Details
Running since June 2013, every month we have 2 talks focused on Security or Technology - followed by socialising with like minded people – and you can find out exactly what to expect on the About Us section of our Meetup page. Past talk details are on our wiki on http://corksec.com/. All people with any sort of an interest or level of knowledge in Security, Hacking and Emerging Technology are more than welcome to attend and feel free to bring like minded colleagues and friends.
Our talks come from our community so if you have an idea for a topic (anything for 10-60 minutes) please email us at DefconCork@gmail.com . Whether you are an experienced presenter, or presenting for your first time - CorkSec is a great venue for it - and we are happy to help you prepare and mentor you.
Doors open at 19:00 with talks starting at 19:15.
TALK 1: A New Approach to Enhance Insecure Deserialization Exploitation by Nabigh Nugdallah
Serialization is the process that is used to transfer an object in a programming language by converting it into a format (referred to as Bytestream) that can be saved locally or transferred via the network, once recieved, the bytestream is converted (deserialized) back into the object.
However, without proper verification, an attacker can craft a serialized object and send it to cause the application to perform undesired operations. Since the vulnerability is run on a code level (Run as a code) the vulnerability can provide a range of attacks rather than a single exploit, it can range from performing scanning process to even perform RCE.
Over time, several tools were developed to generate payloads and exploit the vulnerability, however, these tools were developed without a way to verify the success or failure of the attack. Which made exploiting insecure deserialization considerably difficult, and was not automated, Therefore, a new approach is to be introduced and developed in order to perform the attack and verify its success.
TALK 2 : Container Isolation and Least Privilege - Seosaimh o'Shea
As software development continues to become container obsessed, this talk offers a quick drive by of the world of containers and introduces orchestration platforms such as Kubernetes. We look at the security considerations needed at the code, container, cluster and cloud layers and look to understand common attack vectors.