Rewind back to November last year, big yell out to Thomas Hingant for taking up the challenge of being our offical video photographer over our 2-day event.
If you didn't get a chance to attend @bsidesmelbourne last year (or did attend), sit back and enjoy these awesome highlights.
Thanks again to all our volunteers who make the impossible possible.
#BSidesMelb2024
#SecurityBSides
Thanks to the team at TheBigBrick in Bayswater (https://www.thebigbrick.com) for helping us create an excellent gift for our speakers and VIPs for this year's conference.
Whew! This flamingo is officially flapped out! After two wild and wonderful days of MCing, sticker swapping, and soaking up all the amazing BSidesMelbourne vibes, it’s time to pack my feathers and head back to Chicago.
Honestly, I might just sleep the whole flight—I’m THAT tired. Who knew being fabulous took so much energy? But don’t worry, Melbourne, I’ll be dreaming of all the fun, the friends, and the flamingo fans until I’m back next year to do it all over again.
For now, though, this bird is off to roost. See you soon, Melbourne! 🦩💤✨ #FlamingoFarewell #FlappedOut #BSidesMelbourne #BSidesMelb2024
We're thrilled to be at BSides Melbourne showcasing the cutting-edge hacking tools!
Visit our table today to explore the latest in Software Defined Radio, Penetration Testing Tools, Physical Securiry and Tech Gadgets for professionals and enthusiasts!
Cyber Cyber Trivia IS BACK!
Starting on Sunday at 3:05 PM in the Big Room by our esteemed host Vaughan. Grab your friends, colleagues, strangers, make new friends and form teams of 2-5 people and switch on your cyber brains 🧠 🤓
Prizes I hear you say? Of course there will be. Come and join the fun.
Join Kaif Ahsan & Kumar Soorya as they present "OAuth Hacking Marathon - Exploiting Common Security Pitfalls and Mitigating Them".
Oauth is a crucial piece of the modern technology puzzle that enables us to experience a more unified and seamless digital ecosystem. In this talk, they will showcase a series of demos that exploit various vulnerabilities both on the client side and on the authorisation server of a fictional OAuth service to show the common security pitfalls and how to navigate them.
This will be really entertaining and full of fun, so make sure you get along on Sunday at 12:50 PM · Small Room.
https://bsides-melbourne-2024.sessionize.com/session/729978
#BSidesMelb2024
Oauth is a crucial piece of the modern technology puzzle that enables us to experience a more unified and seamless digital ecosystem. In this talk, we are going to showcase a series of demos that exploit various vulnerabilities both on the client side and on the authorisation server of a fictional OAuth service to show the common security pitfalls and how to navigate them. In a cat-and-mouse chase fashion, the demos involve the developers patching the OAuth vulnerabilities, only for the hackers to identify a new, more complex attack to own the company again. These demos are inspired by real-world incidents and will illustrate how attackers actually exploit them in the wild. OAuth gives us immense power of letting our apps and services share data seamlessly across them. But like Uncle Ben said to Spider-Man, “With great power comes great responsibility”, OAuth can also be a blessing or a curse. And in this talk, we will explore what can go wrong with OAuth if we don’t wield this mighty power carefully. Throughout the session, we will also discuss defensive strategies and industry best practices to tackle these attacks. Additionally, we will analyse the root causes of these vulnerabilities and discuss how the future OAuth 2.1 version helps mitigate such attacks. So buckle up for a roller coaster live hacking marathon!
Speaking on Sunday at 2:35 PM · Big Room we have Ayoub presenting "How to build an effective open source ransomware protection framework".
With many variants of ransomware going undetected, Ayoub presentation will demonstrate how to build an effective ransomware detection framework, particularly useful when detection using specific rules or signatures in EDR/AV systems fails.
https://bsides-melbourne-2024.sessionize.com/session/729564
#BSidesMelb2024
Security solutions employ various methods to detect ransomware, yet many attacks still occur daily, slipping under the radar. This talk demonstrates how to build an effective ransomware detection framework, particularly useful when detection using specific rules or signatures in EDR/AV systems fails. The presentation begins with a brief overview of the common encryption methods ransomware uses to encrypt files, followed by a discussion of generic heuristics to counter these threats. The detection framework relies on a scoring system: as file modification events are recorded, the framework evaluates them against a set of heuristics. Each event may increase the score based on its anomalous nature. If the score surpasses a certain threshold, the process responsible for the events is deemed malicious.
We can't have a security conference without a Lockpick Village. Thanks to @cybercx for helping us put this on. If you are at BSides Melbourne this weekend, take a look at the schedule.
Get along to G.07 Ideas Bank room and challenge yourself. There will also be some beginner and intermediate workshops, as well as our youngest BSides speaker, Som, discussing his journey into the lockpick world.
Check out the schedule, search the pulldown by room:
Select G.07 for all the details.
https://bsides-melbourne-2024.sessionize.com/schedule
And the career village just keeps getting better and better. Next up we have @liamo presenting "Everything you need to know about Cyber in 30 minutes".
Get along and hear Liam discuss Cyber Industry and pathways. You could study for years and only know a small part of it. He will talks about everything from Pentesting to GRC and through to AppSec, and he isgoing to (attempt to) cover it all. Whether you're new to cyber or an old-hand in your discipline, there will likely be something new for you in this talk.
Sunday at 1:35 PM · Small Room
https://bsides-melbourne-2024.sessionize.com/speaker/43619540-2631-4c4e-9f45-8e22d7d8017d
#BSidesMelb2024
BSides Melbourne
Synick
Sasha the Flamingo
OzHack