ComfyCon AU 2020 Winter

Access your social media archives!

Caitlin

You can download archives of a lot of your history on social media sites as a result of the GDPR requirements being brought into play.

An Introduction to Drone Security

Mike Monnik

Drones are literally flying laptops. There are a lot of attack vectors that exist but also a number of key things you need to be aware of in the physical and kinetic space; it’s no longer a case of simply compromisable IoT.

Automating the Boring

Renée

Cyber is schmick! It’s pretty! It lets me hunt down bad guys and nuke ’em from orbit!

Careers Panel

Fabio

A panel on how to get a career within cyber security.

Code that gets you pwn(s|'d)

Louis

In this talk, Louis will cover examples of vulnerabilities that are not necessarily obvious.

CV Workshop

Ricki Burke

Ricki runs through his top tips for developing a CV, what you should and shouldn’t do, and what industry hiring representatives look for.

Dependencies: Barely Managing

sh3r4_hax

Colloquially, infosec and developers don’t share a unified definition for concepts like “dependency management”.

Digging Deeper with Velociraptor - DFIR Beast Mode…

Mike Cohen

The old way of performing in-depth forensic analysis and incident response with your existing tools is clearly not adequate or scalable to many endpoints.

Disclose.io - Vulnerability Disclosure and Hacker Safeharbor in 2020

Casey Ellis

After 40 years of hard-fought battles, the Internet has finally reached a place where it knows that hackers aren’t always burglars… Many of us are locksmiths.

Fireside chat with Tilley

Alex Tilley

Interesting stories and insights into the world of cybercrime from someone with a unique understanding from a long history.

Good Incident Response; More Than Just Tech Stuff

Ryan Mclaren

Looking back at some of of the previous Incident Response operations he led, Ryan will give an overview into some of the critical functions and skills required of Incident Response personnel.

Hanging on the Telephone: Hacking VoIP

Sarah Young

Before security, Sarah spent a decent amount of her career deploying VoIP systems.

How to Fight a Virus with a Spreadsheet

Allen Baranov

Reporting is an important part of Infosec but reports often get ignored.

How to keep kickass women in tech - take a lesson from snowboarding

Toni James

What’s the point of hiring kickass women if you don’t have an environment that supports their growth and desire to stay with your company?

How to sort your sabotage plans

Kirk Nicholls

There’s a lot of work in maintaining documentation for systems to ensure they are effective for use by someone other than the creator.

Introduction to Lockpicking

Marshmallow

An introduction to Lockpicking from some of the youngest members of our community!

Is there anyone on board who can fly a DevSecOps plane?!

Hannah McKelvie

We are three years into our Enterprise Secure Code program, and last year we embarked on DevSecOps at scale.

Lies, Deception and Fantasy

Sam Crowther & Nick Rieniets

We, the defenders, play in a highly adversarial game. The game is played in the open and the rules require us to hand our adversaries all the information required to defeat us.

Meditation for Crisis Professionals

Garth

For both crisis professionals and professionals in crisis, this session examines the effects of long term stressors, and provides a practical framework on how to manage them.

OSINT, A learning journey

Benzies

OSINT is any sort of intelligence gained through any publicly available source.

Overcoming Cyber Performance Anxiety: The Continuous Cyber Maturity Model

Andrew Scully

Unending data breaches, outages and compromises can leave security senior leadership with “cyber performance anxiety” and organisations asking the question; does our security program REALLY deliver the outcomes we need?

Pwnagotchi your new digital pet!

George Coldham

Do you remember Tamagotchi? Learn about Pwnagotchi your open source, digital pet based on Raspberry Pi Zero W.

Security at the speed of DevOps

Uday Korlimarla

Today, Speed to market is everything. But speed and security can both be achieved at the same time.

The CIA Triad: Staying Sane in Crazy Times

Gyle

We’re all familiar with the CIA triad since it’s the model that is used to guide policies for information security in an organisational setting.

Things to do with a Faraday Cage

Silvio Cesare

I recently bought a commercial desktop Faraday Cage/Box. It has USB, POE, and SMA pass through.

Using Interlace for organising tests, and multithreading over targets

Michael Skelton

A quick primer on how Interlace can be used for “on the fly” pentesting or bug bounty tests over large targets, CIDR or glob ranges as well as useful tricks for how it can be deployed to organise and store the results of tests.

Vulnerability research as a lifestyle

Faith

Have you been on twitter recently and seen tweets about people finding vulnerabilities in <insert_software_name_here>?

Why you should go get it…

Adam McCarthy

This talk is about why people should back themselves and go out on their own, start a company, build things that they want to build, work for people they want to work with.

Zero Trust ... it is not just about infrastructure

TM Ching

Zero Trust is probably the most overused buzzword in the industry, and probably the least understood.