Talks will be announced in two phases, on 18th Sept and 2nd Oct. The current schedule may be subject to change.

Quick List


TitleMetlstorm Welcomes the Combined Badasses
AbstractRoll up, roll up. Metlstorm welcomes the Kiwicon Massive to this, the fifth installment of our con, and, in lieu of a Keynote, offers a few thoughts on the State of the World, almost certainly to involve badmouthing of vendors, hyperbole, and beard stroking.
LocationSat 05 0900 @ The Opera House
Duration30 mins
OriginWellington, New Zealand
BioBeards, bacon and beer are the benzine to Metlstorms... err, boffindom? While alliteration may not be his strong point, Metl does at least hold down a job as roach herder with Insomnia Security, engages in rampant punditry on the podcast, and is only partially reponsible for this whole Kiwicon malarky.

TitleThe Erlang SSH Story: bug to key recovery
AbstractIt's 6pm in the office and your coffee is cold. You thought you were so smart when you decided to create a custom ssh channel protocol to run inter-cluster distribution, but now you're deep in the guts of the SSH library and something looks out of place. The call to random:uniform/1 anywhere else would be innocent, but your heart sinks as your mind races: wrong kind of random, no entropy mixing - could you guess the seed? And if you could, what else would be yours for the taking? A bug, a conjecture, a half-arsed network stack, a lot of coffee and googling, a one-shot pcap->private key recovery script.
LocationSat 05 0930 @ The Opera House
Duration30 mins
NameGeoff Cant / Archaelus
OriginNorthernmost Palmerston, now The People's Republic of Berkeley
BioGeoff Cant is the world's most interesting Erlang Hacker in New Zealand. He doesn't often spot security bugs in obscure programming languages but when he does he weaponizes them. More prosaically of late, he builds interesting distributed systems for mobile gaming platforms at ngmoco:) and finds entirely too little free-time to devote to an ever-expanding collection of github projects.

TitleHacking Hollywood
AbstractThis is a whirlwind tour through the production of film and TV, from script draft to ticket stub. A wide variety of software is involved in creating a motion picture - for pre-production tasks such as scriptwriting and storyboarding through to special effects generation, renderfarm control and video editing. And, funnily enough, it's terrifically vulnerable. Previously unreleased vulnerabilities will be showcased in industry-standard software used by the big studios for the big pictures. Watch Avatar? CSI? The Star Wars movies? These are just a few productions that use software I have exploited. Whether you're into Paper St style frame injection, controlling an army of renderbots or setting sail for The Pirate Bay with your pre-release booty, I've got something for you. Let me show you life on the other side of the screen, where the vulns have roamed free of predators.. 'til now.
LocationSat 05 1000 @ The Opera House
Duration30 mins
OriginAuckland, New Zealand
Biovt is a security consultant at's Auckland office. After a couple of years of building systems he has turned to breaking them instead, and spends his spare time hunting 0day and the ultimate combination of whisky and bacon.

TitleGoing Rogue
AbstractEver felt like someone is watching you? Wish you could protect yourself but find your tin foil hat a bit uncomfortable for social occasions? This talk is for you. From unlikely ways to communicate using normal, un-modified household electronics, to keeping yourself financially afloat when you can’t use your bank.... in 25 minutes or less I will give you the tools and techniques to survive when you need to go off radar for a while.
LocationSat 05 1100 @ The Opera House
Duration30 mins
NameLaura Bell
OriginNew Zealand (via the United Kingdom)
BioNewly escaped from a deep dark official looking basement in the UK where she did “some stuff” for “a government organisation”, Laura is now working for KPMG Security Advisory Services. A reformed gamer, Arduino fan girl and closet code monkey; she is often described as “surprisingly normal for a geek”.

TitleAn Embarassingly Simple Approach to Securing Browser Users
AbstractWeb browsers currently do virtually nothing to proactively protect users from malicious web sites. Whether a site has a certificate or not is largely irrelevant, blacklists react too slowly to catch anything but inept phishers, and beyond these security-theatre defences there's nothing available. As a result a browser will happily take a user to an obviously-phishy fake banking site and run evidently malicious Javascript to inject a drive-by download onto their PC. Building on four decades of experience with security design for the built environment (buildings and houses) known as crime prevention through environmental design (CPTED), this talk looks at how CPTED is applied in practice, and how similar principles could be used as part of at an embarassingly simple risk-mitigation strategy that helps protect browser users from malicious web sites.
LocationSat 05 1130 @ The Opera House
Duration45 mins
NamePeter Gutmann
OriginOrkland, NZ.
BioPeter Gutmann arrived on earth some eons ago when his physical essence filtered down from the stars, and he took human(?) form. Lingering for awhile on the plateau of Leng while waiting for the apes to evolve, he eventually mingled among human society, generally without being detected, although the century he spent staked out in a peat bog in Denmark was rather unpleasant and not something he'd care to repeat. Once computers were invented he became involved in security research in the hope that enough insider knowledge would, at the right time, allow him to bypass electronic security measures on the first translight spacecraft and allow him to return to the stars. This is probably still some time away. Until then he spends his time as a researcher at the University of Auckland, poking holes in security systems and mechanisms (purely for practice) and grumbling about unusable security systems.

TitleSo you wanna be a hack superstar
AbstractCome and listen as antic0de talks about life in the commercial NZ security testing scene. Take a step up from #2600, and through the beginnings of the local 'pen testing' industry. New Zealand security exports are higher per capita than most of the world, and we have kiwis working in high level security roles in major organisations around the world. Want to hear about APT's, drink with a kiwi. Want to jackpot an ATM, drink with a kiwi. Hear about NGS Hijinx, a kiwi can help you there. How about a tour of Redmond, yup kiwis have even infiltrated that place. And locally we now have a number of security firms looking for talented people to join the industry. Maybe antic0de can rant enough to convince you that it's not all bad, or maybe he will just be hungover and have some slides for you to read.
LocationSat 05 1315 @ The Opera House
Duration30 mins
OriginAuckland, NZ
BioOne of the 'Grumpy Old Men' of the NZ security industry, antic0de has been scrounging around NZ networks since before some of us were born. He now heads up Insomnia Security where he spends his time scrounging around the networks of NZ spreading images of otters and cockroaches with the rest of his team.

TitleFollow the money: bling-bling real compton city g bitcoin forensic accounting
AbstractWhether it's buying drugs, financing cyber-terrorism or laundering the proceeds of organised crime, the hot hip new cryptocurrency “bitcoin” has literally dozens of completely legitimate uses. Frequently touted as totally unregulated and anonymous, bitcoin has quickly become the financial pornography du jour of libertarians around the world. But just how anonymous is bitcoin? As every pseudonymous transaction is recorded in a publicly distributed ledger, the interested researcher now now has unprecedented access to the complete transfer history of an entire global e-currency. This presentation will discuss ways in which this information can be leveraged to remove a degree of bitcoin's anonymity, and will include the release of a graphical bitcoin forensic accounting tool (“bitten”) to aid in quickly tracing the flow of money through the bitcoin network.
LocationSat 05 1345 @ The Opera House
Duration30 mins
OriginMotherfucking Christchurch east, yo.
BioWHAT IS BEST IN LIFE CONAN? Raised by wolves and battle hardened in the savage crucible of Christchurch's eternally rioting eastern suburbs, alhazred also enjoys: walks on the beach, being the “little spoon”, charging by the hour while smoking ounces by the pound, graffiti (its admiration and manufacture), good wholesome honest mischief, poetry, and lying.

TitleExploit automation with PMCMA
AbstractIn this presentation, we introduce a new exploitation methodology of invalid memory reads and writes, based on dataflow analysis after a memory corruption bug has occurred inside a running process.
We will expose a methodology which shall help writing a reliable exploit out of a PoC triggering an invalid memory write, in presence of modern security defense mechanism such as compiler enhancements (such as SSP...), libc protections (eg: safe heap unlinking), linking and dynamic linking enhancements (full read only GOT and relocations) or kernel anti exploitation features (ASLR, NX...).
In particular, we will demonstrate how to : find all the function pointers inside a running process, how to determine which ones would have been dereferenced after the Segmentation fault if the process had kept executing, which ones are truncatable (in particular with 0x00000000). In case all of the above fail, we will demonstrate how to test for overwrites in specific locations in order to indirectly trigger a second vulnerability allowing greater control and eventually full control flow hijacking. All of the above without needing the source code of the application debugged.
In the case of invalid memory reads, we will show how to indirectly influence the control flow of execution by reading arbitrary values, how to trace all the unaligned memory access and how to test if an invalid read can be turned into an invalid write or at least used to infer the mapping of the binary.
We will also introduce a new debugging technique which allows for very effective dynamic testing of all of the above by forcing the debugged process to fork(). All those steps are realized automatically and provide a rating of the best read/write location based on probabilities of mapping addresses (in the hope to defeat ASLR).
These techniques were implemented in the form of a proof of concept tool running under GNU/Linux and Intel architectures : pmcma. The official website of the tool is
LocationSat 05 1415 @ The Opera House
Duration45 mins
NameJonathan Brossard / Endrazine
OriginSydney, Australia
BioJonathan is a security research engineer holding an Engineering degree and a Master in Computer Science. Born in France, he's been living in Brazil and India, before currently working in Australia. With about 15 years of practice of assembly, he is specialised in low level security, from raw sockets to cryptography and memory corruption bugs. He is well known in the industry for his disruptive research on preboot authentication (breaking all the top tier BIOS passwords, and full disk encryption software - including Truecrypt and Microsoft Bitlocker- with a single exploit in 2008 !) as well as Virtualization software. He is currently working as CEO and security consultant at the Toucan System security company. His clients count some of the biggest Defense and Financial Institutions worldwide. Jonathan is also the co-organiser of the Hackito Ergo Sum conference (HES2011) in France. Jonathan has been a speaker at a number of great intenational conferences including Blackhat, Defcon, HITB (Amsterdam & Kuala Lumpur), Ruxcon (Australia), Hackito Ergo Sum (France), H2HC (Brazil & Mexico) among others.

TitleYou wouldn't copy a car (and other more appropriate analogies)
AbstractIn the warpspeed Age of the Internets, it's hard for duly-elected representatives to keep statute books in line with our digital life. The recent addition of 'file sharing' to the Copyright Act is yet another attempt to modernise legislation in the wake of new technology use. But despite being carefully considered under Parliamentary Urgency, many cyberspace enthusiasts have concerns about the wording and possible application and enforcement of this law change. This presentation will briefly outline the regime established by the amendments and address pertinent issues such as the presumption of guilt, your rights if accused, how to challenge evidence and possible defences, drawing comparisons and analogies with other areas of the law.
LocationSat 05 1500 @ The Opera House
Duration30 mins
NameMarissa Jonpillai
BioMarissa is a qualified predator on human suffering and works at her local community law centre as an educator, breaking down legal concepts into bite-sized shrapnel for everyday consumption. She has a healthy respect for lawlessness and believes there can be no democracy without the capacity for dissent.

TitleEntomology – A Case Study of Rare and Interesting Bugs
AbstractMany years ago the Earth was covered in plants, but today the flora and fauna that once ensconced our planet has been succeeded by cables and long pipes. A techno-Jungle known as the Internets has flourished. One thing has remained constant throughout this step in evolution - bugs have evolved and continue to thrive. During this talk you will be taken on a journey through the process of deciphering brief advisories, finding bugs and exploiting them to gain reliable code execution. Various tools will be discussed that can aid in this process and all demos will be performed live.
LocationSat 05 1600 @ The Opera House
Duration45 mins
NameJames Burton
OriginWellington, New Zealand
BioJames Burton is an intrepid Entomologist and the Chief Exploitation Officer (CXO) of Insomnia Security’s Malicious Engineering Research & Development Department. He spends much of his time hunting for bugs in the hope they will mature into fully-fledged remote shells. You may know him from his rapid climb to fame during the SkidWars competition of Kiwicon 3, or for dropping badass beats during Tokemon 2 at Kiwicon 4.

TitleDefiling Mac OS X
AbstractI thought it would be fun and educational to write a kernel rootkit for Mac OS X. Having never messed around in kernel memory before, it was quite an enlightening experience. OS X is similar enough to FreeBSD that a lot of the same techniques apply, but different enough that there are a few surprises in store. I'll show you how some common kernel rootkit techniques are implemented on OS X, which techniques Apple have broken, and hand-wave a bit about the possibilities for rootkit persistence that are presented by the EFI firmware used in current Macs.
LocationSat 05 1645 @ The Opera House
Duration30 mins
OriginA frostbitten mountain peak, Melbourne, Australia
BioOnce upon a time, snare was a code-monkey, cranking out everything from pre-press automation apps to firmware for Big F***ing Laser Machines. Then he got bored and decided to try his hand at the high-flying buzzword-ridden world of Information Security. A couple of thousand "weak SSL ciphers" write ups and a triple-bypass later, here he is.

TitleAge of the Infocalypse: Drink Everytime Someone Says 'Cyberwar'
AbstractThree years ago, I gave a talk called Fear, Uncertainty and the Digital Armageddon on the subject of critical infrastructure compromise. At the time, there was significant worry about the danger that digital sabotage posed to the systems that run our everyday lives. It appears that 'internet threat landscape' has changed considerably since then and that the Internet (and by proxy the world?) is a significantly more dangerous place. Cyberwar, Stuxnet, and APT have become common industry buzzwords. Malware has become prevalent on platforms other than windows, and it seems like every month or so another security company suffers a high profile compromise or data leak. Are we really hurtling towards the Infocalypse? An age where the Internet is mainly a conduit for espionage and organised crime? Or is this simply hype in a industry obsessed with $$$$??? This talk will examine aspects of the security arms race occurring today, one that is both digital and ideological.
LocationSat 05 1715 @ The Opera House
Duration45 mins
OriginSan Francisco, USA
BioA post-geographical technomad, headhntr enjoys big kit, forgotten networks, and LED-lit strolls in non-IP realms. Prior to his career as a console cowboy, prowling the digital badlands, he has worked for environmental agencies, magazines, governments, hackers-for-hire and doomed japanese startups. In addition to talking about himself in the 3rd person and presenting at security conferences he enjoys a drink and a chat about philosophy.

TitleSay my name, bitch! (IDN Homograph Mitigation Strategies)
AbstractThe advent of internationalised domains has introduced a new threat with the non-english character sets allowing visual mimicry of common domain names. IDN homographs have been a pressing issue since 2003 when they were proposed, the security implications considered, a flurry of patches and then forgotten about. These protections slipped out of source trees over the years and eventually with IDNs being implemented for several TLDs came back into fashion. In this talk we explore the efficacy of IDN homograph mitigation strategies in web browsers, email clients, mobile devices and evaluate the potential for social attacks and awesomeness.
LocationSun 06 0930 @ The Opera House
Duration30 mins
NamePeter Hannay
OriginPerth, Australia
BioPeter Hannay is a PhD student, researcher and lecturer based at Edith Cowan University in Perth Western Australia. His PhD research is focused on the acquisition and analysis of data from small and embedded devices. In addition to this he is involved in smart grid research and other projects under the banner of the SECAU research organisation.

TitleCybercrime meets the "meat space"
AbstractThis presentation will cover amongst other things the consequences when online crime meets traditional "real world" (layer 8) criminals.
LocationSun 06 1000 @ The Opera House
Duration45 mins
NameAlex Tilley
OriginFedville, Australia
BioAlex Tilley is a senior technical analyst with the Australian Federal Police's Cybercrime Operations Team.

TitleiPhone, iPwn
AbstractThe iPhone creates an impossible conundrum of epic proportions within the enterprise. With the rapid shedding of BlackBerry devices in favour of the toys of the Apple and Google fanboys and fangirls, has security has been put back on the shelf?

Let’s put iPhone security into a practical context as we explore what it means for one iPhone left behind in a lunchroom. Is the iPhone as “safe and secure” as the Cupertino kingdom would have us believe?
LocationSun 06 1115 @ The Opera House
Duration45 mins
NamePhilip Whitmore
OriginAuckland, New Zealand
BioCunningly hiding his megalomania complex by pretending to have a real job, Philip Whitmore leads KPMG’s Security Advisory Services practice. Philip’s sixteen years of infosec experience has taken him everywhere from undercover work in Redmond, Washington to breaking into vaults in South East Asia. From penetration testing to PCI DSS compliance and incident response, Philip puts a practical focus on security.

TitleMobile Apps and RFID - The Tale Of Two Techs
AbstractNick has previously presented on RFID security, and on mobile application security. This talk combines both these interests into one topic.

NFC on mobile phones is a new phenomenon and opens a lot of possibilities for research, particularly when talking aobut mobile payment platforms. Nick will discuss the good, the bad, and the ugly of mobile NFC, and hopefully provide a tool drop at the same time.
LocationSun 06 1200 @ The Opera House
Duration30 mins
NameNick von Dadelszen
BioNick von Dadelszen is a director of Lateral Security. Nick has been performing professional pen testing for over 10 years and has managed several sucessful penetration testing teams. He has worked with the majority of large corporates and Governement agencies in New Zealand and is a regular at Wellington ISIG meets (well not so regular since his first child), and on #kiwicon.

TitleHow the Channel screws security
AbstractA look into the conflicts and bollocks that goes on in the vendor world where everything is motivated by money and the impact that this has on trying to do security properly.
LocationSun 06 1330 @ The Opera House
Duration15 mins
NameJohn-Paul Sikking
OriginAuckland, New Zealand
BioIn the past, known simply as "the sales guy", John-Paul has been out there pimping the Security industry for the last dozen or so years. From selling and marketing services like pen tests with through to now representing the whole security portfolio over at Cisco. John-Paul has on both the pure-play and vendor sides of the security game, this provides a unique view-point of security products and services and how they are marketed and sold. John-Paul also like bacon, walks along the beach, beer and re-runs of the original Thunderbirds…FAB.

TitleThe Government is Your Friend and Wants You To Be Happy
AbstractThe government isn't ignoring the internet any more - it wants to control it. An update on the government internet filter, the three strikes copyright law, the Police's automated license plate recognition, Customs seizure of data at the border, website censorship and anything else suitably techy and control-freaky.
LocationSun 06 1345 @ The Opera House
Duration15 mins
NameThomas Beagle
BioThomas Beagle, co-founder of Tech Liberty ( and wannabe thorn in the side of the government.

TitleNational Cyber Security Centre (NCSC)
AbstractA brief overview of the recently launched NCSC and some of it’s future plans. (Barry also said he is happy to field questions regarding temporary webhosting solutions.)
LocationSun 06 1400 @ The Opera House
Duration15 mins
NameBarry Brailey
OriginWellington, New Zealand
BioBarry spent quite a few years in the British Army (‘doing stuff’) and moved to NZ 6 years ago. He then spent 3 or 4 in (private sector) IT Security before joining CCIP in 2009. He is now a member of the NCSC (whatever that means).

TitleCREST-NZ - What you need to know
AbstractThe New Zealand Internet Task Force (NZITF) has recognised that as the global security industry continues its rapid growth, a penetration testing certification is needed to ensure that as new entrants enter the NZ market the current high standard is maintained. The NZITF established a working group in late 2010 to identify a suitable certification model for New Zealand. CREST, The Council for Registered Ethical Security Testers ( clearly stood out as the leading International certification, and the NZITF are now working with the security industry and community to establish CREST-NZ. Come and hear about CREST-NZ, how you can get involved, and how high the bar actually is - CREST is no pay-your-monies-get-your-CEH-style certification.
LocationSun 06 1415 @ The Opera House
Duration15 mins
NameNarc0sis, bdg & metlstorm
OriginWellington, New Zealand
BioAn ex-Fed, a banker, and a hax0r walk into a con...

TitleA Picture is Worth a Thousand Bytes: Statistically innocent LSB steganography
AbstractThe point of steganography is not only to conceal a message inside an image, but also to conceal the fact that a hidden message even exists at all in the image. A common method is to manipulate the least significant bit(s). However, techniques based on this method typically suffer from a fundamental weakness: their ability to be detected statistically using the chi-squared test. In this presentation Edwin demonstrates an original algorithm that stands up to the chi-squred test in all but a few special cases. Reliable detection of data embedded using this algorithm is potentially very difficult, if not impossible.
LocationSun 06 1430 @ The Opera House
Duration15 mins
NameEdwin Hermann
OriginWellington, New Zealand
BioEdwin is a business analyst by day, and programmer, radio broadcaster, podcaster, web developer and code tinkerer by night. Not a real hacker, but he has been known to have dabbled in amateur hacking in his younger days.

TitleExploiting Layer 8 errors for fun and profit - the Kiwi version
AbstractWhy else you should pony up the $20 for that domain variant?
LocationSun 06 1445 @ The Opera House
Duration15 mins
OriginWellington, New Zealand
BioAlzeih is a wannabe hacker from Wellington who writes webapps for a day job, but would rather be breaking webapps for a day job, or telling others they're doing it wrong (and getting paid for it). She also thinks GUI's are for girls, not real programmers.

TitleAbode Vulnerabilities & Decrypting the Cloud
AbstractSee a couple of urbanadventurer's recent projects. 1) Abode Vulnerabilities. Learn how to bring hardware hacking closer to home by hacking New Zealand's most popular garage doors. This project is powered by the Arduino, the opensource hardware platform that makes electronics more accessible. 2) Decrypting the Cloud. This is a cautionary tale about failed opsec, weak crypto and misplaced trust in the cloud. Take a guided tour through a treasure trove of cracked ciphertext booty including CCs, SQLis, 0days, password dumps, and more.
LocationSun 06 1500 @ The Opera House
Duration15 mins
NameAndrew Horton / urbanadventurer
OriginWellington (but really from Christchurch)
BioAndrew aka urbanadventurer is a security consultant for He develops security tools such as WhatWeb, URLCrazy, and many more for use by whitehat IT security professionals.

TitleWho would win in a fight between Backus and Naur?
AbstractA short excursion into the strange world of Monte Carlo experiments and context-free grammars.
LocationSun 06 1515 @ The Opera House
Duration15 mins
OriginZurich, Switzerland
BioFrom the mean streets of Zurich to the peaceful shores of Aotearoa, Ben is a happy connoisseur of the simple things in life: 0day, root shells, and VIP parties thrown in his honor

AbstractMobile applications are the new hotness and it seems everyone wants to build one.
Unfortunately you have to build new app for each platform, so frameworks are popping up to bridge that gap.
We look at some abuses of one framework and the implication for your shiny new gadget. Surely we can't bug a phone using XSS?
Seems also there is a little known crowd out of Washington that have been swept up in the enthusiasm of exposing JavaScript APIs so now the same issues apply to your desktop too.
LocationSun 06 1600 @ The Opera House
Duration45 mins
NameKirk Jackson and Mike Haworth
OriginWellington, New Zealand
BioKirk Jackson is interested in developer security - how to make applications more secure and resistant to threats. He works at Xero, and has pen-testing and application development experience.
Mike Haworth is an aspiring software vandal and writer of self deprecating bios. Now gainfully employed with AuraInfoSec.

TitleF is for FAIL, FOBSKI and FOSM!
AbstractFOBSKI and FOSM will present a mock-a-minute review of the last 12 months insecurity (is that one word or two?). We wish to avail the esteemed constituency with alphabetically compacted tales of fails throughout this annus horribilis. This most splendid infusion of wisdom and fail may contain traces of advanced persistent threat, cyber, CISSP, lulz and IE6. No clouds were harmed during the synergistic optimisation of this most leveraged learning.
LocationSun 06 1645 @ The Opera House
Duration30 mins
OriginDowntown Auckland… next to the Vajazzlers. SHINY!
BioFOBSKI: Where to start on this man, he could be Taumarunui's finest son, but probably isn't (Ben Fouhey can have that title) but he is definitely the most ethnic sounding white dude as voted by a poll of 10 drunk ISP workers at the Bluestone Room on a Friday. He is making his inaugural appearance in the Kiwicon limelight, but has pedigree that few would question. This stallion of a man hails from the same stable as TMASKY and Oddy… a stable famous for providing incoherent ramblings on all manner of security related topics.

FOSM: Famous winner of the Rheineck Shandy Drinking Contest of '87, fosm has risen like a phoenix cola from his Kiwicon cherry busting inauguration for his sophomore performance about the state of security in 2011. For the first time ever fosm solemnly swears and vows not to mention pea, sea or eye. EVER. He's hot. And he's on a roll. He KNOWS who let the dogs out.

TitleClosing Ceremony & Prizegiving
AbstractAnd so another con draws to a close. Wrap up with prizes, lulz, and a few closing words from your gracious hosts.
LocationSun 06 1715 @ The Opera House
Duration15 mins
NameThe Kiwicon Crue
OriginWellington, New Zealand
BioBad guys wear black
You see us coming, and you all together run for cover.
We're taking over this town.