Hi there 
, I'm Buffy!
ð©ð»âð» Â?About Me
Buffy (she/they) was born of a
- ð©ð»âð» Security Engineer at Canva.
âï¸ Background in SecOps, web application penetration testing, cloud security.ð I blog about the intersection of technology, governance and security and people first security principals.ð» I develop utilities and tools in Python.ð USB Canary was featured in Bleeping Computer in 2017.
ð? Â?Tech Stack
ð» Â?ð¢ Â?âï¸ Â?âï¸ Â?
ð¤ Â?Meetups, Conferences and Training Appearances
2019
[Debate] The Big Cloud Security Debate: Hackers vs Security Engineers - November 2019
A debate organised by ANZ, Contino and Meetup Madness where 4 hackers vs 4 security experts engaging in a fiery debate to determine all the ways they can hack and defend cloud environments. errbufferoverfl participated as part of the "hackers"/"red team".
[Conference] A Brief History of Tamper Evident Locks - October 2019
A talk that discussed common "canary locks" or locks with tamper evident mechanisms through the ages, Buffy trawlled through 11,335,427 patents to identify several high and low profile locks and their known, or speculated bypass techniques.
[Training] Snake Charming for Beginners - April 2019
Snake-charming is an age-old practice of hypnotizing snakes by playing and waving a murli - in the modern day this practice looks much different, equipped with an Integrated Development Environment (IDE), a clackity keyboard and a trusty guide we'll be taking you through how you can effectively charm Python 3.6.
On the first day of our trek through the dense jungles of Pythonia we will be looking at how to build a simple sub-domain enumeration tool and how to get started building simple exploits - for those who have trekked these paths before - extra challenges will await you.
Day two we will move further into the dark jungles of Pythonia delving into forbidden user-land territory and how you can use Python to gather useful system-level information, and contact the UNIX daemons of old.
While writing this training description, errbufferoverfl wrote two Python fan fictions, the next cyber-themed Hollywood blockbuster and Shakespearian a play about the training.
0xCC | Download the iPython (Coming Soon) | GitHub
[Conference] Agloe - What the Map Makers of the 1930s can Teach us About Protecting our Data in 2018
What does the little town of Agloe, Colchester, NY have in common with modern day data protection? Why when I look for directions to Agloe, Colchester, NY do I only get a partial match? And what do yellow small birds have to do with anything?
In this talk we are going to do the time warp back to the 1930âs and see what the General Drafting Company can teach us about securing data and breach notification and how to apply these concepts in the modern day. Using free and open-source solutions Iâll show you that information security isnât all about expensive third-party products and Security Operations Centersâ (SOC), rather, by using some defensive thinking and a bit of creativity, with your exisiting infrastructure and services you too can easily identify data breaches, and catch the bad guys in the act with the tools you already use in your own environment. Come along for a lesson on the anatomy of the canary.
PyCon 2018 Security & Privacy Track | OWASP AppSec Day | PurpleCon (PDF)
ð Â?Certifications
- Bachelor of Information Technology (Security)
I proudly acknowledge the Traditional Owners of the land on which I live and work on. I pay respects to Elders, past, present and emerging. âThis always was, and always will be, Aboriginal Land.