About

ISO27001 Lead Implementer certified, and based in Wathaurong land. Rebecca (she/her) has a penchant for DevSecOps governance, secure cloud configuration, and being a general Azure fangirl.

Rebecca was born of a moon-less night in an undisclosed location along the cyber ley lines. For the past three years she has been using the mystical powers handed down for generations to write Python code and consult on security arts.

She started her journey working to help manage and implement an information security management system at a Melbourne based start-up. She continued down this path to work at a MedTech company based in Melbourne doing SecOps. After some time working in this role, Rebecca moved on to become a penetration tester and security consultant at a boutique Melbourne security company where she specialised in divination via web applications and calling upon the clouds to tell their dark secrets.

While Rebecca still holds strong opinions about client-side validation, how cross-site request forgery (CSRF) tokens should be handled, and just general application security, she no longer practises penetration testing. She can still be found consulting on cybersecurity, now focusing her energy on helping organisations navigate their compliance requirements and understanding risk, helping build more secure cloud solutions, and properly configuring their operating environments.

Rebecca uses her technical background to help clients in the following areas:

In her spare time she enjoys hiking and spending time in nature, she often writes about her day trips on the blog she shares with her partner "Some Hike it Hot".

Meetups, Conferences and Training Appearances

2019

[Conference] A Brief History of Tamper Evident Locks - October 2019

A talk that discussed common "canary locks" or locks with tamper evident mechanisms through the ages, Buffy trawlled through 11,335,427 patents to identify several high and low profile locks and their known, or speculated bypass techniques.

LockCon | Download the Slides (Coming Soon)

[Meetup] LUV May 2019 Main Meeting: Kali Linux - May 2019

Come together in ritual to learn about KALI LINUX! A Debian based Penetration Testing and Ethical Hacking distribution, with over 600 pre-installed packages. In this talk errbufferoverfl will cover as many things as she can fit into an hour, from port scanning, to web application hacking to exploit pewpewpewing. We'll be looking at some of the more popular tools available within the distribution including nmap, Burp Suite Community Edition, John the Ripper and many others. She will also discuss the phases we go through when conducting a security assessment from recon to exploitation and where these tools can be leveraged. Tonight, for one night only no server, or web application is sacred.

[Training] Snake Charming for Beginners - April 2019

Snake-charming is an age-old practice of hypnotizing snakes by playing and waving a murli - in the modern day this practice looks much different, equipped with an Integrated Development Environment (IDE), a clackity keyboard and a trusty guide we'll be taking you through how you can effectively charm Python 3.6.

On the first day of our trek through the dense jungles of Pythonia we will be looking at how to build a simple sub-domain enumeration tool and how to get started building simple exploits - for those who have trekked these paths before - extra challenges will await you.

Day two we will move further into the dark jungles of Pythonia delving into forbidden user-land territory and how you can use Python to gather useful system-level information, and contact the UNIX daemons of old.

While writing this training description, errbufferoverfl wrote two Python fan fictions, the next cyber-themed Hollywood blockbuster and Shakespearian a play about the training.

0xCC | Download the iPython (Coming Soon)

2018

[Conference] Agloe - What the Map Makers of the 1930s can Teach us About Protecting our Data in 2018 - Various Times

What does the little town of Agloe, Colchester, NY have in common with modern day data protection? Why when I look for directions to Agloe, Colchester, NY do I only get a partial match? And what do yellow small birds have to do with anything?

In this talk we are going to do the time warp back to the 1930’s and see what the General Drafting Company can teach us about securing data and breach notification and how to apply these concepts in the modern day. Using free and open-source solutions I’ll show you that information security isn’t all about expensive third-party products and Security Operations Centers’ (SOC), rather, by using some defensive thinking and a bit of creativity, with your exisiting infrastructure and services you too can easily identify data breaches, and catch the bad guys in the act with the tools you already use in your own environment. Come along for a lesson on the anatomy of the canary.

PyCon 2018 Security & Privacy Track | OWASP AppSec Day | PurpleCon (PDF)

[Training] Building your own offline file-sharing and communication system for the inevitable downfall of the Internet - February 2018

Have you ever considered a world where the Internet in all it's grandeur and tyre-fire-ness has finally imploded. Well after living for 8 months without the Internet I did and it looked a little like this. The PirateBox is a DIY anonymous offline file-sharing and communication system built with free software and inexpensive off-the-shelf hardware.

This workshop will go through the steps of setting up your very own PirateBox, using OpenWRT we will build an offline Internet with an inbuilt chat, file sharing capabilities and image board. Which can then be battery powered and carried around with you! The PirateBox is a beginner friendly privacy and anonymity positive piece of hardware, it introduces students to the basic concepts of hardware hacking, flashing devices, setting up config files etc. More importantly it has a larger cultural impact as it is an easy way for people to anonymously communicate and exchange files in a time where this is becoming difficult. It has previously been used by people to locally share digital media (such as ebooks) and to securely share cryptographic keys by people running CryptoParty workshops. Student Prerequisites This is a beginner friendly course, little to no prior knowledge of OpenWRT is needed, but users should have basic understanding of the command line.

Download the PDF (Coming Soon)

2017

[Meetup] Dear Rubyists... and any other web developers listening - March 2017

A presentation on common web vulnerabilities and how they can be remeidated by developers.

Download the Slides (Coming Soon)

Programming Projects