Skip to main content

CHCon '17


October 26-28 - Christchurch, NZ

The Con


What and when?

CHCon is a conference for security professionals and hackers in Christchurch, NZ. Training will be run on Thursday 26th October, and presentations on Friday 27th and Saturday 28th. A CTF will be run across all three days. All official conference events will be held at the UCSA Events Centre at 90 Ilam Rd, Riccarton. Be sure to email us if there's something in particular you'd like to see happen at the con!

Who will be speaking?

The CHCon organisers have sorted through a heap of amazing CFP and CFT submissions and have pieced together a schedule of talks and training that you can read more about below.

Who is it for?

You! IT security professionals, web developers, software developers, students, wannabes, hackers, enthusiasts, [your title here].

Who is running this thing?

CHCon is being coordinated by a collaboration of people from the local OWASP and ISIG chapters. These are two web application security and information security groups which meet regularly in Christchurch. Follow us on Twitter: @CHCon_nz.

Our Sponsors


Platinum

Insomnia Security

Gold

InternetNZ

Silver

Quantium Security

Bronze

ANZ Testing Board

Talks


Friday (27/10)
09:00 CHCon Crew: Introduction+Housekeeping
09:15 Ahmad Ashraff: Journey to the Top on BugCrowd
09:30
09:45
10:00 Peter Jakowetz: The Internet of Pancakes
10:15
10:30 Break
10:45
11:00 Craig Rowland: Using Command Line Tools To Find Linux Compromises and Rootkits
11:15
11:30
11:45
12:00 Catherine McIlvride and Fiona Sasse: Pizza Roulette
12:15
12:30 Break
12:45
13:00
13:15
13:30
13:45 Declan Ingram (CERT NZ): One CERT, a V8 Interceptor and a Wasteland: 3 Interesting Stories from CERT NZ
14:00
14:15 Karl Barrett: Eye in the Fi: The commodification of privacy
14:30
14:45 Kylie McDevitt: L2 Attacks against Virtual Devices
15:00
15:15 Break
15:30
15:45
16:00 Paul Ash: New Zealand’s Cyber Security Strategy – what have we done and where to next?
16:15
16:30 Peter Chestna: From Rogue One to Rebel Alliance: Building Developers into Security Champions
16:45
17:00
17:15 David Robinson (Karit): 2FA War Stories
17:30 CHCon Crew: Day Close-Out
17:45 Unofficial Events
Saturday (28/10)
09:00 CHCon Crew: Introduction+Housekeeping
09:15 Drewe Hinkley: Visual Hacking - Seeing is Believing
09:30
09:45
10:00 Agnetha Korevaar: Hacking Medical Devices: An Engineer's Approach
10:15
10:30 Break
10:45
11:00 Frank Keating: Free Open Source Network Security Monitoring
11:15
11:30
11:45
12:00 Nilesh Kapoor and Logan Woods: A Wolf Among the Crowd
12:15
12:30 Break
12:45
13:00
13:15
13:30
13:45 ss23: Onionland Explorers!
14:00
14:15 Benjamin Kearns: A Pentester's Guide to Automating Security
14:30
14:45
15:00 Toni James: CTF - The Gateway Drug
15:15 Break
15:30
15:45
16:00 Ryan: Building a Certificate Authority with Yubikeys
16:15 Jeremy Stott: Bounty hunting, how hard can it be?
16:30
16:45 Daniel Underhay: Project Walrus, an RFID and Contactless Card App
17:00 "Alex": Operation Luigi: "I got permission to hack my friend and..."
17:15
17:30 CHCon Crew: Event Close-Out + Prize Giving
17:45
18:00 Official Beverage Con

Training


CHCon strives to provide a platform that offers upskilling to all members of the technology industry: past, present or future. In addition to the speakers event we are also proud to offer four very high quality courses that cover the areas of software testing, software development and reverse engineering - so there's a bit of something for everyone. More information on these offerings is available below and you can book your seat at any one of them on Eventbrite by following the 'More Information' link for whatever course you're interested in. High end, group training like this is fairly hard to come by in Christchurch, so be sure to jump on the oppurtunity!

Security Testing for Software Testers

Nick Malcolm and Sam Macleod (SafeStack)

Testing is a key part of development life cycles, from checking your functional requirements actually work to constraining development to keep code focused and concise (TDD).

This course will help teams weave security testing into their own testing life cycles and tool chains without compromising agility or innovation.

  More Information

Introduction to Secure Web Coding

Gavin Porter (Catalyst IT)

This course was developed to meet a government client requirement for all development staff to be trained on the principles of secure web development. It evolved into a full day course that draws upon the Australian Government and New Zealand Information Security Manuals and the OWASP Top Ten with practical exercises.

The course is very useful for anyone developing a web application that needs to demonstrate compliance against a security standard such as PCI DSS or NZISM. For other web applications, such knowledge is good practice to help organisations produce secure websites.

  More Information

Building Security into your Development Team(s)

Kim Carter (BinaryMist)

Kim will lead the class through the tools, techniques and thought processes of both red and blue teams along with combining these attributes into the purple team focussing on security, productivity, and tasked with continuously delivering sustainable maintainable technical solutions to market.

How to implement the Sensible Security Model within each and every Sprint, including insertion of security backlog items.

Kim will discuss how Agile Development Teams fail, then how to succeed with security, by using your attackers knowledge against them.

  More Information

Rev.eng.e

Karl Barrett (Lateral Security)

Reverse Engineering for Education/Entertainment is an informal training session to teach tools and techniques useful in application analysis.

The goal is to provide attendees with a high-level introduction to a variety of free (and predominately open source) toolsets; breaking down the stigma of reverse engineering being magical voodoo.

  More Information

Call for Events


Hacker cons aren't just about gathering in a room to share the latest and greatest advancements in ISO 27001: they wouldn't be complete without all of the great events included in and surrounding them. It's not often that good stories come from policy meetings, which is where events fill that particular void. If there's a social gathering that you have in mind (like a group dinner or party) or a village or contest you'd like to run (such as a locksport village, physical security challenge or capture the flag) then please get in touch and we'll look at how we can tie it into the con. If you're also able to fund the event, you will be eligable to receive sponsor benefits too (see the CFS section below).

Call for Sponsorship


CHCon requires sponsor support to help be an instructive and quality event for the NZ infosec and IT communities. CHCon is not for profit. The sponsorship money will be used to help make CHCon an informative, educational and fun event for all attendees - used for things such as venue and related costs, identification tags/badges and other printed materials, and promotion of the event.

Resources


Below you'll find information pertaining to the event. Hopefully this clears up any queries or concerns that you may have - but if not, please do not hesitate to get in touch via email or Twitter.