Competing in the BSides Canberra 2023 CTF

Introduction This was my first year attending the BSides Canberra conference and competing in the Capture the Flag (CTF) competition run by Cybears. While our team worked across all the competition categories, I'd like to tell you about some of the fun miscellaneous challenges I worked on during the competition. The CTF took place between Thursday 28th and Saturday 30th of September. BSides Canberra is Australia's largest technical security conference. Several CTF …

Introduction to OAuth Security

Introduction to OAuth Security OAuth 2.0 and OpenID Connect are similar protocols commonly used for identity and access management. The purpose of this blog is to provide an in-depth description of the OAuth 2.0 protocol and discuss various security controls required to protect against OAuth-specific attacks which can help you defend and test your applications. Applications often need to manage resources on behalf of a user. These resources are often owned by …

Competing in the International Cyber Security Challenge 2023

Competing in the International Cyber Security Challenge 2023 In 2023, team Oceania consisted largely of returning players. This meant that having experienced last year's podium struggle, those returning teammates were hungry for victory and out for blood. Although the competition only lasted two days, the effort Team Oceania put into not only practicing for the qualifiers, but also in preparations and training, spanned months leading up to the event.    This year’s competition …

Day Zero at Black Hat USA 2023

Day Zero at Black Hat USA Moderator: Dr. Pamela O’SheaLocation: Las Vegas, Mandalay Bay Convention Center, South Pacific EF, Level 0Date: Tuesday, August 8 2023, 4:00 PM – 7:00 PM Before diving into two jam-packed days of hacks and research, hear insider's recommendations on how to make the most of your time, including a synopsis of this years can't-miss Briefings, Arsenal Tools, and special Features from Black Hat Review Board Members, Speakers …

Locknote at Black Hat Asia 2023

Locknote at Black Hat Asia 2023 Trends and Top Takeaways from Black Hat Asia Join Black Hat Founder Jeff Moss and Black Hat Asia Review Board members Sudhanshu Chauhan, Ty Miller, Asuka Nakajima and Pamela O'Shea for an insightful conversation on the most pressing issues facing the InfoSec community. This panel session will feature a candid discussion on the key takeaways coming out of the conference and how these trends will impact …

IBM Informix – Building a proof of concept for blind SQL Injections

IBM Informix – Building a proof of concept for blind SQL Injections Introduction  IBM® Informix® is a database management system specialising in high-speed transactional environments. An Informix feature called TimeSeries provides a non-standard SQL data type and allows for data to be manipulated at high volumes and speeds. As a result, Informix is often seen within the financial and trading industries which need to quickly store data at regular time intervals, or …

Competing in the International Cyber Security Challenge 2022

Competing in the International Cyber Security Challenge 2022 Introduction This is a brief and non-technical blog about my experience taking part in the inaugral International Cyber Security Challenge (ICC), a challenge hosted by ENISA for young adults in cybersecurity. The main event took place from the 14th to 17th of June 2022 in the city of Athens, Greece. I participated as a member of team Oceania alongside 15 other incredibly talented folks from New Zealand …

Membership of hacking conference review boards

Membership of hacking conference review boards We are very proud to be a continuous member of the review boards for Black Hat USA, Black Hat Asia, BSides Canberra, BSides Singapore and the OWASP Appsecday conferences. While our involvement in each of these conferences varies, one of the benefits has been the ability to read about new hacking and defensive research first hand as they are submitted to conferences. Working with fellow reviewers …

Completion of our second haXX course with SEEK

What is haXX? haXX is an ethical hacking learning group for women trying to break into the technical security field. Founded by Pamela O’Shea, it provides hands on security classes for women with a burning desire to be in the technical security field with varying levels of technical experience. What did the course cover? This year, haXX returned with a brand new course on reverse engineering and malware analysis running during the evenings …

Teaching at OWASP Conference

Web Hacking Essentials: Applying a hacker’s mindsetWe are delighted to be delivering our web application hacking course at OWASP Melbourne on the 2nd and 3rd of November this year. This course focuses on core web application penetration testing skills from the offensive side. The content is suitable for developers, anyone new to penetration testing or anyone wishing to explore the area by gaining real hands on skills.The aim of the …

Completion of our first haXX course with SEEK

Completion of our first haXX course with SEEK Shea Information Security has successfully delivered our first outreach programme to support women in technology with SEEK. Between February and May 2019, we successfully run a series of evening classes on web hacking and we were delighted to have received 96 applications for 20 spots! What is haXX? haXX is an ethical hacking learning group for women trying to break into the technical security field. …

Presenting at Black Hat Asia 2019

Are We Converting Community Knowledge into Secure Organisations? Speaker: Dr. Pamela O’Shea Location:  Singapore - Marina Bay Sands, Level 4: Peony 4402 Date: Thursday, March 28 2019 | 1:30pm-1:55pm Track: Community Session This talk identifies where the focus is in our community and what is expected of us in our day-to-day occupations according to industry standards. This analysis sets out where our interests overlap with our work and how we can use new knowledge circulating …