All events
-
BSides San Francisco
to
BSides San Francisco is a non-profit organization designed to advance the body of Information Security knowledge by providing an annual, two-day, open forum for discussion and debate for security engineers and their affiliates. Presenters at BSides SF conferences are engaging the participants and getting the discussions started on the “Next Big Thing”, not preaching at you from the podium about last month’s news.
Your voice confirms my identity by Ethan McKee-Harris
With voice cloning now available to the masses, just how secure is your average voice authentication system?
Come dive into the world of AI voice generation systems; learn how to clone someone’s voice, as well as discussion surrounding the trends we are seeing in voice authentication systems and AI voice generation.
-
TuskCon
to
Cotton Tree Caravan Park, Maroochydore
Tuskcon is a two day hacker camp with an emphasis on hands on learning and activities, not death by powerpoint. Now running for its third year, TuskCon will showcase the beautiful sunshine coast region, with activities utilizing the surrounding environment. We encourage participation from all, especially new and novel activities that wouldn’t fit into a conventional con’s agenda. Overseeing the camp is well known infosec pinniped Lord Tuskington.
The things a hacker will really target during a DoS attack by David Robinson
A lot of people will say to defend against a DoS attack all you need is a CDN, WAF, and DoS scrubbing in front of your web site; a little piece of news… that isn’t going to help in a lot of cases.
This workshop will look at the systems in your organisation which aren’t your normal run of the mill web sites, which hackers will target. Hands on time will be spent detailing the methods to identify these assets, along with how to formulate a plan to protect them
-
BSides Canberra
to
BSides Canberra returns in Spring 2023 with 3 days at the National Convention Centre. In 2023, Thursday will be BSidesCbr101 - a day devoted to newcomers to the conference and the computer security industry.
A hacker's view of DoS attacks and how to defend against them by David Robinson
David presented a talk on how hackers view DoS attacks and how to defend your organisation.
Download the slides for the A hacker's view of DoS attacks and how to defend against them talk
-
Code Camp Wellington
Invest in your tech career with a full day of learning & networking. Held at the weekend so you don’t have to ask for time off work.
A hacker's view of DoS attacks and how to defend against them by David Robinson
David presented a talk on how hackers view DoS attacks and how to defend your organisation.
Download the slides for the A hacker's view of DoS attacks and how to defend against them talk
-
Business for good
Room 1.17 Otago Business School
Business for good series by Nick Baty
Nick will discuss how to better understand cyber security in real terms that make sense to modern business leaders and how to turn cyber security maturity from a vulnerability and risk to a positive value proposition that will help set businesses apart in their industry.
-
Canterbury Hacker Camp
to
Hanmer Springs Retreat, Hanmer Springs, Aotearoa
The Canterbury Hacker Camp is still the same conference that you know and love. It’s a community event for security professionals and hackers, but this year you’ll find it somewhere a little different: Hanmer Springs. Modelled on the wildly successful formula of nostalgic American summer camps, we will take full advantage of the location for both outdoor and hacker activities. During the day, we will partake in a variety of nature adventures, hot pools, or adrenaline activities, while the talks and workshops will take place in the afternoons and evenings. Think hacker horror stories while roasting marshmallows on the campfire. When was the last time you heard of a Call for Campfire Stories?
ADS-B SDR Workshop by David Robinson
ADS-B is standard protocol which planes broadcast to tell air traffic control towers what their location is. Like the majority of aviation protocols, it is unencrypted. This workshop will look at:
Using an SDR to generate ADS-B messages (on the ISM band, not to interfere with actual ADS-B signals)
Analysis of potential attack scenarios
Receiving ADS-B messages using a software decoder like dump1090
-
Bay of Plenty SIG 2022
Tauranga, NZ
Simon will be presenting a whirlwind discussion of the tools, techniques and procedures used to conduct online investigations.
-
Jomlaunch - Cyber Security Conference
to
World Trade Centre Kuala Lumpur, Malaysia
Jomlaunch is a place where developers come together to talk about our tech, stack, work and get to geek out among friends.
XSS Curioxssity by Ahmad Ashraff Ahmad
Ahmad will be presenting a talk in Jomlaunch’s Cybersecurity track.
-
AWS Innovation Exchange for Public Sector Leaders - Security Month
Wellington, NZ
AWS are running a series of events over Security Month …
How to navigate an increasingly sophisticated threat landscape by Steve Honiss
Steve will be giving a talk entitled “Security insights: How to navigate an increasingly sophisticated threat landscape.”
-
BSides Ahmedabad 2022
The Forum, Club O7, Ahmedabad, India
BSides Ahmedabad hosts the The Bug Bounty Show in this 3rd edition. Speakers in this track will deliver a lightening talk on the best of their awarded hunt. This is a platform for speakers to showcase their methodologies used to crack the most unique bug.
Masquerading malicious campaign through unintended IDOR by Ahmad Ashraff Ahmad
Ahmad will be presenting a lightning talk in their Bug Bounty Show track.
Download the slides for the Masquerading malicious campaign through unintended IDOR talk
-
THREAT CON 2022
to
Aloft Kathmandu Thamel, Kathmandu, Nepal
XSS Curioxssity by Ahmad Ashraff Ahmad
Ahmad will be presenting a talk in their Bounty Track event.
-
CrikeyCon VIII
Royal International Convention Centre, Bowen Hills, Brisbane, QLD
CrikeyCon is a community-led conference targeting those with an interest in information security around South-East Queensland and beyond.
The informal style of the event is designed to facilitate knowledge sharing between all participants. The event consists of presentations and demonstrations by industry professionals, security wizards, and enthusiasts alike.
A hacker's view of DoS attacks by David Robinson
A lot of people will say to defend against a DoS attack all you need is a CDN, WAF, and DoS scrubbing in front of your web site; a little piece of news… while this is a good start, it may not help in a lot of cases.
This workshop will look at the systems in your organisation which aren’t your normal run of the mill web sites, which hackers will target. Hands-on time will be spent detailing the methods to identify these assets, along with how to formulate a plan to protect them.
-
New Zealand Network for Women in Security (NZNWS)
Online
Open-Source Intelligence by Simon Howard
Simon will be provide a whirlwind discussion of the tools, techniques and procedures used to conduct online investigations.
-
Microsoft 365 Presentation - Common Security Issues
Online
Presentation by Blaise St-Laurent
Blaise St-Laurent and Tom Nanai presented the most common security issues in Microsoft 365, that they and their team at ZX Security have encountered over the last three years.
-
New Zealand Network for Women in Security (NZNWS)
Online
Operational Security by Simon Howard
Simon will be providing an overview of operational security processes and measures which can be adopted to keep yourself safe online.
-
CHCon 2021
to
The Arts Centre Te Matatiki Toi Ora, Christchurch, Aotearoa
CHCon is a conference for security professionals and hackers in Christchurch, NZ.
Training will be run on Thursday 4th November, and presentations on Friday 5th and Saturday 6th.
A CTF will be run across both days of the main event that will include GEOINT, OSINT and DFIR challenges across a wide variety of skill levels. Participation in the CTF will be available to in-person and virtual VIP attendees.
All official conference events will be held at The Arts Centre Te Matatiki Toi Ora at 2 Worcester Blvd, Christchurch Central. Be sure to email us if there’s something in particular you’d like to see happen at the con!
The event is being coordinated by a collaboration of people from the local ISIG and Women in Tech groups. These are two information security and technology groups that meet regularly in Christchurch.
A hacker's view of DoS attacks by David Robinson
David presented a talk on how hackers view DoS attacks and how to defend your organisation. He will also be running a complimentary training to this talk where he will demonstrate the tools and techniques used to identify DoS targets in an organisation.
Download the slides for the A hacker's view of DoS attacks talk
Hacking OpenID Connect and OAuth 2.0 by Matt Cotterell
Matt demonstrated some ways to exploit common flaws found in OpenID Connect and OAuth 2.0 implementations.
Continuous Assurance — Automating Cloud Configuration Security by Francesco Badraun
An introduction to Continuous Assurance (automating cloud infrastructure configuration enforcement and monitoring) and my experience implementing it in an enterprise environment.
Download the slides for the Continuous Assurance — Automating Cloud Configuration Security talk
-
Project Management Institute (PMI) NZ
KPMG Offices, Wellington
Presentation by Simon Howard
Simon provided an entertaining, jargon-free, whirlwind tour of the latest in cyber security, and provide some helpful tips for engaging with security consultants as a project manager.
-
ISACA Wellington Chapter
KPMG Offices, Wellington
Presentation by Blaise St-Laurent
Blaise St-Laurent presented his updated and expanded talk on on the various mistakes, misconfigurations and missteps that ZX Security has seen in the last 2 years’ Azure security reviews.
Highlighting the challenges around trusting on-premises environment, why you really should be looking at Security Center and pains of monitoring and logging in an Azure environment.
-
ITX Christchurch
Christchurch Town Hall, Christchurch, NZ
Learn about the latest tech trends, support your team’s professional development, hear about the most awesome things happening in tech right now, and most of all: have FUN!
Keynote: Cyber Security in a broken world by Elf Eldridge
Elf Eldridge spoke about recents trends in cybersecurity, and organisational preparedness and response to cyberattacks.
Download the slides for the Keynote: Cyber Security in a broken world talk
-
ITX Wellington
Learn about the latest tech trends, support your team’s professional development, hear about the most awesome things happening in tech right now, and most of all: have FUN!
Keynote: Cyber Security in a broken world by Elf Eldridge
Elf Eldridge spoke about recents trends in cybersecurity, and organisational preparedness and response to cyberattacks.
Download the slides for the Keynote: Cyber Security in a broken world talk
-
Microsoft GovTech forum
Wellington, NZ
Presentation by Blaise St-Laurent
Blaise St-Laurent presented to the Microsoft GovTech forum on the 18th of March 2021 on the various mistakes, misconfigurations and missteps that ZX Security has seen in the last 2 years’ Azure security reviews.
Highlighting the challenges around trusting on-premises environment, why you really should be looking at Security Center and pains of monitoring and logging in an Azure environment.
-
OWASP Wellington March 2021
Redshield, 79 Boulcott St, Wellington, NZ
Federated Logins with OAuth 2.0, OpenID Connect, and JWTs by Matt Cotterell
Revisit of the previous talk presented at AppSec New Zealand 2021 introducing OAuth 2.0, OpenID Connect, and JWTs.
Download the slides for the Federated Logins with OAuth 2.0, OpenID Connect, and JWTs talk
-
ISIG Wellington February 2021
The Thistle Inn, Wellington, NZ
SQLi - Squeeling in to the void by Jim Rush
I know what you’re thinking: how can SQLi be interesting? Isn’t that a dead technique? Jim is here to well and truly prove you wrong. SQLi is alive and kicking baby!
Download the slides for the SQLi - Squeeling in to the void by Jim Rush talk
-
AppSec New Zealand Conference 2021
to
Owen G. Glenn Building, University of Auckland, Auckland, NZ
The AppSec New Zealand Conference is presented in collaboration with the OWASP New Zealand Chapter and is a two-day conference dedicated to web and application security, with an emphasis on secure architecture and development techniques to help Kiwi developers build more secure applications.
Federated logins with OpenID Connect OAuth 2.0 and JWTs by Matt Cotterell
Matt spoke about OpenID Connect, OAuth 2.0 and JWTs.
Download the slides for the Federated logins with OpenID Connect OAuth 2.0 and JWTs talk
A hacker's view of DoS attacks by David Robinson
David spoke on how hackers view DoS attacks and how to defend your organisation.
Download the slides for the A hacker's view of DoS attacks talk
-
Aotearoa AWS Users Group
Wellington, NZ
AWS Security Faux Pas by Blaise St-Laurent
Blaise St-Laurent presented to the Aotearoa AWS Users Group on Tuesday the 10th of November 2020 on the various mistakes, misconfigurations and missteps that ZX Security has seen in the last 2 years’ AWS security reviews.
From S3 buckets being left open with Root API keys in it to more subtle IAM Policy mistakes, the presentation looks at the trends and the commonalities that we’ve seen with our NZ-based clients.
-
Aerospace Village - DEF CON - 2020
Online
General Avaition (GA) Electronic Flight Bags (EFB) by David Robinson
David delivered a talk on vulnerabilies in General Avaition (GA) Electronic Flight Bags (EFB).
-
Blackhat USA 2020
to
Las Vegas, USA
Simon was set to deliver two strategic OSINT training courses at Blackhat USA (1-2nd and 3-4th) - however this was cancelled due to COVID-19.
-
Capital Matters 2020
Wellington, NZ
Stephen and Ian from ZX Security showed how easy it is to phish an employees credentials.
-
Synack's HackerHangout Goa Edition 2020
to
Goa, India
Ahmad was invited to Synack’s Hacker Hangout in Goa. Ahmad qualified for this all-expenses paid event by being in the top 10 of their leaderboard.
-
BSides San Francisco 2020
San Francisco, USA
Dan and Claudio ran their fundamentals of AD hacking course.
-
IoT Security for Policy Makers
Wellington, NZ
David Robinson presented a talk on Cyber Attacks Against Autonomous Ships.
-
BlackHat USA 2019
to
Las Vegas, USA
Claudio presented Ghosts in the Browser: Backdooring with service workers.
-
CIO Summit and Awards 2019
to
Auckland, NZ
Ian White placed runner-up in the Emerging ICT Leader of the Year award.
-
Tuskcon 2019
to
Sunshine Coast, AU
David delivered a workshop that introduced attendees to Software Defined Radio.
-
Thistle Inn
Information Security Interest Group
The Future of Piracy on the Highseas by David Robinson
With the advent and the greater use of the autonomous vessels in the future, it will change the way pirates do business. This talk investigates some of the challenges which are going to be faced in piracy in the future and where the pirates R&D the budgets need to be focused, to keep up with the changes in the shipping industry. With the greater use of technology in the shipping industry there are publicly available tools, which can be used to better target our piracy to increase their ROI during their piracy projects.
-
Crikeycon VI
to
Brisbane, AU
David delivered a workshop that introduced attendees to Software Defined Radio.
-
Blackhat Singapore 2019
to
Wellington, NZ
Claudio presented Ghosts In The Browser: Backdooring with service workers.
-
Kiwicon 2038
Michael Fowler Centre, Wellington, NZ
It is the year 2038AD. The dystopic cyberpunk future has well and truly set in; high tech multinationals transcend the authority of nation states, and autonomous drones commit extra-judicial killings based on metadata. Artificial intelligences and machine learning dominate decision making. The algorithm is all. The algorithm can never be questioned.
Ghosts in the browser by Claudio Contin
Service workers are all the rage for progressive web apps nowadays. This talk will take a look at Service Workers from a different perspective. We’ll talk about ways to abuse them by exploiting XSS issues. We’ll cover how to create a pseudo browser backdoor with service workers as well as some of its limitations. The talk will include demos as demonstration of the attacks, and will introduce various defence mechanisms against them.
-
Bay of Plenty SIG 2018
Tauranga, NZ
Simon presented his research into the manipulation of the US election.
-
Tuskcon 2018
to
Sunshine Coast, AU
ADS-B SDR Workshop by David Robinson
David presented a workshop on ADS-B receiving and broadcasting with an SDR
Download the slides for the ADS-B SDR Workshop by David Robinson talk
-
BSides San Francisco 2018
to
San Francisco, USA
Claudio presented his research into fuzzing Ruby Gems.
-
ACSC 2018
to
Canberra, AU
Simon presented his research into the manipulation of the US election.
-
SyScan360 Singapore 2018
to
Singapore
Simon, Dave and Lachlan ran our advanced OSINT course and attended the conference.
-
BSides Wellington 2017
to
Sunshine Coast, AU
Influencing Meat Puppets through Memes by Simon Howard
Simon keynoted BSides (day 2) with his talk - Influencing Meat Puppets through Memes.
Download the slides for the Influencing Meat Puppets through Memes talk
-
CHCon 2017
to
Christchurch, NZ
2FA War Stories by David Robinson
Dave presented on 2FA implementation war stories.
Download the slides for the 2FA War Stories by David Robinson talk
-
Wellington Financial Services SIG
Wellington, NZ
Simon delivered an information security awareness presentation.
-
Defcon 25
to
Las Vegas, USA
GPS Spoofing by David Robinson
Dave presented his research into using GPS spoofing to control time.
Download the slides for the GPS Spoofing by David Robinson talk
-
WAHCKon V
to
WAHCKon (West Australian Hackers Conference) is a Perth based Hacker conference that launched in 2013. We cover a wide range of topics focusing on Information security and Hacker subculture as well as locksports, activism and related areas. We attract a highly diverse set of people, and we are focused on bringing the community together.
Onionland Explorers! by Stephen Shkardoon
An introduction to Tor, an introduction to Onionland!
Untitled by Hugh Davenport
Sorry, there is no talk description at this time
-
OWASP NZ 2017
Auckland, NZ
ZX Security sponsored OWASP New Zealand Day 2017.
-
BSides Canberra
to
Canberra, AU
Practical GPS Spoofing by David Robinson
David Robinson presented an updated version of his GPS spoofing presentation.
Download the slides for the Practical GPS Spoofing by David Robinson talk
-
ACSC 2017
to
Canberra, AU
Simon Howard presented on the Future of Open Source Intelligence.
-
Kiwicon X
to
Michael Fowler Centre, Wellington, NZ
OSINT for Everyone by David Robinson & Simon Howard
The Open Source Intelligence (OSINT) training course covers the techniques and tools used to conduct successful investigations on the Internet. Each topic will include hands-on exercises where attendees gain real-world experience with the tools and techniques discussed. By the end of the course, attendees will be able to produce relevant, timely and actionable intelligence on persons or organisations of interest.
Let's do the Time Warp Again by David Robinson
Dave presented his research into GPS spoofing and replaying TOTP tokens.
Download the slides for the Let's do the Time Warp Again talk
-
ASIS
Wellington, NZ
Advances in Open Source Intelligence Gathering.
-
NZ Cyber Security Challenge 2016
to
Hamilton, NZ
ZX Security is sponsoring and running a workshop at the Cyber Security Challenge.
-
Unrestcon
to
Melbourne, AU
David Robinson presented on practical GPS spoofing attacks and their implications: Download the slides
Lachlan Temple presented his research into vehicle tracking: Download the slides
Stephen Shkardoon educated the crowd on how to be a badass cyborg: Download the slides
-
Technology and Privacy Forum
Wellington, NZ
ZX Security presented on the current state of play with regard to Ransomware.
-
ConnectSmart Cyber Security Summit
Auckland, NZ
Hosted by the Minister for Communications Hon Amy Adams, the Summit was an opportunity for board chairs and chief executives to discuss how New Zealand should tackle the threat of cybercrime, and improve our resilience and security.
-
WAHCKon[‘3″}
to
WAHCKon (West Australian Hackers Conference) is a Perth based Hacker conference that launched in 2013. We cover a wide range of topics focusing on Information security and Hacker subculture as well as locksports, activism and related areas.
Aftermarket Vehicle Trackers & Immobilizers: Redux by Lachlan Temple
Vehicles of all shapes and sizes are bought and sold every day with measures designed to protect them from being stolen or make them easier to retrieve. Re-enforced doors, various locking mechanisms, key based immobilizers and proximity fobs are just some of the countermeasures designed by manufacturers. Unfortunately, not everyone can afford the latest and greatest security when they buy a car, not to mention a second-hand one. So what about aftermarket solutions? I’m sure I could grab something off AliExpress! I mean, it couldn’t be that bad? Right? This presentation will cover the deconstruction (both software and hardware) of cheap vehicle immobilizers and trackers that you can buy for less than the price of a takeaway dinner. Purchasable from retail stores across the globe, and through online sites like AliExpress, these wonderful [citation needed] devices can be installed into your vehicle with very little electrical knowledge. In fact, some mechanics offer to buy and install these devices as a service. Just how many of these devices exist though? Well, at the time of writing the manufacturers boast shipping 360,000 plus units. Not only do we get the ability to communicate with these devices by texting them, but we get a webapp to use and a mobile app too! I wonder what we can find in this one. Oh, and it looks like the manufacturers were generous enough to use common chips when building the device too. Serial wire debug, anyone? Let’s just say that the phrase “You get what you pay for” comes to mind very strongly throughout this talk.
-
WeTest / Ministry of Testing Meetup
BNZ Harbour Quays, 60 Waterloo Quay, Wellington, NZ
David Robinson discussed how to inject security into your testing practice.
-
SyScan360 Singapore 2016
to
Swissotel The Stamford, Singapore
Simon and Dave ran our advanced OSINT course and attended the conference.
Advanced Open Source Intelligence by David Robinson & Simon Howard
The OSINT training course covers the techniques and tools used to conduct successful investigations on the Internet. By the end of the course, attendees will be able to produce relevant, timely and actionable intelligence on persons of interest.
-
Kiwicon 9
to
St. James Theatre, Wellington, NZ
A Bitter Story of Aftermarket Vehicle Tracking & Control by Lachlan Temple
It’s a dreary morning in the windy city with subpar transport from your location. You walk into the electronics store after purchasing your 3 owner Nissan Pulsar, they say money talks, but on your budget, maybe not so much.
You smile glumly to the 20-something university engineering student working part-time for a probably distant future in the same dead-end job. Something about “GPS” and “Car Tracking” you say to him, as if it’s some alternative to the insurance you’re going to get later anyway, or maybe it’s just the personal paranoia of living in a lower-middle class suburb that you feel the need to abide to.
You arrive home with a suspiciously cheap looking device that you attempt to wire into your Pulsar to some success, letting you now track it’s location on a website and turn off the starter motor at your will with a text message from your phone, and perhaps some other things too. “Was it really worth the $200 you just spent?”, you think to yourself, vaguely recalling a drunken conversation at the pub, about how you could get the same thing off some online chinese store for a tenth of the price.
This story and it’s many, many, similar counterparts, are part of something more sinister, and something much worse than the face value of the devices and services offered. Suffice to say, if you’ve fallen prey to one of these devices, you should attend this talk.”
Advanced Open Source Intelligence by David Robinson & Simon Howard
The OSINT training course covers the techniques and tools used to conduct successful investigations on the Internet. By the end of the course, attendees will be able to produce relevant, timely and actionable intelligence on persons of interest.
