop 👏 using 👏 system() 👏

Bio

Software security dude. Bugs and exploitation. OSCP, OSCE, I love breaking developer tools.


OK, You're Leet - What Now - Marc Bown

Level: Intermediate

As an industry we tend to fetishize technical skills. Many of us spend our time and training budgets on trying to become the next Marc Dowd or Tavis Ormandy. But most companies out there don't need Dowd's or Ormandy's - they need regular shmoes to deal with regular security problems.

In this talk I'll talk about some of the best security people that I've worked with and what made them great. I'll share details on the diverse set of skills that I think that good security people need to have.

If I succeed, you all will be convinced that we should all be investing in developing our non-technical skills, as well as our technical skills, in order to move the industry forward.

Bio

Marc recently started as the CISO at AfterPay. Before that he ran security at Fitbit.


Hack the Mac - Neelakanteswara Rao Patnaik Baggam (Neel)

Level: Intermediate

In this talk I will demonstrate the way Mac OS can be fooled by changing the name of the exploit file to give access to perform some important operations like using the camera, microphone etc. The remote administration tool I'm going to use in this presentation is developed by me.

Bio

An offensive security enthusiast, mostly interested in the development of offensive security tools. Recreates existing tools in python and develop new tools with the help of knowledge acquired.


Supply Chain Attacks: What are my options? - Riley Baird

Level: Beginner

Supply chain attacks take you by surprise. You spend so much time securing your network only to be pwned because a trusted source just sent you malware. This talk explains the scope of the supply chain threat and discusses real-world examples. Furthermore, we discuss measures which users, organisations and developers can take to minimise their exposure to this risk.

Bio

Riley (@batterystaples) is a security analyst with a goal of automating everything that can be automated, as well as some things that can't. He enjoys engineering, both reverse engineering and network engineering, and is one of those people who uses Linux as their daily driver (and will fight anyone who says "GNU/Linux"). Python is awesome and Golang is the future. He enjoys exploring, both in the digital world and the physical world.


Archive

When Title Speaker Materials

Friday 31st May 2019

Little Black Book of Libc: Exploring the security properties of multiple libc implementations

mercy

Not available

Friday 29th March 2019

Choo Choo, All Aboard The Ruby Train!

Louis Nyffenegger

Not available

Friday 26th October 2018

A Modular Approach to Red Team Payloads

Lloyd Simon

Not available

Friday 31st August 2018

Security Measures in OpenSSH

Damien Miller

Not available

Friday 27th July 2018

Side-Stepping Defensive Measures in a Windows 10 Enterprise Environment

XTreeGold

Not available

Friday 29th June 2018

Offensive Tricks 0x00: Turning XXE into RCE on Java Environments

Marcio Almeida

Not available

Friday 29th June 2018

Ruby Deserialization

Luke Jahnke

Not available

Friday 25th May 2018

Overview of Cryptonote

Kee Jeffreys, Jack Murray

Not available

Friday 25th May 2018

Electron.js - turning XSS into RCE

Brendan Scarvell

Not available

Friday 27th April 2018

How to improve your threat research, YARA + KLara

Noushin Shabab

Not available

Friday 27th April 2018

Adventure Time Cont.

Joaquim Espinhara

Not available

Friday 23rd March 2018

JWT == insecurity ??

Louis Nyffenegger

Not available

Friday 23rd March 2018

Not available

Friday 25th August 2017

BitcoinCTF III

Luke Jahnke

Not available

Friday 25th August 2017

Building a SOC for fun and profit

Barry Anderson

Not available

Friday 28th July 2017

Keyboard cowboys - Herding shells

Eldar Marcussen

Not available

Friday 28th July 2017

Not available

Friday 30th June 2017

Internal Pentest: from z3r0 to h3r0

Marcio Almeida

Not available

Friday 30th June 2017

Not available

Friday 26th May 2017

Advancements in p455w0rd cr4ck1n6

John Gerardos

Not available

Friday 26th May 2017

Not available

Friday 28th April 2017

The Application security aspect of cyber is very, very tough

Louis Nyffenegger and Ash Fox

Not available

Friday 28th April 2017

Not available

Friday 31st March 2017

UniFi'd Ownage - Centralised and Automated Network Management

Tim Noise

Not available

Friday 31st March 2017

Not available

Friday 26th August 2016

Making GDB fun again

Chris Alladoum

Not available

Friday 26th August 2016

Not available

Friday 27th May 2016

The Devopsification of IT Security

Barry Anderson

Not available

Friday 27th May 2016

Uncaging Faraday

Ulisses Albuquerque

Not available

Friday 29th April 2016

Swimming drunk in a croc infested billabong: Practical Exploitation of DROWN

Tim Noise

Slides

Friday 29th April 2016

Enterprise Wi-Fi Recon: rEAPing the benefits

Luke McDonnell

Slides

Friday 18th March 2016

American Fuzzy Lop - fuzzing like there's no tomorrow

Joaquim Espinhara

Not available

Friday 18th March 2016

Web Application Security

Louis Nyffenegger

Slides

Friday 25th September 2015

What's your Zodiac Sign?

Kayne Naughton

Not available

Friday 25th September 2015

Not available

Friday 28th August 2015

Hacking Web Apps like a pimp

Chris Alladoum

Not available

Friday 28th August 2015

You probably DO need a cryptographic hash function

Michael Samuel

Not available

Friday 31st July 2015

Security Anti-Patterns

Barry Anderson

Slides

Friday 31st July 2015

Journey from research to exploit

Tim Noise

Not available

Friday 12th June 2015

Hacking trends, types of attacks, cool and interesting technical details

Mike Smith - CTO Akamai Technologies

Not available

Friday 12th June 2015

Not available

Friday 29th May 2015

QEMUing up a storm: why QEMU is awesome for doing embedded stuff

Peter Fillmore

Not available

Friday 29th May 2015

BitcoinCTF II - The Shadow and the Flame

Luke Jahnke

Not available

Friday 24th April 2015

Introduction to security code review for the web

Louis Nyffenegger

Slides

Friday 24th April 2015

Opening garage doors with an iPhone and HackRF: Adventures in Software-defined Radio

Hubert Seiwert

Not available

Friday 27th March 2015

Building an FPGA-based Glitcher to Defeat Hardware

Silvio Cesare

Not available

Friday 27th March 2015

Bug Bounties -- What's the Story?

Nathaniel Wakelam

Not available

Friday 1st August 2014

Why would a geek leak?

Thomas Drake & Jesselyn Radack

Not available

Friday 1st August 2014

Not available

Friday 27th June 2014

Post-Snowden OpenSSH

Damien Miller

Not available

Friday 27th June 2014

Rogue Containers – A Virtual Disk Escape

Shanon Olsson

Not available

Friday 30th May 2014

Git Money: Snatching Source Trees

Tim Noise

Not available

Friday 30th May 2014

B.R.E.A.M. (A.K.A the Blockchain Ruins Everything Around Me)

Kayne Naughton

Not available

Friday 28th March 2014

Avocent Virtual Media Pwnage

Michael Sameul

Not available

Friday 28th March 2014

Pager Security

Andrew Horton

Slides

Friday 28th February 2014

RuxLox

Topy

Not available

Friday 28th February 2014

Goto Fail: Apple SSL broken again

Hubert Seiwert

Not available

Supported By