An Introductory Look at Software Defined Radio

David "Karit" Robinson (ZX Security)

Thursday, 08:00 > 17:00

Summary: This course will use Software Defined Radios (SDR) to receive and decode messages and broadcast data over the airwaves.

It will cover:

• Background theory about the different modulations and encodings which are used during the transmission of data over radio.
• Introduction to the tools available for SDR.
• An introduction to Gnu Radio Companion.
• The capture and broadcast of simple remotes (garage door and remote doorbells).
• A look at remotes found in alarms and cars and how to attack them.
• If time allows an introduction to some tools for listening to trunked radio, pager messages, and ADS-B, including how they could be adapted for "research" proposes.

Learnings:

• What is Software Defined Radio (SDR)?
• Using an RTL SDRs to receive signals.
• Decoding radio messages into data.
• How to use Gnu Radio Companion (GNU Radio).
• Capturing and replaying of simple radio remote controls (like garage door).
• How to use to broadcast using SDR.

About Dave: Dave/Karit has worked in the IT industry for over 10 years. In this time, he has developed a skillset that encompasses various disciplines in the information security domain. Dave is currently part of the team at ZX Security in Wellington, New Zealand and works as a penetration tester. Since joining ZX Security Dave has presented at ChCon, Defcon, Kiwicon, BSides Canberra, Unrestcon and numerous local meetups. In addition, he has run training/workshops at Syscan, Kiwicon and Tuskcon. He has a keen interest in lock-picking and all things wireless.

Tickets: $500 (order through Eventbrite).

iOS Application Security

Prem Kumar (Aura Security)

Thursday, 08:00 > 17:00

Summary: The number of mobile applications available in the Apple App Stores is nearing 2 million and vulnerabilities are skyrocketing. Elimination of such security holes in iOS apps is critical for any developer/pentester, who wants to protect users from attackers. The agenda of this training would be to carry out, In-depth analysis of iOS vulnerabilities and remediation of such security holes.

We will also be looking at various tools and advanced techniques which are helpful for performing a successful mobile penetration test.

Learnings:

• What is iOS?
• Understanding iOS Architecture/Sandboxing
• iOS Application Structure.
• Types of iOS Applications and their distributions.
• Types of iOS Pen-tests.
• What is Jailbreak? Why Jailbreak? Perquisites!
• Setting up basic iOS pen test platform.
• iOS Transport Layer Protection.
• iOS Insecure Local Storage.
• iOS Side Channel Data Leakage.
• iOS Client Side Injections.
• Runtime Analysis.
• Demo of iOS vulnerabilities reported in Bug bounties.
• How To Start on iOS Pentesting?

About Prem: Prem is currently working as a Security Consultant at Aura Security, Wellington. He has profound knowledge in web, mobile, network security and has conducted numerous penetration testings for clients across all verticals. He has previously spoken at Daimler International Security Conference (Germany), Digitalsec2016 (Malaysia), Cyber Security Conclave (SCSC) India, and other security events. In his spare time, he participates in bug bounties and plays Fortnite.

Tickets: $500 (order through Eventbrite).

REV.ENG.E

Karl Barrett (Lateral Security)

Thursday, 08:00 > 12:00

Summary: Reverse Engineering for Education/Entertainment is an informal training session to teach tools and techniques useful in application analysis.

The goal is to provide attendees with a high-level introduction to a variety of free (and predominately open source) toolsets; breaking down the stigma of reverse engineering being magical voodoo.

Learnings:

• The ability to manipulate and decipher a variety of programming languages (both interpreted and compiled).
• An understanding of common debugging techniques.
• Knowledge of basic reversing toolsets, and how to use them.

About Karl: Karl is a security consultant for Lateral Security in Christchurch, New Zealand. His areas of interest include hardware hacking and advanced XSS techniques. In his spare time, Karl enjoys climbing rocks and popping locks.

Tickets: $250 (order through Eventbrite).