SecTalks LJU0x14

Agenda:

[*] 0x00 Intro

[*] 0x01 Talk: Security in CI/CD systems (Jernej Porenta)

CI/CD became an essential part of any software delivery pipeline and present a nice attack surface. In this talk, we will dive into a beautiful world of buzzwords like DevSecOps, Shift Left Security, CI/CD ATT&CK matrix, etc. We will try to map these buzzwords into real-life scenarios with our (3fs) lessons learned.

[*] 0x02 Hacking: Short CTF (60min)

[*] 0x03 Optional drink across the street (Kino Siska)

Notes:

• Bring your laptop.
• Have a hypervisor software, e.g. VMWare player, Virtual box. It may be necessary for running some CTF challenges.
• Based on the number of participates for the CTF, the group may be divided into teams. PREPARE TO MAKE NEW FRIENDS. We will try to team up beginners with gurus. Those that want to go solo are still welcome to do so.
• This is a learning exercise for everyone. The idea is to think about problems, make friends and have fun. Don't treat it like a competition.
• The winner is the first team who solves the challenge. The winner will win the praise and admiration of fellow attendees. Gentle prods and hints will be offered during the session to move things along if people get stuck. The goal is to learn, not to beat your head against a wall for days on end.
• Have fun. Learn. Mentor if you are able to. Participate, or just socialize. This is supposed to be a fun, learning event for the security and hacker community.