Human Centric Information Governance
Powered by Cecil & Hyde.
ISO27001 Lead Implementer certified, and based in Wathaurong land. Rebecca (she/her) has a penchant for DevSecOps governance, secure cloud configuration, and being a general Azure fangirl.
Rebecca was born of a moon-less night in an undisclosed location along the cyber ley lines. For the past three years she has been using the mystical powers handed down for generations to write Python code and consult on security arts.
She started her journey working to help manage and implement an information security management system at a Melbourne based start-up. She continued down this path to work at a MedTech company based in Melbourne doing SecOps. After some time working in this role, Rebecca moved on to become a penetration tester and security consultant at a boutique Melbourne security company where she specialised in divination via web applications and calling upon the clouds to tell their dark secrets.
While Rebecca still holds strong opinions about client-side validation, how cross-site request forgery (CSRF) tokens should be handled, and just general application security, she no longer practises penetration testing. She can still be found consulting on cybersecurity, now focusing her energy on helping organisations navigate their compliance requirements and understanding risk, helping build more secure cloud solutions, and properly configuring their operating environments.
Rebecca uses her technical background to help clients in the following areas:
In her spare time she enjoys hiking and spending time in nature, she often writes about her day trips on the blog she shares with her partner "Some Hike it Hot".
A talk that discussed common "canary locks" or locks with tamper evident mechanisms through the ages, Buffy trawlled through 11,335,427 patents to identify several high and low profile locks and their known, or speculated bypass techniques.
LockCon | Download the Slides (Coming Soon)
Come together in ritual to learn about KALI LINUX! A Debian based Penetration Testing and Ethical Hacking distribution, with over 600 pre-installed packages. In this talk errbufferoverfl will cover as many things as she can fit into an hour, from port scanning, to web application hacking to exploit pewpewpewing. We'll be looking at some of the more popular tools available within the distribution including nmap, Burp Suite Community Edition, John the Ripper and many others. She will also discuss the phases we go through when conducting a security assessment from recon to exploitation and where these tools can be leveraged. Tonight, for one night only no server, or web application is sacred.
Snake-charming is an age-old practice of hypnotizing snakes by playing and waving a murli - in the modern day this practice looks much different, equipped with an Integrated Development Environment (IDE), a clackity keyboard and a trusty guide we'll be taking you through how you can effectively charm Python 3.6.
On the first day of our trek through the dense jungles of Pythonia we will be looking at how to build a simple sub-domain enumeration tool and how to get started building simple exploits - for those who have trekked these paths before - extra challenges will await you.
Day two we will move further into the dark jungles of Pythonia delving into forbidden user-land territory and how you can use Python to gather useful system-level information, and contact the UNIX daemons of old.
While writing this training description, errbufferoverfl wrote two Python fan fictions, the next cyber-themed Hollywood blockbuster and Shakespearian a play about the training.
0xCC | Download the iPython (Coming Soon)
What does the little town of Agloe, Colchester, NY have in common with modern day data protection? Why when I look for directions to Agloe, Colchester, NY do I only get a partial match? And what do yellow small birds have to do with anything?
In this talk we are going to do the time warp back to the 1930’s and see what the General Drafting Company can teach us about securing data and breach notification and how to apply these concepts in the modern day. Using free and open-source solutions I’ll show you that information security isn’t all about expensive third-party products and Security Operations Centers’ (SOC), rather, by using some defensive thinking and a bit of creativity, with your exisiting infrastructure and services you too can easily identify data breaches, and catch the bad guys in the act with the tools you already use in your own environment. Come along for a lesson on the anatomy of the canary.
Have you ever considered a world where the Internet in all it's grandeur and tyre-fire-ness has finally imploded. Well after living for 8 months without the Internet I did and it looked a little like this. The PirateBox is a DIY anonymous offline file-sharing and communication system built with free software and inexpensive off-the-shelf hardware.
This workshop will go through the steps of setting up your very own PirateBox, using OpenWRT we will build an offline Internet with an inbuilt chat, file sharing capabilities and image board. Which can then be battery powered and carried around with you! The PirateBox is a beginner friendly privacy and anonymity positive piece of hardware, it introduces students to the basic concepts of hardware hacking, flashing devices, setting up config files etc. More importantly it has a larger cultural impact as it is an easy way for people to anonymously communicate and exchange files in a time where this is becoming difficult. It has previously been used by people to locally share digital media (such as ebooks) and to securely share cryptographic keys by people running CryptoParty workshops. Student Prerequisites This is a beginner friendly course, little to no prior knowledge of OpenWRT is needed, but users should have basic understanding of the command line.
Download the PDF (Coming Soon)
A presentation on common web vulnerabilities and how they can be remeidated by developers.
Download the Slides (Coming Soon)
usb-canary - A Linux or OSX tool that uses psutil to monitor devices while your computer is locked. In the case it detects someone plugging in or unplugging devices it can be configured to send you an SMS or alert you via Slack or Pushover.
zenobia - A KeePassXC database backup script that can be run, hourly, daily, monthly or yearly using cron.
pearl-memory - A Python script for creating German Anki cards. The script loads a CSV file of words to search, then it gets data from Bing image search, and the Collins dictionary. The script tries to get culture/language specific images but is often hilariously bad at this.