OWASP Newcastle May meetup
This is an online only event. The stream will start around 1900.
1900 - OWASP Newcastle Welcome
Talk one - B@ck 2 BaS!c5: OWASP Top 10
Talk two - Adventures in Out-of-Band Exploitation
Our second event of 2021 (and hopefully our last only virtual one) and we’re delighted to present to you two great talks.
Title: B@ck 2 BaS!c5: OWASP Top 10
Hey! I'm Sarah, a recent graduate from Bournemouth University. I studied Forensic Computing and Security and graduated last year. During my final year I was Vice President of the cyber security society, however also got stuck into the security community by attending conferences (my first one was with Sophia, and I got to watch her talk in 2018), where I ended up speaking on and winning the rookie track in 2019. From there I went on to run my first workshop at G3C, run the Bournemouth 2600 chapter and then become a content creator for Security Queens! I am now a junior security consultant at NCC.
Hello! I'm Sophia, also a recent graduate from Bournemouth University. I studied a BSc in Cyber Security Management and graduated at the same time as Sarah! I was President of the cyber security society, with Sarah as my trusty VP. Since my security journey started circum-2017, I've done a few bits and bobs... I've represented the UK three times at the European Cyber Security Challenge, and was appointed Team Captain in 2019. I was also on the Channel 4 TV show Hunted as a cyber hunter, and similar to Sarah have dabbled in the conference circuit delivering a few talks here and there! I've also (somehow) bagged a few awards, such as Cybersecurity Student of the Year and Highly Acclaimed Rising Star - but most importantly, I now run Security Queens with Sarah and have started my first industry job as a security consultant and penetration tester at NCC.
Be it an OWASP meet, we wanted to go back to basics and run through the OWASP top 10 vulnerabilities. Since we are both new to the industry we wanted to talk about something we have currently been learning about! For this talk we have decided to explain each vulnerability and walkthrough a challenge for each one. (Please pray to the demo gods for us). Since we are still newbies we wanted to finish off our talk with some time to open up the floor to questions and or discussions, so feel free to pitch in with neat tricks, techniques or tools you might use when faced up against these vulns yourself. We hope you enjoy! The Queens.
Title: Adventures in Out-of-Band Exploitation
Bio: Holly Grace has fourteen years of experience in leading information security teams. She holds a Master’s degree in Information Security from Cardiff University. Her early career was spent in the military working in roles such as Site Security Officer, although she now works with a wide range of organisations delivering information security testing. She is the Founder and technical lead for Akimbo Core, leading both the development of the software platform as well as leading the security testing capability. She is also the Managing Director of Secarma, a cybersecurity consultancy focused on Penetration Testing.
Synopsis: Out-of-Band exploitation is an often-overlooked method of exploiting vulnerabilities, speeding up exploitation of blind issues, and bypassing protection mechanisms. It’s a useful technique for attackers to improve their exploitation capability, but there are also some key “your logs are lying to you” lessons for defenders. In this talk we’ll look at it as an exploitation method for web vulnerabilities, as well as give an example of where it can be used to exfiltrate data from hardened internal networks.
You can also join our Google Group which is how we'll be sending out emails to events and is also going to be used as a forum for discussion.