Ημερομηνία/Ώρα
Date(s) - 05/08/2021
19:00 - 22:00
Κατηγορία(ες) Δεν υπάρχουν κατηγορίες
Thanks to COVID-19, we didn’t organise any event in 2021 yet, but the time has come and we will do our best to make this one happen (safely)! Please follow the current goverment rules during the event. The number of attendees is limited to 50 (so grab your ticket from the Eventbrite now()!). https://www.eventbrite.com/e/owasp-czech-chapter-meeting-registration-162360236839
Schedule
18:00 – Doors open!
18:10 – 18:20 Opening ceremony with OWASP chapter leaders (and some exciting news)
18:20 – 19:20 How we started Red Team – Jan Kopecky and Marek Jilek
19:30 – 20:30 You should turn off autofill in your password manager – Marek Tóth
20:40 – 21:00 I know where you live – Kamil Vavra
21:00 – 21:10 Closing ceremony
21:10 – XX:XX Networking
Information about the speakers and talks
Jan Kopecky – Jan has been breaking stuff since he was 13. He has spent most of his time breaking web apps, infrastructure and mobile applications. He also does reverse engineering, fuzzing, exploit development and a bit of social engineering. Two years ago Jan turned red (this is not a sickness but rather a profession) and is simulating bad guys without going to jail.
Marek Jilek – Marek is currently Red Team member in NN. He used to work as penetration tester for Deloitte and web developer for Alza.cz. His hobbies are popularization of computer security, bug bounty (#1on Hacker One from Czech), social engineering and cooking.
How we started Red Team – Jan and Marek (and few others who shall not be named) started Red Team in Nationale Nederlanden 2 years ago. Starting such a activity is actually quite challenging process, especially in environment which consists from multiple countries, laws, rules and technologies. We, as well as all other technically-focused people, would ideally jump straight into execution and just keep pwning like there is no tomorrow. However, if you want your red team to be successful you have to go through a lot of pain to set everything in place – if you don’t your work will not meet with success. During this talk Jan and Marek will share their experience, warn you about a things to watch for when starting / working in red team and they would like to share a few technical tips as well.
Marek Tóth – Marek Tóth is a Penetration Tester at Avast. His specialization is in web application security. In his free time, he’s finding and reporting vulnerabilities to companies, directly or through bug bounty programs.
You should turn off autofill in your password manager – Password managers are a very popular topic in IT security these days. However, it is often no longer mentioned that the autofill function should be disabled or be set to fill only at the user’s request. Most password managers have the autofill feature enabled by default although this decreases the security of the stored password. In this talk, I will talk about autofill behaviour in multiple browsers and password managers. Finally, I will talk about the potential risk of using autofill, not only for users but also for companies.
Kamil Vavra – AppSec @ Kiwi.com, Moderator of reddit.com/r/bugbounty, Interested in ethical hacking and privacy
I know where you live – An introduction into the KARMA attack, exploiting the behavior of some Wi-Fi devices, where vulnerable clients broadcast a “preferred network list” (PNL), which contains the SSIDs of access points to which they have previously connected. We will revisit the old technique, current defenses applied by vendors and build a custom access point using Raspberry Pi & Python.
Additional information
Venue is Živo U Palečka, Koliště 23,[masked] Brno, for more details check http://zivoupalecka.cz/kontakt/.
All talks will be in English and the recordings will be available online ( with speakers’ permission) after the convention.
Click here for more info.
Όλες οι εκδηλώσεις