September 2021: [Conference] Collapsology: Why your biggest threat isn’t exposed RDP¶
For decades, anthropologists, quantitative historians, and sociologists have discussed and proposed various explanations for the collapse of civilizations, from unsustainable complexity, decay of social cohesion, rising inequality and general misfortune.
Using our time-travelling phone booth, we’ll investigate historical collapses and conduct a root cause analysis to investigate why these collapses happened, and how we can observe similar issues in modern business environments.
This talk provides an overview of how to identify cultural threats in a rapidly evolving business landscape, and how we can use modern-day tools to identify these threats before they result in security culture collapse.
PyConline 2021 Snake Oil Academy Recording (Coming Soon!) | Additional Resources
November 2019: [Debate] The Big Cloud Security Debate: Hackers vs Security Engineers¶
A debate organised by ANZ, Contino and Meetup Madness where 4 hackers vs 4 security experts engaging in a fiery debate to determine all the ways they can hack and defend cloud environments. errbufferoverfl participated as part of the “hackers”/”red team”.
October 2019: [Conference] A Brief History of Tamper Evident Locks¶
A talk that discussed common “canary locks” or locks with tamper evident mechanisms through the ages, Buffy trawled through 11,335,427 patents to identify several high and low profile locks and their known, or speculated bypass techniques.
May 2019: [Meetup] LUV May 2019 Main Meeting: Kali Linux¶
Come together in ritual to learn about KALI LINUX! A Debian based Penetration Testing and Ethical Hacking distribution, with over 600 pre-installed packages. In this talk errbufferoverfl will cover as many things as she can fit into an hour, from port scanning, to web application hacking to exploit pewpewpewing. We’ll be looking at some of the more popular tools available within the distribution including nmap, Burp Suite Community Edition, John the Ripper and many others. She will also discuss the phases we go through when conducting a security assessment from recon to exploitation and where these tools can be leveraged. Tonight, for one night only no server, or web application is sacred.
April 2019: [Training] Snake Charming for Beginners¶
Snake-charming is an age-old practice of hypnotizing snakes by playing and waving a murli - in the modern day this practice looks much different, equipped with an Integrated Development Environment (IDE), a clackity keyboard and a trusty guide we’ll be taking you through how you can effectively charm Python 3.6.
On the first day of our trek through the dense jungles of Pythonia we will be looking at how to build a simple sub-domain enumeration tool and how to get started building simple exploits - for those who have trekked these paths before - extra challenges will await you.
Day two we will move further into the dark jungles of Pythonia delving into forbidden user-land territory and how you can use Python to gather useful system-level information, and contact the UNIX daemons of old.
While writing this training description, errbufferoverfl wrote two Python fan fictions, the next cyber-themed Hollywood blockbuster and Shakespearian a play about the training.
Various Times: [Conference] Agloe - What the Map Makers of the 1930s can Teach us About Protecting our Data in 2018¶
What does the little town of Agloe, Colchester, NY have in common with modern day data protection? Why when I look for directions to Agloe, Colchester, NY do I only get a partial match? And what do yellow small birds have to do with anything?
In this talk we are going to do the time warp back to the 1930’s and see what the General Drafting Company can teach us about securing data and breach notification and how to apply these concepts in the modern day. Using free and open-source solutions I’ll show you that information security isn’t all about expensive third-party products and Security Operations Centers’ (SOC), rather, by using some defensive thinking and a bit of creativity, with your existing infrastructure and services you too can easily identify data breaches, and catch the bad guys in the act with the tools you already use in your own environment. Come along for a lesson on the anatomy of the canary.
February 2018: [Training] Building your own offline file-sharing and communication system for the inevitable downfall of the Internet¶
Have you ever considered a world where the Internet in all it’s grandeur and tyre-fire-ness has finally imploded. Well after living for 8 months without the Internet I did and it looked a little like this. The PirateBox is a DIY anonymous offline file-sharing and communication system built with free software and inexpensive off-the-shelf hardware.
This workshop will go through the steps of setting up your very own PirateBox, using OpenWRT we will build an offline Internet with an inbuilt chat, file sharing capabilities and image board. Which can then be battery powered and carried around with you! The PirateBox is a beginner friendly privacy and anonymity positive piece of hardware, it introduces students to the basic concepts of hardware hacking, flashing devices, setting up config files etc. More importantly it has a larger cultural impact as it is an easy way for people to anonymously communicate and exchange files in a time where this is becoming difficult. It has previously been used by people to locally share digital media (such as ebooks) and to securely share cryptographic keys by people running CryptoParty workshops. Student Prerequisites This is a beginner friendly course, little to no prior knowledge of OpenWRT is needed, but users should have basic understanding of the command line.
Download the PDF (Coming Soon)
March 2017: [Meetup] Dear Rubyists… and any other web developers listening¶
A presentation on common web vulnerabilities and how they can be remediated by developers.
Download the Slides (Coming Soon)