Hiding malware in Docker Desktop's secret virtual machine
So I was trying to find a way to hide malware on someone's Macbook for a
whole year when I
realised that this is basically a feature Docker provides natively.
Docker, which approximately every developer is running, has a Linux
virtual machine in it? I
know. I'm just as shocked as you are. It turned out to be not only a fun
surprised, but a truly
excellent place to hide malware.
This all ended up with me finding a brand new way of making your malware
invisible to whatever
antivirus or EDR is running on the Mac.
Do not even worry about it if you don't know what some of these words
mean, I will explain
everything in a crispy bite-sized way so you don't need background
knowledge of Docker, malware,
or any of that nerd stuff.
Mangopdf
Hall A
9:45
Applying First Nations Philosophy to Cyber Security Strategies
Applying First Nations Philosophy to Cyber Security Strategies
My aim is to clearly apply three elements of Indigenous philosophy and how it corresponds with
what is needed for a strong, robust, cyber security strategy. Overall, this links to the bigger
picture of rethinking our current cyber security problems and rebooting to strengthen responses
to threats. These three elements are adaptability, moral and ethical wisdom, and value for
autonomous regard.
Supporting First Nations people and knowledge in the cybersecurity industry is so important as
we move forward. As a proud First Nations woman, I want to help with that initiative and assist
in opening opportunities for Indigenous knowledge to be harnessed in how we respond to cyber
security threats. Australia would not be the first country to do this. There have been many
countries in the Middle East to utilise their cultural knowledge and philosophy to influence the
decision-making process when creating security strategies.
In my speech, I will also explain some ways that the cybersecurity industry can help bridge the
Digital Divide and create more pathways for Indigenous people to get into cyber. The overall aim
of my speech is to focus on holistic outcomes for cyber and utilise cultural knowledge so that a
sense of community spirit can be formed and that people of all cultures feel heard.
Jas
Hall A
9:45
CTF Starts
The Sleuth
CTF Lair
9:45
Using the ATT&CK matrix to map incidents to bolster detect and respond capabilities
Using the ATT&CK matrix to map incidents to bolster detect and respond capabilities
With so many possible threats, it might seem daunting to understand how we can learn from our
previous incidents, or incidents experienced by other organisations. Traditionally when threat
intelligence has been focused on Indicators of compromise (IOCs) it can seem a daunting task to
know how to get all that information and put it to good use. The thing is, IOCs are not
everything, IOCs are ephemeral. They have a shelf life, and that shelf life can be very short in
some instances. So a defence plan that focuses on ingesting IOCs and blocking them will never
increase the maturity of a detect and respond capability. This is why MITRE ATT&CK was
developed.
“MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques
based on real-world observations. The ATT&CK knowledge base is used as a foundation for the
development of specific threat models and methodologies in the private sector, in government,
and in the cybersecurity product and service community.”
This workshop will walk through the anatomy of an incident, from mapping incident stages to the
ATT&CK tactics and techniques and then developing detection and mitigation strategies most
relevant to that particular threat type.
Fancy_4n6
Room 6
10:30
Break
11:00
Paper Cuts - Stop the Bleed
Paper Cuts - Stop the Bleed
Documentation is inherent to every organisation, and in cybersecurity consulting a lot of that
documentation is bound for external clients. My presentation will address common places in
documentation that may leak information about staff, internal processes, and other clients.
Kristine S
Hall A
11:30
The team with 30 million
The team with 30 million
Facing a global pandemic has been (and continues to be) an incredibly challenging period. There
are very few people who have not seen dramatic impacts on their lives as a result.
While we as humans have been facing this struggle, a similar problem has been emerging in our
software development community. Not only are we finding more vulnerabilities in our software
than ever, but those weaknesses have been affecting a larger proportion of our software
ecosystem.Are there lessons we can take from the last few years and the changes we have made to
protect people from a pandemic and apply them to our software ecosystem? I believe there are.
In this talk, we will look at how the relationships between software projects improve our world
whilst also making us vulnerable. We will do this by diving into the structures between
codebases and looking at how these affect the risk faced by our people, data, and systems.
We will then take a look at the harm that has been caused (and could yet be caused) by
exploiting this ecosystem and the steps we can take to reduce this risk and increase the
resilience of all our systems — steps that mirror the hard lessons we have learned as humans
over the past few years.
lady_nerd
Hall A
12:00
Outflanking TCC
Outflanking TCC
TCC (Transparency, Consent, and Control) is a mechanism in macOS to limit and control
application access to a user's privacy features. This talk will discuss design flaws within the
system and demonstrate techniques to access privacy features during offensive operations. An
open-source tool developed by the speaker to aid in enumeration during operations will be
presented.
The talk will also provide various defences and detection mechanisms organisations can
consider implementing in their environment.
psychsecurity
Hall A
12:30
Lunch!
Food Food Food
12:45
A hacker's view of DoS attacks
A hacker's view of DoS attacks
This workshop will demonstrate hacker reconnaissance against an organisation to select targets
best suited for a DoS attack. Following that we will provide methods for defending your
organisation and web applications.
DoS attacks is a topic at the front of a lot of people's minds at the moment. This talk will
examine how a hacker selects targets within an organisation with a goal of causing the greatest
business disruption.
Attackers can find juicy targets in more ways than you would initially think. A range of
discovery techniques will be presented. People participating in this workshop will not be left
hanging, as it will finish with how you can protect your assets from DoS attacks (spoiler: a
CDN, WAF or DoS scrubbing are not magical cures on their own).
Karit
Room 6
13:30
Doin it for the kids
Doin it for the kids
During a session of SecTalks Toowoomba participants collaborated and created a crowd sourced
talk designed to be used by anyone to present to groups of parents, educators and caregivers
about cyber safety for kids.
This talk will discuss the creative process and also include the talk that was developed.
Participants will have access to the crowdsourced presentation and are welcome to re-present it
within their own communities.
JP and Cam
Hall A
14:00
Inside the Persistent Mind of a Chinese APT
Inside the Persistent Mind of a Chinese APT
The motivation behind Chinese APT groups have always been deeply rooted in nationalistic pride.
Former Chairman Deng XiaoPing once stated, “It doesn't matter if a cat is black or white as long
as it catches mice”. These words ring true in the series of targeted attacks launched by the
Chinese APT groups throughout the years to gather intellectual property and conduct cyber
espionage. But what does it take to build a nation-state actor? Indoctrination in the early
years? A hiring system inbuilt into the education system?
In this talk, I will explore the tactics, techniques and procedures utilised by Chinese APT
groups to launch cyber-attacks, how hiring and recruitment works at a nation-state level and use
examples from recent incident response engagements we've worked at Secureworks. Attendees will
not only learn about how Chinese APT groups conduct attacks and the various tools and techniques
they use - but they will gain an understanding from a psychological standpoint, the motivations
behind these attacks and what drives the mind of a Chinese nation-state actor.
Inversecos
Hall A
14:40
How to Hack a Hospital
How to Hack a Hospital
Modern hospitals are packed to the rafters with technology designed to deliver better patient
outcomes. From location tracking services to data analytics, your local hospital is more tricked
out than ever.
But as technical capability increases, so does the attack surface. Medical appointments have
been cancelled due to cyberattacks. Stolen patient records now fetch more that stolen credit
cards on the black market.
In an era of Bluetooth-enabled pacemakers and wireless infusion pumps, how do we minimise the
risk of hackers hitting our healthcare? Take a look at how hospitals secure their infrastructure
(and your medical data) on a budget that most fintechs would find down the back of their couch.
G-lock
Hall A
15:00
Introduction to organisation driven threat modelling
Introduction to organisation driven threat modelling
The purpose of this tutorial is to provide an overview of tools, techniques and processes to
conduct threat modelling. Whether it's a whole organisation and specific project, the role of
threat modelling is to provide clarity as far as the stakeholders' risk appetite and
prioritisation.
This ensures that resources can be effectively applied to projects and that priority
information requirements and sustainment are established.
Activities that will form part of this tutorial include:
Faz
Room 6
15:10
Mental Health Threat Modeling
Mental Health Threat Modeling
In the field of InfoSec, there are different threat models which are used to identify potential
threats to an application or a computer system. As InfoSec professionals, we're always looking
at ways to defend, test and improve the security posture of our organisations.
But what about looking at using a threat model to protect our mental health? If you'd like to
know how threat modeling can help us keep the flame of passion for the field of InfoSec, then
listen to this talk.
Gyle
Hall A
15:55
Afternoon Break
16:25
GRC Secrets - Use a Walkie-Talkie to look good
GRC Secrets - Use a Walkie-Talkie to look good
At AISA CyberConf I presented a few ideas that I had developed over the course of my career. I
called them the "More Essential Essential Eight" (MEE8). In this talk, I aim to dig deeper into
two of them "People are people" and "Use a walkie-talkie to look good".
What I aim to show in this talk is that there is a disconnect between Information Security
practitioners and "the business" and that by narrowing that gap, it can benefit all parties
involved.
I will bring some examples of times when I have experienced a gap and how I worked to fix it
and how the outcome was positive. I'll also show how this can be used in future.
Allen
Hall A
16:55
Hacking Rental e-Scooters - Real World Examples
Hacking Rental e-Scooters - Real World Examples
The production and renting of E-scooters has become one of the fastest growing global
industries since 2018. With the increased demand for e-scooters and related products, the
development and hacking of the standard iot device has become an incredibly powerful tool.
This talk will cover the use and background of scooter iot devices, and will be outlining the
hardware and software used by two specific vendors. Methods such as social and reverse engineering
will be discussed, and code, exploits and documentation for these attacks will be showcased.
Jamie D
Hall A
17:00
CTF Ends
The Sleuth
CTF Lair
17:25
Bypassing Google Safe Browsing to host persistent phishing websites
Bypassing Google Safe Browsing to host persistent phishing websites
This presentation will discuss a 6-month trial and error process that resulted in the discovery
of how to host persistent phishing websites that evade detection by Google Safe Browsing. It'll
outline how Google collects and analyses suspicious domains, how they treat threat intelligence
supplied by partners and how threat actors can abuse Google's discovery, analysis, and reporting
process to evade detection.