Kiwicon on:
[Wikipedia]
[Google]
[Amazon]
Kawaiicon (previously Kiwicon) is a
2007
– "Share The Knowledge" The inaugural Kiwicon was held during the weekend of 17–18 November 2007 at
2008
– "Two Cons, One Vision" Kiwicon 2k8 was held on 27 and 28 September, with an attendance of over 250 people. A broader range of attendees arrived, with presale tickets selling out before the doors opened. Attendees were greeted with an array of video phone captures proving the insecurity of video conferencing systems. Topics included:
2009
– "Kiwicon III: Army of Darkness" Kiwicon 2k9 was held during the weekend of 28-29 November 2009 at
2010
– "The four e:Sheep-persons of the Cyber Infopocalypse" Kiwicon IV was once again held on the weekend of 27-28 November 2010 at
2011
– "It Goes b00m" / "Shellcode, treason and plot" For its fifth year, Kiwicon took place on 5 and 6 November 2011, at a much larger venue, the
2012
– "The Con of the Beast" Kiwicon 6 was on 17 and 18 November 2012, again at the
2013
– "Cyberfriends" – 9–10 November
2014
– "It's always 1989 in Computer Security" / "Hackers just wanna have fun" – 11–12 December
2015
– "Cyberwar Is Hell" – 10–11 December
2016
– "The Truth is In Here" Kiwicon X was at the larger Michael Fowler Center with almost 2,000 attendees, on 15–18 November 2016. Talk topics included radiation-induced cryptographic failures, a story of active incident response against attacks on Pacnet from
2018
– "Kiwicon 2038AD" – 16–17 November
2019
– "Kawaiicon" – 17–18 October *2022 – "Kawaiicon 2" – 1–2 July
2025
– "Kawaiicon 2025" – 6–8 November
Official website
Information technology in New Zealand Hacker conventions
Kawaiicon (previously Kiwicon) is a New Zealand
New Zealand () is an island country in the southwestern Pacific Ocean. It consists of two main landmasses—the North Island () and the South Island ()—and List of islands of New Zealand, over 600 smaller islands. It is the List of isla ...
computer security conference
A computer security conference is a convention for individuals involved in computer security. They generally serve as meeting places for system and network administrators, hackers, and computer security experts. Common activities at hacker conven ...
held in Wellington
Wellington is the capital city of New Zealand. It is located at the south-western tip of the North Island, between Cook Strait and the Remutaka Range. Wellington is the third-largest city in New Zealand (second largest in the North Island ...
from 2007. It brings together a variety of people interested in information security
Information security is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data ...
. Representatives of government agencies and corporations attend, along with hacker
A hacker is a person skilled in information technology who achieves goals and solves problems by non-standard means. The term has become associated in popular culture with a security hackersomeone with knowledge of bug (computing), bugs or exp ...
s.
The conference format allows for talks, informal discussions, socialising, key signing and competitions. Talks are of various lengths on a wide range of subjects, usually including a wide range of techniques for modern exploits and operational security
Operations security (OPSEC) is a process that identifies critical information to determine whether friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to th ...
, security philosophy, New Zealand hacker history, related New Zealand law
The law of New Zealand uses the English common law system, inherited from being a part of the British Empire.
There are several sources of law, the primary ones being acts enacted by the New Zealand Parliament and case law made by decisions o ...
, and a few talks on more esoteric topics.
Kiwicon was founded by Adam Boileau when the annual Australian computer security conference Ruxcon was cancelled for 2007. After ten annual conferences Kiwicon took a break in 2017; in 2019 Boileau stepped down and the conference was relaunched in a "less elaborate" form as Kawaiicon. After two conferences, Kawaiicon took a break before announcing a return for 6-8 November 2025.
Past conferences
2007
– "Share The Knowledge" The inaugural Kiwicon was held during the weekend of 17–18 November 2007 at
Victoria University of Wellington
Victoria University of Wellington (), also known by its shorter names "VUW" or "Vic", is a public university, public research university in Wellington, New Zealand. It was established in 1897 by Act of New Zealand Parliament, Parliament, and w ...
. Approximately 200 people from the New Zealand security community (and elsewhere) attended the two-day event. Talk topics included: the psychology of user security errors, information warfare
Information warfare (IW) is the battlespace use and management of information and communication technology (ICT) in pursuit of a competitive advantage over an opponent. It is different from ''cyberwarfare'' that attacks computers, software, and ...
, hiding files in RAM
Ram, ram, or RAM most commonly refers to:
* A male sheep
* Random-access memory, computer memory
* Ram Trucks, US, since 2009
** List of vehicles named Dodge Ram, trucks and vans
** Ram Pickup, produced by Ram Trucks
Ram, ram, or RAM may also ref ...
, cracking with PlayStation
is a video gaming brand owned and produced by Sony Interactive Entertainment (SIE), a division of Japanese conglomerate Sony. Its flagship products consists of a series of home video game consoles produced under the brand; it also consists ...
, and attacks on: kiosk
Historically, a kiosk () was a small garden pavilion open on some or all sides common in Iran, Persia, the Indian subcontinent, and in the Ottoman Empire from the 13th century onward. Today, several examples of this type of kiosk still exist ...
s, telecommunications company ethernet, non-IP networks, and a serious Windows hole.2008
– "Two Cons, One Vision" Kiwicon 2k8 was held on 27 and 28 September, with an attendance of over 250 people. A broader range of attendees arrived, with presale tickets selling out before the doors opened. Attendees were greeted with an array of video phone captures proving the insecurity of video conferencing systems. Topics included:
mass surveillance
Mass surveillance is the intricate surveillance of an entire or a substantial fraction of a population in order to monitor that group of citizens. The surveillance is often carried out by Local government, local and federal governments or intell ...
, using honeypots to detect malicious servers, physical security
Physical security describes security measures that are designed to deny unauthorized access to facilities, equipment, and resources and to protect personnel and property from damage or harm (such as espionage, theft, or terrorist attacks). Physi ...
, using search engine optimization
Search engine optimization (SEO) is the process of improving the quality and quantity of Web traffic, website traffic to a website or a web page from web search engine, search engines. SEO targets unpaid search traffic (usually referred to as ...
to make websites disappear from search results, Bluetooth
Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances and building personal area networks (PANs). In the most widely used mode, transmission power is li ...
surveillance, Internet probe counterattacking, speed hacking, and attacks on: wired and mobile phone systems, biometrics
Biometrics are body measurements and calculations related to human characteristics and features. Biometric authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used t ...
, Citrix XenApp
Citrix Virtual Apps (formerly WinFrame, MetaFrame, Presentation Server and XenApp) is an application virtualization software produced by Citrix Systems that allows Windows applications to be accessed via individual devices from a shared server o ...
, and Windows Vista
Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, released five years earlier, which was then the longest time span between successive releases of Microsoft W ...
via heap exploitation.2009
– "Kiwicon III: Army of Darkness" Kiwicon 2k9 was held during the weekend of 28-29 November 2009 at
Victoria University of Wellington
Victoria University of Wellington (), also known by its shorter names "VUW" or "Vic", is a public university, public research university in Wellington, New Zealand. It was established in 1897 by Act of New Zealand Parliament, Parliament, and w ...
for the third year running. The event sold out with an attendance of over 350 people. Talk topics included: professional vulnerability
Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." The understanding of social and environmental vulnerability, as a methodological approach, involves ...
research, identifying online identities using Bayesian inference
Bayesian inference ( or ) is a method of statistical inference in which Bayes' theorem is used to calculate a probability of a hypothesis, given prior evidence, and update it as more information becomes available. Fundamentally, Bayesian infer ...
, social engineering, radio sniffing, defending against denial-of-service attack
In computing, a denial-of-service attack (DoS attack) is a cyberattack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host co ...
s, Linux
Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...
rootkit
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exist ...
s, an introduction to the New Zealand Internet Task Force, and attacks on: physical access control
In physical security and information security, access control (AC) is the action of deciding whether a subject should be granted or denied access to an object (for example, a place or a resource). The act of ''accessing'' may mean consuming ...
systems, GPS
The Global Positioning System (GPS) is a satellite-based hyperbolic navigation system owned by the United States Space Force and operated by Mission Delta 31. It is one of the global navigation satellite systems (GNSS) that provide geol ...
, smart card
A smart card (SC), chip card, or integrated circuit card (ICC or IC card), is a card used to control access to a resource. It is typically a plastic credit card-sized card with an Embedded system, embedded integrated circuit (IC) chip. Many smart ...
s, shared hosting platforms, ActiveSync
ActiveSync is a mobile data synchronization app developed by Microsoft, originally released in 1996. It synchronizes data with handheld devices and desktop computers.
Overview
ActiveSync allows a mobile device to be synchronized with either a d ...
, iOS App Store
The App Store is an app marketplace developed and maintained by Apple, for mobile apps on its iOS and iPadOS operating systems. The store allows users to browse and download approved apps developed within Apple's iOS SDK. Apps can be download ...
, pager
A pager, also known as a beeper or bleeper, is a Wireless communication, wireless telecommunications device that receives and displays Alphanumericals, alphanumeric or voice messages. One-way pagers can only receive messages, while response p ...
s, wireless router
A wireless router or Wi-Fi router is a device that performs the functions of a router and also includes the functions of a wireless access point. It is used to provide access to the Internet or a private computer network. Depending on the m ...
s, and scientific software.2010
– "The four e:Sheep-persons of the Cyber Infopocalypse" Kiwicon IV was once again held on the weekend of 27-28 November 2010 at
Victoria University of Wellington
Victoria University of Wellington (), also known by its shorter names "VUW" or "Vic", is a public university, public research university in Wellington, New Zealand. It was established in 1897 by Act of New Zealand Parliament, Parliament, and w ...
, and sold out even earlier than in 2009. The title was a play on the term Four Horsemen of the Infocalypse
The Four Horsemen of the Infocalypse refers to those who use the Internet to facilitate crime or (pejoratively) to rhetorical approaches evoking such criminals.
The phrase is a play on Four Horsemen of the Apocalypse. There is not a universally ag ...
. Some talk topics included: a survey of unpatched devices connected to the internet, fast data erasure
Data erasure (sometimes referred to as data clearing, data wiping, or data destruction) is a software-based method of data sanitization that aims to completely destroy all electronic data residing on a hard disk drive or other digital media by ...
, urban exploration
Urban exploration (often shortened as UE, urbex, and sometimes known as roof and tunnel hacking) is the exploration of manmade structures, usually abandoned ruins or hidden components of the manmade environment. Photography and historical inte ...
, web scraping
Web scraping, web harvesting, or web data extraction is data scraping used for data extraction, extracting data from websites. Web scraping software may directly access the World Wide Web using the Hypertext Transfer Protocol or a web browser. W ...
, wardriving
Wardriving is the act of searching for Wi-Fi wireless networks as well as cell towers, usually from a moving vehicle, using a laptop or smartphone. Software for wardriving is freely available on the internet.
Warbiking, warcycling, warwalking ...
with Arduino
Arduino () is an Italian open-source hardware and open-source software, software company, project, and user community that designs and manufactures single-board microcontrollers and microcontroller kits for building digital devices. Its hardwar ...
, New Zealand's proposed Search and Surveillance Act, and attacks on: RFID
Radio-frequency identification (RFID) uses electromagnetic fields to automatically identify and track tags attached to objects. An RFID system consists of a tiny radio transponder called a tag, a radio receiver, and a transmitter. When tri ...
tags, Internet exchange point
Internet exchange points (IXes or IXPs) are common grounds of Internet Protocol, IP networking, allowing participant Internet service provider, Internet service providers (ISPs) to exchange data destined for their respective networks. IXPs are ...
s, Amazon Kindle
Amazon Kindle is a series of e-readers designed and marketed by Amazon. Amazon Kindle devices enable users to browse, buy, download, and read e-books, newspapers, magazines, Audible audiobooks, and other digital media via wireless networking ...
, Microsoft Office
Microsoft Office, MS Office, or simply Office, is an office suite and family of client software, server software, and services developed by Microsoft. The first version of the Office suite, announced by Bill Gates on August 1, 1988, at CO ...
and Java
Java is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea (a part of Pacific Ocean) to the north. With a population of 156.9 million people (including Madura) in mid 2024, proje ...
serialization
In computing, serialization (or serialisation, also referred to as pickling in Python (programming language), Python) is the process of translating a data structure or object (computer science), object state into a format that can be stored (e. ...
.2011
– "It Goes b00m" / "Shellcode, treason and plot" For its fifth year, Kiwicon took place on 5 and 6 November 2011, at a much larger venue, the
Wellington Opera House
The Opera House is a proscenium theatre in Wellington, New Zealand, located on Manners Street opposite Te Aro Park.
History
The present Opera House replaced earlier buildings on Manners Street. The Imperial Opera House opened in 1878, but bu ...
. The slogans and the date of the event referenced Guy Fawkes
Guy Fawkes (; 13 April 1570 – 31 January 1606), also known as Guido Fawkes while fighting for the Spanish, was a member of a group of provincial English Catholics involved in the failed Gunpowder Plot of 1605. He was born and educate ...
and the Gunpowder Plot
The Gunpowder Plot of 1605, in earlier centuries often called the Gunpowder Treason Plot or the Jesuit Treason, was an unsuccessful attempted regicide against James VI and I, King James VI of Scotland and I of England by a group of English ...
. Among the talk topics were: an example attack on a film studio, policing hacking from organised crime gangs, operational security
Operations security (OPSEC) is a process that identifies critical information to determine whether friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to th ...
, "cyberwarfare
Cyberwarfare is the use of cyberattack, cyber attacks against an enemy State (polity), state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, ...
", New Zealand's new file-sharing law, automated memory corruption exploitation, Mac OS
Mac operating systems were developed by Apple Inc. in a succession of two major series.
In 1984, Apple debuted the operating system that is now known as the classic Mac OS with its release of the original Macintosh System Software. The system ...
rootkit
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exist ...
ting, and attacks on: NFC
NFC usually refers to:
* Near-field communication, a set of communication protocols for electronic devices
* National Football Conference, part of US National Football League
NFC may also refer to:
Psychology
* Need for cognition, in psychol ...
transactions, iPhone
The iPhone is a line of smartphones developed and marketed by Apple that run iOS, the company's own mobile operating system. The first-generation iPhone was announced by then–Apple CEO and co-founder Steve Jobs on January 9, 2007, at ...
s, Android
Android most commonly refers to:
*Android (robot), a humanoid robot or synthetic organism designed to imitate a human
* Android (operating system), a mobile operating system primarily developed by Google
* Android TV, a operating system developed ...
, and garage door opener
A garage door opener is a motorized device that opens and closes a garage door controlled by switches on the garage wall. Most also include a handheld radio remote control carried by the owner, which can be used to open and close the door from ...
s.2012
– "The Con of the Beast" Kiwicon 6 was on 17 and 18 November 2012, again at the
Wellington Opera House
The Opera House is a proscenium theatre in Wellington, New Zealand, located on Manners Street opposite Te Aro Park.
History
The present Opera House replaced earlier buildings on Manners Street. The Imperial Opera House opened in 1878, but bu ...
. Talk topics included: hacktivist
Hacktivism (or hactivism; a portmanteau of '' hack'' and ''activism''), is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. A form of Internet activism with roo ...
communities, measuring security, security lifecycle, one-time audio passwords, Bluetooth
Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances and building personal area networks (PANs). In the most widely used mode, transmission power is li ...
sniffing, biohacking, phishing
Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticate ...
, stealth web application reconnaissance, remote wiping smartphone
A smartphone is a mobile phone with advanced computing capabilities. It typically has a touchscreen interface, allowing users to access a wide range of applications and services, such as web browsing, email, and social media, as well as multi ...
s connecting to Exchange
Exchange or exchanged may refer to:
Arts, entertainment and media Film and television
* Exchange (film), or ''Deep Trap'', 2015 South Korean psychological thriller
* Exchanged (film), 2019 Peruvian fantasy comedy
* Exchange (TV program), 2021 Sou ...
, a social network monitoring
Network monitoring is the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator (via email, SMS or other alarms) in case of outages or other trouble. Network monitor ...
tool, and a wardriving
Wardriving is the act of searching for Wi-Fi wireless networks as well as cell towers, usually from a moving vehicle, using a laptop or smartphone. Software for wardriving is freely available on the internet.
Warbiking, warcycling, warwalking ...
motorcycle. In reference to a joke from the previous year, a homebrew beer labelled "cyberwar" was given to volunteers and sold at the afterparty.2013
– "Cyberfriends" – 9–10 November
2014
– "It's always 1989 in Computer Security" / "Hackers just wanna have fun" – 11–12 December
2015
– "Cyberwar Is Hell" – 10–11 December
2016
– "The Truth is In Here" Kiwicon X was at the larger Michael Fowler Center with almost 2,000 attendees, on 15–18 November 2016. Talk topics included radiation-induced cryptographic failures, a story of active incident response against attacks on Pacnet from
Telstra
Telstra Group Limited is an Australian telecommunications company that builds and operates telecommunications networks and markets related products and services. It is a member of the S&P/ASX 20 stock index, and is Australia's largest telecomm ...
researchers, a phishing
Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticate ...
automation tool, benefits of containers
A container is any receptacle or enclosure for holding a product used in storage, packaging, and transportation, including shipping.
Things kept inside of a container are protected on several sides by being inside of its structure. The term ...
enabling an application to contain itself, the disconnect between security and business, spoofing GPS
The Global Positioning System (GPS) is a satellite-based hyperbolic navigation system owned by the United States Space Force and operated by Mission Delta 31. It is one of the global navigation satellite systems (GNSS) that provide geol ...
by changing the time, why machine learning
Machine learning (ML) is a field of study in artificial intelligence concerned with the development and study of Computational statistics, statistical algorithms that can learn from data and generalise to unseen data, and thus perform Task ( ...
exploitation is good, a history of lockpicking
Lock picking is the practice of unlocking a Lock (security device), lock by manipulating the components of the lock device without the original key.
Although lock-picking can be associated with Intention (criminal law), criminal intent, it ...
, remote activation of swipe-card readers, and exploits for iClass RFID
Radio-frequency identification (RFID) uses electromagnetic fields to automatically identify and track tags attached to objects. An RFID system consists of a tiny radio transponder called a tag, a radio receiver, and a transmitter. When tri ...
, GUI
Gui or GUI may refer to:
People Surname
* Gui (surname), an ancient Chinese surname, ''xing''
* Bernard Gui (1261 or 1262–1331), inquisitor of the Dominican Order
* Luigi Gui (1914–2010), Italian politician
* Gui Minhai (born 1964), Ch ...
s, macOS
macOS, previously OS X and originally Mac OS X, is a Unix, Unix-based operating system developed and marketed by Apple Inc., Apple since 2001. It is the current operating system for Apple's Mac (computer), Mac computers. With ...
, native web-based applications, PHP
PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. The PHP reference implementation is now produced by the PHP Group. ...
7, insecure random number generation
Random number generation is a process by which, often by means of a random number generator (RNG), a sequence of numbers or symbols is generated that cannot be reasonably predicted better than by random chance. This means that the particular ou ...
, Amazon Web Services
Amazon Web Services, Inc. (AWS) is a subsidiary of Amazon.com, Amazon that provides Software as a service, on-demand cloud computing computing platform, platforms and Application programming interface, APIs to individuals, companies, and gover ...
, infrared devices, NodeJS
Node.js is a cross-platform, open-source JavaScript runtime environment that can run on Windows, Linux, Unix, macOS, and more. Node.js runs on the V8 JavaScript engine, and executes JavaScript code outside a web browser.
Node.js lets develope ...
, and HTML _blank.2018
– "Kiwicon 2038AD" – 16–17 November
2019
– "Kawaiicon" – 17–18 October *2022 – "Kawaiicon 2" – 1–2 July
2025
– "Kawaiicon 2025" – 6–8 November
Advertising controversy
On 29 August 2007 persons associated with Kiwicon used simple XSS attacks to spoof websites of news organisations ''The New Zealand Herald
''The New Zealand Herald'' is a daily newspaper published in Auckland, New Zealand, owned by New Zealand Media and Entertainment, and considered a newspaper of record for New Zealand.
It has the largest newspaper circulation in New Zealand, ...
'' and New Zealand Computerworld
''Computerworld'' (abbreviated as CW) is a computer magazine published since 1967 aimed at information technology (IT) and Business computing, business technology professionals. Original a print magazine, ''Computerworld'' published its final pr ...
. No actual pages on the servers were altered. Similar attacks were performed in following years on different websites, but these went unreported, as is usual in mainstream press for such attacks.
References
{{reflistExternal links
Official website
Information technology in New Zealand Hacker conventions