Chapter Croatia Virtual Meetup - SecureBank project and SolarWinds compromise

Hello Everyone,

For this quarter's OWASP Croatia meetup, we have 2 topics that will be delivered virtually (Over Google Meet):

• Milan Gabor, Gregor Spagnolo: Putting OWASP Maribor on the map with SecureBank
• Vanja Svajcer: SolarWinds compromise - lessons learned
• Chill and Chat - Stay a while and chat with others from OWASP Croatia

See you!

Talk abstracts and bio's follow:

----------
Milan Gabor, Gregor Spagnolo: Putting OWASP Maribor on the map with SecureBank

COVID-19 is not always a bad thing. During this period, we managed to revive Slovenian part of OWASP and even applied and got accepted our first OWASP project. SecureBank is deliberately broken bank with all of OWASP TOP 10 mistakes. Written in .Net Core and with full access to the source code. How did we do it, what stood in our way and how it can help you will be main topic of our presentation.

Bios:
Milan Gabor is OWASP freak with long history of breaking all kind of applications, systems and people. He enjoys playing with all sort of security related topics and dreams about paragliding.

Gregor Spagnolo is a g33k who loves to break all kinds of stuff. He is a passionate developer but even more passionate breaker. He has extensive knowledge in secure application development and lifecycle.

----------

Vanja Svajcer: SolarWinds compromise - lessons learned

Abstract:
Supply chain attacks have a reputation for being difficult to execute for both attackers and defenders. They are typically attributed to top level actor groups and are reserved for attacking only the highest profile targets.

SolarWinds compromise at the end of 2020 displayed full potential of supply chain attacks, with the complex attack chain starting with the compromised SolarWinds Orion build process, including malicious source code injection, implanted backdoor, C2 DGA based communication protocol and secondary payload implementation.

In this session we will look at the details of the compromise and describe attackers's TTPs keeping in mind they have not been discovered for more than half a year after the initial compromise. We will conclude with a list of items red and blue team members could have learned from it and propose steps that can be implemented to prevent and detect similar attacks.

Bio:
Vanja Svajcer works as a Threat researcher for Cisco Talos Threat Intelligence organisation.

Vanja enjoys tinkering with automated analysis systems, reversing binaries and Android malware. He thinks time spent scraping telemetry data for signs of new attacks is well worth the effort.

In his free time, he is trying to improve on his piano and guitar playing skills and often plays basketball, which at his age is not a recommended activity.