2022 Venue: UTS Building 6 | 702 Harris St, Ultimo NSW 2007
Security BSides Sydney 2022 will be held in Sydney on 27 November.
BSides is an Information Security conference that brings together the InfoSec community and provides a meeting place for like-minded professionals. BSides Sydney 2019 is a one day event with presentations on topics covering both the offensive and defensive sides of InfoSec. There will be a heavy focus on networking and collaboration between the members of the community.
Target Audience
BSides Sydney focuses on all aspects of IT Security
BSidesSydney seeks to be an open conference to everyone vested in computer security. These include industry leaders, information security professionals, government organisations, and even students and hobbyists who wish to expand their body of knowledge. People who attend have various backgrounds in different sectors and verticals. Their common goal is to educate themselves on technical computer security issues and connect with those who are having them.
We are looking for these topics:
Incident Response, Malware Analysis, Exploit Development, Threat Intelligence, Detection, Offensive security, Red/Blue/Purple teaming, Vulnerability research, IoT security, Digital forensic, Security Monitoring and anything else you think would be a good fit for BSides Sydney!
How does it work?
It is really simple. You submit your presentations through the form provided, we gather all the submissions and the ones that get selected are invited to present at the conference. You are notified once the final decision has been made. You accept the terms and your presentation is added to the schedule on this website and other media. Get in soon!
CFP Closed
Gergana Winzer will be opening our conference this year and will talk about Emerging Cyber Trends in her keynote at Track One at Guthrie Theatre. As Cybersecurity professional, Gergana works with clients to develop creative and pragmatic approaches to reduce their cyber and data security risks. She assists organisations to improve their cyber security posture and supports them to achieve cyber resilience outcomes. Gergana believes that cyber is a business enabler; an intrinsic part of developing the business that can help organisations become more competitive in today’s world. Gergana has worked within several industries and assisted clients to achieve their cyber security goals in Federal, State and Local Government, Banking and Financial Services Industry, Health, Utilities, Education, Agriculture, Transport, Retail and others and is an experienced and respected member of the cybersecurity community in Australia and Asia and an engaging keynote and public speaker on cyber security and privacy matters, risks and issues to the business community. In her spare time, she mentors young professionals and is an advocate for diversity.
Harriet Farlow is a PhD Candidate in Cyber Security at UNSW Canberr and an Assistant Director at the Department of Defence. With a passion for bridging technical and non-technical disciplines, Harriet’s professional experience spans consulting, academia and a technology start-up. She has worked and lived in the UK and the USA. She holds a Bachelor of Science in Physics and Bio-anthropology, and a Master of Cyber Security, Strategy and Diplomacy.
"Adversarial machine learning (or AML) is a field growing in prominence that represents the ability to ‘hack’ artificial intelligence (AI) and machine learning (ML) algorithms by poisoning data sets imperceptibly before training, by evading classification, leaking confidential information or by hijacking the model’s function to make it do something it wasn’t intended to. The rapid uptake of AI/ML systems by organisations means the attack surface is growing significantly. "
Jack Rutherford is the CTO of Triskele Labs, an Australian cyber security boutique. Having spent 5 years at Triskele Labs and 10 years in cyber, he comes from an offensive security background, previously leading the penetration testing and red teams within Triskele Labs. Before that, he spent several years working in cyber security in government at both Defence and the ATO. Jack sits on the Australasian Advisory Board for CREST International and represents the Australasian chapter on the CREST International penetration testing subcommittee.
"Triskele Labs presents their DFIR experiences from 2022, which has included many ransomware and BEC incidents, often involving sophisticated Threat Actors such as Conti and Black Basta. We discuss trends, techniques, indicators, and deep dive into a particularly ruthless attack in which the Threat Actor achieved complete domain compromise, exfiltration and ransomware execution in just 14 hours."
Ever since her first Tracelabs CTF in 2020, Venessa has dived head first into the OSINT space and not looked back. Participating in various CTFs, engaging with the OSINT community, and writing blogs in her spare time, Venessa is constantly learning new skills and techniques. She is currently an intelligence analyst, and won the AIPIO 'Emerging Intelligence Practitioner' Award for 2022.
"I will be talking about the risks involved with uploading your resume, birthday, security clearance level, work pass, certificates, offer letters/emails and role descriptions that are too technical and in depth. I will explain the risks involved and how these posts can be used by threat actors, in addition to providing the audience with alternatives to these uploads that can be made, from an OPSEC perspective."
Erica Wass is Vice President of Product Management leading product and content teams and driving product strategy and roadmap at SecureCodeWarriors. Erica credits her lifelong interest in technology as driving her interest in product and its role in improving business outcomes. Before joining us, Erica was a Senior Director of Product in Zendesk’s Melbourne office. In 2018 she was honored and named a Leading Woman in Product in Australia. She moved to Melbourne from New York City with her family in 2014. Erica is a graduate of Barnard College in New York City and holds advanced degrees in journalism and law, where she focused her studies on digital storytelling and the Internet.
"Developers work hard to create software that users love but the topic of security is often seen as someone else’s responsibility. Developers rarely get the training they need to work with a security-first mindset. AppSec teams are there to point out coding problems and tear apart a developer’s beautiful software. This relationship can be fixed with a security-first approach for developers."
Security consultant at CyberCX, with a background in Infrastructure Support and before that a career in Radio operations! In his own word, John is a horrible romantic for social engineering, physical penetration testing and any other unorthodox methods of hacking.
"With the ACMA Determination released in April, traditional methods of SIM swapping have been mitigated. But that's not to say that it's impossible to pull off a SIM swap, leaving all of your accounts 'secured' by SMS-based MFA completely vulnerable. This talk is a collection of my desperate attempts to SIM swap in Australia, in 2022. Some methods make some sense, some are completely unorthodox, unwarranted and ridiculous... lets explore."
| sl | session | speaker | venue | time |
|---|---|---|---|---|
| 01 | Registration | N/A | Entrance | 8:00 AM |
| 02 | Event Opening | Jemma Swaak | Guthrie Theatre | 8:50 AM |
| 03 | Keynote: Emerging Cyber Trends | Gergana Winzer | Guthrie Theatre | 9:05 AM |
| 04 | X-Ray of Malware Evasion Techniques: Analysis, Dissection, Cure? | Thomas Roccia | Guthrie Theatre | 09:40 AM |
| 05 | How to hack an AI | Harriet Farlow | Guthrie Theatre | 10:15 AM |
| 06 | Morning Break | N/A | Guthrie Theatre | 10:40 AM |
| 07 | It’s time to uplift developer security maturity and erase common mistakes | Erica Wass | Guthrie Theatre | 11:10 AM |
| 08 | The internet is broken - How we built a insecure world and what can we do to fix it | Mackenzie Jackson | Guthrie Theatre | 11:45 AM |
| 09 | Exploring the wireless world of Sydney | Ed Farrell | Guthrie Theatre | 12:20 PM |
| 10 | Lunch Break | N/A | N/A | 01:00 PM |
| 11 | SMS-based MFA isn't keeping you safe | John Abood | Guthrie Theatre | 02:00 PM |
| 12 | The Analog Black Hats of Cold War Berlin | Mike Pritchard | Guthrie Theatre | 02:25 PM |
| 13 | Afternoon Break | N/A | Guthrie Theatre | 03:10 PM |
| 14 | Popping the AU gov & military through ((*DNS*)(N?SEC));a *walk*through | Harrison Mitchell | Guthrie Theatre | 03:40 PM |
| 15 | Reverse Engineering Hard Drive Encrypted Enclosures | Robert Fearn | Guthrie Theatre | 04:15 PM | 16 | Event Closing | Jemma Swaak | Guthrie Theatre | 04:50 PM |
| 17 | Networking/Socialising | N/A | UTS Underground | 5:30 - 7:30 PM |
| sl | session | speaker | venue | time |
|---|---|---|---|---|
| 01 | Registration | N/A | Entrance | 8:00 AM |
| 02 | Event Opening | Donny Pereira | Guthrie Theatre | 8:50 AM |
| 03 | How to Start a CyberSecurity Consultancy with Global Reach | Gordon Draper | Cinema Theatre | 9:05 AM |
| 04 | Supply Chain Security 101 | Ben Gittins | Cinema Theatre | 09:40 AM |
| 05 | Pay $2 shipping to receive your free iPhone! | Andy Vermeulen | Cinema Theatre | 10:15 AM |
| 06 | Morning Break | N/A | Cinema Theatre | 10:40 AM |
| 07 | Phishing- Fake it til you Make it | Venessa Ninovic | Cinema Theatre | 11:10 AM |
| 08 | DFIR in 2022: The Wild Wild East | Jack Rutherford; Richard Grainger | Cinema Theatre | 11:45 AM |
| 09 | IOCs in your APIs | Jason Kent | Cinema Theatre | 12:20 PM |
| 10 | Lunch Break | N/A | N/A | 01:00 PM |
| 11 | Attacking the front-end. Modern-day client-side security | Kaif Ahsan | Cinema Theatre | 02:00 PM |
| 12 | In the White Room with Black Curtains, We Play Cards Against Humanity | Gyle dela Cruz | Cinema Theatre | 02:35 PM |
| 13 | Afternoon Break | N/A | Cinema Theatre | 03:10 PM |
| 14 | Governance and Data Privacy of AI Systems | Hafiz Sheikh Adnan Ahmed | Cinema Theatre | 03:40 PM |
| 15 | An overview of linux kernel heap defences | Zac Ecob | Cinema Theatre | 04:15 PM | 16 | Event Closing | Donny Pereira | Cinema Theatre | 04:50 PM |
| 17 | Networking/Socialising | N/A | UTS Underground | 5:30 - 7:30 PM |
| sl | session | speaker | venue | time |
|---|---|---|---|---|
| 01 | Registration | N/A | Entrance | 8:00 AM |
| 02 | API Security deep dive with OWASP crAPI! | Jayesh Ahire | CB06.04.037 | 9:05 AM |
| 03 | Lunch Break | N/A | Guthrie Theatre | 01:00 PM |
| 04 | Introduction to .NET Thick Client PenTesting | Clinton Kerrison | CB06.04.037 | 02:00 PM |
| 17 | Networking/Socialising | N/A | UTS Underground | 5:30 - 7:30 PM |
BSides Sydney 2022
Call for Sponsorship is now OPEN. Please contact for a Sponsorship Pack: info@bsidessyd.org
info@bsidessyd.org
We have NO TOLERANCE for physical/verbal/sexual harassment of any human!
Our “Code of Conduct” is “Be Excellent to Each Other” AKA the Golden Rule. Failing that, it is “Do not be an Ass* or we will kick your ass out!”.
Why do we have an official anti-harassment policy for BSides Sydney? First, it is necessary (unfortunately). Harassment at events is incredibly common. Second, it sets expectations for behavior at the event. Simply having an anti-harassment policy can prevent harassment all by itself. Third, it encourages people to attend who have had bad experiences at other events. Finally, it gives event staff instructions on how to handle harassment quickly, with the minimum amount of disruption or bad press for the event.
Harassment includes offensive verbal comments related to gender, sexual orientation, disability, gender identity, age, race, religion, deliberate intimidation, stalking, following, harassing photography or recording, sustained disruption of talks or other events, inappropriate physical contact, and unwelcome sexual attention. Participants asked to stop any harassing behavior are expected to comply immediately.
Asking questions of a speaker during their talk, to get clarity or debate a point is NOT being an ass – heckling or haranguing the speaker IS. Harassment online or in electronic venues will be treated as seriously as physical harassment. If you are not sure, ask, or err on the side of basic decency and common courtesy. If what they are doing would not be acceptable to have done to you, your best friend, your worst enemy, your sister, niece, daughter, brother, nephew, son, mother, father, or any human being, do not let them treat anyone else that way – whether you know them or not. If someone asks you to stop – stop.
If a participant engages in harassing behavior, BSides Sydney organisers may take any action they deem appropriate, including warning the offender or expulsion from the event. If you are being harassed, notice that someone else is being harassed, or have any other concerns, please contact a member of conference staff immediately. Our Event Staff can usually be identified by special badges/attire. Please note, while we take all concerns raised seriously, we will use our discretion as to in determining when and how to follow up on reported incidents and may decline to take any further action and/or may direct the participant to other resources for resolution.
BSides Sydney staff will be happy to help participants contact venue/event security or local law enforcement, provide escorts, or otherwise assist those experiencing harassment to feel safe for the duration of the conference. We value your attendance.
We expect participants to follow these rules at all event venues and related social events.
*Staff/Volunteers reserves the right to determine what constitutes “Being an Ass”.