Keynote - 21 Nov 2022
Toby Walsh is an ARC Laureate Fellow and Scientia Professor of AI at UNSW and CSIRO Data61.
He is Chief Scientist of UNSW.AI, UNSW's new AI Institute.
He is a strong advocate for limits to ensure AI is used to improve our lives, having spoken at the UN, and to heads of state, parliamentary bodies, company boards and many others on this topic. This advocacy has led to him being "banned indefinitely" from Russia.
He is a Fellow of the Australia Academy of Science, and was named on the international "Who's Who in AI" list of influencers. He has written three books on AI for a general audience, the most recent is "Machines Behaving Badly: the morality of AI".
We'll have a limited number of his signed books to give away at the conference (first come first serve)
Briefings - Day 1
21 Nov 2022
The De-RaaS’ing of Ransomware
09:45 - 10:30
For the last several years, starting with the rise of GandCrab, Ransomware as a Service (RaaS) has been one of the drivers fueling the growth of ransomware. But, that seems to be changing. The high profile exposures of REvil, BlackMatter and Conti have made some affiliates skittish about joining a large RaaS group and they are choosing to “go it alone” instead. This talk will look at the current state of RaaS and the larger ransomware ecosystem and what this change means for defenders.
Game hacking like it’s 1999
10:30 - 11:15
Learn how to hack a classic real time strategy game. The talk will cover reverse engineering the game engine and player structures, hooking functions, performing DLL injection, and ultimately creating a working trainer. Outline:
Understanding the game, Reverse engineering the game, Binary patching, Memory scanning, Player structures, Resource hacking, DLL injection, Working game trainer demo
Pen-testing opensource databases (MySQL and PostgreSQL)
11:30 - 12:15
Are your database(s) secure? No, not the application, the database! Usually, everyone is focused on the application security and consider the database server to be “protected” by the network firewalls. But what if the first layer of defense fails and your database is exposed from the internet or via SQL injection? Will a bad actor be able to escape from the database and get root shell or exfiltrate other database tenants data?
Penetration tester’s goal is to pretend to be a “bad actor”.