Attacks & the Windows Logs Workshop
During this workshop we will check what are the most common techniques used by the attackers during lateral movement. We quickly introduce how the testing is done in some test labors, what are the difficulties, how seriously one can treat these results. During this process we examine how one can detect the given attack technique by the help of windows event log, and if it is visible by default or not. When the default detection is not working we will
Mastering Web Application Source Code Review Workshop
Every single application we use has at least a few vulnerabilities. Some of them so complex it’s pretty impossible to discover them with a closed-box approach. Having the source code allows us to find bugs that we would miss otherwise. However, for that to be true, you must know how to analyse it effectively. In this workshop, we’ll go through the process of analysing the source code of a web application. We’ll start with catching the low-hanging fruit with automated
Exploring OpenSSH: Hands-On Workshop for Beginners
During this workshop, you will learn how to use the various tools from the OpenSSH suite. We will start with a presentation of the problems that are solved by OpenSSH, then we will dive into the details of its most important and useful features. Among the topics covered, we will discuss about remote host authentication, password and public key client authentication, key generation, local and remote ports forwarding, SOCKS proxying, X11 forwarding, jumphosts, connection to legacy systems, and more. Hands-on exercises
Web3 Hacking Throguh CCTF Workshop
Description: This is an introduction to web3 hacking and playing decentralized CTF games.Six will explain you the basics of blockchain, solidity and how to submit a CTF flag to get a score in CCTF (https://cryptoctf.org/).What is a flag? A valid and matching ECDSA signature that is generated from a private key which was hidden in a challenge. Detailed explanation and practice on the workshop What you will learn: Web3 basicsSolidity basicsECDSA basics and generating keys in multi-directionsHow to use CCTF's smart contracts Prequisites: Understanding of
Evading Modern Day Security Defenses in Corporate Environments
About the Speakers Rahul Vashisht is a security researcher with over 4+ years of experience in the information security ecosystem. He's a full-time Red Teamer working with a sophisticated cyber security provider with clients all across the globe in numerous industries such as telecom, banking, pharmaceuticals etc. With his vast programming experience, his day job includes developing industry-grade toolkits for his red team and he has a knack for finding effective ways to bypass the majority of the corporate AV/EDR solutions
7 Steps to Secure a SaaS Platform – the Worlds Biggest Companies Trust
Liferay is an enterprise Open Source company founded in 2004. In 2022 we announced our SaaS platform which enables the worlds largest organizations (especially from finance, insurance, government, manufacturing) to build their own digital experience. Securing the platform and the company brought a lot of challenges both on the technical and the human side. I'll bring the 7 most interesting from various areas of the journey to share how we had to transform our company. Some of the challenges are
Pwning into Power System Center
About the Speaker Omkar Joshi has 10 years of experience in Security domain especially Pentest, Application Security, Forensics Investigation Passionate Red teamer, Security researcher Reported multiple vulnerabilities in products, applications and acknowledged with CVE's