haxx melbourne
We provide technical security classes and support for women who wish to break into the technical security field.
About Us
haXX is an ethical hacking learning group for women trying to break into the technical security field. Founded in Melbourne in 2018, it provides hands on security classes for women with a burning desire to be in the technical security field with varying levels of technical experience.
Drop us an email if you would like to join our slack channel!
UPCOMING Events
Dates | Details | Location |
21st March 2024 6:30 - 8:30 AEDT | Introduction to Software Defined Radio (SDR) Join us for a hands-on workshop to help you explore the radio signals all around us. We will show you how to scan for signals, view pager messages, view airplane location messages and how to analyse consumer devices with remote controls. No experience with radio is required, just bring along a laptop that can boot a USB. We will also provide a RTL SDR USB dongle for receiving the signals during the workshop. Please register here: https://docs.google.com/forms/d/1SzBTncs1khpdEjxOmbmrCKGuFseXoCWq2PnlrF7LsdM/ | Melbourne CBD |
Past COURSES
Dates | Courses | Instructors |
Jan - May 2020 | Introduction to Reverse Engineering | Hazel Kim Ayoub Faouzi |
Feb - May 2019 | Introduction to Web Application Hacking | Dr. Pamela O'Shea |
Past Security TALKS
Dates | Talks | Speakers |
29th June 2023 | OpenID: Why SSO serious? | Chuanshu Jiang |
Past CTFS
Date | Event | Hosts |
2nd Nov 2023 6:30pm | CTF Introduction Workshop Have you ever wanted to try Capture the Flag challenges? Then join us to try out some fun online challenges together. You can play solo or team up with others. Just bring along your laptop and a Kali VM. | Chuanshu Jiang Pamela O’Shea |
Past cAREER TALKS
Dates | Career Series Talks | Speakers |
18th June 2020 | My security career journey | Lidia Giuliano |
23rd July 2020 | My security career journey | Louis Nyffenegger |
27th August 2020 | route print kylie.localhost | Kylie McDevitt |
10th November 2020 | eval'ing success, skills, and well-being in infosec | Matt Jones |
14th May 2019 | Stories from the trenches: Events and happenings from years of incident response | Kevin Manderson |
6th April 2019 | That’s not my name: Tales from half a career in IT forensics and security | Dr. Joanna Dalton |
24th September 2019 | Weaponising your social awkwardness: a novice red teamer's guide | @bl3ep |
1st October 2019 | Introduction to reverse engineering, malware analysis and anti-virus software | Hazel Kim & Ayoub Faouzi |
Past SOCIAL MEETS
Dates | Social Meetups | Location |
19th Sepember 2023 | Our social catchups don't have any speakers, just turn up and hang out! | Mail Exchange Hotel, Melbourne |
1st June 2023 | Our social catchups don't have any speakers, just turn up and hang out! | Dr. Watson bar, Melbourne |
12th December 2020 | Our social catchups don't have any speakers, just turn up and hang out! | Picnic in Flagstaff Gardens, Melbourne |
29th October 2020 | Time to catchup online during the COVID lockdown. | Online |
Past Courses
Introduction to Reverse Engineering Course - January to May 2020
Between January and May 2020, we ran a series of hands-on evening classes on reverse engineering and malware analysis for 20 participants in person.
What did the course cover?
A brand new course on reverse engineering and malware analysis running during the evenings between January and May at SEEK. We teamed up with two experts from the Microsoft Defender ATP Research Team in Melbourne, Hazel Kim and Ayoub Faouzi.
Hazel and Ayoub wrote and then delivered the hands-on course. Participants learned how to read low level computer language, reverse engineer applications without source code and investigate the behaviour of malware.
2020 being the year that it was, our first class was initially delayed due to the bush fires and our final class was moved to an online format due to the pandemic. HaXX is very proud of our instructors and participants who persisted all the way to course completion acquiring their new security skills along the way.
Introduction to Web Application Hacking Course - February to May 2019
Between February and May 2019, we ran a series of evening classes on web hacking and we were delighted to have received 96 applications for 20 spots!
What did the course cover?
We assumed no prior penetration testing experience and kicked off with information gathering and how an attacker targets a company and its employees.
The rest of the course focused on the most common web application security vulnerabilities and participants were taught how to identify if issues existed in a web application and how to exploit the issues in order to gain control of a customer’s computer or a server.
Topics covered included Cross-Site Scripting (XSS), SQL Injection (SQLi), insecure direct object references (iDOR), insecure file uploads, XML external entity (XXE) attacks, deserialisation attacks, strategies for competing in bug bounties and capture the flags (CTFs).
PAST SECURITY TALKS
Title: OpenID: Why SSO serious?
Speaker: Chuanshu Jiang
Date: 29th June 2023, 6pm - 8pm (AEST)
Location: 152 Elizabeth Street, Melbourne
Have you ever used Single Sign On (SSO) to log into other services or apps? You are likely familiar with using Google or Facebook to SSO into other accounts or even use Okta or Microsoft at work. This talk will provide an introduction to OpenID Connect, a common authentication protocol used for SSO. Once you are familiar with OpenID, we will cover some web application security bugs that can occur when using SSO with some real world examples. This is a great chance to deep dive into a technology we all use everyday and hear about some of the security issues that can arise. This talk does not assume any web hacking knowledge, we will guide you along the way. You'll then be able to look for these bugs yourself!
Key takeaways:
- An OIDC & OAuth walkthrough: What is OpenID and how does it relate to OAuth? What does an "OAuth" dance entail?
- A brief history of OAuth bugs: Token stealing through redirects; Client impersonation; Insecure flows and more...
- Real word bugs: The 2022 OWASP top bug - OAuth dirty dancing
PAST CTFS
Title: CTF Introduction Workshop
Hosts: Chuanshu Jiang & Pamela O’Shea
Date: 2nd Nov 2023, 6:30pm - 9:30pm (AEDT)
Location: 152 Elizabeth Street, Melbourne
The purpose of this CTF workshop was for people who wanted to try Capture the Flag in a friendly supportive environment. This workshop facilitated individuals or teams to play a series of challenges across different categories including crypto, forensics, reverse engineering and web application security. Our host, Chuanshu Jiang, also designed a series of original challenges called Nightmare Gallery, where hackers had broken into a gallery and it was the players job to restore the paintings to their original form.
Congratulations to our winners:
- 🥇Bithiah Koshy
- 🥈Shimsha Shetty
- 🥉Team Annie Nie & Sophie McDonald
First scores on the nightmare gallery challenges to restore the hacked paintings went to team Annie & Sophie and to Emily Trau.
A very special thank you goes to Emily Trau and Joseph Surin for their challenges and along with SiJing Zheng, provided support at the event!
All our winners had a choice of prizes including a number of women in hacking and technology books. Happy reading everyone! 📚 ✨
Past Career Series
Our career series talks aim to motivate and guide women in their technical careers, come with your questions!
Title: My security career journey
Speaker: Lidia Giuliano
Date: 18th June 2020, 6pm - 7pm (AEDT)
Location: Online
Lidia is a Black Hat USA speaker, organiser of BSides Melbourne, on the paper review board for Black Hat Asia, DevSecCon and countless other major activities she is involved in. Above all, Lidia is a genuine mentor to our industry and we are super lucky to have some of her time to share her career stories and what it is like being a technical security consultant in the USA and in Australia.
Title: My security career journey
Speaker: Louis Nyffenegger
Date: 23rd July 2020, 6pm - 7pm (AEDT)
Location: Online
Louis (@snyff/@pentesterlab) is a security engineer based in Melbourne, Australia. He is the founder of PentesterLab, a learning platform for web penetration testing. Come and listen to Louis talk about his security career and ask any questions about his journey which has included:
- French Baccalaureate in Science
- Working as an administrator (not sysadmin)
- French Baccalaureate in Economy and Social Science (wanted to work in sales)
- Studying Math and Computer Science at University
- Changed to study Electronic and Computer Science
- Diploma in Computer Architecture
- Masters in security (2006)
- Security consultant since 2006
- Moved to Australia in 2009 as a penetration tester
- Working a on code reviews since 2012
- Working on AppSec/DevSecOps since 2014
- Full time self employed since 2018
Title: route print kylie.localhost
Speaker: Kylie McDevitt
Date: 27th August 2020, 6pm - 7pm (AEDT)
Location: Online
Kylie McDevitt graduated from ANU with a Bachelor of Engineering and worked for Australia’s largest Telco as a radio engineer in MobileNet before moving into computer security, where she has been for the last 11 years. She has a Masters in Computer Networking as well as multiple industry certifications. Kylie has lectured at UNSW Canberra and spends her free time organising community events such as BSides Canberra and the CSides monthly security meetup.
Title: eval'ing success, skills, and well-being in infosec
Speaker: Matt Jones
Date: 10th November 2020, 6pm - 7pm (AEDT)
Location: Online
Matt is co-founder and director of elttam, an independent security consulting boutique. This talk is to help guide people navigating through or into infosec in 2020, including sharing perspective on trends and fads in the industry, getting insights into some of the opportunities and challenges independent security consultancies can face, balancing and building technical and soft skills, and tips for looking after your own well-being.
Title: Stories from the trenches: Events and happenings from years of incident response
Speaker: Kevin Manderson
Date: 14th May 2019, 6pm - 9pm (AEDT)
Location: SEEK, Melbourne
Kevin started in defence as a mainframe engineer in the 1970s and then industrial systems in the early 1980s. In 1988 he started in Incident Response by playing a small part in the containment of the Morris worm while working in Adelaide. In the 90s, he commenced his own business in consulting, web development and information security. He built a startup which undertook security gateway monitoring and incident response and sold it in 2000. Since then Kevin has been involved with a number of SOCs, has been an IT auditor, managed a large SCADA system and is now back in Incident Response. He has been either responder, manager or provided technical support for over 115 Cyber Incidents.
Among the many incidents and investigations managed by Kevin include the qbot malware event at the Royal Melbourne Hospital. Currently, Kevin performs incident response and threat intelligence at Telstra.
Title: That’s not my name: Tales from half a career in IT forensics and security
Speaker: Dr. Joanna Dalton
Date: 16th April 2019, 6pm - 9pm (AEDT)
Location: SEEK, Melbourne
Joanna Dalton has been called many things in her life, but boring is not one of them. Join us for a haXX special presentation where Jo will be discussing how she got started in digital forensics, switched to security and now combines the two as a network forensic specialist. She has a wealth of experience from working in large corporates, small businesses, as a contractor and an expert witness and will be giving a brutally honest description of how she balances her career, family and sanity. There’ll be tales from the front line of her investigations and other career highlights, including a bodyguard, a warehouse full of lingerie and an explanation as to why one bank refers to her as “XXX Gooch.”
Title: Weaponising your social awkwardness: a novice red teamer's guide
Speaker: @bl3ep
Date: 24th September 2019, 6pm - 8pm (AEDT)
Location: SEEK, Melbourne
We are delighted to host @bl3ep , who recently won 2nd place at the international DEF Con 27 social engineering capture the flag competition in Las Vegas, USA. An amazing achievement, earning her place by fighting the top competitors from around the world. @bl3ep will talk about her long preparation for the competition, how it went on competition day and what it is like to work as part of an amazing red team in her day job at Loop Secure. @bl3ep will also provide her advice and learnings from a newbie's first year. How to get better at hacking yourself, hacking others, and defence against the SE arts.
Title: Introduction to reverse engineering, malware analysis and anti-virus software
Speakers: Hazel Kim and Ayoub Faouzi
Date: 1st October 2019, 6pm - 8pm (AEDT)
Location: SEEK, Melbourne
Join us in welcoming two researchers from the Microsoft Windows Defender team here in Melbourne. The areas discussed in this talk will cover an introduction to reverse engineering, malware analysis and anti-virus software. As well as a brief history of malware and how they have evolved over the years. Hazel and Ayoub will also discuss how they they use reverse engineering in their jobs as security researchers at Microsoft.
Hazel Kim - Security Researcher at Microsoft
Hazel is currently working on improving the protection against various types of threats for Windows Defender. Since her first job at AhnLab from 2012, Hazel is getting into the rabbit hole of reverse engineering and malware world. She is also a n00b yogi and a passionate metalhead lml
https://www.linkedin.com/in/hs-hz-kim; https://twitter.com/Hazelash6
Ayoub Faouzi - Security Researcher at Microsoft
Ayoub Faouzi is a security researcher working at Microsoft, where he is involved with malware analysis cases, reverse engineering and security development projects. In the past, Ayoub worked for Avira and Lastline. In his free time he likes to spend time with his family and to travel around the world.
https://www.linkedin.com/in/ayoub-faouzi; https://twitter.com/LordNoteworthy
BookList
We have a great selection of books to give away as prizes at our events!
Category: Hacking
- Blue Fox: Arm Assembly Internals and Reverse Engineering by Maria Markstedter
Category: Australian Security and Signals History
- Radio Girl: The story of the extraordinary Mrs Mac, pioneering engineer and wartime legend by David Dufty
- Factory: The Official History of the Australian Signals Directorate, Vol 1 by John Fahey
Category: UK Security and Signals History
- The Bletchley Girls: War, secrecy, love and loss by Tessa Dunlop
- Agent Sonya: Lover, Mother, Soldier, Spy by Ben Macintyre
Category: USA Security and Signals History
- The Woman Who Smashed Codes by Jason Fagone
- Code Girls: The Untold Story of the American Women Code Breakers of World War II by Liza Mundy
Category: Women Inventors & Engineers
- Broad Band: The Untold Story of the Women Who Made the Internet by Claire L. Evans
- Hedy's Folly: The Life and Breakthrough Inventions of Hedy Lamarr, the Most Beautiful Woman in the World by Richard Rhodes
- The Thrilling Adventures Of Lovelace And Babbage by Sydney Padua
Category: Information Security Journalism
- Countdown To Zero Day: Stuxnet and the Launch of the World's First Digital Weapon by Kim Zetter
Sponsors
