CHCon is a conference for security professionals and hackers in Christchurch, NZ. Training will be run on Thursday 26th October, and presentations on Friday 27th and Saturday 28th. A CTF will be run across all three days. All official conference events will be held at the UCSA Events Centre at 90 Ilam Rd, Riccarton. Be sure to email us if there's something in particular you'd like to see happen at the con!
You! IT security professionals, web developers, software developers, students, wannabes, hackers, enthusiasts, [your title here].
|09:00||CHCon Crew: Introduction+Housekeeping|
|09:15||Ahmad Ashraff: Journey to the Top on BugCrowd|
|10:00||Paul Ash: New Zealand’s Cyber Security Strategy – what have we done and where to next?|
|11:00||Craig Rowland: Using Command Line Tools To Find Linux Compromises and Rootkits|
|12:00||Catherine McIlvride and Fiona Sasse: Pizza Roulette|
|13:45||Declan Ingram (CERT NZ): One CERT, a V8 Interceptor and a Wasteland: 3 Interesting Stories from CERT NZ|
|14:15||Karl Barrett: Eye in the Fi: The commodification of privacy|
|14:45||Kylie McDevitt: L2 Attacks against Virtual Devices|
|16:00||Peter Jakowetz: The Internet of Pancakes|
|16:30||Peter Chestna: From Rogue One to Rebel Alliance: Building Developers into Security Champions|
|17:15||David Robinson (Karit): 2FA War Stories|
|17:30||CHCon Crew: Day Close-Out|
|09:00||CHCon Crew: Introduction+Housekeeping|
|09:15||Drewe Hinkley: Visual Hacking - Seeing is Believing|
|10:00||Agnetha Korevaar: Hacking Medical Devices: An Engineer's Approach|
|11:00||Frank Keating: Free Open Source Network Security Monitoring|
|12:00||Nilesh Kapoor and Logan Woods: A Wolf Among the Crowd|
|13:45||ss23: Onionland Explorers!|
|14:15||Benjamin Kearns: A Pentester's Guide to Automating Security|
|15:00||Toni James: CTF - The Gateway Drug|
|16:00||Ryan: Building a Certificate Authority with Yubikeys|
|16:15||Jeremy Stott: Bounty hunting, how hard can it be?|
|16:45||Daniel Underhay: Project Walrus, an RFID and Contactless Card App|
|17:00||"Alex": Operation Luigi: "I got permission to hack my friend and..."|
|17:30||CHCon Crew: Event Close-Out + Prize Giving|
|18:00||Official Beverage Con|
CHCon strives to provide a platform that offers upskilling to all members of the technology industry: past, present or future. In addition to the speakers event we are also proud to offer four very high quality courses that cover the areas of software testing, software development and reverse engineering - so there's a bit of something for everyone. More information on these offerings is available below and you can book your seat at any one of them on Eventbrite by following the 'More Information' link for whatever course you're interested in. High end, group training like this is fairly hard to come by in Christchurch, so be sure to jump on the oppurtunity!
Nick Malcolm and Sam Macleod (SafeStack)
Testing is a key part of development life cycles, from checking your functional requirements actually work to constraining development to keep code focused and concise (TDD).
This course will help teams weave security testing into their own testing life cycles and tool chains without compromising agility or innovation.More Information
Gavin Porter (Catalyst IT)
This course was developed to meet a government client requirement for all development staff to be trained on the principles of secure web development. It evolved into a full day course that draws upon the Australian Government and New Zealand Information Security Manuals and the OWASP Top Ten with practical exercises.
The course is very useful for anyone developing a web application that needs to demonstrate compliance against a security standard such as PCI DSS or NZISM. For other web applications, such knowledge is good practice to help organisations produce secure websites.More Information
Kim Carter (BinaryMist)
Kim will lead the class through the tools, techniques and thought processes of both red and blue teams along with combining these attributes into the purple team focussing on security, productivity, and tasked with continuously delivering sustainable maintainable technical solutions to market.
How to implement the Sensible Security Model within each and every Sprint, including insertion of security backlog items.
Kim will discuss how Agile Development Teams fail, then how to succeed with security, by using your attackers knowledge against them.More Information
Karl Barrett (Lateral Security)
Reverse Engineering for Education/Entertainment is an informal training session to teach tools and techniques useful in application analysis.
The goal is to provide attendees with a high-level introduction to a variety of free (and predominately open source) toolsets; breaking down the stigma of reverse engineering being magical voodoo.More Information
Hacker cons aren't just about gathering in a room to share the latest and greatest advancements in ISO 27001: they wouldn't be complete without all of the great events included in and surrounding them. It's not often that good stories come from policy meetings, which is where events fill that particular void. If there's a social gathering that you have in mind (like a group dinner or party) or a village or contest you'd like to run (such as a locksport village, physical security challenge or capture the flag) then please get in touch and we'll look at how we can tie it into the con. If you're also able to fund the event, you will be eligable to receive sponsor benefits too (see the CFS section below).
CHCon requires sponsor support to help be an instructive and quality event for the NZ infosec and IT communities. CHCon is not for profit. The sponsorship money will be used to help make CHCon an informative, educational and fun event for all attendees - used for things such as venue and related costs, identification tags/badges and other printed materials, and promotion of the event.
We’re also looking for volunteers to help us keep this thing running smoothly and lots of fun. If you can spare some time during the event or in the lead-up, please let us know via this form and we’ll be in touch. Signing up here doesn’t mean you’ll miss out on all the talks nor be occupied for the whole time(s) you volunteer for.