Industry presentations

Here is a list of all recorded presentations, talks, workshops, and training that our team has given.

2024

How to brrrrrrrrrrrrr the making of a red team implant

Author: Max Alster-CaminerEvent: SecTalks SYD0x53

Slides: https://github.com/sectalks/sectalks/tree/master/talks/SYD0x53

Recently, while working on a red team, one of my colleagues beautifully constructed a physical implant. However, it only supported Ethernet connectivity, and circumstances now demanded Wi-Fi capabilities. Subsequently, I was assigned the challenge of rapidly developing a physical implant with Wi-Fi capabilities, utilising materials that I had available or obtainable from your local JayCar and Officeworks. This presentation will take the audience through my journey of constructing this implant, showcasing each step and detailing the problems encountered along the way.

What do you really need to authenticate?

Author: Matt StrahanEvent: ComfyCon AU 2024

Video: https://www.youtube.com/watch?v=eefSKldlKaE

To login to your account you need a username and password and maybe an MFA token if they feel like being secure. But can you use other pieces of information to change or bypass the need for a password or token? Could you, by going through a whole bunch of processes and what not, login with an email address or a drivers license? In this presentation I will go over authentication trees, mapping them out, and figuring out what can really be used to authenticate.

2023

Kubernetes Hacking 101

Author: Finn Foulds-CookEvent: Hack.Sydney 2023

This workshop starts with the same presentation from Help I want to attack Kubernetes, but with an additional lab component that explores attacking a real-world cluster.

Workshop guide: Link

Building a Cyber Resilient Business

Author: Alexei DoudkineEvent: Holocron Cyber Webinar

Link: https://youtu.be/3UPZeJOu-mo

Cyber threats continue to impact the productivity and desired outcomes of Australian organisations. This webinar presented a comprehensive understanding of how to build a cyber resilient business. Industry experts in the field of cyber security discussed strategies and best practices for protecting your organisation against data breaches.

Help I want to attack Kubernetes

Author: Finn Foulds-CookEvent: SecTalks Brisbane June

Slides: Link

What would you do if you found a Kubernetes cluster on a penetration test? This presentation focuses on how to get valuable information from a cluster, and do a run-through of a real world scenario where Finn achieved Domain Admin all from a kubernetes config.

AV Evasion: The Lazy Hacker’s Guide with Volkis

Author: Max Alster-CaminerEvent: UTS CSEC

A deep dive into the laziest way of antivirus evasion using Azure pipelines and open source tools. It covers basic antivirus evasion theory and how to use Azure pipelines.

2022

Active Directory Hacking Speedrun

Author: Alexei DoudkineEvent: CSECcon 2022

Link: https://youtu.be/AaOd0XJKEyA

An all-demo presentation on 14 of the most common attacks against Active Directory. Take this as a starting point to replicate later in your own lab.

Intro to Capture the Flag (CTF)

Author: Max Alster-Caminer (Francis Dong + DUCTF Team)・ Event: CSECcon 2022

Link: https://youtu.be/iU8d37jHKbI

Everything you need to get started in the wonderful world of participating in CTFs. It also covers a little of Max’s CTF journey.

Social engineer your way into your first infosec job

Author: Alexei DoudkineEvent: UTS CSEC

Link: https://youtu.be/Jpcj8eyFpTA

What do you need to get your first job in infosec? Alexei talks about what you need and don’t need, what you should put in your CV/resume, and what to expect in interview. A must-watch for anyone looking to break into infosec.

Beg Bounty Hall of Fame

Author: Alexei DoudkineEvent: ComfyCon AU 2022

Link: https://youtu.be/uj3O_rm6HuQ?t=26945

A look at some of the best (or worst) bad submissions to our vulnerability disclosure program. Why is this such a widespread problem and what can we do about it?

Pentesting - The first 6 months

Author: Nathan JarvieEvent: ComfyCon AU 2022

Link: https://www.youtube.com/watch?v=_p5RuK0Jmpk&t=21945s

A story about how Nathan got into the world of offensive security, the struggles, and what to expect in the first 6 months.

2020

Zapping bugs in Storage by Zapier

Author: Alexei DoudkineEvent: ComfyCon AU 2020

Link: https://youtu.be/jey5xY78Hes?t=12077

Alexei talking about a few vulnerabilities that he discovered in Storage by Zapier. For a bit of fun, he demo’s the worst C2 ever written.

Report Ranger overview

Author: Matt StrahanEvent: ComfyCon AU 2020

Link: https://youtu.be/zzovS2FDXe0?t=14246

An overview of Volkis’s Report Ranger tool. Matt goes through how it works, why we designed it and some basic usage example.

DownUnderCTF: One of Australia’s largest CTFs in a nutshell!

Author: Max Alster-Caminer (Sam Calamos, Faith + DUCTF Team) ・ Event: ComfyCon AU 2020 Summer Edition

Link: https://youtu.be/zzovS2FDXe0?t=28083

A deep dive of how 13 Australian Cyber Security university societies came together to keep create one of Australia’s largest CTFs.