Quick List


TitleDefending the Gibson in the Age of Enlightenment

The year is 2016, dumped mailboxes are key presidential debate topics, ransomware runs rampant in corporate environments, toasters control large swathes of the internet and many alarming red lines on CSO powerpoint presentations are going up and to the right. In response, the $81 billion dollar cyber security industry is doubling down on blinky-lighted cyber divining rods, tarot card sharing platforms and neural network driven pcap ouija boards.

This talk will walk through some of the failed ideas we've seen and implemented in the last decade at Google while defending our environment, outline the alternative strategies that have genuinely worked, and preview some of the key technologies we’re betting on to protect our infrastructure in the coming years.

LocationThu 17 0915 @ The Michael Fowler Centre
Duration45 mins
NameDarren "sham" Bilby
OriginSydney, Australia

Darren is a Digital Janitor and Staff Security Engineer at Google, who currently manages the Sydney based Infrastructure Protection team. Over the past 10 years at Google he has played many roles including tech lead for the Global Incident Response team, manager of the European detection team, software engineer and application tester.

Prior to joining Google, he grew up on the mean streets of Auckland's North Shore, spent more time than is healthy on irc and staring at code, started some minor chaos, and paid his dues working in the NZ security consultancy salt mines.

TitleThe mjg59 Smile Time Variety Half Hour

People want stunt hacks of dog feeders and space shuttles. People need meaningful improvements in security. You can't always get what you want[1], even if you might get what you need[2].

But fuck that. This is Kiwicon. I'm going to give you what you want *and* what you need.

In 30 minutes you'll learn about a brand new defensive technology that'll mitigate a bunch of privilege escalation attacks and container escapes, something that'll let you verify that an Onion endpoint didn't boot an NSA software stack and a 2FA solution for checking nobody's replaced your system firmware with a thinly veiled pretext.


You'll also hear about terrible IoT devices, why nobody should be allowed to do their own encryption, how basically everybody screws up transfer of devices to new accounts and probably some more bullshit after I dig my way through the pile of boxes of dubiously sourced equipment sitting in my living room.


[1] Rolling Stones, 1969
[2] Rolling Stones, 1969

LocationThu 17 1000 @ The Michael Fowler Centre
Duration30 mins
NameMatthew "mjg59" Garrett
OriginOakland, CA, USA

Matthew Garrett is a qualified fruitfly geneticist and an unqualified software developer[1] who has spent too much time reverse engineering dreadful things and dearly wants to give something back to the world so he's not just remembered for that one time where he said some things about a smart plug and was suddenly big on Weibo

[1] although he has an RSA Stage 1 CLAIT in word processing, spreadsheets and databases (Distinction)

TitleHacking HID iClass
AbstractA short recap of the security and insecurity of HID iClass RFID access cards. The differences between between iClass Elite™ and standard, includes flaws and exploits.
LocationThu 17 1030 @ The Michael Fowler Centre
Duration15 mins
NameWilliam "AmmonRa" Turner
OriginBeijing, China
BioWhite hat sell-out*.

TitleFinding and Exploiting Access Control Vulnerabilities in Graphical User Interfaces

Graphical user interfaces (GUIs) contain a number of common visual elements or widgets such as labels, text fields, buttons, and lists. GUIs typically provide the ability to set attributes on these widgets to control their visibility, enabled status, and whether they are writable. While these attributes are extremely useful to provide visual cues to users to guide them through an application's GUI, they can also be misused for purposes they were not intended. In particular, in the context of GUI-based applications that include multiple privilege levels within the application, GUI element attributes are often misused as a mechanism for enforcing access control policies.

In this session, we introduce GEMs, or instances of GUI element misuse, as a novel class of access control vulnerabilities in GUI-based applications. We present a classification of different GEMs that can arise through misuse of widget attributes, and describe a general algorithm for identifying and confirming the presence of GEMs in vulnerable applications. We then present GEM Miner, an implementation of our GEM analysis for the Windows platform. We evaluate GEM Miner using real-world GUI-based applications that target the small business and enterprise markets, and demonstrate the efficacy of our analysis by finding numerous previously unknown access control vulnerabilities in these applications.

LocationThu 17 1130 @ The Michael Fowler Centre
Duration30 mins
NameCollin Mulliner
OriginBrooklyn, NY, USA
BioCollin Mulliner is a systems security researcher with focus on software components close to the operating system and kernel. In the past he spent most of his time working on mobile and embedded systems with an emphasis on mobile and smart phones. Collin is interested in vulnerability analysis and offensive security as he believes that in order to understand defense you first have to understand offense. Collin received a Ph.D. from the Technische Universitaet Berlin in 2011, and a M.S. and B.S. in computer science from UC Santa Barbara and FH-Darmstadt. Lately Collin switched his focus to the defensive side to work on mitigations and countermeasures. Collin is also co-author of The Android Hacker's Handbook.

TitleRadiation-induced cryptographic failures and how to defend against them

It's been known for some years now that encryption can be highly susceptible to fault attacks in which a memory or CPU glitch leads to a catastrophic failure of security. These types of faults occur mostly in conference papers, but there's one situation in which they're expected as part of normal operations: When the crypto is operated in a high-radiation environment like a nuclear reactor. This talk looks at the effects of radiation on computer security mechanisms (and computers in general), and outlines means of protecting crypto in environments where you need to expect data and computation results to modify themselves at random.

Anyone planning to have children in the future should avoid sitting in the first two rows during the demo.

LocationThu 17 1200 @ The Michael Fowler Centre
Duration30 mins
NamePeter Gutmann
OriginAuckland, New Zealand
BioPeter Gutmann is a researcher in the Department of Computer Science at the University of Auckland working on design and analysis of cryptographic security architectures and security usability. He helped write the popular PGP encryption package, has authored a number of papers and RFC's on security and encryption, and is the author of the open source cryptlib security toolkit, "Cryptographic Security Architecture: Design and Verification" (Springer, 2003), and a perpetually upcoming book on security engineering. In his spare time he pokes holes in whatever security systems and mechanisms catch his attention and grumbles about the lack of consideration of human factors in designing security systems.

TitleAttacking OSX for fun and profit

For the purposes of a documentary. I got asked to hack a journalist. His request, verbatim was "I want to see how badly you can fuck up my life if you got control of my laptop".


This was a trial by fire of "holy crap there aren't the tools to do this". This talk will describe the problem statement of "how 2 shot web" against osx, describe the process I took, what I learned along the way, and end with the horribly horribly written tool I wrote, some discussion about other tools that now exist (last year defcon these tools didn't exist), and some tradecraft around how to attack osx.

It'll be fun!

LocationThu 17 1345 @ The Michael Fowler Centre
Duration30 mins
NameDan "Viss" Tentler
OriginSan Diego, CA, USA
BioDan Tentler is the founder and CEO of The Phobos Group, a boutique information security services company. Previously a co-founder of Carbon Dynamics, and a security freelancer under the Aten Labs moniker, Dan has found himself in a wide array of different environments, ranging from blue team, to red team, to purple team, to ‘evil hacker for a camera crew’. When not obtaining shells or explaining against how to get shelled, Dan enjoys FPV racing, homebrewing, and internet troublemaking.

TitleCompliance in the Cloud: It's what you make of it
AbstractHi, I'm Geoff and I've spent the last five years in the Amazon Cloud Mines for House Benioff (words: "Dreamforce is coming"), rising from exaulted Erlang programmer to lowly System Architect / Whiteboard Artist in Residence. With your patience I should like to wax lyrical about the virtues of compliance programs, talk about the aspects of security that the cloud makes easy, those the cloud makes hard, ponder a unix analogy for an age-old thological problem, and perhaps dispense free startup ideas. Oh, and throw a modicum of shade at vendors who still seem to roll like it's 2003, selling virtual pizza box appliances in the AMI marketplace.
LocationThu 17 1415 @ The Michael Fowler Centre
Duration30 mins
OriginSan Francisco, CA, USA
  • In many profile pictures I have a cat on my head
  • I have written Erlang for money in a surprising number of countries
  • I have finagled myself a living drawing lucidchart diagrams, and attempting to convince people to do less terrible ideas
  • It has been a long time since I danced on television in Poland
  • A surprising number of these true facts would bear considerable scrutiny
  • Wellington has the best coffee

TitleActive Incident Response: Kiwicon Edition

Security breaches are becoming a daily occurrence now. Wake up, check your twitter and see who the latest victim is. In early 2015, during an acquisition by Telstra, Pacnet was breached -- and suddenly it was us. We spent most of the year responding to a series of security incidents in the Pacnet network which are linked together and believed to be targeted.

We will demonstrate using examples from the Pacnet breach and follow-on waves, how we responded to the incidents and the visibility required to respond to a security incident which spans a global network.

Using a combination of intelligence, hunting and active defense we explore actor TTPs, tools and activity associated with this campaign. Expect to see pcap decodes, command-line activity and actor typos.

LocationThu 17 1445 @ The Michael Fowler Centre
Duration30 mins
NameBrian Candlish & Christian Teutenberg
OriginCanberra, Australia

Brian Candlish is a Security Researcher for Australia's largest telecommunications company, who spends his days and nights making the internet a safer place. His interests in information security include attack and detection techniques, intelligence and “active defence”. He enjoys hunting adversaries on large corporate networks.

Christian is a Senior Security Specialist for Australia’s largest telecommunications provider. He specialises in hunting for evidence of breach with endpoint, network and log data. He has over a decade of experience in information security, with a background focusing on intrusion detection, incident response and computer forensics for the enterprise.

TitleOut of the Browser into the Fire: Exploiting Native Web-based Applications
AbstractThe evolution of the web has blurred the line between traditional web applications and native clients. In an effort to allow web developers to build powerful desktop applications quickly, web technologies have been put into standalone client-side containers, all the while security has remained an afterthought. In this talk we will demonstrate a new class of attacks, that can be leveraged to exploit critical vulnerabilities in popular desktop applications implemented using embedded web technologies. We'll demonstrate leveraging XSS in native desktop applications to exfiltrate sensitive files, create messaging worms that can infect an entire organizations, and gaining arbitrary native code execution, all without the need to bypass DEP, ASLR and other modern operating system protections.
LocationThu 17 1515 @ The Michael Fowler Centre
Duration30 mins
NameMoloch & Shubs
OriginSan Francisco, USA & Sydney, Australia
BioMoloch - I like computers Shubs - Bug bounty hacker, recon enthusiast

TitlePractical Phishing Automation with PhishLulz

If you do Phishing attacks on a regular basis, you will end up using a framework or scripts to automate some of the tedious parts. You have your preferred web stack for phishing pages, your custom SMTP delivery system (with SPF/DKIM enabled AND good reputation - of course), your payloads and so on, and you need to maintain all of that while evolving it at the same time.

Where do you host your phishing infrastructure? What happens if the target blacklists your phishing FQDNs or IPs? Moreover, do you have a template system for HTML emails, including victim fingerprinting with automated and targeted exploit delivery?

If you have such needs and you do all the above manually, then PhishLulz comes to the rescue.

PhishLulz is a Ruby toolkit to dynamically instantiate phishing instances on the fly. You can use Amazon, OpenStack, libvirt and much more (the ruby Fog gem comes to the rescue), which means you can use it to deploy internal phishing VMs, or have everything public in the cloud. It comes with a Debian Amazon EC2 image pre-configured with PhishingFrenzy, BeEF, Metasploit, ShellTer, Veil and other useful tools for phishing engagements (Mr.Robot will be lost, he uses SET !!).

PhishLulz allows to focus on pretext creation and payload customisation, automating for you all the tedious configurations related to the phishing infrastructure.

Multiple real-life stories from engagements done with PhishLulz will be discussed, including automated functionality to concurrently grep Outlook Web Access and Outlook 365 webmails with different credentials.

In the middle of all of this, we will also analyze some interesting real-life scenarios of phishing lures spotted in the wild.

As a side note, PhishLulz will be exclusively released at KiwiCon X.

LocationThu 17 1630 @ The Michael Fowler Centre
Duration30 mins
Bioantisnatchor is the lead core developer and smart-minds-recruiter for the BeEF project. Michele is also the co-author of the "Browser Hacker's Handbook". He has a deep knowledge of programming in multiple languages and paradigms, and is excited to apply this knowledge while reading and hacking code written by others. Michele loves lateral thinking, black metal, and the communist utopia (however, there is no hope). He also enjoys speaking and drinking at a multitude of hacking conferences, including CONFidence, DeepSec, Hacktivity, SecurityByte, AthCon, HackPra AllStars, ZeroNights, OWASP AppSec USA, 44Con, EUSecWest, Ruxcon, InsomniHack, PXE, BlackHat. Besides having a grim passion for hacking and programming, he enjoys leaving his Mac alone, while s/phishing/fishing/ on saltwater and hoping for Kubrick's resurrection.

TitlePHP Internals: Exploit Dev Edition

This talk will give a tour about PHP Internals. It'll take the audience on a journey from the design behind a custom PHP fuzzer, to how PHP internal heap can be exploited. It will also cover some of the changes in PHP 7 Internals and what that means from an exploit dev perspective. A sample of interesting and unusual PHP bugs that I had discovered will also be presented. I hope to be able to share what had worked for me and what are some of the lessons I've learnt throughout this journey.

LocationThu 17 1700 @ The Michael Fowler Centre
Duration45 mins
NameEmmanuel Law
OriginWellington, NZ.

Emmanuel Law (@libnex) is a Principal Security Consultant from Aura Information Security. He works as a penetration tester during the day. By night he can be found fuzzing and exploiting binaries. Recently he has a new found hobby in hacking away at PHP internals.

TitleCan applications contain themselves?
AbstractContainers are all the rage right now, but at the heart of them is just Linux cgroups and namespaces, so code. This talk will cover an experimental wrapper of the go build toolchain that will allow your application to contain itself. Some interesting things can be gained from this method including a perfect seccomp whitelist. Instead of just imaging a world, you can live in one where you have a perfectly static binary that is capable of isolating itself on start with namespaces, cgroups, seccomp, and apparmor.
LocationThu 17 1745 @ The Michael Fowler Centre
Duration15 mins
NameJess Frazelle
OriginSan Francisco, CA, USA
BioType-casted as the person who runs everything in containers including desktop apps. Open source fanatic. Has been described as a "Weird sunbeam of awesome".

TitleNot So Random - Exploiting Unsafe Random Number Generator Use

PRNG? CSPRNG? Do these acronyms mean anything to you? What's the difference? Why does it matter? After all, your app's password reset tokens are definitely generated with a CSPRNG, right?

This talk covers the exploitation of unsafe random number generation across a number of languages. Just how practical is it?

In this talk we'll discuss a bit of background, what insecure random number generation looks like, and some practical examples of real-world exploitation. We'll then look at options that are available to developers to avoid these issues in their own applications.

LocationThu 17 1800 @ The Michael Fowler Centre
Duration30 mins
NameBrendan "hyprwired" Jamieson
OriginWellington, New Zealand
BioBrendan Jamieson (@hyprwired) is a security consultant for Insomnia Security, based out of Wellington. He is active in the .nz infosec community, having spoken at Wellington's ISIG, OWASP New Zealand Day, and involved in a number of Kiwicons as a speaker; a trainer; and also co-event organiser for the Hamiltr0n CTF.

TitleA Monster of an Attribution Problem

What happens when a threat actor appears put of the blue?

You have a monster of an attribution problem.

This talk is all about performing attribution on recent events regardless of "vendor intelligence".

LocationFri 18 0915 @ The Michael Fowler Centre
Duration15 mins
OriginAuckland, NZ

This talk is brought to you by [redacted]. After years working for [redacted] the gloves are finally off.

This speaker brings their wealth of knowledge to the stage. A career that is nothing short of stellar. Nothing.

Few major companies have not met with this speaker at one time or another.

TitleHacking AWS end to end

All the things are and/or will be on AWS now but the public state of the art AWS hacking techniques are some combination of 1. Search Github for access keys, 2. Start up EC2 instances and mine Bitcoin. That's pretty poor and not at all realistic.

The talk will be presented as a guide on how to hack an AWS account start to finish:

  • External reconnaissance and target selection
  • Initial compromise and trust abuse
  • Log disruption
  • Persistence
  • Exploration and exfiltration
  • Privilege escalation and lateral movement
  • Other things (tm)
  • LocationFri 18 0930 @ The Michael Fowler Centre
    Duration45 mins
    NameDaniel Grzelak
    OriginSydney, Australia.
    BioDaniel is a 100% cyber-free Security Intelligence Manager at Atlassian. He files TPS reports so that his team can fight the good fight, detecting bad guys pwning the clouds. He once opened the AWS web console and is now totally an expert in hacking AWS.

    TitleLuring developers with candy and other evil tricks

    Security teams have historically been the scary people in black with stompy boots off in the corner, not talking to anyone. We're not talking to anyone because they're scared of us, and that fear has caused more bugs than we've ever fixed. It's also stopping us from talking to the teams that can do more to help us than anyone else, designers.

    Wait, designers, really? And what's this about candy?

    Lemme tell you a story about a different way, why you'd really like to change how you work, and how you get there. You don't even have to get rid of the boots, I promise.

    LocationFri 18 1015 @ The Michael Fowler Centre
    Duration30 mins
    NameEleanor Saitta
    OriginNYC, USA.

    Eleanor Saitta has been fucking around with the Internet since 1994, when she had the unfortunate experience of learning FORTRAN 77 on IRIX. It's mostly been uphill since then, including eight years working for a string of consultancies (IOActive, Security Innovation, iSec Partners, and Stach & Liu), a few years doing security support and toolbuilding for NGOs and news organizations targeted by nation states, a lot of work on the Trike threat modeling tool, and a bunch of conference talks (ToorCon, CCC, Hack-in-the-Box,, O'Reilly Velocity, &c). She's now a staff engineer and the security architect for Etsy.

    TitlePrince of Persia

    Basically we poked a thing, turned out to be a decade (+) of Iranian espionage - then we broke it.

    LocationFri 18 1130 @ The Michael Fowler Centre
    Duration30 mins
    NameSimon Conant
    OriginSeattle WA, USA.

    I grew up @ Geraldine/Timaru, left NZ on my OE in '95 and kinda forgot to come back...

    Simon is a Senior Threat Intelligence Analyst in Palo Alto Network’s Unit 42 research group. He draws upon more than 25 years of international experience in the fields of computer and Internet infrastructure, networking, and security and investigation, including several years in the Microsoft Security Response Center. He was involved in founding Microsoft's CSS Security & Internet Crime Investigation teams and the International Botnet Task Force.

    TitleSDIR: Software Defined InfraRed

    There have never been more infrared signals, from the remote control toys and televisions that we all know, to audio distribution systems and unintentional emissions from electronic equipment.

    Off the shelf receivers have helped people to decode signals in the past, however these existing techniques lack the ability to detect high speed communication signals without prior knowledge of protocol. Using low cost hardware that anyone could put together, we have been able to apply Software Defined Radio techniques to infrared signals.  In doing so, we are able to detect and interpret unknown infrared communications and emissions, opening the door to a new era in exploration.

    As a proof of concept, I'll demonstrate how anyone can reverse engineer a simple IR protocol using hardware that they can build at home.

    LocationFri 18 1200 @ The Michael Fowler Centre
    Duration30 mins
    NameDominic Spill
    OriginLondon, UK
    BioDominic Spill is senior security researcher for Great Scott Gadgets. The US government recently labelled him as "extraordinary". This has gone to his head.

    TitleLet’s do the Timewarp Again

    GPS is used for life critical services like finding a date on Tinder, hailing an Uber to drive to the date and checking the time to ensure you are not late to the date. What happens when GPS breaks? Well for less than US$500, GPS can be spoofed, so you can be anywhere on the planet, at any time in history.

    This talk will look at spoofing GPS and what happens when the time no longer travels forward, at the rate of 9,192,631,770 vibrations of the ¹³³Cs atom. We can make NTP go backwards. We can make the GPS on your iPhone think it is 1970 all over again. What happens to your systems in 2038 or on 31 December 9999? What happens to time based two factor authentication when the assumption of time only goes forward is broken?

    “Oh noes, how can we stop all these fun GPS shenanigans?” Well that is where gpsnitch steps in.

    LocationFri 18 1345 @ The Michael Fowler Centre
    Duration30 mins
    OriginWellington, New Zealand
    BioHacks pens for Mr Bogan by day. Picks locks and hacks radio by night.

    TitlePwning ML for Fun and Profit

    Everyone is talking ML this and AI that as if they expect some kind of Utopian beast to be waiting just behind the next door and whisk us all away to a technological-paradise. It would seem dire warnings of every Sci-Fi book and movie ever haven't been enough to dissuade people from cooking statistics and math into an techno-optimist soup of dubious origin and expecting us to swallow. Obviously security can't just sit here and watch the catastrophes unfold. I aim to lay out some of the most awful yet still amusing examples of how and why we can and will break things. This presentation attempts to offer the audience a refreshingly realistic look at the terrible flaws in ML, the ease of altering outcomes and the dangers ahead..

    LocationFri 18 1415 @ The Michael Fowler Centre
    Duration45 mins
    NameDavi Ottenheimer
    OriginSF, USA.

    Winner of the KiwiCon7 "best dressed" award. Also president of flyingpenguin, co-author of the book “Securing the Virtual Environment: How to Defend the Enterprise Against Attack,” and author of upcoming book about the infrastructure flaws behind learning systems: "The Realities of Securing Big Data".

    TitleNodeJS: Remote Code Execution as a Service

    It is a period of civil war. You, mighty MODERN JAVASCRIPT DEVELOPER (insane person) wield the power of cutting-edge hipster technologies on your NodeJS utility belt. With npm, you can swap-in other people’s code^W^W^W any new hipster technology you want with a single command, ready to deploy to your production environment at a moment’s notice. Sipping your salted-caramel spiced chai latte, you pleasantly think to yourself “It’s so wonderful that NodeJS and npm are such great things, I couldn’t possibly imagine a way in which they could ever go bad”. You sit peacefully, knowing that everything in life is so serene and secure.

    In this talk, we crush your hopes and dreams of using NodeJS for anything in a safe way. We talk a little bit about trust, why you shouldn’t have any, and restore freedom to the galaxy...

    LocationFri 18 1500 @ The Michael Fowler Centre
    Duration15 mins
    NameJeff "Peabnuts123"
    OriginAuckland, New Zealand
    BioJeff “peabnuts123” is a Software Developer with a bit of an interest for security on the side. He has spent the last few years bashing his head against the wall in the modern javascript world, but also has irons in many fires not related to web development. Frequently starts projects on a whim. Generally speaks in superlatives. Ask him about Lua if you don’t wish to speak about anything else for the rest of the night.

    TitleNew Zealand, we (nearly) have a National CERT.

    In May of this year the government announced new investment to establish a National CERT. Since then there has been a flurry of activity to make it all happen. What is it about? What does it mean for you? When does it go live? Come to our lighting talk and find out!

    LocationFri 18 1515 @ The Michael Fowler Centre
    Duration15 mins
    NameDeclan Ingram
    OriginWellington, NZ.

    Declan has been floating around the industry for some time doing penetration testing, responding to incidents and trying to bring a heavy dose of reality to risk assessments. He is working on the CERT NZ establishment project and generally having a great time having escaped Australia for Wellington.

    TitleRed Star OS will bring the imperialist aggressors and Park Geun-Hye clique to their knees

    In the 1990s, comrade Torvalds and the Respected Marshall Richard Stallman brought socialist innovations to the field of operating system development, guided by the principles of Kim Il-Sung thought. It wasn't long before imperialists in both the USA and Germany perverted this peoples' movement by appropriating open source code for profit, now generating billions of dollars a year to fill their coffers and fund their unwarranted aggression towards the Workers' Party of Korea. The Democratic Peoples Republic of Korea, under the wise guidance of First Secretary of the Workers' Party of Korea Kim Jong-Un, has now produced a revolutionary new Linux distribution that will rapidly become adopted as the world's operating system of choice, and spur a movement to overthrow the oppression of the imperialist capitalist system.

    This talk will showcase the many advanced features of Red Star OS that are not present in modern imperialist distributions, including:

    • Sys-V Init, as systemd is reactionary and incompatible with Juche ideology
    • Intuitive interface inspired by the work of the deceased comrade Jobs
    • Powerful anti-virus enabled by default
    And much more.

    LocationFri 18 1615 @ The Michael Fowler Centre
    Duration15 mins
    NameLord Tuskington
    OriginBrisbane, Australia
    BioLord Tuskington is a walrus, native to Greenland, now living in Brisbane. He is the Chief Financial Pinniped for TuskCorp, and a strong proponent of spreading Juche ideology.

    Title_blank slate

    Unbeknownst to many web developers, a common "feature" of link elements in HTML can leave a website wide open to a tabnapping attack. Jen will show this wonderful "feature" in operation, demo how easy it is to exploit, and talk about mitigations.

    LocationFri 18 1630 @ The Michael Fowler Centre
    Duration15 mins
    OriginWellington, NZ

    Jen is a frontend dev at Catalyst in Wellington. She is alto responsible for making last year's Kiwicon website have wayyyyyy too many buttons, and is the director of next March's national JavaScript conference, nz.js(con);

    TitleKicking Orion's Ass-sets
    AbstractSolarWinds has this tool called Orion. It does great things. It does horrible things. I did some C# fun decompiling and it was hilarious. You should come and laugh with me. I told SolarWinds about it, they said they would fix it. The End.
    LocationFri 18 1645 @ The Michael Fowler Centre
    Duration15 mins
    OriginPo-dunk Virginia, USA

    TitleCondensed History of Lock Picking

    In the 1800s Windows 0days were extremely rare, so hackers at the time had to settle for the delicate art of lockpicking. In this short talk, we’ll learn about some of the zany lock mechanisms the aristocracy came up with to secure their valuables. We’ll talk about lock picking bounties and the transient era of perfect security. Yes, that’s right. Perfect Security. These ARE your great-great-great grandparents’ stories, so buckle up kiddo, you’re in for a wild ride.

    LocationFri 18 1700 @ The Michael Fowler Centre
    Duration15 mins
    NameGrace Nolan
    OriginChristchurch, NZ

    Grace Nolan is a recent computer science graduate of the University of Waikato in Hamilton, New Zealand and a full-time systems developer for Enable Ltd, a fibre broadband company in Christchurch. Amongst her passions for the field is a keen interest in the societal implications of technology, and the need for better representation and gender parity in CS. She gives talks to secondary students and their teachers, working closely with CS outreach organisations, and attending 'Women in Tech' workshops and conferences (such as the Grace Hopper Celebration). She's an enthusiastic choral singer, tea fanatic, and paints watercolours of flowers when she's not devouring the latest in tech news.

    TitleContactless Access Control

    Have you ever forgotten your swipe card? Locked yourself out of your secure facility or don't know anybody on the inside? Don't worry, we've got your back. With our patent pending contactless cyber door-access control system, we'll have you back inside in no time. Does it involve high voltages? Yes. Will you require a license to broadcast? Maybe. Would Marconi be pleased? No.

    LocationFri 18 1715 @ The Michael Fowler Centre
    Duration15 mins
    NameRyan and Jeremy
    OriginAuckland, NZ

    Jeremy and Ryan are embedded engineers who like to look way too hard at silly things. Occasionally they find hilariously broken things that they like to share.