What we're about

Vorträge, Workshops, Hacknights... Alles rund ums Thema, offen für alle Formen, Farben und Themen!

Links zu:

• GitHub: Vortrags- und Workshopmaterial (https://github.com/it-security-kassel-nordhessen/meetup)

• Slack: Kommunikation und Austausch (https://it-sec-meetup-kassel.slack.com)

Lectures, workshops, hacking nights ... Everything about it-security, open to all forms, colors and topics!

Links to:

• GitHub: Lectures and workshop material (https://github.com/it-security-kassel-nordhessen/meetup)

• Slack: Communication and Exchange (https://it-sec-meetup-kassel.slack.com)

Upcoming events (4+)

Security Meetup 0x4B (Remote) (Nr 75)

Link visible for attendees

Vorträge / Talks:

1 - Im Fokus von Geheimdiensten und Cyberkriminellen ( Markus Böger, Verfassungsschutz Niedersachsen - Wirtschaftsschutz - Hannover )
Angriffe in einer vernetzten Welt

2 - Incident Response mit Zettelkasten (Hans)

3 - Malicious Anhänge in Mails analysieren (Joshua)

==

Diese Veranstaltung wird remote stattfinden.

Die Remote-Zugangsdaten gehen an alle registrierten Teilnehmer am Tag des Meetups.

Die Veranstaltung ist offen, jeder ist gerne willkommen!
Wenn Du Fragen hast, einfach in die Kommentare schreiben: Es findet sich sicherlich jemand der sie beantwortet.
Falls du selbst etwas vorstellen willst, z.B. wenn Du etwas Cooles entdeckt hast oder schlicht teilen willst gerne her damit! Wir freuen uns auf jeden Vortrag egal wir lang er ist.

==

This event will take place remotely.

The remote access data will be sent to all registered participants by email on the day of the meetup.

The event is open, everyone is welcome!
If you have any questions, just write in the comments: You will surely find someone to answer them.

If you want to present something yourself, e.g. if you've discovered something cool or just want to share it feel free to do so! We are looking forward to every presentation no matter how long it is.

==

Dauer der Vorträge / Duration of the talks:
Normal: Max 1h 30, Shorty: Kurzvortrag / Short talk

Weitere Ressourcen IT-Security-Meetup Kassel / Further resources IT-Security-Meetup Kassel:

  • Alte Vorträge / Talks from the past:
    -- https://github.com/it-security-kassel-nordhessen/meetup
    -- https://www.youtube.com/watch?v=nTpTSOVXSTU&list=PLGrnDfwTFZ7nluvGOIIR1GXHCEAnuLR1o

• ---------------------------------------------------------------------------

-- Sponsor --

Micromata GmbH
Conference Room, Github Quota, Pizza :)

2
OWASP Stammtisch Frankfurt + Security Meetup 0x4C Collective Event (Remote)

Link visible for attendees

In cooperation with https://www.meetup.com/de-DE/IT-Security-Stammtisch-Frankfurt-OWASP-u-w/

Talks:

Webapplication Security

1 - Catching Transparent Phish: Understanding and Detecting MITM Phishing Kits (Prof. Nick Nikiforakis, Brian Kondracki PhD Candidate, Stony Brook University)

For over a decade, phishing toolkits have been helping attackers automate and streamline their phishing campaigns. Man-in-the-Middle (MITM) phishing toolkits are the latest evolution in this space, where toolkits act as malicious reverse proxy servers of online services, mirroring live content to users while extracting credentials and session cookies in transit. These tools further reduce the work required by attackers, automate the harvesting of 2FA-authenticated sessions, and substantially increase the believability of phishing web pages.

2 - Abusing cloud apps 101: Command and Control (Dagmawi Mulugeta, Cloud Researcher, Netskope)

Enterprises have rushed to move from outdated on-premise servers to SaaS applications in the cloud. Well, guess what? Attackers are also making the move. Why would an attacker operate their own command and control infrastructure when they can abuse something that already exists?

Abuses of apps like Slack, DropBox, GitHub, and OneDrive for command and control have even used app-specific features like channels in Slack and commits in GitHub to not only blend into normal traffic but also afford themselves the flexibility provided by the cloud application. In our research, we find that this flexibility can be leveraged even further to evade existing controls. For example, attackers have abused email drafts in mail apps and comments in shared documents to send commands and retrieve results. We use C3 which is an open source command and control framework developed by F-Secure to showcase these abuses. This presentation will analyze these lesser known app-specific abuses and include them in C3 to give penetration testers and red team members the ability to mimic what attackers are doing in the wild.

This talk will explore this new threat landscape, showing some real-world examples of attacks exploiting cloud services, reviewing some of the most abused cloud applications, presenting some novel tactics for command and control, and sharing behavior- based defenses for these attacks. This talk will equip you with the information required to spot these attacks in your environments and strategies to reduce the attack surface.

3 - Team of 30 million: Reducing software vulnerability at a global scale (Laura Bell, SafeStack Limited)

Facing a global pandemic has been (and continues to be) an incredibly challenging period. There are very few people who have not seen dramatic impacts on their lives as a result.

While we as humans have been facing this struggle, a similar problem has been emerging in our software development community. Not only are we finding more vulnerabilities in our software than ever, but those weaknesses have been affecting a larger proportion of our software ecosystem.

Are there lessons we can take from the last few years and the changes we have made to protect people from a pandemic and apply them to our software ecosystem? I believe there are.

In this talk, we will look at how the relationships between software projects improve our world whilst also making us vulnerable. We will do this by diving into the structures between codebases and looking at how these affect the risk faced by our people, data, and systems.

We will then take a look at the harm that has been caused (and could yet be caused) by exploiting this ecosystem and the steps we can take to reduce this risk and increase the resilience of all our systems — steps that mirror the hard lessons we have learned as humans over the past few years.

4 - tbd

==

This event will take place remotely.

The remote access data will be sent to all registered participants by email on the day of the meetup.

The event is open, everyone is welcome!
If you have any questions, just write in the comments: You will surely find someone to answer them.

If you want to present something yourself, e.g. if you've discovered something cool or just want to share it feel free to do so! We are looking forward to every presentation no matter how long it is.

==

Duration of the talks:
Normal: Max 1h 30, Shorty: Short talk

Further resources IT-Security-Meetup Kassel:

  • Talks from the past:
    -- https://github.com/it-security-kassel-nordhessen/meetup
    -- https://www.youtube.com/watch?v=nTpTSOVXSTU&list=PLGrnDfwTFZ7nluvGOIIR1GXHCEAnuLR1o

• ---------------------------------------------------------------------------

-- Sponsor --

OWASP, Micromata GmbH

Workshop Security Games Digital Table Top

Link visible for attendees

Diese Veranstaltung wird remote stattfinden.

Die Remote-Zugangsdaten gehen an alle registrierten Teilnehmer am Tag des Meetups.

Die Veranstaltung ist offen, jeder ist gerne willkommen!
Wenn Du Fragen hast, einfach in die Kommentare schreiben: Es findet sich sicherlich jemand der sie beantwortet.

==

This event will take place remotely.

The remote access data will be sent to all registered participants by email on the day of the meetup.

The event is open, everyone is welcome!
If you have any questions, just write in the comments: You will surely find someone to answer them.

==

Spielideen / Game ideas:

  • Maelstrom Mitre Game https://github.com/maelstromthegame/defcon24 (Claudius)
  • Decisions & Disruptions https://sites.google.com/view/decisions-disruptions/ (Stefan)

2
Security Meetup 0x4D (Remote) (Nr 77)

Link visible for attendees

Vorträge / Talks:

==

1 - Making ASVS truly your own ( Luis Servin, wrk.com )

ASVS is perhaps the best collection of requirements for web applications in the industry. It is well-balanced and covers all your needs. Best of all, it is made so that it can prevent any of the OWASP top ten from manifesting in your systems. Knowing all these benefits, surely makes you want to adopt it for the company you work in. The biggest challenge you'll face is identifying the best way to do it. You surely don't want to copy paste from a PDF!

We will explore how the ASVS is built and how you can modify parameters to adapt to your company's corporate design, like fonts, logos, first pages, etc. We will then go into the details of how you can change the contents to add references to other policies, hyperlinks to CWEs, or Make major changes to the text.

Finally we will explore how this could be the beginning of a new era in the creation and management of policies for your company. We'll explore the requirements for this and how you could get all stakeholders on board.

2 - tbd

3 - tbd

==

Diese Veranstaltung wird sowohl remote stattfinden.

Die Remote-Zugangsdaten gehen an alle registrierten Teilnehmer am Tag des Meetups.

Die Veranstaltung ist offen, jeder ist gerne willkommen!
Wenn Du Fragen hast, einfach in die Kommentare schreiben: Es findet sich sicherlich jemand der sie beantwortet.
Falls du selbst etwas vorstellen willst, z.B. wenn Du etwas Cooles entdeckt hast oder schlicht teilen willst gerne her damit! Wir freuen uns auf jeden Vortrag egal wir lang er ist.

==

This event will take place remotely.

The remote access data will be sent to all registered participants by email on the day of the meetup.

The event is open, everyone is welcome!
If you have any questions, just write in the comments: You will surely find someone to answer them.

If you want to present something yourself, e.g. if you've discovered something cool or just want to share it feel free to do so! We are looking forward to every presentation no matter how long it is.

==

Dauer der Vorträge / Duration of the talks:
Normal: Max 1h 30, Shorty: Kurzvortrag / Short talk

Weitere Ressourcen IT-Security-Meetup Kassel / Further resources IT-Security-Meetup Kassel:

  • Alte Vorträge / Talks from the past:
    -- https://github.com/it-security-kassel-nordhessen/meetup
    -- https://www.youtube.com/watch?v=nTpTSOVXSTU&list=PLGrnDfwTFZ7nluvGOIIR1GXHCEAnuLR1o

• ---------------------------------------------------------------------------

-- Sponsor --

Micromata GmbH
Conference Room, Github Quota, Pizza :)

Past events (96)

Security Meetup 0x4A (Remote) (Nr 74)

This event has passed

Photos (539)