19th November 2012 | Graeme Neilson and Shingirayi Padya
Graeme Neilson and Shingirayi Padya presented at Kiwicon 6 about cracking Audio One Time passwords.
19th November 2012 | Mike Haworth
Mike Haworth presented Demonic Possession of Browsers. BeEF Issue #666 at Kiwicon 6
7th November 2011 | Mike Haworth and Kirk Jackson
Mike Haworth and Aura associate Kirk Jackson talked at Kiwicon 5 about issues where the boundary between web apps and native apps gets blurry.
24th August 2011 | Andy Prow and Kirk Jackson
Andy Prow and Kirk Jackson presented at Microsoft Tech-Ed NZ 2011 - the largest tech conference in New Zealand. They have compiled a "Cheat Sheet" of defenses for the common web risks for ASP.NET, MVC and SharePoint developers.
7th July 2011 | Kirk Jackson
Kirk Jackson presented at OWASP New Zealand Day 2011 on File Upload Considerations.
16th June 2011 | Gary Hinson
Gary Hinson of ISECT presented at the Annual CIO Summit on behalf of Aura.
24th May 2011 | Andy Prow
Andy Prow gave a presentation at the Cloud Security Summit on what's happening in the Cloud Infrastructure as a Service (IaaS) space, including the pros and cons of using a Cloud provider and the security implications and risks. He also explained how to mitigate these risks by implementing specific cloud security policies.
30th March 2011 | Scott Fletcher
Scott Fletcher presented at the Australia & New Zealand Testing Board on 30 March 2011 on beginner testing strategies for five of the OWASP Top Ten web security threats. These strategies will help testers ensure the security of web applications.
11th March 2011 | Graeme Neilson
Graeme Neilson presented at the CanSetWest Conference in Vancouver (March 11 2011) on developing rootkits for the top ten firewall / UTM manufacturers.
11th March 2011 | Graeme Neilson
Graeme Neilson presented with Kirk Jackson from Xero on cryptography at the OWASP Day New Zealand 15th July 2010.
Does the thought of SSL, HTTPS and S/MIME make you squeamish? Does PKI make you want to scream? Does
encrypting data at rest make you want to bury yourself alive?
Cryptography is an important part of most web applications these days, and developers and admins need to understand how, why and when to employ the best and appropriate techniques to secure their servers, applications, data and the livelihoods of their users.
2008, 2009 | Graeme Neilson
Graeme Neilson presented at RuxCon in Sydney Australia (2008) and BlackHat, Las Vegas USA (2009).
The presentation covered Graeme's research on how he's developed a trojan ScreenOS operating system that when loaded onto any Juniper Firewall turns it into a ZOMBIE, giving Graeme full access to the underlying firewall, bypassing all rules and passwords
We must of cause mention Juniper at this point - "we express our appreciation for your pragmatic and careful handling of this case" (Juniper, 28 Nov 08). They also released a tech bulletin: PSN-2008-11-111, "ScreenOS Firmware Image Authenticity Notification" which states: "All Juniper ScreenOS Firewall Platforms are susceptible to circumstances in which a maliciously modified ScreenOS image can be installed."
2nd December 2008 | Andy Prow
Andy Prow presented at the ISACA Computer Security Day in Wellington. Andy's presentation focussed on the "SANS Defensive Wall 1 - Proactive Software Assurance", covering the steps you should take as an organisation to proactively protect your systems against attack.
The w3af framework project is the up-and-coming Metasploit of Web application security. It's flexible design allows new attack vectors to be easily written and includes many features which are only available in the grossly expensive commercial tools. Mark's presentation will discuss why we need webapp scanners and demo the w3af framework and how to automate the Discovery, Audit and Attack of web applications.
Building on the Blackjacking tools presented at DefCon, Graeme will present some advanced tools for attacking internal networks via Blackberrys. For example how to use TicTactrojan on a Blackberry to port scan an internal network from the comfort of your external host.
Andy will focus on how software quality MUST include security considerations during the requirements, design, implementation, testing, roll-out and maintenance phases. He will also include some examples of real-world security issues that "make you think..."
The presentation highlights the need for an organisation to have there own "trusted in-house hacker" who thinks like a hacker would.
Some of the other topics covered are:
- Some of the latest tools hackers use
- A sample of common vulnerabilities and how they can be exploited
- How to protect your network against these exploits
All presentations are the copyright of Aura Information Security Ltd 2013, All Rights Reserved.
You may download these presentations for research purposes only.
Any re-use or reproduction of these presentation may only be performed with express permission from Aura Software Security Ltd.