ComfyCon AU 2022 Winter
"MY WHY". How Fraud and Identity Theft led me into Cyber Defence and Operation
I aim to share two life changing experiences (where a co-worker pulled off a significant financial fraud and being a victim of identity theft) motivated me to relocate to Australia, study Cyber Security and eventually work in Cyber Defence and Operation.
Read More/usr/bin/purl or why learning to knit made me a better Cyber professional
Cyber is one of those industries where you’re constantly expected to be learning new things.
Read MoreA Deep Dive into Winning Infosec Using Stickiness and Oiliness
Last year at the AISA conference, I presented on 8 essential ways of doing infosec - what I called the “More-Essential Essential-8”.
Read MoreAn unconvential career path. From HR to cyber.
Bec’s presentation is an opportunity to share her learnings and observations on how her career to-date has led her to a role in cyber security, and how the skills developed are relevant and desirable in the industry.
Read MoreBack to Basics aka 'Why can't we get this shit right?!'
Time and time again - especially recently! - we’re seeing breaches occurring because (with 20/20 hindsight, of course!
Read MoreBeg Bounty Hall of (F|Sh)ame
A sneak peak into the best (or worst) no-impact submissions we’ve received through our bug bounty program.
Read MoreBuild Amazing Things (Securely)
In cyber security, it’s easy to lose sight of why we are doing what we do.
Read MoreBuilding security workflows using open source tools
This workshop provides an overview of an automated continuous security workflow built using open source tooling.
Read MoreCareer Transition: A Give and Take Love Story
A very quick, to the point presentation about those looking to career transition into cyber security - what those entering the industry need from other security professionals, and what the security industry needs from them.
Read MoreCommunicating Cyber - Simple Tips You Can Implement to Level up your Influence
Based on my experience as cybersecurity marketing professional, this session will present real world tips and tricks to help cyber security professionals achieve optimum outcomes through better communication.
Read MoreControl Supply Chain Threats In Your Website
Modern organisations depend on online transactions. In an ongoing pursuit to improve the digital experience, websites become extremely complex.
Read MoreCovert communication channels using Lora
Imagine Command and Control traffic was entirely out of band. I’m not talking about hiding c2 comms but an even scarier scenario.
Read MoreDancing, not Wrestling: Moving from Compliance to Concordance for Secure Software Development
Secure software development has become an increasingly important focus for research in recent years, not least because of advances in technology such as AI, machine learning (AI/ML), robotics, and autonomous systems (RAS).
Read MoreDefence against the Dark Arts: Learning the difference between a Security Strategy and a Plan
Clear Cyber Security Strategies and Plans are critical to the success of any security program.
Read MoreDeus Ex Promised Me Cool Augments, and All I Got Was Dystopia: When Do I Get My Robot Legs, and Will They Get Hacked?
How do we attach augments? What body systems will they replace and enhance?
Read MoreDMARC for beginners (or, deflecting bounty begging)
Email still runs on SMTP, which must be close to one of the oldest application protocols still in common use.
Read MoreHoming pigeons, teapots and pegs: a beginner's guide to satirical standards, April Fool's Day RFCs
Have you ever wondered whether you can send IP over Avian Carrier (IPoAC), why your web server returns HTTP status code 418 “I’m a teapot”, or how to implement peg-dhcp?
Read MoreHow Do You Solve a (Cyber) Problem Like Small Business?
As a newly minted small business owner, having quit an IT career, I found it unbelievably hard to apply the security principles from my work, to my own business.
Read MoreHuman Factor Engineering in the SDLC
How can you develop systems fit for purpose if you don’t have requirements from users?
Read MoreInsider Risks - What should we be looking for?
A history on what Insider Risks are, how they differ from typical business risks and how they have become more prevalent during the Covid-era with less visibility due to working from home and the adopting of the bring your own device model.
Read MoreParables for self-care
With the rapid move to online or digital spaces due to the pandemic and lockdowns, a lot of organisations and teams found themselves rapidly adopting remote work.
Read MorePentesting - The first 6 months
I changed careers to Pentesting in July 2021 and would like to share my thoughts on the first 6 months of pentesting.
Read MorePreventing IIS exploitation through the Windows Kernel
With IIS exploitation being one of the most common entry points into a network, I go through my experiences of developing a Kernel Driver to prevent IIS exploits, past and present.
Read MoreQuantum computing! What is it good for?
Quantum computers have become a huge buzzword in the last few years, with startups and big tech firms alike promising fantastical outcomes left, right, and centre.
Read MoreScanning millions of domains and compromising the email supply chain of Australia's most respected institutions
Abstract: Curious to find out what happens when you perform OSINT at-scale?
Read MoreThe Birth of the Surveillance State in Artefacts
Drawing on an extensive collection of espionage artefacts Mike Pritchard will explain the mindset, structure and technical capability of the East German Stasi intelligence service in building the world’s first pervasive Surveillance State.
Read MoreThe Joy of Security: Politics, infighting, and other failure modes for security programs
Creating organisational change in the cybersecurity industry can be challenging. In some areas of security, you don’t you don’t own the outcome, and success depends on your ability to politically influence areas of the organisation to “do the right thing”.
Read MoreTips to alleviate your ISO27001 certification journey
Certification is a journey and there are lots of to-dos and not-to-dos along the way, irrespective of the cybersecurity maturity of an organisation.
Read MoreWrite makes right!
You write each day. Emails, audits, and code. We focus on delivery, on technical displays, and on challenging problems.
Read More