Cork|Sec 124
Details
Running since June 2013, every month we have 1-2 talks focused on Security or Technology - followed by socialising with like minded people – and you can find out exactly what to expect about the night and the venue on the What We're About section of our Meetup page. Past talk details are on our wiki on http://corksec.com/. All people with any sort of an interest or level of knowledge in Security, Hacking and Emerging Technology are more than welcome to attend and feel free to bring like minded colleagues and friends.
CorkSec is made possible through generous sponsorship from our Silver Sponsors Trend Micro and CyberSkills , as well as our Bronze Sponsors featured prominently on the night.
Our talks come from our community so if you have an idea for a topic (anything for 10-60 minutes) please email us at DefconCork@gmail.com . Whether you are an experienced presenter, or presenting for your first time - CorkSec is a great venue for it - and we are happy to help you prepare and mentor you.
Doors open at 19:00 with talks starting at 19:15. Talks below
TALK 1: The murky world of the Cybercriminal Underground - Bob McArdle
Can you cover 15 years of evolution of Cybercrime in 30 minutes? If we focus on technical changes over that time, probably not - but when we focus on the root cause of all Cybercrime, the Human being and their way of thinking - we'll see that we not only can show the real cause for changes in Cybercrime over the years - but also have a pretty accurate idea of what comes next.
TALK 2: When AppSec meets NetSec: Exploiting XSS Vulnerabilities on SDN Controllers - Dylan Smyth
Blurb: Software-Defined Networking (SDN) is a networking technology that centralised network management, making it perfect for large complex networks like those found in data centres. In this talk, Dylan will go over some vulnerabilities that he found in the web interface of two popular SDN controllers. He will cover the vulnerability discovery process that he used and discuss a custom tool that he developed to exploit the vulnerabilities. He will also show how an attacker can exploit these vulnerabilities to switch off network-wide security functions, and even retrieve a shell! Dylan will also briefly cover the process to report vulnerabilities like these and obtain a CVE ID for them.