I presented on bug bounty programs at an Infrastructure Coders event in Melbourne. The meetup is focused on Infrastructure (DevOps) and is designed for Systems Administrators, Developers, DevOps, Web Operations Engineers and all people who build high traffic websites.
At WAHCKon Perth 2015 an information security conference held in Perth Australia, i presented on how to brake common Android binary protections like root detection and SSL pinning.
When performing a penetration test on an Android or iOS application the developer can implement what are called binary protections that hinder an attacker from easily analysing an application. Some of the more common protections are SSL pinning, code obfuscation and root detection. This article explains how to bypass the latter, namely root detection on Android.
When you are performing a pen test or participating in a bug bounty program, sometimes you are confronted by a Web Application Firewall (WAF) designed to block malicious payloads. To properly identify and exploit a Cross-site Scripting vulnerability you will need to find a way around it! This article demonstrates a method of creating an SVG based payload to bypass those pesky WAF’s.
The Australian Information Security Association (AISA), is Australia’s peak body for information and cyber security professionals. I spoke at one of the meetups with Topy about the basics of a penetration test.
OWASP Melbourne Meetup is a local OWASP Chapter in Melbourne, Australia that runs events on all things application security. I presented to the community about some of the ways you can break Node.js applications, as well as some of the common developer mistakes.
OWASP Melbourne Meetup is a local OWASP Chapter in Melbourne, Australia that runs events on all things application security. I presented to the community on how to perform a basic buffer overflow.