BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsides-canberra-2025//speaker//FWBHEM
BEGIN:VTIMEZONE
TZID:AEST
BEGIN:STANDARD
DTSTART:20000326T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3;UNTIL=20050326T170000Z
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:STANDARD
DTSTART:20060402T040000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060401T170000Z
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:STANDARD
DTSTART:20070325T040000
RRULE:FREQ=YEARLY;BYDAY=4SU;BYMONTH=3;UNTIL=20070324T170000Z
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:STANDARD
DTSTART:20080406T040000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000827T030000
RRULE:FREQ=YEARLY;BYDAY=4SU;BYMONTH=8;UNTIL=20000826T170000Z
TZNAME:AEDT
TZOFFSETFROM:+1000
TZOFFSETTO:+1100
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20011028T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20071027T170000Z
TZNAME:AEDT
TZOFFSETFROM:+1000
TZOFFSETTO:+1100
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20081005T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=10
TZNAME:AEDT
TZOFFSETFROM:+1000
TZOFFSETTO:+1100
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsides-canberra-2025-YHFBUV@pretalx.com
DTSTART;TZID=AEST:20250925T140000
DTEND;TZID=AEST:20250925T145500
DESCRIPTION:Security wonks do some of our best work when we're away from th
 e keyboard. Whether we're ruminating on a bug or dreaming up new research 
 opportunities\, our brains are almost always running. I've found that havi
 ng a well-tuned productivity system helps keep my life on track when work 
 gets hectic\, and conversely\, to be "regular and orderly in my life\, so 
 that I may be violent and original in my work" (Gustave Flaubert)\n\nI'll 
 walk you through my productivity management methodology based on David All
 en's "Getting Things Done" (2001). We'll cover how to bootstrap a system u
 sing a painstaking brain-dump\, how to triage and collate your tasks and p
 rojects\, how to rapidly capture thoughts as soon as they come up\, how to
  set up recurring events to put your life on auto-pilot\, how to defer thi
 ngs using someday/maybe lists to hide the stuff you're not ready for yet\,
  and how to use contextual tagging so that tasks come back to you exactly 
 when you can do something about them.\n\nHaving a trusted system has helpe
 d me to achieve more\, manage my stress\, and make room for thoughts that 
 are worth having. Whether you're a student\, a professional\, or just some
 one with responsibilities\, you can be more present\, focused\, and effect
 ive in your personal and professional life.
DTSTAMP:20260603T235039Z
LOCATION:Murray-Fitzroy Room
SUMMARY:TODO the Planet: Building a sustainable security career and persona
 l life with GTD - Justin Steven
URL:https://pretalx.com/bsides-canberra-2025/talk/YHFBUV/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsides-canberra-2025-P9TEDX@pretalx.com
DTSTART;TZID=AEST:20250926T113000
DTEND;TZID=AEST:20250926T122500
DESCRIPTION:One from the vaults. In 2020\, Justin had a serendipitous encou
 nter with a dangling legacy AWS S3 bucket once owned by the Linux Vendor F
 irmware Service (LVFS). "What if I registered it\," he thought. "What's th
 e worst that could happen?" This is the story of how he wedged himself bet
 ween 100\,000 Linux machines and their firmware updates\, stumbled upon a 
 bypass in fwupd's PGP-based firmware update signature checking\, traced th
 e flaw back to its root cause\, and ultimately returned the bucket to its 
 original owner.
DTSTAMP:20260603T235039Z
LOCATION:Main Track
SUMMARY:"Well well well\, if it isn’t the consequences of my own actions"
  - the time I got in the middle of 100\,000 Linux machines and their fwupd
 /LVFS firmware updates 🙈 - Justin Steven
URL:https://pretalx.com/bsides-canberra-2025/talk/P9TEDX/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsides-canberra-2025-MEXLVK@pretalx.com
DTSTART;TZID=AEST:20250927T113000
DTEND;TZID=AEST:20250927T122500
DESCRIPTION:Insomnia by Kong is a popular API client\, especially among dev
 elopers and security testers. Marcio and Justin discovered a critical temp
 late injection vulnerability (CVE-2025-1087) in Insomnia\, exposing users 
 to remote command execution with just a couple of requests to a malicious 
 HTTP server.\n\nThey will walk you through the story in how they stumbled 
 upon the initial "weird behaviour" during a routine API penetration test\,
  examine Insomnia's templating implementation\, dive into exotic Nunjucks 
 template injection\, dissect their exploitation strategy\, and show you ho
 w they bypassed several attempted patches by the vendor. They'll close wit
 h some thoughts on the disclosure and patching experience\, discuss the fr
 agility of quick-fix sanitisation-based mitigations\, explore the challeng
 es of bug triage in the real world\, and consider how decisions made durin
 g software development can lead to trouble down the road.
DTSTAMP:20260603T235039Z
LOCATION:Main Track
SUMMARY:Sleepless Strings - Template Injection in Insomnia - Marcio Almeida
 \, Justin Steven
URL:https://pretalx.com/bsides-canberra-2025/talk/MEXLVK/
END:VEVENT
END:VCALENDAR