Worum es bei uns geht

Vorträge, Workshops, Hacknights... Alles rund ums Thema, offen für alle Formen, Farben und Themen!

Links zu:

• GitHub: Vortrags- und Workshopmaterial (https://github.com/it-security-kassel-nordhessen/meetup)

• Slack: Kommunikation und Austausch (https://it-sec-meetup-kassel.slack.com)

Lectures, workshops, hacking nights ... Everything about it-security, open to all forms, colors and topics!

Links to:

• GitHub: Lectures and workshop material (https://github.com/it-security-kassel-nordhessen/meetup)

• Slack: Communication and Exchange (https://it-sec-meetup-kassel.slack.com)

Bevorstehende Events (4+)

OWASP Stammtisch Frankfurt + Security Meetup 0x4C Collective Event (Remote)

Link für Teilnehmer sichtbar

In cooperation with https://www.meetup.com/de-DE/IT-Security-Stammtisch-Frankfurt-OWASP-u-w/

Talks:

1 - Catching Transparent Phish: Understanding and Detecting MITM Phishing Kits (Prof. Nick Nikiforakis, Brian Kondracki PhD Candidate, Stony Brook University)

For over a decade, phishing toolkits have been helping attackers automate and streamline their phishing campaigns. Man-in-the-Middle (MITM) phishing toolkits are the latest evolution in this space, where toolkits act as malicious reverse proxy servers of online services, mirroring live content to users while extracting credentials and session cookies in transit. These tools further reduce the work required by attackers, automate the harvesting of 2FA-authenticated sessions, and substantially increase the believability of phishing web pages.

2 - Abusing cloud apps 101: Command and Control (Dagmawi Mulugeta, Cloud Researcher, Netskope)

Enterprises have rushed to move from outdated on-premise servers to SaaS applications in the cloud. Well, guess what? Attackers are also making the move. Why would an attacker operate their own command and control infrastructure when they can abuse something that already exists?

Abuses of apps like Slack, DropBox, GitHub, and OneDrive for command and control have even used app-specific features like channels in Slack and commits in GitHub to not only blend into normal traffic but also afford themselves the flexibility provided by the cloud application. In our research, we find that this flexibility can be leveraged even further to evade existing controls.

This talk will explore this new threat landscape, showing some real-world examples of attacks exploiting cloud services, reviewing some of the most abused cloud applications, presenting some novel tactics for command and control, and sharing behavior- based defenses for these attacks. This talk will equip you with the information required to spot these attacks in your environments and strategies to reduce the attack surface.

3 - Operationalizing _BOM with CycloneDX and Dependency-Track (Niklas Düster, Co-Lead OWASP Dependency-Track)

Driven by incidents in the recent past, software supply chain security has gained lots of attention in the industry. An essential part of supply chain security is transparency which, similarly to physical supply chains, can be achieved using Bills of Materials (BOMs). With increasingly more governments, regulators and organizations asking for SBOMs, and more OSS projects providing them alongside their releases, the question of what to do with all these documents becomes prominent. In this talk we'll explore how BOMs can be utilized to identify various kinds of risk in your supply chain with OWASP Dependency-Track.

==

This event will take place remotely.

The remote access data will be sent to all registered participants by email on the day of the meetup.

The event is open, everyone is welcome!
If you have any questions, just write in the comments: You will surely find someone to answer them.

If you want to present something yourself, e.g. if you've discovered something cool or just want to share it feel free to do so! We are looking forward to every presentation no matter how long it is.

==

Duration of the talks:
Normal: Max 1h 30, Shorty: Short talk

Further resources IT-Security-Meetup Kassel:

  • Talks from the past:
    -- https://github.com/it-security-kassel-nordhessen/meetup
    -- https://www.youtube.com/watch?v=nTpTSOVXSTU&list=PLGrnDfwTFZ7nluvGOIIR1GXHCEAnuLR1o

• ---------------------------------------------------------------------------

-- Sponsor --

OWASP, Micromata GmbH

Workshop Security Games Digital Table Top

Link für Teilnehmer sichtbar

Diese Veranstaltung wird remote stattfinden.

Die Remote-Zugangsdaten gehen an alle registrierten Teilnehmer am Tag des Meetups.

Die Veranstaltung ist offen, jeder ist gerne willkommen!
Wenn Du Fragen hast, einfach in die Kommentare schreiben: Es findet sich sicherlich jemand der sie beantwortet.

==

This event will take place remotely.

The remote access data will be sent to all registered participants by email on the day of the meetup.

The event is open, everyone is welcome!
If you have any questions, just write in the comments: You will surely find someone to answer them.

==

Spielideen / Game ideas:

  • Maelstrom Mitre Game https://github.com/maelstromthegame/defcon24 (Claudius)
  • Decisions & Disruptions https://sites.google.com/view/decisions-disruptions/ (Stefan)

2
Security Meetup 0x4D (Remote) (Nr 77)

Link für Teilnehmer sichtbar

Vorträge / Talks:

1 - Making ASVS truly your own ( Luis Servin, wrk.com )

ASVS is perhaps the best collection of requirements for web applications in the industry. It is well-balanced and covers all your needs. Best of all, it is made so that it can prevent any of the OWASP top ten from manifesting in your systems. Knowing all these benefits, surely makes you want to adopt it for the company you work in. The biggest challenge you'll face is identifying the best way to do it. You surely don't want to copy paste from a PDF!

We will explore how the ASVS is built and how you can modify parameters to adapt to your company's corporate design, like fonts, logos, first pages, etc. We will then go into the details of how you can change the contents to add references to other policies, hyperlinks to CWEs, or Make major changes to the text.

Finally we will explore how this could be the beginning of a new era in the creation and management of policies for your company. We'll explore the requirements for this and how you could get all stakeholders on board.

2 - tbd

3 - tbd

==

Diese Veranstaltung wird sowohl remote stattfinden.

Die Remote-Zugangsdaten gehen an alle registrierten Teilnehmer am Tag des Meetups.

Die Veranstaltung ist offen, jeder ist gerne willkommen!
Wenn Du Fragen hast, einfach in die Kommentare schreiben: Es findet sich sicherlich jemand der sie beantwortet.
Falls du selbst etwas vorstellen willst, z.B. wenn Du etwas Cooles entdeckt hast oder schlicht teilen willst gerne her damit! Wir freuen uns auf jeden Vortrag egal wir lang er ist.

==

This event will take place remotely.

The remote access data will be sent to all registered participants by email on the day of the meetup.

The event is open, everyone is welcome!
If you have any questions, just write in the comments: You will surely find someone to answer them.

If you want to present something yourself, e.g. if you've discovered something cool or just want to share it feel free to do so! We are looking forward to every presentation no matter how long it is.

==

Dauer der Vorträge / Duration of the talks:
Normal: Max 1h 30, Shorty: Kurzvortrag / Short talk

Weitere Ressourcen IT-Security-Meetup Kassel / Further resources IT-Security-Meetup Kassel:

  • Alte Vorträge / Talks from the past:
    -- https://github.com/it-security-kassel-nordhessen/meetup
    -- https://www.youtube.com/watch?v=nTpTSOVXSTU&list=PLGrnDfwTFZ7nluvGOIIR1GXHCEAnuLR1o

• ---------------------------------------------------------------------------

-- Sponsor --

Micromata GmbH
Conference Room, Github Quota, Pizza :)

Security Meetup 0x4E (Remote) (Nr 78)

Benötigt einen Veranstaltungsort

Talks

1 Cybersicherheit im IoT führt zu einem Nachhaltigkeitsproblem ( Mirko Ross, https://twitter.com/mirko_ross , https://podtail.com/de/podcast/hackwerk/ )

Produkte im Internet der Dinge vor Hacking und Cyberangriffe zu schützen ist eine schwierige Aufgabe. Oftmals führen gut gesicherte Produkte zu schwierigen Nebeneffekten wie verkürzten Lebenszyklen und erschwerter bis unmöglicher Reparatur. Das Internet der Dinge bewegt sich im Spannungsfeld zwischen Produktsicherheit und Nachhaltigkeit mit oftmals gravierenden negativen Folgen für Hersteller, Verbraucher und Umwelt.
Der Vortrag zeigt an praktischen Beispielen die Auswirkungen von IoT, Cybersecurity und Nachhaligkeit. Es werden Probleme aus der Praxis dargestellt und Lösungswege aufgezeigt. Ziel ist es dem Publikum ein
Verständnis für nachhaltige IoT Produkt-Entwicklung zu vermitteln.

2 tbd
3 tbd

Diese Veranstaltung wird remote stattfinden.

Die Remote-Zugangsdaten gehen an alle registrierten Teilnehmer am Tag des Meetups.

Die Veranstaltung ist offen, jeder ist gerne willkommen!
Wenn Du Fragen hast, einfach in die Kommentare schreiben: Es findet sich sicherlich jemand der sie beantwortet.
Falls du selbst etwas vorstellen willst, z.B. wenn Du etwas Cooles entdeckt hast oder schlicht teilen willst gerne her damit! Wir freuen uns auf jeden Vortrag egal wir lang er ist.

==

This event will take remotely.

The remote access data will be sent to all registered participants by email on the day of the meetup.

The event is open, everyone is welcome!
If you have any questions, just write in the comments: You will surely find someone to answer them.

If you want to present something yourself, e.g. if you've discovered something cool or just want to share it feel free to do so! We are looking forward to every presentation no matter how long it is.

==

Dauer der Vorträge / Duration of the talks:
Normal: Max 1h 30, Shorty: Kurzvortrag / Short talk

Weitere Ressourcen IT-Security-Meetup Kassel / Further resources IT-Security-Meetup Kassel:

  • Alte Vorträge / Talks from the past:
    -- https://github.com/it-security-kassel-nordhessen/meetup
    -- https://www.youtube.com/watch?v=nTpTSOVXSTU&list=PLGrnDfwTFZ7nluvGOIIR1GXHCEAnuLR1o

• ---------------------------------------------------------------------------

-- Sponsor --

Micromata GmbH
Conference Room, Github Quota, Pizza :)

Vergangene Events (97)

Security Meetup 0x4B (Remote) (Nr 75)

Dieses Event ist vorbei

Fotos (539)