Follow on Twitter
Conference Registration








Conference abstracts


Giving the Keys to the Kingdom via Citrix

Chathura Abeydeera, Deloitte

Citrix is a software platform that enables organisations to provide their employees access to a vast range of internal applications and environments via the internet.
By enabling employees to access a centralised infrastructure, organisations are able to better equip their workforce with the necessary tools to work remotely, encouraging a sound work to life balance.
With an increased number of organisations adopting Citrix implementations, it is essential to ensure these environments are designed and configured in a secure manner.
Citrix commonly deployed in internet facing environments and these application deployments are rarely locked down enough to prevent an attacker from breaking out to the underlying operating system.
As a result, these systems can often be used as an entry point into the internal network.
Due to residual vulnerabilities in the internal network and systems, often attackers get unauthorized access to other network systems, applications, and sensitive data.
This talk will use a scenario based approach to demonstrate numerous ways to break out from restricted Citrix environments and pwning the entire domain.

I like Blockchain and I cannot lie! (You other bankers cant deny)

Wade Alcorn, Alcorn Group

In this action packed presentation, you will learn everything you need to know about Bitcoin, Ripple, Ethereum and the Blockchain to rock your next dinner party. You will be able to explain digital currencies, including the blockhain and implications for law enforcement, as your non-IT guests eyes glaze over. Come along and learn why some very intelligent people are saying that the Blockchain is the biggest thing for humanity since the Internet.

We *prove* the trustworthiness of our systems

June Andronick, NICTA

In Data61's Trustworthy Systems group, we aim at providing unprecedented security, safety, reliability and efficiency for software systems, by providing mathematical, machine-checked proofs. We build on our work on seL4, a real-world, general-purpose operating system kernel, with a guarantee that its machine code is correct with respect to its specification, and that it enforces critical security properties such as information flow control, integrity and authority confinement. Our current focus is on extending the safety and security properties of seL4, and extending the formal guarantees to user-level code, including automatic co-generation of code and proofs. For tightly constrained devices without memory protection, we are also working on verifying eChronos, a small real-time OS for embedded micro-controllers. Both seL4 and eChronos are used in a DARPA-funded project aiming at the demonstration of a complete high-assurance system and technology transfer to a real autonomous helicopter built by Boeing.

Creating and leveraging the cyber security ideas boom

Gary Blair, Australian Cyber Security Research Institute

The paper makes the case for collaboration in cyber security R&D among Australian academic, industry and government entities and with their international counterparts and describes what success should look like in terms of Australias cyber resilience and the creation of a sustainable, world class local cyber security industry with real export potential.

Australia, like every other digitally advanced nation has a growing deficit of skills and expertise in the domain of cyber security. This has typically and erroneously been seen as essentially a technical problem that is, that the shortage exists in terms of security technicians.

Whilst that is true, it is not the complete picture and the growing skills and expertise deficit now extends across the ever-growing spectrum of cyber security sub-domains (STEM, social sciences including political science, economics and sociology as well as the humanities). It also extends from the skills needed to securely configure switches and routers; to designing trustworthy hardware and software; to establishing the cyber security risk appetite and investment program for corporations; to policing and prosecuting cybercrime; and to managing cyber security policy and legislative settings both nationally and internationally.

The good news is that recent government policy announcements are aimed at addressing the growing shortfall in cyber security skills and expertise and at the same time, boost investment in R&D in cyber security and facilitate the creation of a sustainable, export-oriented Australian cyber security industry. Its now up to industry and academia to take advantage of the new policy settings and to work in Triple Helix partnership with government to achieve these objectives.

This session will examine both the opportunities and the challenges and how these might play out as Australia strives to become a cyber security clever country.

Getting Value from Security Testing

Adam Boileau, Insomnia

Technical security testing is one of the pillars of modern security practice; actually empirically validating that your security governance, controls, products and processes do the thing you intended. So why doesnt it work?

Modern security practice has come a long way since the era of The Firewall Toolkit; buffer overflows are eschewed for phishing, humble hacker techniques are eclipsed by the staggering ambition of nation state actors, comedy defacements a quaint throwback in light of financial cyber crime.

But modern technical security testing? Still port-scans and banner grabbing, maybe alert(xss) in the search box if youre really fancy? What do you actually need from your technical testers? Part buyers guide, part frank assessment of the assurance industry, and part forward looking statement, this talk aims to help buyers and suppliers to actually make technical testing work.

Cyber 2020 Changing the way we look at cyber security from lessons learnt

Rear Admiral (Rtd) Mike Brown, RSA

Our industry is changing at a rapid pace. Past models addressing cyber threats have, in aggregate, performed poorly in securing organisations from the threats they face. Whats needed is to fundamentally rethink the way that we look at Cybersecurity.

Retired Rear Admiral Mike brown has held many senior positions across the US Federal and Defense domain, including his last active role as the Director for Cybersecurity Coordination at the Department of Homeland Security and the Department of Defense. Since leaving the public service and joining RSA as the VP and General Manager of RSAs Global Public Sector practice, Mike has advised enterprises and governments around the world, on key IT security industry developments globally and how government and industry are working together to reduce the threat landscape.

A particular focus for Mike is helping organisations operationalise their cybersecurity policies with effective tools, processes and people. Mike will talk on new trends including the global uptake of cyber insurance and how the IoT in particular medical devices are changing the roles and responsibilities of the public and private sector in the supply chain. Finally, Mike will also provide his perspective on leadership, what the industry has been doing well and some of the key lessons he has learnt in his 30+ years as a global information security leader.

What has your National CERT been up to?

Scott Brown, CERT Australia

This presentation will look at what CERT Australia has been doing both reactively and in turn proactively over the last 12 months. Scott will talk through what types of incidents the CERT has seen when helping Australia organisations conduct Incident Response activities, and how that compares to what other National CERTs have being dealing with around the world. As a direct result, the CERT has put a lot of effort into proactive activities to help make Australian organisations much harder targets online. Scott will talk through some of these activities, and where they have seen success.

The Humans Aspects of Cyber Security (HACS) collaboration

Dr Marcus Butavicius, Defence Science & Technology Group

Human Aspects of Cyber Security (HACS) is a research collaboration, which aims to enable organisations to become secure and resilient through understanding human-based information security threats, risks, vulnerabilities, and control practices. Formed in 2008, with seed funding from the Department of Defence, HACS includes the Defence Science and Technology Group and both the Business and Psychology Schools at The University of Adelaide. Members have expertise in psychology, human computer interaction, information security, risk management, information systems and education. To date, research engagements have involved three public service organisations, a financial institution, a university and ISACA an international cyber security association for professionals and practitioners. In 2014, HACS was awarded a two year research grant from the Premier's Research and Industry Fund to develop an audit tool known as the Human Aspects of Information Security Questionnaire (HAIS-Q). This tool measures aspects of an organisation's information security culture that present a risk to its information security posture. A summary of some of our findings will be presented, involving the HAIS-Q, the risks associated with social networking sites and our research into social engineering in phishing attacks. Implications of our research for training and other mitigation strategies will also be discussed.

Active Incident Response

Brian Candlish & Christian Teutenberg, Telstra

During the Pacnet breach in 2015, we developed a method which differs from the usual IR process for targeted attacks, utilising what we have termed Full Spectrum Visibility' and Targeted Containment which form like Voltron to create Active Incident Response. This method, utilising threat intelligence, hunting and establishing the basis for active defence gives incident responders the information the business needs to assess risk, and another avenue for actions to mitigate that risk.

We will demonstrate, using examples from the Pacnet breach and follow-on waves, how Targeted Containment can be used during incident response, the visibility required, and explore actor TTPs, tools and activity associated with this campaign.

Expect to see pcap decodes, command-line activity and actor typos.

The role of intelligence in commercial security operations

Adam Cartwright, ANZ Bank

Every day security analysts are challenged to detect and contain compromised corporate assets before a successful breach takes place. Signature based controls are not an effective control against sophisticated crime ware and nation state attackers. This presentation will provide insight into how a commercial organisation uses Intelligence to identify compromises and will discuss what good intelligence is and what an intelligence led defence is. What do you need to consider when moving towards augmenting base controls with intelligence feeds.

Cyber cluedo

Scott Ceely, Seer Security

For the third year in a row, Gartner has predicted that Australias spending on cyber security will grow at almost double the rate of the rest of the world. Yet there are experts in our field that say the cyber security industry is failing.

What is going on? Why is this happening? Where are we going wrong? And most importantly who is responsible?

In this whodunit presentation, Scott Ceely will investigate all levels of an organisation. From board members to users, right through to external providers, no-one will be considered safe and no stone left unturned in his plight to uncover the culprit behind our failing industry.

From IoT to Smart Cities - security challenges continued

Ilias Chantzos, Symantec

The world is innovating at a pace faster than we could ever have imagined. The Turnbull governments $1.1 billion national innovation and science agenda will drive innovation in Australia from robotic farming, to accelerating digital marketplaces, and cloud optimisation.

Business has long lived by the mantra, innovate or die, but with the opportunity that innovation brings, comes increased risk. Whether its smart cities, or wearable tech, this new internet of things, is expected to explode from 5 billion connected devices today, to over 50 billion devices in the next five years.

From a security perspective this means a greater attack surface, a much harder to define perimeter and in many cases a very fragmented solution portfolio that is difficult to manage, and even harder to extract actionable intelligence from.

In this hyper connected world where so much sits in the cloud, and supply chains and other business operations are connected through technology, how will you drive innovation, business efficiency and opportunity without compromising security, especially when its not within the realms of your control?

Ilias Chantzos will share insights into the experiences of governments and private enterprise from across the world as they innovate, and stay alive.

Tracking down the Advanced Threats - detect an internal attack in real-time

C F Chui, Arbor Networks

Each every day the IT professional are facing the risk of their network being hacked by zero-day threat, critical resources being compromised, working very hard to defend the infrastructure from various critical threats.

But, how well are you prepared for the next attack? Do you know how the attackers got in? Do you know what systems are being compromised? Do you know what the attackers did?

In this session, Arbor Networks will show you how Incident Response Team member can quickly identify attacks in real-time, understand lateral movement of the attacks and the entire extent and impact of a breach. We will demonstrate how to build an evidence trail to identify every facet of the attack and the methods used, quickly and simply.

Oracle Parfait: The Flavour of Real-World Vulnerability Detection

Christina Cifuentes, Research Director, Oracle Labs Australia

The Parfait static code analyser was conceived at Sun Labs, now Oracle Labs, in 2008. At the time, the project focused on the detection of bugs in C/C++ code. Over the next five years, Parfait matured to include detection of vulnerabilities (not just bugs) in C/C++ and Java while meeting the performance and precision standards expected of a commercial tool. Today, Parfait is utilised by thousands of developers at Oracle worldwide.

In this presentation, the audience will be invited to sample the flavour of Parfait: we will explore the real-world challenges faced in the creation of a robust vulnerability detection tool; investigate in detail two examples of access control vulnerabilities that severely affected the Java platform in 2012/2013; and reflect on my personal takeaways on leading projects in industrial research laboratories.

Top 35 Opsec Toolkit

David Cottingham, Security Consultant

Has anyone done this before? I find myself asking this question time and time again while scouring the internet for answers. Often many of the tasks we try to tackle as security administrators dont come easy, but as GI Joe once said knowing is half the battle. This talk will share some of my utilities, tips and scripts which I have found useful while performing technical security administration in large organisations.

Also we will take a journey through some of the (more frustrating) challenges I have encountered when implementing the Top 35 mitigation strategies.

Is cyber security the next big science?

Jackie Craig, Defence Science & Technology Group

Big Science emerged around the time of World War II when some areas of scientific research evolved to become large scale projects, generally funded by government or international agencies. Modern Big Science is motivated by highly ambitious goals (eg detect gravity waves) and is large in both scale and complexity. It is characterised by very large multidisciplinary (often) international teams working collaboratively within shared large-scale facilities that are sometimes geographically distributed.

Recent breakthroughs have demonstrated the success of big science as a model for tackling some of the worlds most significant challenges. This talk will explore the challenge of cyber security, where it ranks in terms of the magnitude of the challenge, the key goal, whether a big science approach is appropriate, and if so, it's possible nature and the role of a coordinated, national research program.

Where are all the women you ask?

Shanna Daly, FireEye

We all seem to gravitate towards the negative. According to studies in neuroscience we are hardwired to remember and focus on the negative events more than the positive ones. So with all the talk on diversity in cyber security and all the suggestions of how to deal with it, we simply forget to talk about the positives. In 2015, 8 of 42 presenters at the ACSC conference were women. Should we focus on the fact that less than 25% were women, or should we highlight these achievements in order to provide role models for the next generation of women looking to join the boys club? Ill cover this radical concept before putting the spotlight on some of the technical prowess of women on both the good and bad side of Incident Response.

How to stop worrying and love the hack

Shanna Daly, FireEye & Jason Solomon, Mandiant

I don't know exactly how to put this, sir, but are you aware of what a serious breach of security that would be? I mean, he'll see everything, he'll... he'll see the Big Board!

Where does the advanced attacker start when he wants to see the big board? At the beginning. First they need a way in? Most companies unknowingly allow it. Finding ways to stick around? Not a problem, they've got developers to create a new backdoor. Access to the big board? Granted.

From reconnaissance to exfiltration, attackers are increasing their sophistication and minimising their forensic footprint. Well take a look at some of the tools and tactics they use to achieve their goals across the various stages of the attack life cycle.

Secure at the (Software) Source

Pieter Danhieux Secure Code Warrior

Leading practices and regulations recommend development training, source code reviews and penetration testing to create secure applications and systems. During this presentation we will talk about the challenges companies will face when implementing security in the development life cycle. From inaccuracies of source code analysers, the lack of common security concepts of most developers to the resources that are wasted on penetration testing. This presentation will give you an idea on what works and what does not work in the world of application security.

Security in an Innovation Culture

Craig Davies, Atlassian

In this session, Craig will be outlining how security thrives in Atlassian, a culture that is driven by innovation. Therell be details on the lessons learnt, challenges along the way, and how any security team can become an innovation centre.

Australian security professionals have an opportunity to lead in this space, through developing innovative techniques and methods to grow business.

Get out of my logs, get in to my report

Karl Denton, Geoscience Australia

Responding to a cyber security incident can be a daunting and often difficult task and let's face it, with malware becoming more prevalent and sophisticated, the chances of an organisation being compromised are increasing. However, with a little preparation and some 'good old fashioned detective work', you may be surprised by how much information is available to help you to not only respond to incidents, but to learn from them.

With storage and performance considerations, it can be difficult to know which log data to collect -- never mind not seeing the wood for the trees, can we even see the trees in the first place? -- so, based on a true story, this presentation will describe some of the information that helped responders to investigate an incident, and some of the extra, less obvious information that could be inferred from it.

Hunting at Stage 3

Andrjez Dereszowski

The presentation will be delivered in two parts. In the first part, I will describe what is the current common modus operandi of advanced threat actors that I try to track and how this modus operandi is evolving (most examples are based on Turla). I will focus on the usage of their tools and the characteristics of those tools, mostly backdoors. I will distinguish multiple stages of a cyber espionage operation, from targeting through initial compromise, maintaining persistence up until the full network exploration stage. Then in the second part I will try to turn this knowledge into a methodology on how to detect threats like this, in the most advanced stage of their operation (stage 3). I will present some of my ideas and tools on how to hunt for the unknown.

Emulators for the Masses

Chris Eagle, Sk3wl of r00t

It is not uncommon that a software reverse engineer finds themselves desiring to execute a bit of code they are studying in order to better understand that code or alternatively to have that code perform some bit of useful work related to the reverse engineering task at hand. This generally requires access to an execution environment capable of supporting the machine code being studied, both at an architectural level (CPU type) and a packaging level (file container type). Unfortunately, this is not always a simple matter. The majority of analysts do not have a full complement of hosts available to support a wide variety of architectures, and virtualization opportunities for non-intel platforms are limited.

In this talk we will discuss a light weight emulator framework for the IDA Pro disassembler that is based on the Unicorn emulation engine. The goal of the project is to provide an embedded multi-architectural emulation capability to complement IDA Pro's multi-architectural disassembly capability to enhance the versatility of one of the most common reverse engineering tools in use today.

Delivering Australia's Cyber Security Strategy: a view from the independent advisory panel

Dr Tobias Feakin, The Australian Strategic Policy Institute

Following the release of the Australias national cyber strategy, what next steps must be taken to ensure its effective implementation? Drawing on his involvement on the Prime Ministers independent advisory panel, Dr Tobias Feakin will look to discuss how the government, private sector, and civil society can pick-up and engage with Australias first cyber strategy since 2009.

Dr Feakin will dissect what the new plan means for the private sector, both large and small-to-medium businesses, and new the opportunities for meaningful engagement it presents.

Marrying the new strategies international objectives with observations made in ASPI ICPCs centrepiece research project Cyber Maturity in the Asia-Pacific Region, Tobias will also address the practical steps Australia can take within the region to build connectivity, security and freedom online.

Application Security in a DevOps World

Peter Frieberg, Shelde

Software releases are becoming aggressively frequent, creating challenges for the current application security practices. This talk will discuss the current challenges faced by security professionals and means of addressing security through the development lifecycle, combining automation and enough human interaction to manage risk at velocity.

Joining the dots Using graph analysis to detect and contain Cryptolocker related activity

Andre Fucs de Miranda, Macquarie Telecom

As criminals follow the steps of state sponsored attackers and improve their ability to hide their traces, identifying emerging threats is quickly turning into a Herculean task. Billions of IPs and domains serve as a dense cover from which they launch their malicious attacks, demanding new approaches to create forward defences.

In this presentation we will provide insight into the use of graph analysis to assist your Security Operations team to join the dots that lead to a pool of malicious IP ranges, domains and DNS registrars.

The session will introduce graph data structures and databases, highlight how to use Open Source tools to collect and process system logs into graph data set and how graph data visualisation can be used to identify patterns in data.

As part of the presentation, we will delve into the real world use of visualisation tools to identify patterns related to the spreading of Cryptolocker malware.

Security Operations: Moving to a Narrative-Driven Model

Josh Goldfarb, FireEye

The current security operations model is an alert-driven one. Alerts contain a snapshot of a moment in time and lack important context, making it difficult to qualify the true nature of an alert in a reasonable amount of time. On the other hand, narratives provide a more complete picture of what occurred and tell the story of what unfolded over a period of time. Ultimately, only the narrative provides the required context and detail to allow an organisation to make an educated decision regarding whether or not incident response is required, and if so, at what level. This talk presents the Narrative-Driven Model for incident response.

DevOps - a How To for Agility with Security

Murray Goldschmidt, Sense of Security

Lean practices, when applied to software delivery, improve both throughput and stability, leading to higher organisational performance. (Puppet Labs)

This presentation will cover the How Tos of Security for Continuous Delivery.

Compared with traditional development, testing, deployment and maintenance cycles, a culture change was required to transition to agile development. This is the same culture change that extends to DevOps that fuses development and operational activities, eroding previous boundaries. In order to respond to market demand, DevOps is now firmly rooted in the modern innovative organisation.

Integrating security into DevOps is possible without sacrificing flexibility or agility we will show you how. This is a strategic approach that will extend the culture change again, and it needs buy-in and advocating from your IT leaders to be implemented successfully. Security is now a board-level issue, with most organisations requiring solid responses to the growing cyber threat that can erode consumer and business confidence.

This presentation will cover:

DevOps vs Traditional

Integrating security within DevOps

Problems with traditional controls

Steps to DevOps security

Full Spectrum Security Continuous Deployment, Protection, Detection and Response

Incremental development with ongoing security

The Secure SDLC Way



Dev Tools

Incorporate Automation

End to End Vulnerability Management

Role of Penetration Testing

Continuous Monitoring, Robust Assessment and Protection.

This will be a feature rich presentation that will provide delegates tangible techniques to improve the security of Agile development practices that can be rapidly adopted for quick wins and longer term strategic solutions for end to end security.

Visibility into the Threat Landscape

Aaron Hackworth, Dell SecureWorks

Aaron Hackworth, Senior Distinguished Engineer and Leader of the Counter Threat Unit Special Operations team, will discuss the current threat landscape based on Dell SecureWorks global visibility and extensive threat research capability. Aaron will focus on the challenge presented by advanced or targeted threats, current trends, recent developments and what he expects to see in 2016. Aaron will share specific incidents and examples of advanced threat actor methods and tradecraft.

Satellite Navigation Forensics

Peter Hannay, Edith Cowan University

Satellite Navigation devices provide convenient and helpful navigation assistance to drivers. At the same time, forensic investigators are presented with potentially valuable evidence in a variety of formats. In this talk, we discuss the types of evidence present on various satellite navigation devices and explore the reliability of this evidence from a scientific perspective. Additionally we will discuss the construction of a locational forensics laboratory. Equipment, configuration and lessons learnt will be discussed. Attendees will leave with knowledge of the complexities of setting up, operating and maintaining a locational forensics laboratory.

Tactical Diversion-Driven Defense

Trent Heisler, LogRythm

Diversion -- A maneuver intended to draw off attention from the point of main attack.

Traditionally, security analysts are focused on blocking attackers and keeping them out. This usually works, but it does not provide defenders much intelligence on who is attacking them and why, nor do such methods actually keep attackers out. Without such crucial data, it's difficult to know whether or not an adversary has actually been removed from the environment as well. Let's turn the tables and beat them at their own games. They use diversions to break in, so we can pull the same tricks on them. Let's track their movements, better understand their tactics, and possibly even find out who they really are in the process.

This talk will dive into various tools and techniques that can be used to deceive our attackers, track them, rapidly respond to incidents, and even help train your user base to better identify and inform you of potential attacks. We will also be releasing a new, open source, Incident Response tool designed to assist with rapid data acquisition and quarantine of remote hosts within the enterprise.

Introduction to AWS Security by Design - A Solution to Automate Security, Compliance, and Auditing in AWS

John Hildebrandt, Amazon Web Services

ASD has developed Cloud Security guidance for both Cloud Service Providers (CSP) and Tenants using such services, highlighting the Shared responsibility model in the use of Commercial Cloud platforms. While the Security capabilities of the CSP are often formally audited to multiple standards the tenant (customer) using these platforms is still responsible for understanding and implementing their solution on these platforms.

Security by Design (SbD) is a security assurance approach that enables customers to formalize Amazon Web Services (AWS) account design, automate security controls, and streamline auditing. It is a systematic approach to ensure security; instead of relying on auditing security retroactively, SbD provides you with the ability to build security control in throughout the AWS IT management process.

SbD encompasses a four-phase approach for security and compliance at scale across multiple industries, standards and security criteria. AWS SbD is about designing security and compliance capabilities for all phases of security by designing everything within the AWS customer environment: the permissions, the logging, the use of approved machine images, the trust relationships, the changes made, enforcing encryption, and more. SbD enables customers to automate the front end structure of an AWS account to make security and compliance reliably coded into the account.

This presentation will provide an introduction to Security by Design and how customers can leverage the techniques to automate the application of security controls in their Cloud deployments.

Mysterious 'Phase 2' - The Attacker's View

Chad Hunt & Mark Ray, FBI

Were all familiar with the Attack Lifecycle: lots of buzz words like Reconnaissance, Persistence, and Exfiltration. But for the cyber criminal, its much more simple: Phase 1 - attack and steal, Phase 3 - profit. But what happens during the mysterious Phase 2? Get a behind the scenes look into breaches from the perspective of the attacker. Hear from the FBI what the attackers are actually talking about and doing while on your network. How well do they know our systems? What are their real motives? The goal of this session is to help the security community understand the psyche of todays attacker, where hackers no longer slip undetected into secure networks merely for a quick payout, but hacking to support a diversified criminal enterprise. Gain insights to how the combined forces of international law enforcement, private industry, academia, and researchers work together to identify, pursue, and defeat these adversaries.

Humans are Under Rated

Don Jokhan, IBM

In the digital age of machine learning and cognitive computing, a lot of emphasis is placed on the machine over that of the human. Humans also get a 'bad wrap' in the cyber world as they are allegedly responsible for 95% of compromises (IBM Cyber Security Intelligence Index, 2014). However, as much as humans are the cause of the problem, they are also the solution. Let me show you some techniques that we as Human Cyber Security professionals can do to defend our environment against attacks from the Dark Web and Surface Web, because humans are still smarter than machines. Until the time comes that machines can think independently, humans will still need to tell them what to do and this is especially the case in the world of Cyber Security.

Increasing visibility to enhance security

Ashutosh Kapse, IOOF Holdings Ltd

The frequency of cybercrime news stories and successful cyber-attacks has resulted in a seemingly continuous hype cycle around cybersecurity. Security vendors are riding the hype cycle to sell more products in more categories that you can poke a stick at. Threat intelligence, log management, cloud based security, Next Gen Firewall, APT detection are all touted as the must have products, without which an organisation is exposed.

My presentation here talks about getting back to the basics to effectively tackle cyber threats. Presentation will be based on my real world experience in enhancing security in a complex organisation. I will show how increased visibility of information assets, data-centric approach and people centric maturity model of security helped us increase our security maturity.

In fact I will show how increased visibility internally has greatly enhanced the use and value of the various security tools that we have in place and how simple solutions can extract maximum value from existing security tools.

Regin Networking: Leverage Malware Network Structure to Improve Defence

Matthieu Kaczmarek, Verizon

The uncommon networking techniques employed by the Regin malware indicate a particular profile of operations. Technologies such as virtual private networks , trust overlay and peer to peer routing are combined to implement an intelligent botnet organised over agents, relays and masters. This presentation will cover those networking characteristics and propose defence tactics and strategies to cope with such challenging malware technologies.

What Risks are Hiding Inside Your Network

Jack Klecha, Cisco

Cisco understands that non-genuine or suspect networking hardware and software are a serious threat to network performance and cyber security. In response, Cisco has developed a set of Integrity Verification Services (IVS) to help you identify and mitigate your organizations exposure to counterfeit, unauthorized channel, and non-genuine software risks. We share our view of the evolving threat landscape and our advice for maintaining the integrity of your infrastructure.

Growing demands, evolving from a CERT to a National Cyber Security Centre

Mr Antti Kiuru, Head of Coordination Centre, National Cyber Security Centre Finland

CERT-FI was established in 2001, and later on migrated to NCSC-FI, the National Cyber Security Centre of Finland. During the 15 years we've had, we've taken on new responsibilities and also grown from a small herd of geeks to a key player in the Finnish cyber security arena.

I'll shed some light on things like how we've been so successful in what we've done, has it been pure luck by being in the right place at the right time, or has there been something more to it? This talk is about looking back what we've done and why we have done it, but it's also focused heavily on the CERT stuff.

Topics I'll cover include
Brief history of CERT-FI
How the National Cyber Security Centre came to be Keeping up with constituents demands Acquiring the right tools and the right people What are all the talks about 'cleanest networks in the world'

Post-Quantum Cryptography

Brian LaMacchia, Microsoft

In an August 2015 announcement, the Information Assurance Directorate of the US National Security Agency announced plans to begin a transition from the existing Suite B cryptography to quantum resistant algorithms. Since Peter Shor of AT&T Bell Laboratories first published an efficient quantum algorithm for factoring in 1994, we have known that when a general-purpose quantum computer of sufficient size is built then all our commonly-used public-key cryptographic algorithms will be broken. Recent progress in the physics and engineering of quantum computation is changing our assumptions about the feasibility of building a cryptographically-relevant quantum computer, and while there are still technical challenges to address, the best estimates today are that such a machine could become feasible in as little as 10-15 years. Given our experience with past cryptographic algorithm transitions, this time horizon means that we need to start today the process of identifying hard problems that are quantum resistant, developing efficient cryptographic algorithms based on those problems, standardizing these algorithms and deploying them broadly, and deprecating our existing public-key cryptosystems.

In this talk I will discuss recent advances in quantum computing, the potential impact on public-key cryptographic algorithms and protocols widely used today, the leading quantum resistant algorithm candidates, and early efforts to start the standardisation process.

New challenges from Distributed Denial of Service (DDoS) attacks

Chris Leckie, University of Melbourne

Distributed Denial of Service (DDoS) attacks have become a persistent and highly disruptive form of attacks on on-line services. While higher bandwidth network access can be a help defenders reduce the effectiveness of DDoS attacks, attackers are also harnessing improvements in network access to amplify the effects of their attacks.

This talk will provide an overview of the current state of the art in this arms race between attackers and defenders. We will also identify some of the emerging trends in new types of DDoS attack scenarios. In particular, we will examine the possible effects of DDoS attacks on cyber-physical systems and the Internet of Things, and highlight current directions for improving defences against these novel attacks.

Airbus Group : A journey to adapt security to modern day threats

Stephane Lenco, Airbus

Airbus Group is a key player in a fiercely competitive, high-technology sector that produces Helicopters, Satellites, Rockets, Jet Fighters, Commercial Planes and Border Protection. Stphane will go back in time and describe the security journey adopted by Airbus Group to adjust to modern day threats. What was the driving force behind such a move and why it became a reality, how to structure a plan in order to address the then-emerging issues and a constantly changing threat environment. How internal actors such as IT, Security or Product Security worked together to build a comprehensive view to the matter. Looking back at 5 years of development on this journey, he will try to see where it took them, whether they reached the goal set at the start, and what kind of threats and moves he now looks at addressing, when facing the broadest spectrum, starting at Hacktivists all the way to major States-sponsored actors.

ASDs Experience Enabling, Managing and Conducting Cyber Incident Response

David Lewis, Australian Signals Directorate

ASDs Cyber Security Operations Section conducts incident response and pro-active investigations into Australian Government networks and systems critical to national security. In a good position to see a variety of cyber security incidents, ASD would like to share its experience detecting, managing and responding to major computer network intrusions. Hear about some of the decision making that goes on behind the scenes, take some of the mystery out of the intelligence agencies roles in cyber security, take away some techniques to help detect intrusions, and hear some great war stories.

Trustworthy Remote Entities: Cheap, Efficient, Secure Multiparty Computation

Professor Andrew Martin, Professor of Systems Security, University of Oxford

If I outsource my computing to a third party (like a cloud provider) how do I get a guarantee that they are behaving as they should, and not interfering with the confidentiality or integrity of my data?

The technologies of 'Trusted Computing' (starting with the TPM, but now expanding to many vendor-specific solutions) are transforming the security of endpoint devices by offering assurances that software has not been compromised or corrupted, and ensuring that secret materials, such as cryptographic keys, are available only when the platform is in a known good state. Much less well-explored is the opportunity of such technologies to offer 'remote attestation', whereby a remote system can be assured of the state, software, and operating parameters of a particular platform.

We have used these capabilities to define and implement an inexpensive Trustworthy Remote Entity (TRE): a small, highly-assured network proxy which can implement a processing capability to the satisfaction of two more mutually-distrusting parties. Our example application comes in the smart power grid, where the TRE ensures the customer's privacy by hiding the fine-grained usage data, but also ensures integrity by assuring the service provider that the correct bill has been calculated. The TRE can be generalised to support a wide range of secure multiparty computation use cases.

Securing a Digital Enterprise

Latha Maripuri, News Corp

News Corp is a global information and publishing enterprise with a range of well known properties such as The Wall Street Journal, Harper Collins Publishing and Fox Sports Australia. Latha Maripuri, the company's Global CISO, will discuss her perspective on the technology trends impacting cyber security and the latest techniques attackers are using. You will also hear pragmatic tips on how to structure a security program to address modern day threats, how to shift to a more cyber aware culture, how to measure success of your security initiatives and continuously innovate.

The Shadowy Cyber Attack State Sponsors of Terror and Cyber Terrorists

Andre McGregor, Tanium

While the President of the United States has said cyber terrorism is the countrys biggest threat, there are pundits who argue these terrorists have yet to master traditional warfare. Some argue cyber terrorists are not yet sophisticated enough to conduct cyber warfare. Youll recall not long after the September 11th attacks, people were concerned about terrorists hacking into the US critical infrastructure, taking down the electric grid and polluting our drinking water. Fast forward fifteen years and our electric grid is still up and the drinking water is clean. Is all really as quiet as it seems? The answer is no.

As an FBI Cyber Special Agent supervising a cyber terrorism squad in New York City, let me say that this quiet represents the calm before the storm. From Iran and North Korea to ISIS and the Cyber Caliphate, our attention must shift to these shadowy cyber attackers that lie motionless waiting to cause destruction.

This unclassified (yet spirited) presentation centers on the anatomy of todays Cyber Terrorist, both state sponsored and extremist. Who are they? What are their technical capabilities? Where was their intended target? Can they be stopped?

To answer these questions, we will take some real world cases ripped from the headlines and discuss their impact from the mindset of the Cyber Terrorist. Specifically, were these attacks successful? What does success actually look like? What were the underlying motivations? Is the threat over or is it just the beginning?

Increased technical skillsets along with access to online critical systems has helped empower Cyber Terrorists to be able to go after both the human and the networks they manage. So whether you are the intended target or the unfortunate by-product of an attack, lets start thinking liking a Cyber Terrorist in order to outsmart the Cyber Terrorist.

Communicating Cyber Security to Executives and Managers

Patricia McMillan, Patricia McMillan & Associates

Cyber Security professionals face particular challenges in communicating to executives and managers. The information you need to communicate is often technical, nuanced, and negative. This means executives and managers may put your recommendations in the too hard basket. They may even perceive cyber security as an obstacle to their business goalsuntil its too late.

How can you communicate your messages and tell your story in a way that executives and managers will pay attention to, understand, engage with, and most importantly, act on?

In this presentation, business storyteller and engagement expert Patricia McMillan offers five things you can do to lift your messages from information to transformation, so that you can have greater influence to bring about meaningful change.

The changing targets of cyber criminals

Scott Mellis, Australian Federal Police

The presentation will examine recent AFP investigations and the observed trend by cyber criminals to divert from traditional targets such as retail banking to non-traditional financial institutions and transaction platforms such as those that manage superannuation, payroll and invoicing. These compromises have revealed critical security limitations in the platforms and high levels of reconnaissance by criminals that has resulted in sophisticated knowledge of target system architecture and workflows. These developments have been accompanied by a maturity in money muling and cashout tactics culminating in fewer but much larger and damaging individual transactions. Recent AFP investigations have also seen a rise in less sophisticated forms of compromise involving social engineering that continue to be successful.

Where are your products manufactured?

Brad Minnis, Juniper Networks

Chip thefts in the late 1970s and early 1980s introduced a different risk with the counterfeiting of products. The Internet itself facilitated global broker networks giving rise to grey marketing, initially for monetary gain. However, discovery of counterfeit hardware in government networks and in military systems in 2008 indicated that the drivers could be far more sinister than just monetary gain.

Despite common misconceptions that securing your technology infrastructure begins only at the point of purchase, this presentation highlights the multiple points of potential security vulnerability that can be exploited earlier in the technology supply chain. To eradicate these vulnerabilities and mitigate the risk of adverse events triggered by hostile actors, organizations must secure the full technology supply chain and partner with technology vendors that can provide the same.

With technology supply chains rapidly evolving to all corners of the globe, doors continually open for unsavoury elements to find new ways to take advantage. Whether for personal gain, monetary gain, criminal activity, espionage, or military threat, black hats keep unearthing opportunities to exploit supply chain vulnerabilities.

With increasing production in more cost effective origins of manufacture it has now become critical for suppliers to ensure authenticity and continuity of the product supply chain.

The Dusty Web - an Exploration of Australian Website Security

Kayne Naughton, Cosive

Forget 'Dark Web' and 'Deep Web': your greatest threats lie in the Dusty Web, the thousands of vulnerable, unmaintained websites that support Australian businesses, large and small.

There is a lot of conjecture about the security status of Australia's Internet. While the ACMA provides statistics on the malware infections of citizens' computers there is no real data on how vulnerable our websites are.

Join Kayne as he talks through Cosive's efforts to objectively measure and assess the state of Australia's website security (content management systems in particular), identifies where the strong and weak points are, and how we as an industry can help protect the millions of SMEs who rely on their websites to promote their brands and do commerce.

Alarming your Neighbours

Britta Offergeld

Software defined radio hardware and software is cheap and easily accessible now, and a proportion of AS/NZS standards compliant wireless alarm systems have a security through obscurity approach to their RF transmissions.
This presentation will outline the groundwork, equipment and techniques for remotely interacting with these types of alarms. Special attention will be given to: - The Current Situation (equipment and techniques) - The Issues (identified during field testing) - The Proposed Actions (practical attack application)
This presentation will take a light-hearted, scenario based approach, in giving you the technical details for launching an automated attack on these wireless alarm systems. We will be covering some real world techniques for automated fingerprinting and meddling with these systems, using software defined radio and open source code.
Allergen warning: This talk will contain traces of the referred to nut(ty) code.

Hacking Fibre Channel (FC) Networks

Kylie Peak

Fibre Channel (FC) is the protocol used in most large Storage Area Networks (SANs).

SANs provide the storage for datacentres and medium to large enterprises. Furthermore, with the increase of server virtualisation, including boot from SAN and roaming server profiles, we are seeing a growing use of Storage Area Networks in the enterprise with little to no security incorporated in these largely unaudited networks.

It's not unusual to have multiple servers in a network sharing the same FC storage network, in fact, it is reasonable to encounter internal servers sharing this network with DMZ servers. By attacking the FC network, this could allow an attacker to gain access to internal data from an untrusted location on the network.

This talk covers the creation of an inexpensive FC test lab, how to inspect FC frames, some of the attacks that can be done on FC networks, and the possible (if any) mitigations.

Transport Futures: Moving Targets and Multi-dimensional Fragmentation - Multipathed, Multiplexed, and Multilateral Network Security

Catherine Pearce, Cisco

As we move forward to an ever more hyper-connected future network protocols are shifting to enable powerful new functionality. Two interesting examples of this are Multipath TCP and QUIC. Multipath TCP (MPTCP) is an extension to TCP that works over existing infrastructure, while enabling connections to aggregate multiple network endpoints and paths, and allows endpoints to change addresses in the middle of a connection. QUIC is a UDP Application protocol that multiplexes connections between endpoints at the application level, rather than the kernel level. With changes such as these, network security is changed, bringing up questions around how to you think about traffic when you can't see it all, when endpoints manage their own end-to end routes, when you can't bottleneck all possible traffic paths, and when their addresses change in the middle of a connection. This session shows you how protocol changes are breaking assumptions about how internet traffic works, discusses some issues that arise if you treat the new Internet the same as the old one, and muses about what might be further down the multi-X road.

Internet of Malware (Inside the Criminal Malware Machine)

Richard Perlotto, ShadowServer

We will be taking a look at the current types of malware families, attack techniques, control architecture, and defensive measures that are being used by different criminal organisations. We will include a discussion on the current infiltration and infection methodologies as well as how we target our analysis combined with public and private source intelligence to map out infrastructures and to tie different campaigns together.

Retaking surrendered ground: getting serious about cybercrime

Chris Pogue, Nuix

Every organisation that stores, processes or transmits valuable data will fall victim to a cybersecurity breach. But why? If we know the enemy is coming and how theyre going to attack why cant we stop them? Or even put up a good fight? New research makes it clear we have been fighting the wrong battle for the past 15 years.

In this presentation, international cybersecurity expert Chris Pogue will share details of his ground-breaking research into how people make decisions under pressure and why this leads to poor outcomes in the battle against cybercrime. He will lay out a new perspective for security professionals who want to overcome their cognitive biases and take back some of the ground they have surrendered to the enemy. He will show how practical steps, when implemented as part of an advanced defence strategy, can significantly improve your organisations ability to deflect, detect, respond to and recover from a data breach.

If not now, when? If not you, then who? Youre already in the fight. Its time to start fighting the right battle and take back surrendered ground!

The Hunted become the Hunters - Turning Security Operations on its Head

Nick Race, Arbor Networks

When a targeted attack can stay hidden in a network for more than 200 days, something is clearly wrong. The current incident response model is purely event driven, which by definition is reactive. Between web logs, firewall data and file access, large organisations are capable of generating 100s of millions of events and alerts per day. In this environment, how are security teams to determine the signal from the noise? This talk will look at the common issues in incident response and the advantages of augmenting existing processes with a new threat hunting methodology. It is high time that the hunted became the hunter.

Appreciate the common problems of incident response teams, alert fatigue etc

Understand why organisations need to move on from a purely reactive incident handling model

Discover how security teams can hunt for threats and go on the offensive

Discover how actionable threat intelligence and real-time security analytics can improve the effectiveness of security teams.

Mysterious Phase 2 - The Attacker's View

Mark Ray

Were all familiar with the Attack Lifecycle: lots of buzz words like Reconnaissance, Persistence, and Exfiltration. But for the cyber criminal, its much more simple: Phase 1 - attack and steal, Phase 3 - profit. But what happens during the mysterious Phase 2? Get a behind the scenes look into breaches from the perspective of the attacker. Hear from the FBI what the attackers are actually talking about and doing while on your network. How well do they know our systems? What are their real motives? The goal of this session is to help the security community understand the psyche of todays attacker, where hackers no longer slip undetected into secure networks merely for a quick payout, but hacking to support a diversified criminal enterprise. Gain insights to how the combined forces of international law enforcement, private industry, academia, and researchers work together to identify, pursue, and defeat these adversaries.

Eyes on Glass Lessons Learned in Implementing Battle-Ready Security Information and Event Management (SIEM) Systems.

Clive Reeves, Telstra

There are many reasons for implementing a SIEM to demonstrate compliance with regulatory requirements; to help manage security risks; to meet stakeholder expectations; and to help deliver an effective cyber security management and incident response capability. But a SIEM is not a panacea, a silver bullet or an out of the box solution to all of your cyber security challenges. To successfully deploy a SIEM is much harder than it sounds how do you create the foundations for success and meet or exceed stakeholder expectation and avoid a costly mistake? This talk will draw on lessons learned from practical experience in building and implementing SIEM capabilities that are aligned with business risks and ready to deliver an effective incident response capability in a complex threat landscape:

Explore the early thinking and expectations;

Challenge the expected outcomes and understand the potential gaps;

Understand the cyber risks and the threat landscape;

Create a strategy for implementation;

Do the heavy lifting;

Remember the analysts and their mission;

Measure your success;

Create an ecosystem;

Articulate the good - and the bad;

Keep getting better.

Program synthesis in reverse engineering

Rolf Rolles, Mobius Strip Reverse Engineering

Program synthesis is an academic discipline devoted to creating computer programs automatically, given a precise specification of how the program should operate. It works on small scales and is mostly researched for programs without loops in them. We apply and adapt existing academic work in program synthesis to solve problems in reverse engineering.

Semi-automated synthesis of CPU emulators (academic inspiration [1]) Automated generation of deobfuscators for peephole-expansion obfuscators (academic inspiration [2]) Reconstruction of obfuscated, metamorphic code sequences (academic inspiration [3]).




The Blindspot: Why your adversary is a gold frequent flyer

Wayne Ronaldson, Risk Offensive

As organisations are increasing their level of protection and defence, adversaries are seeking new and creative ways to compromise information. Travelling employees present a unique opportunity for attackers to obtain business sensitive information from traditionally well-protected organisations. Using real life case studies, this presentation will demonstrate how sophisticated adversaries target corporate travellers in order to access information when it goes outside the protected perimeter. The presentation will start by demonstrating how adversaries select potential employees for targeting and undertake OSINT reconnaissance on those individuals, using social media and other public sources of information. It will then go on to outline the latest strategies being used by adversaries in airport lounges, transportation, hotels and meeting venues to set up attack vectors against corporate travellers with the intention of compromising laptops, phones or other types of access to protected information. The presentation will provide practical strategies to help reduce the risk of cyber targeting for organisations through their travelling employees, and consequently help to strengthen their cyber defences overall.

Data Combat Warfare in the Age of Big Data

Craig Searle, Hivint

Big data is everywhere. Organisations now store and process data that is growing at an exponential rate. In the age of store-first-think-later, what if the data your organisation stored was actually your biggest threat and the enemy lurks within? What would the implications of evil data be, how would you identify it and protect yourself whilst still relying on a fundamental component of daily business life?

This presentation looks at the concept of data warfare, its roots in information warfare and how cyber security needs to evolve to become more data-aware and address this threat. Already we have seen the beginnings of data-based attacks and their ability to have significant impacts at not only an organisational level, but also at an economic level.

As the global IT ecosystem grows and becomes ever more interdependent, it is more and more plausible for the impact of a well-executed data attack to have global implications. In the age of quantum trading and businesses driven by big data analytics, organisations are becoming increasingly reliant on accurate, reliable and trustworthy data. Their biggest asset now also has the potential to become their biggest weakness.

The Role of Cybersecurity Hygiene in a Digital Journey

John Stewart, Cisco

Many customers today recognise the potential benefits of digitising their organisations, but they are reluctant to move forward with speed. This reluctance is due in part to cyber security hygiene. A recent survey of 1000 executives in 10 countries found that 71% agreed cybersecurity weakness hinders innovation, and 60% agreed cybersecurity risk affected smart and connected product developmenta critical element of the path to digitisation. Those we surveyed said innovations are moving forward at ~70%-80% of what they otherwise could if there were better tools to deal with risk and in particular cybersecurity threats . Regardless of the reasons, this reluctance is delaying the benefits of digitisation which include gains in innovation, productivity, efficiency, and competitive advantage. John will outline the need to address effective cyber security controls, basics every organisation should do, and the journey Cisco has taken, including lessons learnt, in conjunction with our customers.

Comparing attack surfaces of various organizations using OSINT

Roelof Temmingh, Paterva

During this talk we'll attempt to create a scorecard system to compare the attack surfaces of organisations. Surfaces will be defined as the identification (and possible purpose) of infrastructure as well as possible social engineering vectors towards compromising individuals. The size of the surfaces will be calculated by the amount of open source intelligence (OSINT) that can be obtained for each vector and it's relevance in a possible attack. Once the model is defined we'll evaluate organisations by means of a score card generated for each organisation. Results will be made available and discussed (and perhaps debated) during the presentation.

'David, listen....I think we have a big problem'. Surviving a Data Breach - Communicating in a Crisis to protect your reputation

Wayne Tufek, CYBER Risk

This session is about handling communications following a data breach and understanding who your key internal and external stakeholders are. Managing communications is critical to protecting an organisations brand and reputation. Lessons learned and powerful insights have been collected from past breaches such as Sony, Anthem, Target and others.

Topics covered include:

The seven most important items to address as part of your data breach crisis plan

The most common mistakes in dealing with a data breach crisis and how to avoid them

The differences between a 'normal' crisis and a data breach and the impact these have on your approach to managing the incident

Who else in your organisation do you need to engage with before the incident and what role will they play in preparing and dealing with it. Every crisis includes many situations and actors, each with different considerations and priorities, for example, security, legal, law enforcement, customer relations, media, shareholder, employee, the board, card issuers and providers and regulatory bodies

Being prepared and getting ready to handle customer queries

Giving customers the right amount of support during the breach

How to craft appropriate messages and get them right the first time

Effective use of social media during a crisis

Having a plan to address common scenarios that take into consideration the needs of your various stakeholders

The importance of consistency and co-ordinated messaging

How to re-orientate your response as the situation unfolds and changes

Are CISOs an endangered species? If so, we're in serious trouble

James Turner, Australian Information Security Association

Non-IT executives are often reported as being concerned about the prospect of a cyber incident, but as security is not their area of expertise, responsibility for mitigation and preparation is often devolved to IT. The artificial grouping of information security and IT has left many organisations vulnerable because well-intentioned security practitioners are now sidelined and have retreated to ideological puritanism. Security is a response to risk, and it is the ongoing mandate of executives to demonstrate that they are guiding their organisation through foreseeable risks. It is time for organisations that want to establish a reputation of trust with their stakeholders, to view information security very differently. This will require security practitioners to see themselves differently, and make the mental shift from technical do-ers to risk communicators. This process will not be comfortable, but it is imperative.

Incident Response: engineering a more resilient internet

Maarten van Horenbeeck, Fastly

Security incidents often seem unavoidable. We read about the compromise of personal or corporate data in the news on what appears to be a daily basis. In this talk, we will cover how the state of incident response, or dealing with these types of major incidents, has changed. It will take a look back at how major incidents affect us as netizens, starting with the Morris Worm, looking at Stuxnet, the DigiNotar compromise and major Distributed Denial of Service attacks, and explore how each of those thoroughly changed the way we approach security and how we work together to mitigate security incidents.

These incidents will show how the response to an incident really isn't just an engineering problem, at times it takes a bit of science, and a bit of art as well. This talk will show what it takes to protect 'the internet', and how a league of defenders across the world is stepping up to give all it takes to safeguard its potential. By looking at the big picture, the presentation will identify key steps organizations should take to better protect themselves and their customers.

Cyber Security meets Export Controls

Leonard Wills, Defence Export Controls

Defence Export Controls (DEC) sits within the Department of Defence and regulates the export of equipment, materials, software and technology that can be used in military or WMD-related systems; these same items will frequently also have commercial applications. Items that are regulated are listed on the Defence and Strategic Goods List. You will require a permit, or be entitled to an exemption, to lawfully export items on the List from Australia.

The Defence and Strategic Goods List controls extend to high end computers, systems and technology for the operation or delivery of intrusion software, telecommunications systems, IP network surveillance systems, and information security systems that use cryptography to ensure the confidentiality and integrity of information and communications.

In 2012, the Defence Trade Controls Act introduced new legislation intended to strengthen Australias export controls. One new area of regulation deals with the supply of software and technology listed in the Defence and Strategic Goods List via electronic means, such as online collaboration and the sending of emails to people overseas.

The Defence Trade Controls Act has the potential to impact software developers and researchers. Controls on ICT goods, software and technology listed in the Defence and Strategic Goods List apply to software developers and researchers in the same way. They are part of a wider national and international regulatory counter-proliferation framework.

This presentation will

explain the basics of the Defence Trade Controls Act;

explain the control threshold for the export of cryptographic software and technology;

clarify the extent of export controls on intrusion software;

explain how international collaboration may be affected; and

present the options that are available to minimise regulatory impact to software developers and researchers.

Compliance with export controls is a serious obligation but it is manageable.

Beyond the Top 35: Browser exploitation in hardened networks

Tim Willis, Google

Browsers have a very tough job. Everyone uses them, they are highly targeted, constantly left open, have lots of access to the underlying operating system and provide attackers with an easy avenue for remote access. On top of that, browsers contain millions of lines of code, most of which are security-critical and often changing (or worse, forgotten about!).

ASDs Top 35 Strategies to Mitigate Targeted Cyber Intrusions provide excellent guidance and considerations when hardening your networks and systems against targeted intrusions. The Top 4 strategies are reported to stop at least 85% of intrusions that require a response from ASD.

But what if your intruder can successfully bypass the Top 4? Are you accurately assessing your threat mix? Why would an attacker try to install a local keylogger to get a username and password when they can steal a cookie from the browser? Does your attacker even need to execute their own processes when they can leverage a compromised browser process that is already whitelisted?

Come along to this talk if youre interested in learning how the common web browser might be your most attractive target, why browsers are likely to become more attractive over time, and what you can do about it.

The current cybercrime threat picture for Australia

Charlotte Wood, Australian Crime Commision

The ACC has the responsibility on behalf of the Australian Government, to discover, understand and prioritise the Australian cybercrime threat environment as well as initiating or enhancing responses to priority threats. The ACC leads the cybercrime threat assessments with input from other ACSC partners. Charlottes presentation will provide an updated view of the current threat environment from the ACC. Charlotte will also show how traditional responses to the latest threats are challenging, and need to be broad and multi faceted if we are to ensure a cyber secure Australia.