18:30 - 19:00 Dinner
19:00 - 19:15 Welcome
19:15 - 20:00 Recon Recon by Martijn Baalman
20:00 - 20:15 Break
20:15 - 21:00 The Good, The Bad and The Ugly of Responsible Disclosure by Chrissy Morgan
21:00 - Closing and networking
This monthly meeting’s lightning talk theme is “A Look Inside the Mind of a White Hat Hacker” and the evening's food and drinks are sponsored by Detectify, a Swedish security startup offering automated web application and domain security. Detectify collaborates with handpicked white hat hackers to crowdsource security knowledge which provides a test bed to detect 1000+ common vulnerabilities.
White-hat hackers are experts at discovering vulnerabilities and they want to help you improve your security. You may never be able to hire them for a full-time position, but they can play a key role in protecting your web application. With the rate at which vulnerabilities are discovered and high profile companies are getting breached today, the pressure is on Security and Developers professionals to find ways to stay on top of new threats as they are discovered and collaborating with white-hat hackers may get you closer to this.
Some companies rely on annual security audits, while others are finding ways to automate security into the development cycle. Tech leaders are doing something else in addition to these options; they are collaborating with white-hat hackers to seek out the bugs and secure their applications and end users.
This evening we will hear from 2 Detectify Crowdsource hackers as they share some tales and best practices from their bug bounty hobbies. Here are our speakers:
Martijn Baalman aka @x1m_martijn - "Recon Recon":
In the daytime, Martijn is a pen tester at Qbit Cyber Security, and by night he is bug bounty hunting in the wild and sending PoCs to Detectify Crowdsource and other bug bounty platforms. Recon is key for finding vulnerabilities yet is tedious at times. Hackers, like developers, find that automation makes life easier, even recon. Martijn has developed something called ReconPi, a bug bounty reconnaissance tool that automates most of the (general) recon methods that hackers use. He’ll show you how he does all his recon, yes everything, on a Raspberry Pi 3 in his lightning talk.
Chrissy Morgan aka 5w0rdFish - "The Good, The Bad and The Ugly of Responsible Disclosure."
So what's has a JQuery bug that affected thousands of websites with one of the highest starred GitHub repos with 7,800 forks, a Domain Name Registrar vulnerability which allowed for full access to domain owner details (post GDPR) and data protection flaws within Microsoft's Office365 all have in common? ... Answer: Responsible Disclosure. This talk will feature disclosure on each of the bugs and others, the circumstances around these when reporting, to highlight the problems security researchers face today when trying to do the right thing and to raise awareness of the security flaws so we are better protected.
Chrissy leads the IT Security Operations for a Close Protection company and in her spare time Chrissy has carried out research in the areas of web application security, Steganography, RFID, Physical Cyber Systems Security and is actively involved within the information security community across a wealth of subjects. She also runs The Co-Lab in London, which is a hardware hacking security research workshop. As a recent Napier Masters Graduate, she has accomplished the following successes so far: Winner of Cyber Security Challenge UK (University Challenge - Team Edinburgh Napier), CTF Finalist for the Pragyan CTF (Team Edinburgh Napier) , A BlackHat Challenge Coin winner for OSINT from Social Engineer.org and Black Hat Scholarship, Steelcon Award, WISP Sponsorship, was the BSides London Rookie Track Speaker Winner for 2018 and most recently won the ISC(2) Up and coming Security Professional 2019.