haxx melbourne

We provide technical security classes and support for women who wish to break into the technical security field.

Flat Fill Twitter Icon
Envelope Icon for Email







About Us




haXX is an ethical hacking learning group for women trying to break into the technical security field. Founded in Melbourne in 2018, it provides hands on security classes for women with a burning desire to be in the technical security field with varying levels of technical experience.


Drop us an email if you would like to join our slack channel!


UPCOMING Events


Dates

Details

Location

4th September 2024

6:00 - 7:30 AEST

Understanding the Human Rootkit: Behavioural Insights that Helped an Engineer

by Tracy Tam


User behaviour sometimes confound us, as technical people, the same way a stubborn rootkit does. ​This talk introduces human behaviour science theories and practices that I found helpful in my ​research, teaching and engineering journeys. There will be hands-on activities to practice how to ​address these heuristics and reflect on current cyber-security conventions around human ​behaviour. By better understanding human bias and heuristics and how to work with them, we can ​better relate to our users, making cyber-security more engaging - and perhaps even help our own ​day-to-day frustration. This session will be under Chatham House rules.


RSVP: ​https://docs.google.com/forms/d/e/1FAIpQLSeeqO5KsKjunvw6QuyekkhEWEn7uTfPJd4aNCa7zm​Q6PC1bFQ/viewform

Melbourne CBD

previous WORKSHOPS



Dates

Talks

Speakers

21st March 2024

Introduction to Software Defined Radio (SDR)

Pamela O’Shea

previous CTFS



Date

Event

Hosts

2nd Nov 2023

6:30pm

CTF Introduction Workshop

Have you ever wanted to try Capture the Flag challenges?

Then join us to try out some fun online challenges together. You can play solo or team up with others. Just bring along your laptop and a Kali VM.


Chuanshu Jiang

Pamela O’Shea

previous TALKS



Dates

Talks

Speakers

29th June 2023

OpenID: Why SSO serious?

Chuanshu Jiang

27th June 2024

AI Unveiled: From Basic Concepts to the Work of AI Engineers

Shoko Ueno

1st August 2024

Wacky Windows Environment Variables

Annie Nie

previous COURSES


Dates

Courses

Instructors

Jan - May 2020

Introduction to Reverse Engineering

Hazel Kim

Ayoub Faouzi

Feb - May 2019

Introduction to Web Application Hacking

Dr. Pamela O'Shea

PREVIOUS cAREER TALKS



Dates

Career Series Talks

Speakers

18th June 2020

My security career journey

Lidia Giuliano

23rd July 2020

My security career journey

Louis Nyffenegger

27th August 2020

route print kylie.localhost

Kylie McDevitt

10th November 2020

eval'ing success, skills, and well-being in infosec

Matt Jones

14th May 2019

Stories from the trenches: Events and happenings from years of incident response

Kevin Manderson

6th April 2019

That’s not my name: Tales from half a career in IT forensics and security

Dr. Joanna Dalton

24th September 2019

Weaponising your social awkwardness: a novice red teamer's guide

@bl3ep

1st October 2019

Introduction to reverse engineering, malware analysis and anti-virus software

Hazel Kim &

Ayoub Faouzi


PREVIOUS SOCIAL MEETS



Dates

Social Meetups

Location

19th Sepember 2023

Our social catchups don't have any speakers, just turn up and hang out!

Mail Exchange Hotel, Melbourne

1st June 2023

Our social catchups don't have any speakers, just turn up and hang out!

Dr. Watson bar, Melbourne

12th December 2020


Our social catchups don't have any speakers, just turn up and hang out!

Picnic in Flagstaff Gardens, Melbourne

29th October 2020

Time to catchup online during the COVID lockdown.

Online

PREVIOUS Courses

Introduction to Reverse Engineering Course - January to May 2020



Between January and May 2020, we ran a series of hands-on evening classes on reverse engineering and malware analysis for 20 participants in ​person.


What did the course cover?

A brand new course on reverse engineering and malware analysis running during the evenings between January and May at SEEK. We teamed up ​with two experts from the Microsoft Defender ATP Research Team in Melbourne, Hazel Kim and Ayoub Faouzi.


Hazel and Ayoub wrote and then delivered the hands-on course. Participants learned how to read low level computer language, reverse engineer ​applications without source code and investigate the behaviour of malware.


2020 being the year that it was, our first class was initially delayed due to the bush fires and our final class was moved to an online format due to ​the pandemic. HaXX is very proud of our instructors and participants who persisted all the way to course completion acquiring their new security ​skills along the way.





Introduction to Web Application Hacking Course - February to May 2019


Between February and May 2019, we ran a series of evening classes on web hacking and we were delighted to have received 96 applications for 20 spots!


What did the course cover?

We assumed no prior penetration testing experience and kicked off with information gathering and how an attacker targets a company and its employees.


The rest of the course focused on the most common web application security vulnerabilities and participants were taught how to identify if issues existed in a web application and how to exploit the issues in order to gain control of a customer’s computer or a server.


Topics covered included Cross-Site Scripting (XSS), SQL Injection (SQLi), insecure direct object references (iDOR), insecure file uploads, XML external entity (XXE) attacks, deserialisation attacks, strategies for competing in bug bounties and capture the flags (CTFs).





PREVIOUS WORKSHOPS

Title: Introduction to Software Defined Radio (SDR)

Speaker: Pamela O’Shea

Date: 21st March 2024, 6:30 - 8:30 AEDT

Location: 152 Elizabeth Street, Melbourne



A hands-on workshop to help you explore the radio signals all around us. We will show you how to scan for signals, view pager messages, view ​airplane location messages and how to analyse consumer devices with remote controls.


No experience with radio is required, just bring along a laptop that can boot a USB. We will also provide a RTL SDR USB dongle for receiving the ​signals during the workshop.



PREVIOUS SECURITY TALKS

Title: OpenID: Why SSO serious?

Speaker: Chuanshu Jiang

Date: 29th June 2023, 6pm - 8pm (AEST)

Location: 152 Elizabeth Street, Melbourne


Have you ever used Single Sign On (SSO) to log into other services or apps? You are likely familiar with using Google or Facebook to SSO into other accounts or even use Okta or Microsoft at work. This talk will provide an introduction to OpenID Connect, a common authentication protocol used for SSO. Once you are familiar with OpenID, we will cover some web application security bugs that can occur when using SSO with some real world examples. This is a great chance to deep dive into a technology we all use everyday and hear about some of the security issues that can arise. This talk does not assume any web hacking knowledge, we will guide you along the way. You'll then be able to look for these bugs yourself!


Key takeaways:

  • An OIDC & OAuth walkthrough: What is OpenID and how does it relate to OAuth? What does an "OAuth" dance entail?
  • A brief history of OAuth bugs: Token stealing through redirects; Client impersonation; Insecure flows and more...
  • Real word bugs: The 2022 OWASP top bug - OAuth dirty dancing



PREVIOUS CTFS

Title: CTF Introduction Workshop

Hosts: Chuanshu Jiang & Pamela O’Shea

Date: 2nd Nov 2023, 6:30pm - 9:30pm (AEDT)

Location: 152 Elizabeth Street, Melbourne


The purpose of this CTF workshop was for people who wanted to try Capture the Flag in a friendly supportive environment. This workshop facilitated individuals or teams to play a series of challenges across different categories including crypto, forensics, reverse engineering and web application security. Our host, Chuanshu Jiang, also designed a series of original challenges called Nightmare Gallery, where hackers had broken into a gallery and it was the players job to restore the paintings to their original form.



Congratulations to our winners:

  • 🥇Bithiah Koshy
  • 🥈Shimsha Shetty
  • 🥉Team Annie Nie & Sophie McDonald


First scores on the nightmare gallery challenges to restore the hacked paintings went to team Annie & Sophie and to Emily Trau.


A very special thank you goes to Emily Trau and Joseph Surin for their challenges and along with SiJing Zheng, provided support at the event!


All our winners had a choice of prizes including a number of women in hacking and technology books. Happy reading everyone! 📚 ✨




PREVIOUS Career Series


Our career series talks aim to motivate and guide women in their technical careers, come with your questions!



Title: My security career journey

Speaker: Lidia Giuliano

Date: 18th June 2020, 6pm - 7pm (AEDT)

Location: Online


Lidia is a Black Hat USA speaker, organiser of BSides Melbourne, on the paper review board for Black Hat Asia, DevSecCon and countless other ​major activities she is involved in. Above all, Lidia is a genuine mentor to our industry and we are super lucky to have some of her time to share her ​career stories and what it is like being a technical security consultant in the USA and in Australia.







Title: My security career journey

Speaker: Louis Nyffenegger

Date: 23rd July 2020, 6pm - 7pm (AEDT)

Location: Online


Louis (@snyff/@pentesterlab) is a security engineer based in Melbourne, Australia. He is the founder of PentesterLab, a learning platform for web penetration testing. Come and listen to Louis talk about his security career and ask any questions about his journey which has included:


  • French Baccalaureate in Science
  • Working as an administrator (not sysadmin)
  • French Baccalaureate in Economy and Social Science (wanted to work in sales)
  • Studying Math and Computer Science at University
  • Changed to study Electronic and Computer Science
  • Diploma in Computer Architecture
  • Masters in security (2006)
  • Security consultant since 2006
  • Moved to Australia in 2009 as a penetration tester
  • Working a on code reviews since 2012
  • Working on AppSec/DevSecOps since 2014
  • Full time self employed since 2018







Title: route print kylie.localhost

Speaker: Kylie McDevitt

Date: 27th August 2020, 6pm - 7pm (AEDT)

Location: Online


Kylie McDevitt graduated from ANU with a Bachelor of Engineering and worked for Australia’s largest Telco as a radio engineer in MobileNet before moving into computer security, where she has been for the last 11 years. She has a Masters in Computer Networking as well as multiple industry certifications. Kylie has lectured at UNSW Canberra and spends her free time organising community events such as BSides Canberra and the CSides monthly security meetup.








Title: eval'ing success, skills, and well-being in infosec

Speaker: Matt Jones

Date: 10th November 2020, 6pm - 7pm (AEDT)

Location: Online


Matt is co-founder and director of elttam, an independent security consulting boutique. This talk is to help guide people navigating through or into infosec in 2020, including sharing perspective on trends and fads in the industry, getting insights into some of the opportunities and challenges independent security consultancies can face, balancing and building technical and soft skills, and tips for looking after your own well-being.













Title: Stories from the trenches: Events and happenings from years of incident response

Speaker: Kevin Manderson

Date: 14th May 2019, 6pm - 9pm (AEDT)

Location: SEEK, Melbourne


Kevin started in defence as a mainframe engineer in the 1970s and then industrial systems in the early 1980s. In 1988 he started in Incident Response by playing a small part in the containment of the Morris worm while working in Adelaide. In the 90s, he commenced his own business in consulting, web development and information security. He built a startup which undertook security gateway monitoring and incident response and sold it in 2000. Since then Kevin has been involved with a number of SOCs, has been an IT auditor, managed a large SCADA system and is now back in Incident Response. He has been either responder, manager or provided technical support for over 115 Cyber Incidents.


Among the many incidents and investigations managed by Kevin include the qbot malware event at the Royal Melbourne Hospital. Currently, Kevin performs incident response and threat intelligence at Telstra.






Title: That’s not my name: Tales from half a career in IT forensics and security

Speaker: Dr. Joanna Dalton

Date: 16th April 2019, 6pm - 9pm (AEDT)

Location: SEEK, Melbourne


Joanna Dalton has been called many things in her life, but boring is not one of them. Join us for a haXX special presentation where Jo will be discussing how she got started in digital forensics, switched to security and now combines the two as a network forensic specialist. She has a wealth of experience from working in large corporates, small businesses, as a contractor and an expert witness and will be giving a brutally honest description of how she balances her career, family and sanity. There’ll be tales from the front line of her investigations and other career highlights, including a bodyguard, a warehouse full of lingerie and an explanation as to why one bank refers to her as “XXX Gooch.”








Title: Weaponising your social awkwardness: a novice red teamer's guide

Speaker: @bl3ep

Date: 24th September 2019, 6pm - 8pm (AEDT)

Location: SEEK, Melbourne


We are delighted to host @bl3ep , who recently won 2nd place at the international DEF Con 27 social engineering capture the flag competition in Las Vegas, USA. An amazing achievement, earning her place by fighting the top competitors from around the world. @bl3ep will talk about her long preparation for the competition, how it went on competition day and what it is like to work as part of an amazing red team in her day job at Loop Secure. @bl3ep will also provide her advice and learnings from a newbie's first year. How to get better at hacking yourself, hacking others, and defence against the SE arts.






Title: Introduction to reverse engineering, malware analysis and anti-virus software

Speakers: Hazel Kim and Ayoub Faouzi

Date: 1st October 2019, 6pm - 8pm (AEDT)

Location: SEEK, Melbourne


Join us in welcoming two researchers from the Microsoft Windows Defender team here in Melbourne. The areas discussed in this talk will cover an introduction to reverse engineering, malware analysis and anti-virus software. As well as a brief history of malware and how they have evolved over the years. Hazel and Ayoub will also discuss how they they use reverse engineering in their jobs as security researchers at Microsoft.


Hazel Kim - Security Researcher at Microsoft

Hazel is currently working on improving the protection against various types of threats for Windows Defender. Since her first job at AhnLab from 2012, Hazel is getting into the rabbit hole of reverse engineering and malware world. She is also a n00b yogi and a passionate metalhead lml

https://www.linkedin.com/in/hs-hz-kim; https://twitter.com/Hazelash6


Ayoub Faouzi - Security Researcher at Microsoft

Ayoub Faouzi is a security researcher working at Microsoft, where he is involved with malware analysis cases, reverse engineering and security development projects. In the past, Ayoub worked for Avira and Lastline. In his free time he likes to spend time with his family and to travel around the world.

https://www.linkedin.com/in/ayoub-faouzi; https://twitter.com/LordNoteworthy




BookList

We have a great selection of books to give away as prizes at our events!





Category: Hacking


  • Blue Fox: Arm Assembly Internals and Reverse Engineering by Maria Markstedter




Category: Australian Security and Signals History


  • Radio Girl: The story of the extraordinary Mrs Mac, pioneering engineer and wartime legend by David Dufty


  • Factory: The Official History of the Australian Signals Directorate, Vol 1 by John Fahey




Category: UK Security and Signals History


  • The Bletchley Girls: War, secrecy, love and loss by Tessa Dunlop


  • Agent Sonya: Lover, Mother, Soldier, Spy by Ben Macintyre




Category: USA Security and Signals History


  • The Woman Who Smashed Codes by Jason Fagone


  • Code Girls: The Untold Story of the American Women Code Breakers of World War II by Liza Mundy



Category: Women Inventors & Engineers


  • Broad Band: The Untold Story of the Women Who Made the Internet by Claire L. Evans


  • Hedy's Folly: The Life and Breakthrough Inventions of Hedy Lamarr, the Most Beautiful Woman in the World by Richard Rhodes


  • The Thrilling Adventures Of Lovelace And Babbage by Sydney Padua



Category: Information Security Journalism


  • Countdown To Zero Day: Stuxnet and the Launch of the World's First Digital Weapon by Kim Zetter






Sponsors