It’s been a hectic and productive few days for cyber security in Perth. The WA infosec community had a privilege escalation workshop on Thursday and Friday last week. It was followed by the inaugural BSides conference and WA’s very first open Capture the Flag hacking contest (run by WACTF), both keenly sponsored by Kinetic IT, over the weekend.
Particular thanks should go out to the University of Western Australia for providing BSides and WACTF with the facilities to host the weekend’s proceedings. The stunning location down by the Swan River helped attract over 150 visitors across the two days, giving a boost to cyber security in Perth.
Demonstrating the Power of Privilege Escalation
Technical security expert and highly experienced penetration tester, Sagi Shahar, hosted the BSides Privilege Escalation workshop. This intense hands-on workshop aimed to provide insight into the exploitation of bugs, design flaws or configuration oversights to gain further access to resources that would ordinarily be highly protected and was offered as a free-of-charge perk to the first 20 customers buying BSides tickets. It was hailed a success by delegates, covering most of the modern hacking techniques attackers use when targeting Linux and Windows operating systems.
RELATED CONTENT: Offensive RFID/NFC: Shain Lakin presents at BSides Perth
The main event kicked off on Saturday morning, with a short introduction by the BSides core team, Kinetic IT’s Nigel Hardy and Peter Yorke, and BSides’ Alex Dolan.
BSides was then launched by Aaron Doggett, before handing the microphone to Chester Wisniewski of Sophos. Chester is a highly respected cyber security guru and holds the title of Principal Research Scientist in the Office of the CTO at Sophos. He is based in Vancouver, Canada, and is heavily involved in BSides in his hometown – so he pulled out all the stops to support Nigel, Peter and Alex to make Perth a success.
Chester gave the keynote address, looking at the kinds of tools cybercriminals are selling on the dark web, showing just how easy it is to buy them. His talk set the tone for the rest of the conference, which proceeded to introduce talks on careers, penetrating testing, research into Google Chrome extension security and security control bypass techniques.
RELATED CONTENT: Spears, Enigmas and Quantum Computing: Anthony Jones presents
According to WACTF organisers, the core aims of the competition were to bring together Perth’s existing cyber security industry, as well as to entice emerging cyber security talent into the business community. The spokesman, Aaron Doggett, said, “We see too much good talent leaving WA due to an overall low level of awareness of the need for cyber-security related skills, or the inability for entities to find the right talent.”
Over the weekend, 95 participants hacked increasingly difficult targets – each time retrieving a token from compromised systems as proof of their success. Teams would submit their test reports online, feeding into a live leaderboard. The competition was expertly orchestrated by the WACTF team, with sponsors providing hardware, software, challenges and refreshments to sustain the hacking teams through the day.
By the end of day one, submissions were coming in thick and fast. Overnight and into Sunday, participants, which ranged from university students and teams from local WA schools to a father and son team (who fared very well), worked tirelessly to complete as many of the tasks as they could.
The awards ceremony will be held on 6 December at SpaceCubed in Perth, where winners will be crowned WACTF’s hacking champions for 2017. The top prize is return flights and accommodation for the winning team to attend BSides in Canberra in 2018, along with a $250 DigitalOcean card – stay tuned to find out the results!
RELATED CONTENT: WACTF helps unearth WA’s best hackers