Presentations & Events at Kiwicon 2k9
View the schedule
Table of Contents
Keynote
Presentations
- Philip Whitmore: Here is a Lock; Here is a Door; Windows One Two Three Four
- Chris Spencer: Professional Vulnerability Research and Analysis
- alhazred: lulz: Webstalking 3.0
- Paul Craig: Hacking Scientists
- Peter Hannay: The Big Brothers & Subversives Guide to GPS
- bls: Radio Recon: COMINT for Haxx0rs
- Nick von Dadelszen: Smart Card Security
- Muss: Shared Ownership
- Carl Purvis: DMAP
- Max Dermann: Defending against Web Applicaton DoS Attacks
- thoth: rewtkits? in MY kernel?
- Hawkes: A History of Corruption
- Peter Gutmann: Some Thoughts on Threat Modelling
- Sham: Pro-tips for hackers and those that call themselves hackers
- metlstorm: Do your fruit hang low?
- Follower: Physical Computing, Virtual Security: Adding the Arduino microcontroller development environment to your 'security research'
Lightning Talks
- narc0sis: New Zealand Internet Task Force
- deathflu: Mobile Activesync Russian Roulette
- y011: More 802.11 wireless controller BS
- D.Roc: Decoding Telecom paging system
- urbanadventurer: New Zealand Web Reconnaisansse with WhatWeb
- numero: WifiHoneyPots or How I got pwned stealing grandma's wifi
- Karl Chaffey: iStore: YourStoreMyStore
- Philip Whitmore: The Social Engineering Zone
Events
Keynote
The Kiwicon Crue welcomes our resident media pimp-daddy, risky.biz star and all round goo^h^h^hokay dude Pat Gray to the keynote slot.
| Title: | Media hackery: How to manipulate social and mainstream media |
| Presenter: | Patrick Gray [Schedule] |
| Origin: | NSW, Australia |
| Synopsis: | Social media has been hailed as a new force in democracy -- putting the power of information distribution back into the hands of the people. But online, as they say, no one knows you're a dog. Through the use of excruciatingly simple techniques like spoofed e-mail, cross site scripting, custom botnets, black-hat SEO techniques, misleading wiki edits and fake websites, it's been proven that the social and mainstream media are easy to "game". In this talk you'll learn how to (almost) bring down a government with a single spoofed e-mail, why the erosion of news budgets and the rise of "social media" threatens to rob us of the knowledge of what's really going on, and how Western intelligence agencies tried to topple Indonesia's president Sukarno by making a bad porno featuring a dude in a rubber mask. |
| Bio: | Patrick Gray is an Australian journalist best known as the host of the Risky Business security podcast. He's been reporting on IT security issues for eight years, with his articles appearing in The Sydney Morning Herald, The Age, Wired News, ZDNet, CNet, SecurityFocus and curiously, Australian Men's Style Magazine. |
| zomg, hi! |
Presentations
Presentations are longer talks, ranging from 30-60 mins
| Title: | Here is a Lock; Here is a Door; Windows One Two Three Four |
| Presenter: | Philip Whitmore [Schedule] |
| Origin: | Auckland, New Zealand |
| Synopsis: | Following on from last year's demonstration of ninja skills, Philip will provide a real-world practical look at the ease at which advanced access control systems can be defeated. From bypassing fingerprinting readers with superglue from the two dollar shop, to demonstrating the ease at which most RFID access cards in New Zealand can be cloned. Now who said you couldn't produce a physical clone of a RFID access card? Don't forget to bring your faraday cages! Ready to knock; turn the lock; owned. |
| Bio: | Cunningly hiding his megalomania complex by pretending to have a real job, Philip Whitmore leads PricewaterhouseCoopers' Security & Technology practice. From breaking into vaults, to narrowly preventing an armed police response when demonstrating that a particular door could be opened with a toothpick, Philip has put a different spin on penetration testing by going back to basics. |
| zomg, hi! | |
| Title: | Professional Vulnerability Research and Analysis |
| Presenter: | Chris Spencer [Schedule] |
| Origin: | Melbourne, Australia |
| Synopsis: | This presentation will take an inside look at how professional day to day vulnerability analysis and research is conducted within a typical Vulnerability Research Team. Some topics that will be covered include: - Techniques and tools used to analyze Microsoft binary patches. - Static binary analysis and vulnerability code path identification. - Proof-of-concept exploit development. - Tools and techniques used for debugging vulnerability related crashes. - Reliable exploit development. - 0day discovery including binary analysis, fuzz-testing and source code analysis. Real life vulnerability examples will be used along the way to demonstrate the techniques used in our daily work. This presentation may be of interest to anyone interested in vulnerability research or those who are planning to follow a career in this field. |
| Bio: | Chris Spencer is currently working in the Applied Research Labs at iDefense and is the main organizer of the Ruxcon computer security conference. Chris has been involved in the international and Australian security hobbyist scene since the late 90s. Chris has previously presented at Blackhat and SecureCon, and was a member of the TESO security research group. |
| zomg, hi! | |
| Title: | lulz: Webstalking 3.0 |
| Presenter: | alhazred [Schedule] |
| Origin: | Christchurch, New Zealand |
| Synopsis: | Webstalking, we all do it. Maybe you stalk your friends, maybe you stalk your co-workers, or maybe you even do it just to find out the phone number of that cute girl you met that one time outside the local needle exchange, but for whatever reason looking up people on the web has become a normal part of the online social experience. Utilising a bunch of bleeding edge technologies straight outta retro-futuristic 1970s artificial intelligence (including a multiple agent blackboard architecture, probabilistic Bayesian identity resolution and some sweet, sweet utility driven Markov Decision Process tekneek), lulz is a truly "smart" semantically enabled search tool for finding the public data shadow on anybody, then collating, archiving and analysing it. Yeah, it really is that creepy. |
| Bio: | alhazred presented a lightning talk at kiwicon 2k7 and is back in black once again with all new social networking evilness. He enjoy walks on the beach, quiet nights spent indoors relaxing in front of the television, and continually re-categorising his massive collection of weaponised hardcore pornography. Proud to be one of the baddest motherfuckers in New Brighton -- CHRISTCHURCH 4 LYFE YO! -- alhazred has recently become engaged to his longtime on/off girlfriend, Paris Whitney Hilton (I <3 you sweetheart) |
| zomg, hi! | |
| Title: | Hacking Scientists |
| Presenter: | Paul Craig [Schedule] |
| Origin: | Auckland, New Zealand |
| Synopsis: | Every Sunday I hack. Every Sunday I hack for 8-9 hours, come rain or shine, sleet or snow. I spend my time trying to find vulnerabilities in software. You have probably never heard of the software, that i hack, every Sunday. I hack scientific software, software used by scientists, who wear long white lab-coats. The lab coat wearing scientists, work for some of the largest companies in the world. Conducting the highest profile research in the field of medical, biology, chemistry and physics. They work for the defense forces, universities, research companies and large pharmaceutical organizations. The work they conduct produces the most valuable intellectual property in the world. Their research created the atom bomb, cures for diseases, and answers to the mysteries of the world. Come rain or shine, every Sunday, I hack the software the scientists use. |
| Bio: | Strangely, the painting of the Delphic Oracle in the Sistine Chapel also depicts a redhead. Though built on somewhat more majestic lines than the Axl Rose like* Craig, the oracle wears a familiar pensive expression, perhaps distantly curious about the antlike mortals who lack a formidable breadth of knowledge, or perhaps considering more ways to pwn up Adobe, or Googledork botnets, or cause kiosk companies to have panic attacks, kittens, or catastrophic sphincter failure. Anyway, this ought to be good. * pers. comm., 2009, fosm. |
| zomg, hi! | |
| Title: | The Big Brothers & Subversives Guide to GPS |
| Presenter: | Peter Hannay [Schedule] |
| Origin: | Perth, Australia |
| Synopsis: | An introduction to the security implications of GPS devices. Covering: - the tracks left behind on consumer level GPS devices, some obvious, some not so obvious, some only accessible by law enforcement. - the use of software defined radio in GPS spoofing - spoofing gps to defeat physical security |
| Bio: | Peter Hannay is a PhD student, researcher and lecturer based at Edith Cowan University in Perth Western Australia. His focus has been in the forensics field, examining GPS devices, video game consoles and embedded systems. In addition to this he enjoys alcohol, long walks along the beach and loves (but is allergic to) cats. |
| zomg, hi! | |
| Title: | Radio Recon: COMINT for Haxx0rs |
| Presenter: | bls [Schedule] |
| Origin: | Wellington, New Zealand |
| Synopsis: | This presentation covers radio surveillance for hackers and penetration testers. Learn how to discover, monitor and exploit signals across the entire radio spectrum. Recent advances in radio technology have opened the whole radio spectrum to automated surveillance - by private individuals on a limited budget. Software radio is changing the game for organizations which rely on the security of wireless technologies. Also featuring a tool release: wscan, the Wideband Scanner. "It's nmap for your software radio." |
| Bio: | Blair is handy with a screwdriver, dangerous with a soldering iron and lethal with duct-tape. Outlawed in the EU due to high lead content, he also poses a significant fire hazard. |
| zomg, hi! | |
| Title: | Smart Card Security |
| Presenter: | Nick von Dadelszen [Schedule] |
| Origin: | Wellington, New Zealand |
| Synopsis: | Smart cards are all the rage these days; from electronic passports, credit cards, other payment systems, and access control systems. Nick discusses smart card security, and how to go about reviewing the security of these types of systems. These systems can be either contact, or contactless, but the discussion will focus primarily on the application layer of the cards rather than the physical interface. He will also show some cool toys and drop some scripts useful for looking at these systems. Nick will show examples of techniques used on systems deployed in NZ. |
| Bio: | Nick has been in this industry far too long, though he still manages to keep his "grumpy old man" rants well below the average for those of similar experience. He is a director of Lateral Security and has variously been described as "thinking like a criminal" and "a digital vagabond". |
| zomg, hi! | |
| Title: | Shared Ownership |
| Presenter: | Muss [Schedule] |
| Origin: | Auckland, New Zealand |
| Synopsis: | Ever been in a club rubbing up against half-naked, hot, sweaty guys and come out feeling sullied? That is either what shared hosting is today, or a common fantasy of mine I have accidentally included in my synopsis. "Shared hosting" is a fairly generic term used to describe hosting multiple websites, often (but not always) running as a unique system user on a single virtual or physical machine. They are often poorly set up, and almost always host vulnerable versions of software. This talk will focus on architectural problems that can occur when various core protocols are forced to work together with a bad attempt at a GUI slapped on top. We will also look at some specific implementation bugs that exist today. |
| Bio: | Although often defeated by the ordinary belt, muss has created his own niche in the .nz hosting industry. From inauspicious and suburban beginnings, he now controls enough infrastructure to be worth bribing by hackers of varying types who just want a vm for a little bit for research. Honest. muss enjoys deflecting questions about his personal life, and turning up to 2600 meetings alone. He does not enjoy walks on the beach, choosing instead to corner hapless ISP employees on Friday nights and make them explain why their network has gone down again*. * JunOS |
| zomg, hi! | |
| Title: | DMAP |
| Presenter: | Carl Purvis [Schedule] |
| Origin: | Auckland, New Zealand |
| Synopsis: | I have a secret. I can compromise most of you today regardless of what OS your running. It's a secret most of the ISPs in the world would probably prefer you didn't know. Want to find out what this is all about? You'll have to come along to my talk at Kiwicon and buy me a beer. Let me enlighten you about what happens when you have a $1000 and the will to take things to the next level. Tool release, demo's and instructions! |
| Bio: | Carl began working in IT at the age of 17 for New Zealands first public ISP. Carl has worked for the majority of New Zealands Telecommunications Companies in UNIX Administration, Secure Management Network Design and a number of Auditing roles. In the last 24 months at Security-Assessment.com Carl has conducted penetration tests against New Zealand's largest organisations, including the financial, telecommunication and critical infrastructure sectors. |
| zomg, hi! | |
| Title: | Defending against Web Applicaton DoS Attacks |
| Presenter: | Max Dermann [Schedule] |
| Origin: | Wellington, New Zealand |
| Synopsis: | - The Threat: why the usual countermeasures fail - Defending: what does work - passive countermeasure: shrugging off an attack - active countermeasures: how to separate the wheat from the chaff |
| Bio: | Max(imilian) Dermann - has been active in IT security since 2000 - just started work as an architect for Datacom in Wellington - was involved in a total of four identity and access management projects - designed additional capabilities into a web application firewall product - was responsible for e-business security and operations at Lufthansa Technik - has designed, implemented and hardened online banking and brokerage applications in Germany, Austria and Switzerland |
| zomg, hi! | |
| Title: | rewtkits? in MY kernel? |
| Presenter: | thoth [Schedule] |
| Origin: | Sydney, Australia |
| Synopsis: | Linux kernel rootkits are everywhere, but no modern (public) detection system exists. Linux rootkit checkers are currently woefully inadequate, often focusing upon mundane and outdated techniques that are only used by the lowest of the kiddies. I will briefly highlight common modern rootkit techniques as seen in real in-the-netz linux rootkits, and walk through my Antilulz tool, which is an LKM designed to be loaded at times of peak paranoia to give your kernel the once over. I'll continue the conversation discussing what a rootkit would need to do to defeat these checks, and expand upon antilulz to continue the cold war. If I've time, I'll talk a bit about the state of rootkit detection, and will discuss real-time kernel IDS techniques, and why they are extremely hard to do. |
| Bio: | Fionnbharr Davies is a deeply religious whitehat who is inspired to fix all bugs he stumbles upon on his holy sojourn through the information superhighway. He believes that all blackhattery is rooted in awful books written by Gibson and Stephenson, and is eagerly awaiting the release of the neuromancer film to finally kill the subculture of crackers and netrunners once and for all. |
| zomg, hi! | |
| Title: | A History of Corruption |
| Presenter: | Hawkes [Schedule] |
| Origin: | Wellington, New Zealand |
| Synopsis: | Ithaca, New York. November 2nd 1988, 6PM. $ FTP /USERNAME=anonymous /PASSWORD=login prep.ai.mit.edu 220 prep-ai-vax FTP server (Version 4.97 Thu Jul 12 18:59:05 EDT 1987) ready. FTP> PUT X14481910.EXE FTP> QUIT $ RLOGIN /USER_NAME=TOURIST prep.ai.mit.edu Welcome TOURIST to VAX-11/VMS system prep-ai-vax. prep-ai-vax% SET DEFAULT $U:[FTP] prep-ai-vax% X14481910.EXE With one final keystroke Robert Tappan Morris set off a chain of events leading to his arrest and conviction. This was the Morris Worm. "A History of Corruption" tells the story of memory courruption vulnerabilities, from Morris in 1988 to Conficker in 2009. This is a story inextricably linked with the lives of the hackers and engineers behind the research. This presentation will go beyond the exploits to show a changing world of conflict and community. |
| Bio: | Ben Hawkes is a researcher and consultant who specializes in exploiting complex software vulnerabilities. He presented at Ruxcon '07, Black Hat '08, Kiwicon II and HAR2009. Impressively devoid of any sort of ego despite an adoring fanbase, Ben was recently described as "well adjusted". |
| zomg, hi! | |
| Title: | Some Thoughts on Threat Modelling |
| Presenter: | Peter Gutmann [Schedule] |
| Origin: | Auckland, New Zealand |
| Synopsis: | This talks looks at the topic of threat modelling, not so much in terms of, well, threat modelling, but how it can help shape the assumptions we make about the types of threats that we're facing. Starting with some notable examples of (fatally) incorrect assumptions made during historical threat modelling exercises, it looks at some more recent failures and failure patterns that DFD-based threat modelling can help identify. While none of the threats discussed are particularly novel, the formal threat-modelling process provides a more rigorous approach than the usual "try this one and see if it works". PCI-DSS will be mentioned (but only briefly). |
| Bio: | Peter Gutmann is a researcher in the Department of Computer Science at the University of Auckland working on design and analysis of cryptographic security architectures. He helped write the popular PGP encryption package, has authored a number of papers and RFC's on security and encryption including the X.509 Style Guide for certificates, and is the author of the open source cryptlib security toolkit. In his spare time he pokes holes in whatever security systems and mechanisms catch his attention and grumbles about PKIs and the lack of security usability. |
| zomg, hi! | |
| Title: | Pro-tips for hackers and those that call themselves hackers |
| Presenter: | Sham [Schedule] |
| Origin: | Zurich, Switzerland |
| Synopsis: | Despite the appalling present state of security, despite the tech media screaming the sky is falling, despite security admins burning long hours and malware controlling larger and larger pieces of our infrastructure... the virtual wheels of online e-commerce keep turning, hackers still get caught and prosecuted and consultants still get their paychecks. But how do you maintain your part in the security theater? An offering of Tony Robbins-esque success tips for hackers, consultants and corporate security staff. This talk will be accompanied by an interpretive dance, performed by the Kiwicon attendee to receive the most votes for "contributions to new Zealand security theater in 2009". |
| Bio: | Darren is the chief digital janitor at a somewhat well known cloud computing and search center of excellence where he works to synergize your core infrastructure with scalable grid resources to increase return on investment at a global scale, 24 by 7. When not doing that, he is responsible for catching the bad guys and bringing them to justice. Darren is an expat kiwi, and one of the old men of the New Zealand security scene. He publicly endorses python, whiskey and vim. |
| zomg, hi! | |
| Title: | Do your fruit hang low? |
| Presenter: | metlstorm [Schedule] |
| Origin: | Wellington, New Zealand |
| Synopsis: | Do your fruit hang low? Do they wobble to and fro? A talk in which you, gentle audience, indulge a tired old hacker while he rambles about full disclosure, operational security, scope, the digital-pearl-harbour, the new zealand crimes act, tourism, security metrics, data breach disclosure and, if you're (really) lucky, might get to the point. Which is almost certainly python. Or bacon. |
| Bio: | Metlstorm is a cashed up, card carrying whitehat sellout, writing up customers for ICMP timestamping and SSLv2 like Qualys told him to. When he's not faffing with his word templates, he spouts poorly thought through faux-pinions on the risky.biz podcast, and organises (largely by sulking about off topic posts on #kiwicon) the second best hacker con in New Zealand. Don't let the beard fool you - he loves Windows, and heartily endorses products made by Computer Associates. Metl has bored previous Kiwicons, Ruxcons, a Defcon and a Blackhat, pottered around a few networks (including yours) and in his spare time stuffs his face with pies and griefbacon. Metl aspires to work for EDS in an audit and compliance role, so recruiters, please contact him IMMEDIATELY. |
| zomg, hi! | |
| Title: | Physical Computing, Virtual Security: Adding the Arduino microcontroller development environment to your 'security research' |
| Presenter: | Follower [Schedule] |
| Origin: | Christchurch, New Zealand |
| Synopsis: | While you were busy sticking your nose into the latest heap-smashing techniques and exploiting the 0days you found on a street corner, embedded hardware got a whole lot easier thanks to the Arduino microcontroller platform. Sure, it entered the world under the guise of "physical computing" aimed at designers but just like you can use a paint brush to jimmy open a door you can use the Arduino in your security toolkit too. Assuming you pay attention you'll learn about the potential for use in USB driver fuzzing, network attacks, physical control and perhaps some social engineering as well. We'll take a look at the price/size trade-offs too. |
| Bio: | follower is co-founder of the Christchurch Creative/Hacker Space and gets the blame for kicking off events that lead to its establishment. He'll also admit some responsibility for integrating certain networking and USB technologies into the Arduino eco-system. He has a particular interest in the intersection of software, hardware, craft and art. Four years ago he established The Valley in Christchurch monthly tech dinners and continues to somewhat maintain the Planet NZTech blog aggregator. Occasionally he can be heard mumbling how Tim O'Reilly once called him a "troublemaker" for his Google Maps reverse engineering. |
| zomg, hi! |
Lightning Talks
Lightning talks are a maximum of 15 mins, keeping it snappy.
| Title: | New Zealand Internet Task Force |
| Presenter: | narc0sis [Schedule] |
| Origin: | Wellington, New Zealand |
| Synopsis: | This talk will discuss some recent activity and projects undertaken by members of the New Zealand Internet Task Force, NZITF, to give you some idea of what it is, who we are and what we do, and most importantly how you can potentially get involved. |
| Bio: | The NZITF (previously the NZ Botnet Taskforce) is a National approach to mitigating emerging threats on the Internet. It is a collection of 30+ organisations, and individuals across the IT Industy, Security Community, Government, Law Enforcement, Managed Service Providers, Telecommunications Companies and Universities. Narc0sis, a recently reformed fed, has entered rehab in the private sector, and soon hopes to ditch his suit. |
| zomg, hi! | |
| Title: | Mobile Activesync Russian Roulette |
| Presenter: | deathflu [Schedule] |
| Origin: | Melbourne, Australia |
| Synopsis: | As the popularity of communication (especially email) using mobile devices increases so does the risk of data leakage and data theft. This presentation will review Microsoft Mobile Activesync looking at transport layer security, controls enforced on the mobile devices and some potentially lethal fun (to the device anyway). |
| Bio: | Oliver Greiter is Senior Security Consultant at Assurance. Oliver's day-to-day tasks include penetration testing, platform security configuration reviews, security architecture reviews and application security reviews. His previous experience includes body-guarding the Nigerian President, serving as Minister of Defence in the Nauru government and Charge d'Affaires during recent negotiations with our alien overlords. |
| zomg, hi! | |
| Title: | More 802.11 wireless controller BS |
| Presenter: | y011 [Schedule] |
| Origin: | Melbourne, Australia |
| Synopsis: | With the shamefail of 2008's audience-mangled demos still burning his ears this time 'round Neal shows some more 802.11 wireless controller party tricks. This year the focus is some brief (thankfully for you) "fun" with firmware on Cisco, Aruba and Meru controllers. |
| Bio: | In his random career Neal's been SYSTEM, root, SUPERVISOR, a bit of QSECOFR and, reluctantly, administrator. Neal runs assurance.com.au, co-ops the spy.net b'width co-op and rocks the -vvv |
| zomg, hi! | |
| Title: | Decoding Telecom paging system |
| Presenter: | D.Roc [Schedule] |
| Origin: | Wellington, New Zealand |
| Synopsis: | Now that the police are moving to a full digital system may people are asking what else they can do with a police scanner. this presentation will show you have to use a basic police scanner to decode and read the alphanumeric pagers that many people use as an on call contact system. |
| Bio: | D.Roc has been a unix admin for 6 years, and has voided the warranty on almost every electronic device he owns. |
| zomg, hi! | |
| Title: | New Zealand Web Reconnaisansse with WhatWeb |
| Presenter: | urbanadventurer [Schedule] |
| Origin: | Christchurch, New Zealand |
| Synopsis: | Ever wanted to web scan all of New Zealand but didn't have the right tools? Me too, so I developed WhatWeb, a next generation website identification scanner. With stealth-mode turned all the way up to 11 it's less intrusive than the Google crawler and eminently suitable for large scale internet scanning. Look foward to juicier web statistics than at NetCraft.com and a guided tour to the unindexed websites hidden among NZ's 6 million allocated IPs. The web space is littered with voip phones, web cameras, printers, routers and bizzare devices to amaze and astound you. WhatWeb will be officially released at Kiwicon 2009. |
| Bio: | Andrew Horton is a South Islander living in Christchurch. He heads up MorningStar Security, an IT-security consultancy where he provides penetration tests, source-code reviews, teaches programmers to hack web apps, and much more. For fun he writes open-source security tools such as WhatWeb, and spends far too much time chatting on Kiwicon's IRC. |
| zomg, hi! | |
| Title: | WifiHoneyPots or How I got pwned stealing grandma's wifi |
| Presenter: | numero [Schedule] |
| Origin: | Wellington, New Zealand |
| Synopsis: | If you saw a open wifi access point (grandmas wifi!?) would you use it? If you did, what consequences would you expect? The majority of New Zealanders use the internet every day, and many use a wireless mechanism for access, (bliss)fully unaware of the potential risks. In this presentation I will describe a wifi honeypot appliance which impersonates existing wifi access points, actively strips encryption from traffic running through it, and stores captured traffic for analysis. The legality and usability aspects of the wifihoneypot will also be discussed, and some preliminary results from field testing will be provided. |
| Bio: | numero engineers software (python), mixes music (vestax), makes bread (sourdough) and resides in Wellington. |
| zomg, hi! | |
| Title: | iStore: YourStoreMyStore |
| Presenter: | Karl Chaffey [Schedule] |
| Origin: | Auckland, New Zealand |
| Synopsis: | iPhone, iPhone, iPhone just how secure is that App Store that you are so found of? A quick look at how the App Store works under the hood and how to subvert it with a couple of standard dns/gateway tricks. You meant to buy that $1000 dollar app right? |
| Bio: | Working by day to protect your money in the financial/banking sector from people like you, but by night spending far too much time making things work 'just right', drinking beer and planning the purchase of high end consumer electronic gadgets. The NZ Herald would refer to him as "some kind of 18-year-old guy in a black T-shirt who's bored from looking at the new Google wave product and has decided to take a hack." [sic]. |
| zomg, hi! | |
| Title: | The Social Engineering Zone |
| Presenter: | Philip Whitmore [Schedule] |
| Origin: | Aucklkand, New Zealand |
| Synopsis: | Imagine, if you will, a time that seemed innocent... almost too innocent. Imagine a nation under whose seemingly conformist and conservative surface dramatic social changes were brewing, changes as obvious as ERP integration and as subtle as Shortland Street acting. And imagine, if you will, attending a seemingly harmless security conference in Wellington. But what if this security conference was not as it appeared? What if it masqueraded as a simple conference, and did not reveal its true social engineering agenda until people took a closer look? Let us examine if some of the attendees could be socially engineered even knowing that someone might be trying to. Let us investigate the secrets of... The Social Engineering Zone. |
| Bio: | Cunningly hiding his megalomania complex by pretending to have a real job, Philip Whitmore leads PricewaterhouseCoopers' Security & Technology practice. Realising that social engineering could be used for more than getting free drinks; his Jedi mind tricks are now used for the good of the Alliance. |
| zomg, hi! |
Events
| Title: | Lockpicking Challenge |
| Organiser: | D.Roc [Schedule] |
| Venue: | Workshop at lunchtime, Box on the rego desk anytime. |
| Time: | Saturday, 1230-1300 |
| Synopsis: | Following the failure of anyone to crack open his moneybox last year, D.Roc returns, with his box o cash. Crack the lock, take the caaaaaaaash. He'll have lockpicking tools, locks, and his box, so drop on by, learn some things, and try your skillz. |
| zomg, hi! | |
| Title: | An Evening With Ben Hawkes, With Your Host Ben Hawkes |
| Organiser: | Ben Hawkes [Schedule] |
| Venue: | The Benporium, by invite only |
| Time: | Friday 1930-late |
| Synopsis: | International hacker superstar and all round high roller Ben Hawkes hosts the Kiwicon Speakers, VIPs and Ben Hawkes party. Spend an evening with "His Ben-ness", sipping the finest cheapest tequila, heap spraying in alleys and waking up with a fistfull of (stripper) dollars. |
| zomg, hi! | |
| Title: | The Return of the Kiwicon Pub Quiz |
| Organiser: | Metl', 'c0de an' frenz [Schedule] |
| Venue: | Shooters Bar, 69 Courtenay Place. |
| Time: | Saturday night - late. Doors open 1900, quiz starts 2030. |
| Synopsis: | Test your hax0r general knowlege, skillz and cheap-beer-swillin' abilities against the cream of .nz's security scene at the Kiwcon Pub Quiz, returning with fecund vigour after a fallow year. One laptop per team, wireless required. Prizes, bartabs and lulz - kick back and chill with the #kiwicon crowd in the heart of Wellington's pub strip. |
| zomg, hi! | |
| Title: | SiteHost has a "A Case of the Sundays" |
| Organiser: | The Kiwicon Crue and Sponsors [Schedule] |
| Venue: | Kiwicon Venue Foyer |
| Time: | Sunday 0845-0945. |
| Synopsis: | Does anyone ever ask you if you've got a case of the Sundays? Shit, no? Well, we won't either, but we understand. Join the other early-to-rise hackers in the venue foyer for some light breakfast snacks before the first talk. Enjoy breakfast breadliness from our chums at SiteHost, energy drinks from Demon, and coffee from Lateral Security. Scowls and sass are always free. |
| zomg, hi! | |
| Title: | The Insomnia Sunday Roast |
| Organiser: | The Kiwicon Crue and Sponsors [Schedule] |
| Venue: | Trax Bar, across the road from the venue |
| Time: | Sunday Lunchtime, 1230-1345 |
| Synopsis: | So we lied. It's not a roast. We accidentally ended up with money again, and on the rationale that it's a poor life choice to embezzle a couple grand from a bunch of hackers, decided to feed you again instead. Attendees are invited to perambulate to Trax Cafe for a partially catered lunch (the partially catered bit means you have to buy your own goddamn beers). The only roaches here are in the sponsor's logo; thanks Insomnia Security! |
| zomg, hi! | |
| Title: | Decompression Beers |
| Organiser: | The Kiwicon Crue [Schedule] |
| Venue: | The Malthouse, 48 Courtenay Place |
| Time: | Sunday 1930-late |
| Synopsis: | The semi-offical afterparty will be held at The Mo'fuckin' Malthouse on Sunday evening after Kiwicon. A slow moving and easily ambushed group will depart the venue enroute to beers sometime after closedown. Otherwise head on down later to raise your wrist, throw up the horns and watch the Kiwicon Crue slowly deflate and toast that, thank-fuck, that the con's over for another damn year. Why ever did we agree to do this again? |
| zomg, hi! |