Platypus Initiative | PlatypusCon 2016


           _|              _|                                                  
 _|_|_|    _|    _|_|_|  _|_|_|_|  _|    _|  _|_|_|    _|    _|    _|_|_|      
 _|    _|  _|  _|    _|    _|      _|    _|  _|    _|  _|    _|  _|_|          
 _|    _|  _|  _|    _|    _|      _|    _|  _|    _|  _|    _|      _|_|      
 _|_|_|    _|    _|_|_|      _|_|    _|_|_|  _|_|_|      _|_|_|  _|_|_|        
 _|                                      _|  _|                                
 _|                                  _|_|    _|                                
 _|            _|    _|      _|              _|      _|                        
     _|_|_|        _|_|_|_|        _|_|_|  _|_|_|_|      _|      _|    _|_|    
 _|  _|    _|  _|    _|      _|  _|    _|    _|      _|  _|      _|  _|_|_|_|  
 _|  _|    _|  _|    _|      _|  _|    _|    _|      _|    _|  _|    _|        
 _|  _|    _|  _|      _|_|  _|    _|_|_|      _|_|  _|      _|        _|_|_|  

$ cat

layout: fuckyouimaplatypus

PLATYPUSCON 2016 IS OVER, GREAT SUCCESS. Thank you to everyone who came; special thanks to our workshop hosts and volunteers. <3<3<3

PlatypusCon 2016

At long last, platypuscon is here… Ever since Ruxcon departed for Melbourne, the Sydney infosec community has been sorely missing a conference-style event to bring the community together for a few days of sharing ideas, showcasing our projects and horrendous alcoholism.

In the spirit of what brought this community together, we’re aiming to build a super hands-on event: that is, instead of a series of talks while you plan on missing to catch up with your friends at the cafe down the road, we’re putting together a full day of hands-on workshops where you can get your hands dirty and we can all help each other learn something new. Bring your laptop (or phone or tablet or whatever) to get the most out of this event: infact, bring something you can SSH on or don’t come at all.

Saturday 24th September 2016 (ink that in!)
Doors open at 9:00am
Official welcome at 9:45am
Closing at 6:30pm
Book tickets online
Limited tickets available at the door, $75 cash (includes a sexy platypus t-shirt)
$60 hoodies, limited numbers available on the day
Let us know your size in advance to avoid disappointment
This is an 18+ event. If you’re still super keen to come, enquire within and we’ll work something out
Bring your laptop, no excuses
Think of it like a nerd fight club: it doesn’t matter if you’re new to this infosec thing, or you’ve been at it for ages; everyone’s expected to participate, and you won’t find it fun if you’re expecting to just come and sit and listen to other people’s work.
aMBUSH Gallery – Level 3, Central Park Mall, 28 Broadway Chippendale NSW 2008

Instead of the usual conference fare of 2 tracks of talks over two days, we’re going with a workshop-only format. Drop in and drop out as you please. Each session is intended to be practical in nature instead of someone standing up the front and talking at people. This year, we’ve lined up a full day of content, with some never-before-seen content, including:


Time Stream A Stream B ~funstuff~ Stream C Stream D
09:00-09:45 Doors open / registration
09:45-10:30 keynote
(by lin_s)
10:30-12:00 Antennas (by Chris + Ash) Hardware
(by Silvio)
Lockpicking (by topy + klepas)
CTF (by muld0r)
CTFs 102
(by ctkris + lin_s)
(by Mike + Jeff)
12:00-13:00 SDR Texting (by pamela) Browser
(by Paul)
Red Star OS (by David) Doorbells (by Tres)
13:00-14:00 Lunch
14:00-15:30 Wireless
(by y011)
Pentesting (by Lukasz) Bounties
(by Shubs)
(by Mike + Jeff)
15:30-17:00 IOS
(by mg)
(by Hugh)
Firmware (by lin_s + gavia)
17:00-18:00 Fireball talks
18:00-18:15 Closing ceremony


Antennae for every Occassion
A hands on workshop on selecting the right antenna for the job and building it. The workshop will be going over: types of antenna and their features; what you need to build one; how to test your antenna; building a few as a group
Hosted by Chris and Ash
Chris works fixing things in IT during the day and breaks things the rest of the time. He lives with his wife on the outskirts of Melbourne and is interested in sustainable living
Ash works in electronics and spends his time working on electronic and radio projects. He lives with his wife in the hills just outside of Melbourne
Chris and Ash became friends in highschool and have spent the last 20 years working on electronics projects together
Attacking Firmware Binaries
This workshop covers reverse engineering coherent file systems from firmware updates for a few common devices, including both traditional network devices (e.g. 4g dongles) as well as IOT devices
Participants should bring a Linux system / VM, with binwalk and firmware-mod-kit installed (from github). This workshop will reference content in IDA Pro, but IDA is not required
No experience is required (we’re both scrublords). Some general Linux knowledge is assumed
Hosted by lin_s + gavia
Badge Soldering Workshop
The badge soldering workshop will provide all the equipment to solder electronic badges that you acquire at the conference. If you’re experienced or a novice, there is space for you
Hosted by Dr Silvio Cesare
Silvio is an organiser of BSidesCbr. He’s worked in Australia, France, and the United States within both industry and academia. At his core though, he’s still a hacker
Bug Bounties
The bug bounty workshop is a fully-featured bug bounty simulation - participants of PlatypusCon can help find bugs for P-Corp, the leading alternative cryptocurrency ever since the E-Corp hack by Mr Robot.
P-Corp is split up into multiple corporate domains and applications, typical to the structure of any normal bug bounty target
Sign up to HackerOne, submit bugs to P-Corps private bounty, win epic swag (massive thanks to HackerOne)
Hosted by shubs
Ding dong. Who’s there? EVERYONE
Reverse engineering an RF device and reproducing the signal using a Yard Stick One
Participants should bring: a Linux or Mac laptop with the following software installed: Inspectrum - Required for participation; and some sort of text editor
Hosted by Très Acton
Très Acton is a Penetration Tester and Security Researcher. He is passionate about physical security, social engineering, brewing beer, playing with fire, and learning as much as he can about Software Defined Radio
Drone Hacking for Beginners
Ever wanted to walk out of a workshop with a viable skill set and practical knowledge, ready to impress the government your friends and family? You will be leaving this session with the skills to hack a very popular consumer drone; and the methodologies to attack and defend others like it. You may even open yourself up to future employment as a ‘Drone Security Engineer’
We will be guiding participants through different attack levels; from live camera feed interception, to file system access, and real-time hijacking of controls
A final competition will be held to challenge attackers to gain control of a drone, and defend their access from other players
This workshop is beginner friendly. If you own one, please bring an external wireless adapter (e.g. an Alpha, TP-Link etc) that supports monitor mode
Hosted by Mike and Jeff
Mike and Jeff both work as penetration testers in Melbourne
Michael (@securitymeta_) is a co-organiser of SecTalks Melbourne (@sectalks_MEL) and spends his time on OSINT, startups, and CTFs : Jeff (@d4rkt1d3) is passionate about wireless and drone security, and recently oversaw a large industry-based drone hacking research project
Fuzzing with Rabbits for Fun and Profit
Fuzzing is the art of applying random data in the hopes of finding inputs to programs that cause unexpected behaviors
Traditionally, this has taken a deterministic approach which is akin to something to do with monkeys, typewriters, and Shakespeare
Enter american fuzzy lop (afl), not just a weird looking bunny [1], but actually a new generation fuzzer from Google that takes into account code coverage
This workshop will give a brief overview of afl-fuzz, show off its features, and gives an example of things Hugh has found, and how much bounty has been made. Comparisons to other fuzzers will be made
Hosted by Hugh
Hugh is a software developer and security consultant based in Wellington, NZ. He has an interest in bounties, fuzzing and training
Hacking All the Windows Domains
Name any organisation and it is guaranteed that they are running some kind of Windows Domain with Active Directory. This workshop aims at exposing attendees to the types of techniques used to establish a foothold on a network, escalate their privileges and then laterally move to compromise key servers
Highlights from the workshop include: Active and Passive Reconnaissance; Vulnerability Discovery; Vulnerability Confirmation; Vulnerability Analysis; Establishing a foothold; Privilege Escalation; Lateral Movement; and Domain Compromise
Hosted by Lukasz (SyNick)
Lukasz is a managing consultant with Alcorn Group, a Brisbane based security consultancy firm
iOS Funstuff
This workshop will cover some of the in’s and out’s of attacking iOS apps and specifically reverse engineering and bypassing anti-tampering and other protection mechanisms commonly deployed by developers
From there (if we have time) we will apply these techniques to common libraries/frameworks and various userland processes for some more fun and profit.
NOTE: To get the most out of this workshop a jailbroken device running at least iOS 7 would be ideal. There will be a few spare ones around but will be handed out on a first come first serve basis. If you miss out or don’t have one don’t stress, all the binaries will be handed out and you can follow on with anything not on the device.
Michael Gianarakis (mg) is APAC Director for SpiderLabs. As big an Apple fanboi as y011, mg only got into iOS security so he could convince his boss he needed a Mac for work.
Hosted by mg
CTFs 102
Want to get into CTFs, but don’t know where to start? Have your IDA Pro ready, but not sure where to stick it?
This workshop covers a few techniques to get cheap and easy points in CTFs, as well as touching on the practical use of angr
Hosted by ctfkris + lin_s
Managing to find browser bugs
When faced with a challenge Paul Theriault, BSCE, PCI DSS(ex), doesn’t back down, he does what all good Managers do: delegate.
Today’s problem: find faults in browser Web API code. Using a unique ‘git clone’-based approach, we will learn how to leverage the hard work of the Firefox fuzzing team to identify software faults.
We’ll explore the basics of using a grammar-based fuzzing approach to find weaknesses in DOM APIs and compete for pride, fame and illustrious bounties
Hosted by Paul Theriault (BSCE, PCI DSS(ex)) Esq.
Red Star OS - breaking out of the gulag (sandbox)
Red Star OS is a home grown, closed-source Linux distribution produced by the DPRK (North Korea). This tutorial will demonstrate how to install it in a VM, configure English localiSation, and break out of the unprivileged sandbox to gain root access
Attendees will be left with a few thoughts for future investigation of the system
Hosted by David Jorm
David is an OG security nerd whose interests include Java RCE, long walks on the beach, Glorious Democratic Peoples Republic of Korea, software-defined networking, and smashing the kyriarchy
Talking ASCII over the Airwaves
This workshop will walk you through how to make a simple broadcast chat server using GNU Radio Companion. Don’t worry if you don’t have a transmitting SDR like a HackRF, we will also be showing you how to use your audio card so everyone can participate!
Hosted by pamela
Pamela is a pentester in Melbourne and runs the Melbourne Software Defined Radio group (@sdr_melbourne, @0xsh_)
Totally Enterprise Ready “hands on” 802.11 wireless security assessment
This workshop covers security assessment common deployments and security controls in Totally Enterprise Ready (i.e. usually a little bit shonky) 802.11 wireless solutions. Bring your wireless device and a recent Kali install or VM
Neal Wise (aka y011 spelt why zero one one) is director of Melbourne-based consultancy Assurance which he co-founded in 2005
Neal’s >25 year career as a sysadmin and consultant has centred around distributed solutions and the network and security duct-tape that holds them together
A Game of Flags
A twist on the traditional capture the flag wargames
Capture flags for platypuscoins, spend them to upgrade your box or attack others
Keep your eyes peeled, flags are everywhere
Hosted by muld0r
Prizes include platypus plushies, because fuck yes [tm]
The Art of Breaking (into stuff. buildings, lockers, whatever)
Ever wanted to experiment with picking locks?
Pick locks, push pins, pop handcuffs, also don’t get in trouble
Hosted by topy and klepas
Fireball Talks
Open mic 5 min lightning rants
Shot required for every additional minute required
Want to come talk? Let us know beforehand, or just put your hand up :)
Sunset Pre-Party
The Wild Rover: 75 Campbell St, Surry Hills NSW 2010
Some dingy bar
Decommissionary hipster brekky bar
Laser Tag (and drinking) @ Darling Harbour

This first year is by us, for us: if you’re a platypus and there’s no more tickets (or if you’re broke as shit, spent your last $4.50 on ramen but want to come anyway), ping lin_s / snail and we’ll sort you out :)