Presentation Title: Hiding malware in Docker Desktop's secret virtual machine

“Alex” is just happy to be here, you know?

They work on the Red Team at Atlassian, committing metaphorical crimes and writing really really detailed confession letters. Lately, though, they're trying out doing "security research" for a few months, which is a lot like "messing around and hoping to stumble upon Science", they've learned.

They Follow them on SoundCloud at

In 1633 “Alex” was excommunicated by the Catholic Church for insisting the Earth revolves around the sun.

Presentation Title: Inside the Persistent Mind of a Chinese APT

Lina Lau (@inversecos) is a Principal Incident Responder at Secureworks, prior to Secureworks, Lina was the Incident Response and Threat Hunting Lead for Accenture Australia & New Zealand.

Lina commenced her career working for an American cybersecurity start-up and also teaching cybersecurity at the University of Sydney.

She has worked on multiple complex international cases covering various sectors such as defence, utilities, banking, resources and manufacturing.

Lina currently holds the following certifications: GXPN, GREM, GASF, GCFA and OSCP.

Presentation Title: Applying First Nations Philosophy to Cyber Security Strategies

Jasmine Woolley graduated from Bond University in 2021, after completing a Bachelor of International Relations. In 2022, she was one of five Australian women awarded the National Intelligence Community and National Security College Scholarship for Women to study a Master of National Security Policy Studies at ANU. The 100 percent scholarship, which is funded by ASIO, ASIS, ACIC, ASD, DIO, AGO, and ONI recognised Jasmine as a standout woman in security with a diverse background and skillset.

Jasmine was recently recognised as one of seventy future national security leaders after participating in the Australian Crisis Simulation Summit.

Jasmine is a 2021 Project Friedman Participant and was recognised as one of twenty future Australian cyber security leaders. Jasmine has interned at the Counterterrorism Group as an Intelligence Analyst and OSINT Liaison Officer for the SOUTHCOM region. She also interned at the Asia-Pacific Centre for the Responsibility to Protect where she created policy recommendations for Security Sector Reform.

Presentation Title: GRC Secrets - Use a Walkie-Talkie to Look Good

With over 20 years of technical, architectural and GRC experience in both South Africa and Australia - Allen is the worlds only AAA-rated GRC Hacker. Allen is now a Manager-level GRC Consultant at CyberCX, advising clients on the details of risk and compliance but also the strategy of building a successful infosec/cyber security program.

Allen has presented at ComfyCon, DEF CON Blue Team Village, DEF CON Security Leaders Village, PCI SSC Community Meeting and AISA Cyberconf.

Using humour, story-telling and weird delivery (slides in excel? why not!) - Allen's talks are never straightforward or boring. But there is always something practical to be taken away from them for everyone.

Presentation Title: How to Hack a Hospital

Grant Lockwood is Virtus Health's Chief Information Security Officer.

His 20 year IT career includes 10 years working in hospitals and 6 years at the pointy end of healthcare cybersecurity, which sometimes leaves him feeling like a modern-day Sisyphus. His hobbies include skydiving, astrophysics, and lying in biographies.

Presentation Title: A brief guide to outflanking TCC

Nadeem Salim is currently a Principal Security Engineer within SEEK's offensive security team. Previously, he led the technical practise of a large security consultancy in Melbourne.

He has over 15 years of experience in the industry focused on offensive security and performing security assessments. Nadeem specialises in adversary simulations, mobile and MacOS security. He has presented at several conferences including CRESTCon, WAHCKon and AusCERT.

'JP' and 'Cam'
Presentation Title: Doin' it for the kids - A crowdsourced talk

JP is the Threat Intelligence Lead at Acumenis, helping organisations identify and test security risks, and implement controls and frameworks to improve their security posture.

As part of his role JP regularly leads incident response tabletop exercises, testing organisations' incident response capabilities with technical, business and executive teams and delivers intelligence driven security awareness training sessions.

JP's experience includes working as an Information Security Manager of Australia's largest mutual bank. During his time as Information Security Manager some of JP's achievements include setting up a new Information Security team and overseeing the establishment of the Bank's internal SIEM, SOC and incident response platforms.

JP has contributed to the InfoSec community in a number of ways including founding the SecTalks Toowoomba chapter and speaking at a number of conferences both in Australia and overseas, and he currently serves as the official TuskCon barista.

Cam Sternsdorf is a passionate security professional who is focused on achieving positive outcomes for both security and customers. Cam is an IT Security Solution Specialist at Heritage Bank and is a trusted advisor within the organisation, often bridging the divide between business objectives and security requirements.

During Cam's career as a security professional he has had the opportunity to develop and present security awareness training, create board level reporting and lead technical projects such as the implementation of network telemetry and advanced security analytics tooling.

Cam contributes to the security community, being the co-organiser of the Toowoomba SecTalks chapter as well as speaking at local business events.

Kristine Sihto
Presentation Title: Paper Cuts - Stop the bleed

Kristine Sihto is a document specialist for TinkerInk, working primarily with cybersecurity consultancies. They are active in the conference space as a volunteer organiser in CrikeyCon and TuskCon, and assists at Bsides Brisbane when they are able. Kristine is a keen artist, drop-bear surgeon, and walrus fanatic.

Presentation Title: The team with 30 million players
Subtitle: Reducing software vulnerability at a global scale

With over a decade of experience in software development and information security, Laura Bell specialises in bringing security into organisations of every shape and size.

She is the founder and CEO of SafeStack Academy, a community-centric online education platform giving developers, testers and architects the skills they need to build high quality, secure software at speed.

Laura is an experienced conference speaker, trainer, and regular panel member, and has spoken at a range of events such as BlackHat USA, Velocity, and OSCON on the subjects of privacy, covert communications, agile security, and security mindset.

She is also the co-author of Agile Application Security and Security for Everyone.

Jamie D
Presentation Title: Hacking Rental e-Scooters - Real World Examples

Jamie Ellis is a self taught programmer with 10 years of experience. He has interest in vulnerability research, reverse engineering, social engineering and network forensics. Jamie studies Computer Science at the University of Wollongong.

Sebastian Salla
Presentation Title: The Art of Phishing - Evading browser protections to host long-standing phishing websites

This presentation will discuss a year-long trial and error process that resulted in the discovery of how to host persistent phishing websites that evade detection by Google Safe Browsing and Microsoft SmartScreen.

It'll outline how Google and Microsoft collect and analyse suspicious domains, how they treat threat intelligence supplied by partners and how threat actors can abuse their discovery, analysis, and reporting process to evade detection.

Presentation Title: Mental Health Threat Modeling

Gyle completed a degree in psychology before she shifted to a career in tech in the early part of this century. She then specialized in cyber security after finding her bliss in studying digital forensics. Aside from being an InfoSec community volunteer, she is an accredited Mental Health First Aider.


Workshop Title: Using the ATT&CK matrix to map incidents to bolster detect and respond capabilities.

Shanna Daly has over 20 years experience across the information security industry.

Shanna's expertise has been called upon during countless data breach investigations, giving her an in-depth understanding of the security implementations that work, and the ones that don't. Shanna continues to share her knowledge with the industry and has built and managed consulting teams of industry experts responding to all types of intrusions and breaches.

Her experience across a wide range of information security domains gives her a unique perspective and a “think outside the box” attitude to securing organisations.

Workshop Title: Introduction to organisation driven threat modelling.

Edward Farrell is a security consultant with over eleven years experience in information security and seventeen years experience in the IT industry.

As the director of Mercury, he has conducted and overseen the delivery of over 500 independent cyber security audit activities and incident responses in the past six years. Edward Is an Army Reservist, Industry Fellow at the Australian Defence Force Academy, and an advisor to several cyber security start ups.

Karit / @nzkarit
Workshop Title: A hacker's view of DoS attacks

Dave/Karit (@nzkarit) in his time working in various parts of the IT industry has developed a skillset that encompasses various disciplines in the information security domain. Dave currently works as a Penetration Tester at ZX Security in Wellington and runs Kākācon.

Since joining ZX Security Dave has presented at DefCon, Kiwicon, Aerospace Village @ DefCon, BSidesCBR, ChCon, Unrestcon and at numerous local meetups; along with running training at Kiwicon, Syscan, CrikeyCon, ChCon and TuskCon. He also has a keen interest in aerospace, lock-picking and all things wireless.