Workshop Considerations

I was chatting with one of my fellow AusCert presenters, and started to reflect on how vastly different presenting a hands on workshop was from past presentations I have given. I have run workshops before, but they happened to be very content dense, and while the participants had an opportunity to do some worked examples, the material had to barrel forward to fit into the time. I undertook this .NET pentesting workshop in a very different way, starting from materials preparation. …

Posted on

Road to AusCert

Presenting at conventions is something I have been incredibly fortunate to do from very early in my Cyber Security career. I need to go back and find the specific snippets, but Bruce Potter, Dan Kaminsky, and others I have watched over the years have stated the importance of new people presenting and that the best experience of these cons is from presenting. I also had the benefit of a very supportive team at Alcorn Group supporting my first submission to CrikeyCon 2018. …

Posted on

Remote Traffic Interception for Thick Application Assessments

Thick application testing scenarios Thick application security testing, from the perspective of a consultancy, usually involves a customer who has obtained an off the shelf solution from a vendor or who has engaged an external developer to produce the internal tooling. It is substantially less common for the customer to have developed the application-under-test inhouse. The impact of this is usually the customer does not have the institutional understanding or documentation about the inner workings of the application and primarily manage the infrastructure which supports the application. …

Posted on

The Art of the Bodge

Back before I started uni, I was at the wrong end of the country. I had to drive from Mount Isa to Tasmania and I decided I wanted to show where I was each day to whoever was reading my website. Now I had a problem. I was at the time using a basic Nokia 3315 which had snake, but no internet to speak of. It was at this point that I applied my favourite development tools of the time to the problem. …

Posted on