ComfyCon AU 2020 Summer

Building a vibrant and competitive ecosystem

Cyber security is emerging as one of Australia’s most promising growth sectors.

Read More

Cyber Security Adulting

There’s a lot of guidance out there for enterprise, and business to help guide Cyber Security Maturity, and what it means to be a “responsible adult” organisation.

Read More

Digital Forensics for Compressed Files

How and when timestamps change on a Windows system are well documented, but what happens to timestamps when threat actors ZIP/RAR/CAB up all the data they have collected in your network and exfiltrate it?

Read More

DownUnderCTF: Australia's Largest CTF in a Nutshell

The story of how a group of individuals from 13 cyber security societies across Australia came together to manage to create Australia’s largest CTF.

Read More

Function Similarity Using Machine Learning

I will give an overview of the research in a recent paper where I have been using machine learning to predict function similarity in different malware families.

Read More

Guardians of the cloud: the sysadmin’s guide to cloud security

Organisations are rapidly moving applications to the cloud to support remote work in the COVID-19 era, leaving sysadmins and security teams to secure a sprawling mass of cloud-based infrastructure.

Read More

It Starts with a Question - Inquiry for Cyber Security

As a cyber security hiring manager, I see one of the key differences between people who are successful and those who struggle is the ability to navigate uncertainty.

Read More

Let's talk CFPs - Stop putting off that conference submission

So your favourite InfoSecurity conference has just published its Call for Paper (CFP) dates!

Read More

MageCart - modern web attacks for fun and profit

Magecart has been in the news many times due to high profile breaches such as when 100s of Australian website were found to have malware on them and when BA was fined for over $200m.

Read More

Mental Health in InfoSec - We Need To Talk

The Consulting, Digital, Information and Technology industries traditionally have attracted a certain “type” of person.

Read More

Peer Review: Bitter wisdom is better than sweet folly

Before responding to an important text or email it is wise to have a friend weigh in on your wording.

Read More

Planning Your Active Defence with MITRE Shield

MITRE Shield (https://shield.mitre.org/ ) is a recently published active defence knowledge base MITRE developed to capture and organise active defence techniques and adversary engagement.

Read More

Practical OSINT’ing... while Mountain Biking

OSINT is any sort of intelligence gained through any publicly available source.

Read More

Red-Teaming cognitive principles for understanding complexity.

Red-teaming has been used since the cold war to help decision makers overcome their own cognitive biases flawed group dynamics and arrive at more thorough judgments about the future.

Read More

Report Ranger: Pentesting reports with markdown and automation

We’re releasing a new tool for building penetration testing reports called Report Ranger.

Read More

Securing mobile apps using Google Firebase

Google firebase is a NoSQL database and mobile / web backend framework.

Read More

Security design flaws in Storage by Zapier

In this talk, I go through the vulnerabilities I discovered in a Zapier service called “Storage by Zapier”.

Read More

So you've decided to go out on your own... how to setup for business or subcontracting

Australia has an awesome talent pool of cybersecurity professionals & human beings that unfortunately is under the yoke of large businesses that will subjugate awesomeness for mediocrity.

Read More

Taming the Velociraptor: who needs EDR anyway?

This talk will look at some key capability I have learnt using Velociraptor in field, fighting evil over the last year and a bit.

Read More

Teach IT user’s not to get phished: Play the game, get the knowledge and confidence to handle phishing emails/websites

Phishing attacks are prevalent and humans are central to this online identity theft attack, which aims to steal victims’ sensitive and personal information such as username, password, and online banking details.

Read More

The blunt advice about getting a job in cybersecurity

Cybersecurity is a well sought-after industry. So, you studied hard at University, maybe you want to transition from that accounting disciple, or perhaps you just watched Mr.

Read More

The Paradox at the Heart of Cloud Native Security

In a world where deploying new features to production multiple times a day, is ever more reality than myth, traditional enterprise security and compliance teams are scrambling to cope with the pace of change, the historial walls of the often cited “Church of No” are crumbling around them.

Read More

Threat hunting for dummies

Hilt gives an introduction to threat hunting and how resource constrained organizations can boot strap a threat hunting program using open source tools.

Read More

Using statistical analysis to find beacon communication activity

I’ll cover the types of beacons out there in the wild, a little about some of the c2 frameworks and how beacons are configured and deployed.

Read More

What We Do in the Shadows

We’ve all done it. Setting up a Slack to chat to our colleagues when the proper system doesn’t cut it.

Read More

Why I 🖤 Privacy

I spend all day providing advice to people who do different jobs that use data.

Read More