AusCERT 2016 notes

Here’s a whole mess of notes I made as part of my week at AusCERT 2016. It’s my first conference, and I didn’t know what to expect, but it was an overall good experience. Tuesday I couldn’t get into any of the tutorials, so I ended up working. Sigh :(


I got into the Monday tutorial “Cyber Incident Handling” run by AusCERT’s General Manager, Thomas King. A day-long summary of the NIST guide and the ASD ISM along with some discussion about incidents. More high-level and aimed at managers than I was expecting, but worth going to.


Chris Soghoian, ACLU

  • reminded us that encryption’s required for everything we do.
  • the intelligence community says they’re going for bad guys, but that also means us, because we’re in the way.
  • overall, an amazing speaker and I can’t wait to look up more of what he’s up to.

Nick Savidies, Symantec

  • saving ourselves from the top 1% really requires us to focus on the rest of the 99% of the stuff we should be doing.

Free Stuff!

  • CSO - LootCrate “Summon” from September 2015 - review here
  • AusCERT polo shirt and calico bag
  • ZScaler soft hammers
  • LEGO Minifigure, Kendo Fighter from Series 15! :)

Tech #1 John Bambenek - malware

Tech #2 Justin Clacherty - Building Automation

  • KNX building automation standard
    • unauthenticated
    • not encrypted
    • fairly easy to hack

This stuff is going to get more and more problematic unless vendors really engage with security, I’m surprised there aren’t more problems.

Tech #2 Hinnie Hetterna - Welcome to the after-hack part : Detecting and mitigating the pivot

  • talking bout tools turning into weapons, defending the fortress etc.
  • I’d love to see his full course on tactics, techniques, procedures
  • Packet beat - profile data on the fly - I’m definitely going to check this one out.

Tech #3 Mark Carey-Smith - Maximising Efficiency in Security Operations

Mr Carey-Smith’s talk had a point, but I think it missed it. Collaborating with customers, automating repeated tasks and fostering communication are important points. The talk got waylaid by a needless, too-technical but not-technical-enough introduction into BIND RPZ which was only tangentially related to some really cool things they’re doing with finding Fast Flux/Dynamically Generated Domains.

Death by powerpoint was a terrible risk - everything that was said was written on the slides - when will people learn?


Darren Kitchen - The Curse of Convenience: How Plug and Play became Plug and Pwned

  • “Over 9000” dropped twice, cute. :)
  • talked about:
    • the original pineapple
    • the rubber ducky
    • the turtle
  • Great speaker, very good at what he does.

Aamir Makhani - Spies, Geeks, and Tracking: using Threat Intelligence to hunt for data

  • He bought old drives and phones etc. mined it and found gold.
  • Remember to check out your devices’ location data - frequent locations are amazing
  • Facebook - put in the phone number, get name/profile - never get notified
  • Photobucket recent uploads - the mobile app automatically uploads everything to a public feed by default, it’s amazing what you can find.

Zoltan Balazs - Sandbox Detection: Leak, Abuse, Test

Good overview of how bad actors can detect that they’re in a sandbox. It’s the things you don’t think about until you have to which matter :)

Bradley Schatz - Speeding up Forensics

Bradley’s done a lot of great work, and he gave a good talk on the history of Forensic imaging techniques. Smelt heavily of an ad by the end however.


Troy Hunt

Zoltan Balazs the Hungarian - Hacking highly secured enterpise environments

  • I won a Rubick’s cube!
  • “they think the barrels are full of fish, but they’re actually full of hobbits”
  • He does his demos in pre-recorded video, not live - I think this is much better idea for most presenters - though there’s some notable exceptions who are amazing! :)

Wayne and Sun Huang from Proofpoint - Russian actors

  • Ten minutes of showing us uninteresting PHP scripts rather than talking about the details of the hack, sounded amazing, but I had to leave.

By the end of the conference I was quite drained, a week of trying to concentrate while sitting in terrible hotel chairs, and sleeping in a bed which could be best described as horrible took a toll. I definitely learned a lot, and had some good chats with vendors about their upcoming products. I’m sure I’ll be fending off salespeople for months, but I can see some good things on the horizon. :)

#conferences #AusCERT 2016