Brisbane

Local News
In May's OWASP Brisbane Chapter meeting, Matthew de Carteret will present a session titled "Ghost in the Shell(code)".

Shellcode is the crux of any exploit being run today. It dictates what the exploit aims to gain from its use — without shellcode the exploit does nothing. Understanding what shellcode does can be a major step in the incident handling process. Shellcode can do anything you can imagine code could do. Not every shellcode used in an exploit downloads malware or spawns a shell.

Times have changed and the targets have updated their protection. Shellcode today could be a straight forward API call to download a file and execute it or it could be code to just disable/create a firewall rule on your windows server.

Catching an exploit is a great step in understanding the purpose of an attack. Extracting and reviewing the shellcode will allow you to streamline your incident handlers to collect malware and focus their reviews on particular services or applications.

This talk will demonstrate methods on captured exploits for extracting shellcode and understanding its purpose.

Matt is a Senior Threat Analysis escalation engineer located in the Brisbane SOC. He is working on getting his SANS GIAC Reverse Engineering Malware certification (and hopes to have this cert prior to presenting ). Working in the SOC gives Matt a great perspective on active exploitation in the wild and the techniques used by malware authors and pentesters. Matt has a considerable employment history including deployment, pentesting and network administration.

Venue: CERT Australia Offices, Level 11, 301 Coronation Drive, Milton.

Time: '''5:30pm (Pizza) for a 6pm start. Lifts will be locked at 6pm, so please arrive before then! '''

Date: Tuesday 3rd May 

Close: Session is expected to be completed by 7:30pm.

There will be a social gathering at the local pub afterwards. Everyone is welcome to attend!

RSVP: Online at http://owasp-brisbane.eventbrite.com

Brisbane

Chapter Meetings
May 2011 Brisbane Chapter Meeting - Tuesday 3 May

Venue: CERT Australia Offices, Level 11, 301 Coronation Drive, Milton.

Time: '''5:30pm (Pizza) for a 6pm start. Lifts will be locked at 6pm, so please arrive before then! '''

Close: Session is expected to be completed by 7:30pm.

There will be a social gathering at the local pub afterwards. Everyone is welcome to attend!

RSVP: Online at http://owasp-brisbane.eventbrite.com

Brisbane OWASP Chapter Leaders
The chapter leader is [mailto:anne.luk@gmail.com Anne Luk], [mailto:wade@bindshell.net Wade Alcorn], and [mailto:owasp@moiler.com Glyn Geoghagen]