Difference between revisions of "Brisbane"

From OWASP
Jump to: navigation, search
Line 3: Line 3:
 
==== Local News  ====
 
==== Local News  ====
  
In March's OWASP Brisbane Chapter meeting, Paul Ducklin will present a session titled "Live Malware Attack!" :
+
In May's OWASP Brisbane Chapter meeting, Matthew de Carteret will present a session titled "Ghost in the Shell(code)" .
  
Widespread, fast internet connectivity has an ugly side: growing opportunity for cybercriminality. You can visualise the scale of the problem by considering that Sophos Labs processes some 20,000 malware sample submissions, and identifies some 30,000 newly infected web pages, *every day*.
+
<br>
  
These infected pages are rarely on web sites set up specially by the cybercriminals. They are *your* websites, remotely hacked and subverted by criminals who then use your servers to redirect innocent visitors to overtly malicious content.
+
Shellcode is the crux of any exploit being run today. It dictates what the exploit aims to gain from its use — without shellcode the exploit does nothing. Understanding what shellcode does can be a major step in the incident handling process. Shellcode can do anything you can imagine code could do. Not every shellcode used in an exploit downloads malware or spawns a shell.
  
Come to this talk and find out, through a live demo (safely done, but using real malware) how a modern cybercriminal attack works. Understand how even a well-informed user can be tricked.
+
Times have changed and the targets have updated their protection. Shellcode today could be a straight forward API call to download a file and execute it or it could be code to just disable/create a firewall rule on your windows server.
  
We will track an attack through:
+
Catching an exploit is a great step in understanding the purpose of an attack. Extracting and reviewing the shellcode will allow you to streamline your incident handlers to collect malware and focus their reviews on particular services or applications.
  
* a scam email linking to...
+
This talk will demonstrate methods on captured exploits for extracting shellcode and understanding its purpose.
* a legitimate but compromised site, redirecting to...
+
* a malware site serving shrouded JavaScript which...
+
* creates a web page on the fly inside the browser which...
+
* unleashes a drive-by exploit which...
+
* crashes your browser so that it...
+
* connects to Hong Kong and silently downloads...
+
* a bot which includes...
+
* a rootkit which shrouds the bot from sight and...
+
* begs the question, "what do we do now?"
+
  
Know how your enemy is likely to attack and you will be much better prepared to answer that final question!
+
Matt is a Senior Threat Analysis escalation engineer located in the Brisbane SOC. He is working on getting his SANS GIAC Reverse Engineering Malware certification (and hopes to have this cert prior to presenting ). Working in the SOC gives Matt a great perspective on active exploitation in the wild and the techniques used by malware authors and pentesters. Matt has a considerable employment history including deployment, pentesting and network administration.
 
+
This session is interactive, meaning that you are encouraged to interject with observations or questions at any time during the presentation. (Learning is supposed to be fun :-) )
+
 
+
Paul's Biography can be found here:
+
http://www.sophos.com/pressoffice/contacts/pauld.html
+
  
 +
 
<br>
 
<br>
 
<br>
 
<br>
 
Venue: <b>CERT Australia Offices, Level 11, 301 Coronation Drive, Milton.</b>
 
Venue: <b>CERT Australia Offices, Level 11, 301 Coronation Drive, Milton.</b>
  
Time: <b>5:30pm (Pizza) for a 6pm start </b>
+
Time: <b>5:30pm (Pizza) for a 6pm start.  Lifts will be locked at 6pm, so please arrive before then!  </b>
  
Date: <b>Tuesday 1st March </b>  
+
Date: <b>Tuesday 3rd May </b>  
  
 
Close: Session is expected to be completed by 7:30pm.
 
Close: Session is expected to be completed by 7:30pm.
 +
 +
There will be a social gathering at the local pub afterwards.  Everyone is welcome to attend!
  
 
RSVP: <b>Online at http://owasp-brisbane.eventbrite.com</b>
 
RSVP: <b>Online at http://owasp-brisbane.eventbrite.com</b>
Line 51: Line 40:
 
==== Chapter Meetings  ====
 
==== Chapter Meetings  ====
  
<b>March 2011 Brisbane Chapter Meeting - Tuesday 1 March</b>
+
<b>May 2011 Brisbane Chapter Meeting - Tuesday 3 May</b>
  
 
Venue: <b>CERT Australia Offices, Level 11, 301 Coronation Drive, Milton.</b>
 
Venue: <b>CERT Australia Offices, Level 11, 301 Coronation Drive, Milton.</b>
  
Time: <b>5:30pm (Pizza) for a 6pm start </b>
+
Time: <b>5:30pm (Pizza) for a 6pm start.  Lifts will be locked at 6pm, so please arrive before then!  </b>
  
 
Close: Session is expected to be completed by 7:30pm.
 
Close: Session is expected to be completed by 7:30pm.
 +
 +
There will be a social gathering at the local pub afterwards.  Everyone is welcome to attend!
  
 
RSVP: <b>Online at http://owasp-brisbane.eventbrite.com</b>
 
RSVP: <b>Online at http://owasp-brisbane.eventbrite.com</b>

Revision as of 00:43, 20 April 2011

OWASP Brisbane

Welcome to the Brisbane chapter homepage. The chapter leader are Anne Luk, Wade Alcorn, and Glyn Geoghagen
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Local News

In May's OWASP Brisbane Chapter meeting, Matthew de Carteret will present a session titled "Ghost in the Shell(code)" .


Shellcode is the crux of any exploit being run today. It dictates what the exploit aims to gain from its use — without shellcode the exploit does nothing. Understanding what shellcode does can be a major step in the incident handling process. Shellcode can do anything you can imagine code could do. Not every shellcode used in an exploit downloads malware or spawns a shell.

Times have changed and the targets have updated their protection. Shellcode today could be a straight forward API call to download a file and execute it or it could be code to just disable/create a firewall rule on your windows server.

Catching an exploit is a great step in understanding the purpose of an attack. Extracting and reviewing the shellcode will allow you to streamline your incident handlers to collect malware and focus their reviews on particular services or applications.

This talk will demonstrate methods on captured exploits for extracting shellcode and understanding its purpose.

Matt is a Senior Threat Analysis escalation engineer located in the Brisbane SOC. He is working on getting his SANS GIAC Reverse Engineering Malware certification (and hopes to have this cert prior to presenting ). Working in the SOC gives Matt a great perspective on active exploitation in the wild and the techniques used by malware authors and pentesters. Matt has a considerable employment history including deployment, pentesting and network administration.




Venue: CERT Australia Offices, Level 11, 301 Coronation Drive, Milton.

Time: 5:30pm (Pizza) for a 6pm start. Lifts will be locked at 6pm, so please arrive before then!

Date: Tuesday 3rd May

Close: Session is expected to be completed by 7:30pm.

There will be a social gathering at the local pub afterwards. Everyone is welcome to attend!

RSVP: Online at http://owasp-brisbane.eventbrite.com




funds to OWASP earmarked for Brisbane.

Chapter Meetings

May 2011 Brisbane Chapter Meeting - Tuesday 3 May

Venue: CERT Australia Offices, Level 11, 301 Coronation Drive, Milton.

Time: 5:30pm (Pizza) for a 6pm start. Lifts will be locked at 6pm, so please arrive before then!

Close: Session is expected to be completed by 7:30pm.

There will be a social gathering at the local pub afterwards. Everyone is welcome to attend!

RSVP: Online at http://owasp-brisbane.eventbrite.com




Brisbane OWASP Chapter Leaders

The chapter leader is Anne Luk, Wade Alcorn, and Glyn Geoghagen