{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2026.1.1"}, "schedule": {"url": "https://pretalx.com/chcon-2023/schedule/", "version": "1.3", "base_url": "https://pretalx.com", "conference": {"acronym": "chcon-2023", "title": "CHCon 2023", "start": "2023-11-23", "end": "2023-11-25", "daysCount": 3, "timeslot_duration": "00:05", "time_zone_name": "Pacific/Auckland", "colors": {"primary": "#3aa57c"}, "rooms": [{"name": "Ti Kouka", "slug": "2603-ti-kouka", "guid": "3445b7a6-f138-5658-9220-1ee95bcebf28", "description": "Lage open hall", "capacity": 90}, {"name": "Bentleys", "slug": "2602-bentleys", "guid": "53799790-5ed6-553a-b666-94510adca3a7", "description": "Training and VIP / Green Room", "capacity": 60}, {"name": "Ngaio Marsh Theatre", "slug": "2600-ngaio-marsh-theatre", "guid": "9e83fd90-adc3-5f53-bf8b-0cae93cc58c6", "description": "Ngaio Marsh Theatre", "capacity": 300}, {"name": "Room of Requirement", "slug": "2601-room-of-requirement", "guid": "306a499c-1802-5791-91ec-e7f969e92dbe", "description": "Upstairs smaller room for Training and CTF", "capacity": 20}, {"name": "Te Akatoki", "slug": "2642-te-akatoki", "guid": "fd1e3ca8-4fc1-5862-8f3e-04e69b71759f", "description": null, "capacity": 20}], "tracks": [{"name": "Training", "slug": "4234-training", "color": "#106BF4"}, {"name": "Main Track", "slug": "4213-main-track", "color": "#0A51F0"}, {"name": "Crew", "slug": "4235-crew", "color": "#D60CF7"}, {"name": "Registration", "slug": "4283-registration", "color": "#F5F769"}], "days": [{"index": 1, "date": "2023-11-23", "day_start": "2023-11-23T04:00:00+13:00", "day_end": "2023-11-24T03:59:00+13:00", "rooms": {"Room of Requirement": [{"guid": "f9a5581e-6d94-59a4-b748-7e5ac7493d38", "code": "9JBWCE", "id": 39434, "logo": null, "date": "2023-11-23T09:00:00+13:00", "start": "09:00", "duration": "07:00", "room": "Room of Requirement", "slug": "chcon-2023-39434-intro-to-web-app-hacking", "url": "https://pretalx.com/chcon-2023/talk/9JBWCE/", "title": "Intro to web app hacking", "subtitle": "", "track": "Training", "type": "Training Day", "language": "en", "abstract": "Intro to web app hacking by Ben", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/9JBWCE/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/9JBWCE/", "attachments": []}], "Bentleys": [{"guid": "d38c4942-eeeb-5f95-a082-da224226c003", "code": "DGB83K", "id": 39432, "logo": null, "date": "2023-11-23T09:00:00+13:00", "start": "09:00", "duration": "07:00", "room": "Bentleys", "slug": "chcon-2023-39432-osint", "url": "https://pretalx.com/chcon-2023/talk/DGB83K/", "title": "OSINT", "subtitle": "", "track": "Training", "type": "Training Day", "language": "en", "abstract": "OSINT by Justina", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/DGB83K/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/DGB83K/", "attachments": []}], "Ti Kouka": [{"guid": "12b354a2-b9ba-5387-b7f8-ca6ccef2279d", "code": "UGKZQH", "id": 39433, "logo": null, "date": "2023-11-23T09:00:00+13:00", "start": "09:00", "duration": "07:00", "room": "Ti Kouka", "slug": "chcon-2023-39433-kali-purple", "url": "https://pretalx.com/chcon-2023/talk/UGKZQH/", "title": "Kali Purple", "subtitle": "", "track": "Training", "type": "Training Day", "language": "en", "abstract": "Kali Purple By Malcolm", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/UGKZQH/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/UGKZQH/", "attachments": []}], "Te Akatoki": [{"guid": "1d97e835-3c28-581a-839f-88972e6b5592", "code": "8PMNWB", "id": 39435, "logo": null, "date": "2023-11-23T09:00:00+13:00", "start": "09:00", "duration": "07:00", "room": "Te Akatoki", "slug": "chcon-2023-39435-from-none-to-done", "url": "https://pretalx.com/chcon-2023/talk/8PMNWB/", "title": "From none to done", "subtitle": "", "track": "Training", "type": "Training Day", "language": "en", "abstract": "From none to done training by John", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/8PMNWB/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/8PMNWB/", "attachments": []}]}}, {"index": 2, "date": "2023-11-24", "day_start": "2023-11-24T04:00:00+13:00", "day_end": "2023-11-25T03:59:00+13:00", "rooms": {"Ngaio Marsh Theatre": [{"guid": "d552632c-9a97-5c36-9588-818f42265108", "code": "DAEKVQ", "id": 39228, "logo": null, "date": "2023-11-24T08:00:00+13:00", "start": "08:00", "duration": "01:00", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-39228-registration-open", "url": "https://pretalx.com/chcon-2023/talk/DAEKVQ/", "title": "Registration Open", "subtitle": "", "track": "Registration", "type": "Long time good talk", "language": "en", "abstract": "Collect Conference entry badge", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "QWGNMN", "name": "CHCon Cr\u00fce", "avatar": null, "biography": "People from the local ISIG and Women in Tech groups.", "public_name": "CHCon Cr\u00fce", "guid": "ace14d18-c503-5240-b27b-c00ad1b7c009", "url": "https://pretalx.com/chcon-2023/speaker/QWGNMN/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/DAEKVQ/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/DAEKVQ/", "attachments": []}, {"guid": "5d45af21-be52-50ea-ba60-644dafc9e9f2", "code": "KUCRZU", "id": 38936, "logo": null, "date": "2023-11-24T09:00:00+13:00", "start": "09:00", "duration": "00:15", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38936-openning", "url": "https://pretalx.com/chcon-2023/talk/KUCRZU/", "title": "Openning", "subtitle": "", "track": "Crew", "type": "Talk", "language": "en", "abstract": "Welcome from the CHCon 2023 Crew", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "QWGNMN", "name": "CHCon Cr\u00fce", "avatar": null, "biography": "People from the local ISIG and Women in Tech groups.", "public_name": "CHCon Cr\u00fce", "guid": "ace14d18-c503-5240-b27b-c00ad1b7c009", "url": "https://pretalx.com/chcon-2023/speaker/QWGNMN/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/KUCRZU/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/KUCRZU/", "attachments": []}, {"guid": "877e450e-d002-5777-91b5-3b9108e5e7f7", "code": "Y7XLJG", "id": 38942, "logo": null, "date": "2023-11-24T09:15:00+13:00", "start": "09:15", "duration": "00:30", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38942-cyber-security-alchemy-forging-a-framework", "url": "https://pretalx.com/chcon-2023/talk/Y7XLJG/", "title": "Cyber security alchemy: forging a framework", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "Earlier this year the National Cyber Security Centre published its cyber security framework. In this talk Ben Creet will run through why NCSC built a cyber security framework, what the framework is and how you can use it to organise your cyber security programme (if you don't already have a framework).", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "U8GW7J", "name": "Ben Creet", "avatar": null, "biography": "Ben Creet, aka Creeture, is a reforming policy wonk turned cyber security advisor. Ben is the Vice Chair and Treasurer of the NZ Internet Task Force, an iSANZ board member, and is a member of InternetNZ. Ben works at the National Cyber Security Centre as a principal advisor in what he describes as the NCSC\u2019s \u2018GRC shop\u2019.", "public_name": "Ben Creet", "guid": "1eb01f71-c309-52e5-971f-9f9fe1aee3e6", "url": "https://pretalx.com/chcon-2023/speaker/U8GW7J/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/Y7XLJG/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/Y7XLJG/", "attachments": []}, {"guid": "0be50e6e-a0e7-5bba-87be-fba61a3ad8ac", "code": "JFLDRB", "id": 38950, "logo": null, "date": "2023-11-24T09:45:00+13:00", "start": "09:45", "duration": "00:30", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38950-securing-rest-api-endpoints-or-how-to-avoid-another-optus", "url": "https://pretalx.com/chcon-2023/talk/JFLDRB/", "title": "Securing REST API Endpoints (or, How to avoid another Optus)", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "Optus and its customers had a very bad time in 2022, with a massive data breach resulting in PII being released into the wild. This apparently happened because a REST API was not properly secured. We\u2019ll talk about practical steps you and your organisation can take to prevent this from happening to you.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "HXBWVK", "name": "James Cooper", "avatar": null, "biography": "James Cooper holds a Ph.D. in Computer Science and works as a Security Developer at Cosive New Zealand. There, he spends most of his time working on Web applications such as Phishfeeder, with occasional side-lines in other tasks like developing third-party MISP integrations with customers' products or debating the merits of various programming languages and paradigms. He also spends too much time in the InfoSecNZ Discord and making Simpsons references.", "public_name": "James Cooper", "guid": "b720090f-25b4-5fb9-9d94-dd07719ee153", "url": "https://pretalx.com/chcon-2023/speaker/HXBWVK/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/JFLDRB/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/JFLDRB/", "attachments": []}, {"guid": "9b6f8961-d0e2-5ca2-8c80-62f06cbcca75", "code": "UTYMWJ", "id": 38968, "logo": null, "date": "2023-11-24T10:15:00+13:00", "start": "10:15", "duration": "00:30", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38968-impossible-is-nothing-the-quest-for-private-keys", "url": "https://pretalx.com/chcon-2023/talk/UTYMWJ/", "title": "Impossible is nothing: The quest for private keys", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "I was once told it is impossible to guess a private key of another users crypto currency wallet. however I don't truly understand what 'impossible' actually means and wanted to prove this wrong. So deep in a covid lockdown and armed with insanely fast internet and compute power I decided to do it. This talk will go through what i did, how i did it, and the challenges i faced to become a Kiwi John Dillinger.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "DVBEUZ", "name": "Paul Craig", "avatar": null, "biography": "Paul Craig is a kiwi hacker who has a passion for playing-with and breaking things over the last 20 years . Paul was called a malicious hacker by Heather du Plessis on TV national television (still grateful) and once had his own security report read-aloud in a NZ parliament session. You might remember me from kiwicon too.", "public_name": "Paul Craig", "guid": "3772fc6c-958b-5cde-9c80-0ee9d39f0249", "url": "https://pretalx.com/chcon-2023/speaker/DVBEUZ/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/UTYMWJ/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/UTYMWJ/", "attachments": []}, {"guid": "c0ed5e48-b50d-51ef-9503-1349c1939b64", "code": "JNKMZ8", "id": 38953, "logo": null, "date": "2023-11-24T11:15:00+13:00", "start": "11:15", "duration": "00:30", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38953-onehourappsec-changing-the-world-one-sprint-at-a-time", "url": "https://pretalx.com/chcon-2023/talk/JNKMZ8/", "title": "OneHourAppSec - Changing the world one sprint at a time", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "Application security is hard, not just technically but because our development teams (those best equipped to make the biggest impact) have no time, resources or support to address it.\n\nWhat would happen if every team, worldwide spent 1 hour of every sprint on application security? What would this look like and what could we achieve?\n\nLet me show you.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "X9XBX7", "name": "Laura Bell Main", "avatar": "https://pretalx.com/media/avatars/X9XBX7_6RJtr1h.webp", "biography": "With over twenty years of experience in software development and application security, Laura Bell Main specializes in bringing  Application Security and  Secure Development practices into organizations worldwide.\n\nShe is the co-founder and CEO of\u00a0SafeStack, an online education platform offering flexible, high-quality, and people-focused secure development training for fast-moving companies, focusing on building application security skills, practices, and culture across the entire engineering team.\n\nLaura is an experienced conference speaker, trainer, and regular panel member and has spoken at various events such as\u00a0BlackHat USA,\u00a0NDC, RenderATL, and OSCON on application security, DevSecOps, secure development, and security mindset.\u00a0\n\nShe is also the co-author of\u00a0\"Agile Application Security\"\u00a0and\u00a0\"Security for Everyone.\"", "public_name": "Laura Bell Main", "guid": "fa187d42-f87b-5403-b4a5-5d8151256ddd", "url": "https://pretalx.com/chcon-2023/speaker/X9XBX7/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/JNKMZ8/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/JNKMZ8/", "attachments": []}, {"guid": "79a67c16-762d-5d59-bc21-992ae68756a4", "code": "G9VNEE", "id": 38960, "logo": null, "date": "2023-11-24T11:45:00+13:00", "start": "11:45", "duration": "00:30", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38960-responder-going-beyond-just-listening", "url": "https://pretalx.com/chcon-2023/talk/G9VNEE/", "title": "Responder: Going Beyond Just Listening", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "Few tools in network penetration testing have the enviable position of being run before Nmap. Responder is one such tool. It has been a mainstay in the network pentester's toolkit for over a decade since it was released in 2013. However sometimes while testing the password hashes just don't start coming. This talk will cover a couple of extra tricks to break that initial wall and start getting the rolling in.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "7AEP3M", "name": "Sam Shute", "avatar": null, "biography": "Sam is the Head of Technology at Quantum Security. His day-to-day work revolves mostly around running Quantum\u2019s technical consulting team, but occasionally he gets out of the office to compromise networks all around New Zealand. \nIn his personal time Sam is into 3D printing, development of retro game consoles, and hydroponics.", "public_name": "Sam Shute", "guid": "5b93d347-fee8-5559-b0c1-910a8a75234a", "url": "https://pretalx.com/chcon-2023/speaker/7AEP3M/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/G9VNEE/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/G9VNEE/", "attachments": []}, {"guid": "a50701bf-22d2-5822-8816-4f4fb1d8a81b", "code": "9L3RAL", "id": 38948, "logo": null, "date": "2023-11-24T12:15:00+13:00", "start": "12:15", "duration": "00:30", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38948-supply-chain-security-in-the-health-sector-sboms-and-digitally-enabled-medical-devices", "url": "https://pretalx.com/chcon-2023/talk/9L3RAL/", "title": "Supply chain security in the health sector: SBOMs and digitally-enabled medical devices:", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "Mainstream narrative within the cyber security industry tells us that financial loss, legal exposure, and organisational reputational damage are the most serious impacts that we can expect from malicious cyber activity. However, when examining the role that technologies play within delivering life-saving medical care via digitally-enabled medical devices, we begin to realise that the consequences of unmanaged cyber risk within this context can be literally life-threatening. Nick Baty will discuss why maintaining effective supply chain assurance, through the use of software bills of materials (SBOM), is a critical activity in managing the cyber security risk associated with digitally-enabled medical devices.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "A8ZLTP", "name": "Nick Baty", "avatar": null, "biography": "Nick joined ZX Security in December 2021 and is based in Dunedin. However, he has over 18 years\u2019 security experience in both private and public sector organisations prior to joining ZX Security. His area of expertise are in: cyber security \u2018thought-leadership\u2019; cyber security governance; virtual CISO engagements; undertaking cyber security risk and maturity assessments; cyber strategy development; cyber security supply chain management; cyber security in the health sector; cyber security in the financial services sector; and\ncyber risk management across the lifecycle of digitally-enabled medical devices. \nKey cyber security roles he held prior to joining were: Principal Cyber Security Consultant: Computer Concepts Limited; Chief Cyber Security Adviser: Ministry of Health (MoH); and Team Leader - Outreach & Engagement: National Cyber Security Centre.", "public_name": "Nick Baty", "guid": "2a2cda63-f2bf-5ae8-9c88-a514fc2df7c3", "url": "https://pretalx.com/chcon-2023/speaker/A8ZLTP/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/9L3RAL/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/9L3RAL/", "attachments": []}, {"guid": "75080e90-351f-51c0-a4ad-9f151813cbbb", "code": "EEBGWT", "id": 38954, "logo": null, "date": "2023-11-24T14:00:00+13:00", "start": "14:00", "duration": "00:30", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38954-go-by-example-creating-a-c2-framework-while-trolling-microsoft", "url": "https://pretalx.com/chcon-2023/talk/EEBGWT/", "title": "Go by Example: Creating a C2 framework (while trolling Microsoft)", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "For those who remember \"Smartifying your dumb home\", it may come as no surprise that Jed has been busy trying to simplify the management control plane of his home automation empire. And in doing so, accidentally built a C2 framework. And in building a C2 framework, 'accidentally' trolls Microsoft, with a brand new approach to microservice architecture.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "RP77CM", "name": "Jed Laundry", "avatar": null, "biography": "For someone who often claims to not be a developer, Jed has reeeeeaaallly spent a lot of time learning how to Go.", "public_name": "Jed Laundry", "guid": "a7d7434b-a028-552a-8a05-339c6ddcfc34", "url": "https://pretalx.com/chcon-2023/speaker/RP77CM/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/EEBGWT/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/EEBGWT/", "attachments": []}, {"guid": "ca9b93b0-64c1-5956-8242-38b8156b7768", "code": "JCELRT", "id": 38951, "logo": null, "date": "2023-11-24T14:30:00+13:00", "start": "14:30", "duration": "00:30", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38951-ggs-shake-my-hand-hacking-game-console-peripherals", "url": "https://pretalx.com/chcon-2023/talk/JCELRT/", "title": "GGs, shake my hand: Hacking game console peripherals", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "Over the years, counterfeiters have forced game console manufacturers to develop more advanced authentication and licensing systems for peripherals. This presents a problem for the competitive fighting game player: how do I use my fancy DIY custom controller?\n\nThis talk will explore the inner workings of the peripheral licensing system on recent PlayStation consoles, how certain third-party vendors work around it, and currently-known methods of extracting or re-using secrets from peripherals to build our own.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "XJJZFC", "name": "Kay Ward", "avatar": null, "biography": "Kay Ward is a Computer Science student at UC, an embedded systems aficionado, and occasionally a game developer. They're also a solidly okay fighting game player.", "public_name": "Kay Ward", "guid": "43a3f25a-cc4c-57b0-932f-325a30e0cd42", "url": "https://pretalx.com/chcon-2023/speaker/XJJZFC/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/JCELRT/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/JCELRT/", "attachments": []}, {"guid": "7f646ada-8204-50f5-890e-c75a61b0cd04", "code": "G8HNRL", "id": 38967, "logo": null, "date": "2023-11-24T15:00:00+13:00", "start": "15:00", "duration": "00:30", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38967-from-devops-to-devsecops", "url": "https://pretalx.com/chcon-2023/talk/G8HNRL/", "title": "From DevOps to DevSecOps", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "Are you struggling to balance security and agility in your organization? Join my talk on Implementing DevSecOps to learn practical tips and best practices for integrating security into your DevOps pipeline. Transform your organization's security posture and drive innovation with confidence.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "CJVSZF", "name": "Karan Sharma", "avatar": null, "biography": "Karan Sharma has been in this field for over 12 years. He has worked as a Pentester for NZ telcos, banks, health sectors and manufacturing companies. He now runs his own security consulting company called Wise Fox Security, that offers services in Offensive Security and DevSecOps space. He has also completed a few of the 'customary' certifications, including OSWE, OSCP, eWPTX and Certified DevSecOps Professional (CDP). Karan has spoken at a number of other security conferences. He has a YouTube channel you can subscribe to (Wise Fox Security). Other than InfoSec, Karan loves watching and playing football, loves evening runs with his dog and going to the gym.", "public_name": "Karan Sharma", "guid": "7dc4317f-203b-5cf1-a9fe-9b9d260358a0", "url": "https://pretalx.com/chcon-2023/speaker/CJVSZF/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/G8HNRL/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/G8HNRL/", "attachments": []}, {"guid": "03e85cd0-c5b0-5380-a818-bd80f730849c", "code": "EMFJVZ", "id": 38943, "logo": null, "date": "2023-11-24T16:00:00+13:00", "start": "16:00", "duration": "00:15", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38943-your-biggest-security-risk-might-not-be-what-you-think-it-is", "url": "https://pretalx.com/chcon-2023/talk/EMFJVZ/", "title": "Your biggest Security Risk might not be what you think it is", "subtitle": "", "track": "Main Track", "type": "Lightning", "language": "en", "abstract": "In our industry we are constantly pressured to improve the security of those we work for / with.  Part of this is knowing and understanding our risks.  But are we missing our biggest security risk because of our biggest security risk?", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "P7WKWY", "name": "Glenn Sparrow", "avatar": null, "biography": "Glenn is a 25+ year veteran of the IT Industry in Aotearoa.  For the last five years he has worked as the South Island Account Manager for Lateral Security (now Tesserent).  He doesnt like long walks on the beach but does enjoy a good coffee.", "public_name": "Glenn Sparrow", "guid": "b3108800-d3fd-5e1d-b50e-6346949a3e1a", "url": "https://pretalx.com/chcon-2023/speaker/P7WKWY/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/EMFJVZ/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/EMFJVZ/", "attachments": []}, {"guid": "6301fc2f-cbc8-5bbe-8ff6-f2d9774def8c", "code": "RVXYQY", "id": 38956, "logo": null, "date": "2023-11-24T16:15:00+13:00", "start": "16:15", "duration": "00:30", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38956-beyond-the-buzz-practical-integrations-of-ai-automation-and-cybersecurity", "url": "https://pretalx.com/chcon-2023/talk/RVXYQY/", "title": "Beyond The Buzz: Practical Integrations of AI, Automation and Cybersecurity", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "AI has taken the world by storm recently, and is the current hyped piece of technology that promises to revolutionise anything and everything in our lives. But how can this be used with cyber security? This talk will provide a few different ways typical cyber security processes can be integrated with AI technologies and automated (which is in itself a bit of a buzzword) to provide value for both security professionals or individuals alike. While this may sound like a dodgy salespitch for a grossly expensive vendor product, the main goal of this talk is to provide some practical examples and inspiration for cyber teams who are looking to level up their game by embracing AI (read: chatgpt) and automation (read: averagely written python code)", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "MCAZKC", "name": "Kento Stewart", "avatar": null, "biography": "\u201cWait, Spongebob, we\u2019re not cavemen. We have technology.\u201d \u2013 Patrick", "public_name": "Kento Stewart", "guid": "aca9a7af-c23c-5c65-a1d1-346ca989f3b6", "url": "https://pretalx.com/chcon-2023/speaker/MCAZKC/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/RVXYQY/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/RVXYQY/", "attachments": []}, {"guid": "d5a3b610-1a06-56de-b8e3-bf0b21ec1cb2", "code": "398P8S", "id": 38961, "logo": null, "date": "2023-11-24T16:45:00+13:00", "start": "16:45", "duration": "00:30", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38961-everyone-under-the-sun-breaking-down-the-solarwinds-orion-attack", "url": "https://pretalx.com/chcon-2023/talk/398P8S/", "title": "Everyone Under the Sun: Breaking down the SolarWinds Orion Attack", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "Solarwinds Orion was perhaps the most devastating attack in recent memory. A highly skilled crew of hackers, having compromised a widely-used piece of networking software, gained deep access into the US government for a period of fourteen months. This talk takes you on a deep dive into this attack- from what the attackers did to gain access to the remarkably simple way the whole operation was brought down. We\u2019ll see excellent red and blue tradecraft and gain insight into how real-world networks are attacked and defended.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "ZK83QY", "name": "Ben Cain", "avatar": null, "biography": "Ben Cain is a Senior Security consultant at Quantum Security. He is interested in Cloud Security, Red Teaming and cyber security communication.", "public_name": "Ben Cain", "guid": "7b91b11b-f9fd-5a4f-b982-dafb737f72e9", "url": "https://pretalx.com/chcon-2023/speaker/ZK83QY/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/398P8S/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/398P8S/", "attachments": []}, {"guid": "0484cefe-3f5e-5cef-ad6b-67889c4b31d9", "code": "3LCTDH", "id": 38963, "logo": null, "date": "2023-11-24T17:15:00+13:00", "start": "17:15", "duration": "00:30", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38963-omgcicd-from-intern-to-production", "url": "https://pretalx.com/chcon-2023/talk/3LCTDH/", "title": "OMGCICD - From Intern to Production", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "Continuous-integration and continuous-deployment systems. We know 'em, we love 'em. git push, some magical automation happens, and BAM your code's in the right environment. Glorious.\n\nWhat does this mean for organisational security though? The days of a surly set of sysadmins holding the private keys are gone, and your devs are now also ops. What happens if a dev is compromised? Scratch that, what happens if an intern is compromised!\n\nThis talk is going to walk you through exploiting a modern CI/CD enabled system and show how your latest tranche of Summer-of-Tech interns may just have all the necessary juice to take over... everything! We\u2019ll look at compromising CI/CD infrastructure, credential harvesting, lateral movement and compromising the production systems.\n\nBy showing how to practically loot a CI/CD enabled environment, we can elucidate the hacking voodoo and start some robust discussions around how to keep a modern deployment system safe.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "DGZMSP", "name": "Denis Andzakovic", "avatar": "https://pretalx.com/media/avatars/DGZMSP_0sybFQJ.webp", "biography": "DoI is a creature of meat and bone. Security consultant bio-automata at Pulse Security, DoI's day job involves hacking everything and anything to make things a little bit safer for everyone.", "public_name": "Denis Andzakovic", "guid": "5f689fd9-56bc-5182-8f22-065ceb234491", "url": "https://pretalx.com/chcon-2023/speaker/DGZMSP/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/3LCTDH/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/3LCTDH/", "attachments": []}, {"guid": "41501183-9363-5e4f-9026-25ce4b032537", "code": "LYM7JJ", "id": 38938, "logo": null, "date": "2023-11-24T17:45:00+13:00", "start": "17:45", "duration": "00:05", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38938-closing-day-1", "url": "https://pretalx.com/chcon-2023/talk/LYM7JJ/", "title": "Closing Day 1", "subtitle": "", "track": "Crew", "type": "Lightning", "language": "en", "abstract": "Day 1 wrap up", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "QWGNMN", "name": "CHCon Cr\u00fce", "avatar": null, "biography": "People from the local ISIG and Women in Tech groups.", "public_name": "CHCon Cr\u00fce", "guid": "ace14d18-c503-5240-b27b-c00ad1b7c009", "url": "https://pretalx.com/chcon-2023/speaker/QWGNMN/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/LYM7JJ/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/LYM7JJ/", "attachments": []}]}}, {"index": 3, "date": "2023-11-25", "day_start": "2023-11-25T04:00:00+13:00", "day_end": "2023-11-26T03:59:00+13:00", "rooms": {"Ngaio Marsh Theatre": [{"guid": "12cc79e5-fa41-5c9a-994b-fa1c5fb65541", "code": "V73TNS", "id": 38937, "logo": null, "date": "2023-11-25T09:15:00+13:00", "start": "09:15", "duration": "00:15", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38937-opening-day-2", "url": "https://pretalx.com/chcon-2023/talk/V73TNS/", "title": "Opening Day 2", "subtitle": "", "track": "Crew", "type": "Lightning", "language": "en", "abstract": "Opening of Day 2", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "QWGNMN", "name": "CHCon Cr\u00fce", "avatar": null, "biography": "People from the local ISIG and Women in Tech groups.", "public_name": "CHCon Cr\u00fce", "guid": "ace14d18-c503-5240-b27b-c00ad1b7c009", "url": "https://pretalx.com/chcon-2023/speaker/QWGNMN/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/V73TNS/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/V73TNS/", "attachments": []}, {"guid": "80742d36-e706-53f7-8f49-985ad48e9227", "code": "K3GSQD", "id": 38959, "logo": null, "date": "2023-11-25T09:30:00+13:00", "start": "09:30", "duration": "00:30", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38959-a-race-to-auth-how-i-stumbled-onto-a-race-condition", "url": "https://pretalx.com/chcon-2023/talk/K3GSQD/", "title": "A Race to Auth - How I stumbled onto a race condition", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "What happens when your web application uses the default sign in manager function that is subject to a race condition? Shall we attempt to brute force it? Why not? Whats the worse that could happen? An 8.1 CVSS! This talk will cover race condition I found in .NET\u2019s default sign in manager. I will discuss how I found it, how I exploited it, and potential mitigation's to prevent it from being abused.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "THGLVA", "name": "Jack Moran", "avatar": null, "biography": "Jack Moran is a Security Consultant working for ZX Security in Wellington. His work involves breaking web applications, APIs, cracking them hashes, and pondering why we do things the way we do it. Beyond that, Jack is an avid gamer, home lab enthusiast, and Raspberry Pi hoarder!", "public_name": "Jack Moran", "guid": "48289f36-0488-58d3-bc07-4cd73bdebe93", "url": "https://pretalx.com/chcon-2023/speaker/THGLVA/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/K3GSQD/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/K3GSQD/", "attachments": []}, {"guid": "3b5a0649-eea9-5a35-a0b4-1e73f064a043", "code": "YYHVBF", "id": 38946, "logo": null, "date": "2023-11-25T10:00:00+13:00", "start": "10:00", "duration": "00:30", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38946-artistic-walrus", "url": "https://pretalx.com/chcon-2023/talk/YYHVBF/", "title": "Artistic Walrus", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "\"What do an artistic walrus, a tiny tiger and a sneaky hippo have in common? And how does this relate to security anyway? \n\nAs it turns out, more than you might think. Come with me on this strange safari of memorable animals as we begin to solve the mystery of how these seemingly innocent creatures are roaming wild around New Zealand and reducing the security of many networks. \"", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "79MCC8", "name": "Redshark (Rory Shillington)", "avatar": null, "biography": "\"Professionally, I'm an electrical engineer and have had the privilege of working in renewable energy throughout my career. I currently lead hardware engineering at a company that develops safety-critical products. At both of the companies I\u2019ve worked at, the products connect both to the power grid and the internet, so security considerations have always been a key part of what we do. \n\nIn my spare time, I pursue far too many hobby projects (when I'm not baking or playing with our cat). Many of these projects involve hardware and sometimes building my own IoT devices (and we all know the S in IoT stands for Security). This talk is about something I stumbled across in my personal / hobby capacity.\"", "public_name": "Redshark (Rory Shillington)", "guid": "118ee0e9-65f2-5dca-b15a-f612beb5bb6c", "url": "https://pretalx.com/chcon-2023/speaker/79MCC8/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/YYHVBF/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/YYHVBF/", "attachments": []}, {"guid": "5d18c56b-358d-5927-8d72-9329c14a72cb", "code": "GVCBPN", "id": 38947, "logo": null, "date": "2023-11-25T10:30:00+13:00", "start": "10:30", "duration": "00:30", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38947-honey-the-kids-tried-crypto", "url": "https://pretalx.com/chcon-2023/talk/GVCBPN/", "title": "Honey the kids tried crypto", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "\"This talk will reveal weak cryptographic implementations in the commonly used ICT TSEC line of card readers for physical access control systems. Attendees will gain insights into three vulnerabilities that can be exploited by malicious actors, including AES-CBC plaintext manipulation, weak key exchanges, and default encryption keys.\n\nRecommendations will be shared for developers to prevent these vulnerabilities on their own systems, covering topics such as authenticated messages, secure key management, and off-the-shelf encryption technologies like TLS. Real-world examples and proof-of-concept exploits will be presented to demonstrate the severity of these vulnerabilities.\n\nBy the end of the talk, attendees will understand the importance of strong cryptography practices in physical access control systems and will be empowered to secure their systems effectively.\"", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "KTCFAU", "name": "Thomas Hobson", "avatar": "https://pretalx.com/media/avatars/KTCFAU_PnHLZt0.webp", "biography": "I'm a first-year software engineering student at the University of Canterbury with an interest in cyber security.", "public_name": "Thomas Hobson", "guid": "64c8b8a4-fdaf-5386-8080-b19d4b4ef340", "url": "https://pretalx.com/chcon-2023/speaker/KTCFAU/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/GVCBPN/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/GVCBPN/", "attachments": []}, {"guid": "0730a1ff-a412-5858-b55f-4e189507b388", "code": "JYTVSL", "id": 38940, "logo": null, "date": "2023-11-25T11:30:00+13:00", "start": "11:30", "duration": "00:30", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38940-hackers-on-a-plane-what-we-can-learn-from-the-aviation-industry", "url": "https://pretalx.com/chcon-2023/talk/JYTVSL/", "title": "Hackers on a plane: what we can learn from the aviation industry", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "\"Ever watched Air Crash Investigation? You may not be an aviation nerd, but there are so many fascinating parallels between security and the aviation industry: the layering of safety controls, making sure there are different types of security controls in place, the improvements made after bad things happened, etc. In this talk I'll discuss some of some notable examples in both the aviation and security industry and what we can learn and take away from that as security professionals.\nNote: You don't have to be an aviation geek to enjoy this talk, promise!\"", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "ZVJFYR", "name": "Sarah Young", "avatar": "https://pretalx.com/media/avatars/ZVJFYR_zjb2jK1.webp", "biography": "\"Sarah is a Senior Cloud Security Advocate working at Microsoft. She has lived all over the place but currently calls Melbourne home.\n\nSarah has been working in cyber security since before it was cool, holds numerous industry qualifications and has co-authored a few Microsoft Press technical books. In 2019, Sarah won the Security Champion award at the Australian Women in Security Awards. She is an active supporter of both local and international security and cloud native communities and a co-host of the Microsoft Azure Security Podcast.\n\nSarah spends most of her spare time speaking at security conferences in various parts of the world, eating hipster brunches and high teas and spending a disproportionate amount of her income on her dogs.\"", "public_name": "Sarah Young", "guid": "59cdadbc-c372-550b-abac-de2fa3d3abc6", "url": "https://pretalx.com/chcon-2023/speaker/ZVJFYR/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/JYTVSL/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/JYTVSL/", "attachments": []}, {"guid": "f2082862-73b6-5ab2-9d49-dbcf3008c052", "code": "JNBW8S", "id": 38962, "logo": null, "date": "2023-11-25T12:00:00+13:00", "start": "12:00", "duration": "00:30", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38962-one-trust-zero-trust-red-trust-blue-trust", "url": "https://pretalx.com/chcon-2023/talk/JNBW8S/", "title": "One Trust, Zero Trust, Red Trust, Blue Trust", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "In this talk, we'll explore some novel techniques you can use to break and bypass zero trust security controls. We aim to share with you actionable techniques we've explored, orchestrated or defended against in the wild. This goes beyond the basics but looks at thinking outside the box to exploit flaws in how these networks are designed. These networks are often architected to be perfect, but they rarely end up that way due to business needs. We'll share common flaws we've seen in how they are built and how to exploit them as a part of operation. \n\nThis should help red teamers explore new potential attack surfaces and confidently target zero trust networks without resorting to malware for initial access in every operation. There'll also be some valuable pointers to fend off common mistakes we see when building out these networks, so there will also be some helpful info for the blue teamers.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "77DVXD", "name": "Kane Narraway", "avatar": "https://pretalx.com/media/avatars/77DVXD_Llv1p9H.webp", "biography": "Kane is a technical engineering manager with an unwavering passion for all things zero trust. With over a decade of experience in building (and breaking) corporate networks. Kane dabbled in the realms of IT and DFIR before going on to lead the enterprise security teams at companies like Atlassian, Shopify, and now Canva.", "public_name": "Kane Narraway", "guid": "822a0691-f681-5b03-8283-2658bb27a344", "url": "https://pretalx.com/chcon-2023/speaker/77DVXD/"}, {"code": "8XRXYD", "name": "Clancy Rye", "avatar": null, "biography": "Clancy, a senior red team engineer at Atlassian, began his journey as a detection engineer before transitioning to offensive security. Throughout his tenure, he has orchestrated numerous successful operations aimed at simulating adversarial behaviour and enhancing Atlassian's overall security posture.", "public_name": "Clancy Rye", "guid": "438b32ea-5618-50aa-b936-7832ec11f9b3", "url": "https://pretalx.com/chcon-2023/speaker/8XRXYD/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/JNBW8S/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/JNBW8S/", "attachments": []}, {"guid": "2fa88bb5-9f0f-5b75-9a0d-283f8aacfe67", "code": "YGS3XB", "id": 39230, "logo": null, "date": "2023-11-25T13:45:00+13:00", "start": "13:45", "duration": "00:30", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-39230-levelling-up-adapting-security-to-deliver-covid-19-national-systems", "url": "https://pretalx.com/chcon-2023/talk/YGS3XB/", "title": "Levelling Up - Adapting Security to Deliver Covid-19 National Systems", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "In this engaging presentation, I will share the challenges of developing secure systems for immunisations, contact tracing, and vaccination certificates during the Covid-19 pandemic. I will highlight our team's adaptation to the ever-changing landscape, employing agile methodologies and collaborating with third-party vendors, especially in penetration testing. Key takeaways will offer valuable insights for professionals and organizations in high-stakes environments.\n\nA crucial aspect of the talk will explore the role of penetration testing and configuration reviews in securing Covid response tools. I will discuss overcoming challenges in conducting assessments at speed and under tight deadlines while ensuring optimal security. Strategies and best practices for collaborating with third-party vendors and adapting security testing approaches to a rapidly evolving crisis will also be shared.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "HQNBXC", "name": "Jeremy McMullan", "avatar": null, "biography": "Security Consultant, and small security company director. After a good tenure with ACC as a C&A specialist, and my most recent role in the Ministry of Health and it's successor Health NZ, I've reached the point where my experience as the Security Lead on the Covid-19 programme has given me some great stories to relay.", "public_name": "Jeremy McMullan", "guid": "121d3bd3-d583-56f4-a192-20760863019d", "url": "https://pretalx.com/chcon-2023/speaker/HQNBXC/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/YGS3XB/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/YGS3XB/", "attachments": []}, {"guid": "fe8d597a-d416-59f5-95c1-29b1d7fd903c", "code": "A8LPEC", "id": 38965, "logo": null, "date": "2023-11-25T14:15:00+13:00", "start": "14:15", "duration": "00:30", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38965-building-a-security-team-and-then-an-army", "url": "https://pretalx.com/chcon-2023/talk/A8LPEC/", "title": "Building a Security Team and then an Army", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "With Security people generally in short supply, how do you maximise the few people you have and make them a force multiplier in your organisation's security maturity journey?\n\nCome and learn from my wins (and past failures) at building teams that might give you some new ideas to make your journey smoother, whether it be providing opportunities for people to widen their skills in a T shape (sometimes giving them a gentle nudge), changing public opinion of being the department of \u2018no\u2019 to supporting the business, and to just getting stuff done, inspiring employees to want to follow and be part of the team.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "8GFSUS", "name": "DJ", "avatar": null, "biography": "DJ (a.k.a. Moss) remains optimistic that he can make organisations great again (read: more\nsecure), however has seen his fair share of horror stories over his career. With risks being\nblindly accepted and added to ever expanding registers, it wasn't long before he was in the\nambulance at the bottom of the cliff. Let his dulcet tones soothe you as you come for a ride\nand learn how to be useful instead of just making nee-naw sounds when the worst occurs.", "public_name": "DJ", "guid": "222b7c0d-8398-5165-b29c-0bd6369e27d7", "url": "https://pretalx.com/chcon-2023/speaker/8GFSUS/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/A8LPEC/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/A8LPEC/", "attachments": []}, {"guid": "f3c19e40-ae6b-5b4f-bdba-f6de9d7285f5", "code": "GU7MQD", "id": 38955, "logo": null, "date": "2023-11-25T14:45:00+13:00", "start": "14:45", "duration": "00:30", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38955-my-kids-hack-me-and-it-s-awesome", "url": "https://pretalx.com/chcon-2023/talk/GU7MQD/", "title": "My kids hack me and it's awesome", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "In which I share the various ways I teach my children rhetorical tools, and they use these tools to convince me I should give them ice cream. It also makes them more resilient in a world where understanding persuasive techniques is increasingly critical.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "NPBF7L", "name": "notnotcharlie", "avatar": "https://pretalx.com/media/avatars/NPBF7L_C1CPb9Q.webp", "biography": "Charlie is a software developer with an interest in security. When not at work, or doing the mum thing, she's usually either making or deconstructing something.", "public_name": "notnotcharlie", "guid": "3f16fea8-ef71-5902-ab4c-a83b088159bd", "url": "https://pretalx.com/chcon-2023/speaker/NPBF7L/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/GU7MQD/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/GU7MQD/", "attachments": []}, {"guid": "076ecc9c-2407-5d38-9e90-4f2ee764d069", "code": "TKLCHT", "id": 38945, "logo": null, "date": "2023-11-25T16:00:00+13:00", "start": "16:00", "duration": "00:15", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38945-assurance-is-easy-i-assure-you", "url": "https://pretalx.com/chcon-2023/talk/TKLCHT/", "title": "Assurance is easy, I assure you", "subtitle": "", "track": "Main Track", "type": "Lightning", "language": "en", "abstract": "I will be presenting the basic \"Assurance process\" that New Zealand Government agencies and nationally significant organisations (Teleco's, Banks, etc.) follow in an easy to digest and (hopefully) entertaining manner. This will go over the \"Certification & Accreditation\" process, what this achieves, and how it impacts developers/ PMs/ architects/ etc.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "3JDR3M", "name": "James Hitchiner", "avatar": null, "biography": "Lead Security Consultant within the Quantum Security Services Governance Risk and Compliance team. In my role, I've provided security consultancy to some of New Zealand\u2019s largest private and public sector organisations. In my own time, I'm an avid gamer (Counter Strike, Civilisation VI and Chess being top 3) and enjoy hanging out with friends and family.", "public_name": "James Hitchiner", "guid": "4c383adf-77ba-5f9c-bb06-b41a61b562d3", "url": "https://pretalx.com/chcon-2023/speaker/3JDR3M/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/TKLCHT/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/TKLCHT/", "attachments": []}, {"guid": "d13be00c-92ac-59db-94af-66f1c0e3414a", "code": "ZYPKHE", "id": 38944, "logo": null, "date": "2023-11-25T16:15:00+13:00", "start": "16:15", "duration": "00:15", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38944-use-of-gflags-for-identifying-access-violations", "url": "https://pretalx.com/chcon-2023/talk/ZYPKHE/", "title": "Use of GFlags for identifying Access Violations", "subtitle": "", "track": "Main Track", "type": "Lightning", "language": "en", "abstract": "Memory leaks and Access Violations are intrinsically bad code, with the potential for being exploited by bad-actors. In some languages, for example C++, they are easy to create. The talk demonstrates one tool, GFlags, that can be used to help to identify the presence of such bad code, and to provide confidence that once fixed, they stay fixed.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "9RCK8Q", "name": "Roger Dunham", "avatar": null, "biography": "\"I'm truly ancient (compared to most hackers) which means that I've had time to work in a range of industries. While there I have picked up a thing or two about many subjects.\nI've worked as a researcher, web designer, coder, tester, documenter and customer advocate.\nFor a number of years I worked in the field of PDF reconstruction, but I've also worked in M\u0101ori language development,  job-management for plumbers and the logging of oil wells.\nBut prior to that, in the 20th Century I wrote Javascript backed websites about forest research. And some of those are still online.\nI also drink beer, play music and dance.\"", "public_name": "Roger Dunham", "guid": "11855e36-33cc-575e-903d-9b084478f10c", "url": "https://pretalx.com/chcon-2023/speaker/9RCK8Q/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/ZYPKHE/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/ZYPKHE/", "attachments": []}, {"guid": "b78bf79a-863c-5628-b2dc-487b652d231c", "code": "PNBTMJ", "id": 38952, "logo": null, "date": "2023-11-25T16:30:00+13:00", "start": "16:30", "duration": "00:30", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38952-lolwap-living-off-the-land-for-web-app-pentesters", "url": "https://pretalx.com/chcon-2023/talk/PNBTMJ/", "title": "LOLWAP: Living Off the Land for Web App Pentesters", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "Imagine you\u2019re a web application penetration tester and you\u2019re on-site at a client\u2019s office, testing a web application before it goes live. Problem is, the app lives in their Special Devops Lab environment and is only accessible from an internal network jump box\u2026which doesn't have Burp Suite installed, of course. You protest but the client tells you, \u201cSorry, we don\u2019t allow hacking tools in the Special Devops Lab.\u201d If I had a dollar for every time this happened to me, I\u2019d have $3 which isn't a lot but it's weird that it happened three times. This talk will show you how use built-in web browser Developer Tools to replicate Burp Suite\u2019s intercepting proxy and Repeater functionality so that if this ever happens to you, you\u2019ll be able to tell the client \u201cNo worries, mate!\u201d and proceed to tear that app apart with your bare web browser.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "S8HHPT", "name": "Ben Loula", "avatar": "https://pretalx.com/media/avatars/S8HHPT_OoULATX.webp", "biography": "Ben is a web application penetration tester who has been living in Aotearoa for a couple years now. When he\u2019s not hacking he\u2019s probably running tabletop RPGs, getting motion sick in VR, walking his cat, or tramping through the Waitakeres.", "public_name": "Ben Loula", "guid": "3e1b0b9c-1ec1-5a85-9713-2eef55de6e62", "url": "https://pretalx.com/chcon-2023/speaker/S8HHPT/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/PNBTMJ/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/PNBTMJ/", "attachments": []}, {"guid": "fdc8a574-09bd-566b-be74-f22bf20a09c8", "code": "9UYGQV", "id": 38939, "logo": null, "date": "2023-11-25T17:00:00+13:00", "start": "17:00", "duration": "00:30", "room": "Ngaio Marsh Theatre", "slug": "chcon-2023-38939-closing", "url": "https://pretalx.com/chcon-2023/talk/9UYGQV/", "title": "Closing", "subtitle": "", "track": "Crew", "type": "Talk", "language": "en", "abstract": "Conference Closing", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "QWGNMN", "name": "CHCon Cr\u00fce", "avatar": null, "biography": "People from the local ISIG and Women in Tech groups.", "public_name": "CHCon Cr\u00fce", "guid": "ace14d18-c503-5240-b27b-c00ad1b7c009", "url": "https://pretalx.com/chcon-2023/speaker/QWGNMN/"}], "links": [], "feedback_url": "https://pretalx.com/chcon-2023/talk/9UYGQV/feedback/", "origin_url": "https://pretalx.com/chcon-2023/talk/9UYGQV/", "attachments": []}]}}]}}}