When: Saturday, November 20 and Sunday, November 21, 2010
Where: CQ Melbourne Function Centre (113 Queen Street, Melbourne)
Time: Doors open 8:00am on Saturday and 9:00am on Sunday. First presentation at 10:00am.
ALL RUXCON 2010 TICKETS SOLD. If you could not purchase a ticket in time due to special circumstances please email us.


Ruxcon is the premier technical security conference in Australia. The conference brings together the best and the brightest security talent within the Aus-Pacific region, through a mixture of live presentations, activities and demonstrations.

Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry professionals and  academics to enthusiasts. Ruxcon is unique in that it believes that a security conference should be accessible and affordable to all levels of the security industry.

Ruxcon 2010 is held over two full days (November 20 and 21) in the heart of the city of Melbourne.

Check out the hoodies and t-shirts we will have on offer at Ruxcon 2010.

Ruxcon 2010 Updates!

Posted by Ruxcon on 15 October 2010

It's been a while.... we thought we might shake the dust off this blog and give everyone a bit of an update.

First off the bat, our brand spanking new website is online! It's still a work in progress but most of the important information is up already. Please let us know if you find any issues or have some suggestions for improvements. We'll be adding new content over the coming weeks leading up to Ruxcon. Big thanks goes out to Tim and Matt for making this happen.

You can now register for Ruxcon and book your ticket via our online registration system. Don't worry, we do not collect any of your credit card information - you will be transferred to PayPal to carry out the financial transaction. PayPal does not require you to sign up for an account, you just need a visa or mastercard. Please register via

We're getting very close to finalising the 2010 speaker lineup. There are still a few more talks to come and we're looking at a jam-packed dual track schedule for both Saturday and Sunday.  We have quite a few guest speakers based overseas making the big trip out to Australia this year. Please check out the presentation list at for more information.

Also new for Ruxcon 2010, we have some really good training courses on offer. They will run (depending on bookings) on Thursday the 18th and Friday the 19th of November (just before the main conference). Please check them out at:

Finally, there will be no Ruxmon Meeting this month, we're just too busy to organise anything at the moment. We might have a social meetup at the end of the month depending on how things go. Some good news on the Sydney front, it looks like the Sydney based Ruxmon meetings will start up just after Ruxcon 2010. We hope they prove to be as successful as the Melbourne meetings.

Ruxmon June Meeting

Posted by Ruxcon on 30 June 2010

As most of you probably know we've been running Ruxcon Monthly Meetups in Melbourne.

For those unfamiliar, the format is a group of volunteer presenters from the local security community jumping up in front of the room to give a 5 to 20 minute talk on any security-related topic. Following the talks everyone usually makes their way over to one of the local bars for a beer and a chat.

So far we've had a host of great speakers covering a range interesting topics from source code auditing and vulnerability identification, OpenSSH privilege separation to a question and an answer panel with Wikileak's founder Julian Assange.

The most recent event was held on Friday, June 25.

First up was Sash telling us some stories from his experience as a security consultant. Sash has been around the trenches for a while, has had some interesting clients in that time. He gave some insight into various things that he's witnessed over the years.

Second up was Tim with his talk on PHP web application security. Tim gave a solid introduction to various bug classes that arise in poorly written (and even properly written?) PHP applications. The talk covered the usual XSS, CSRF and file include vectors we've all come to know and love and backed them up with some solid examples as well providing countermeasures and techniques to avoid these problems in your own code.

Finally, Eldar presented his hobby tool called Graudit, which he developed to do a quick assessment of source code to identify vulnerabilities using a library of regular expressions. The talk was a good example of what can be achieved using only simple techniques. Eldar even threw in a 0day his tool found for good measure.

The three sets of slides from this month's presenters can be found at the end of the post.

If you have a project or an idea and you think you would like to present, please let us know. The format is informal and we welcome people from the community to present.

We look forward to seeing you all next month!

Pownage Coquillage: Real World Tales From The Trenches - Sash Biskup (Stratsec)
Unsanitary Web Activities - Tim Noise (MovingData)
Static analysis with Graudit - Eldar Marcussen