NordTech - App Security Meetup

Join us on November 8 for NordTech – App Security!

NordTech is back after a summer hiatus! For our Autumn edition, we’re focusing on Application Security. Come by to discuss NPM public registry bots, current malware threats, and the state of MQTT.

If you can't make it in person, no worries! We'll share the recording with registrants, so don’t hesitate to sign up anyway.

Agenda:
6.30 PM – Doors open, beverages and snacks

7.00 PM – Welcome

7.05 PM – Talk 1: "Who downloads your NPM package? Research about NPM public registry bots and scrapers" with Rokas Tiškus.
After you upload your package in NPM, it’s not only your users downloading your precious package, but also suspicious bots. This research aims to uncover their objectives by snooping inside these bots. Let's see what they’re up to and find out what secrets they hide.

7.30 PM – Talk 2: "Use information about modern attacks to stay safe" with Valeriy Shevchenko.
In this talk we’ll address a fairly recent threat – hackers stealing user credentials with malware and how it can threaten a company. Only real examples and effective conclusions.

Short break

8.05 PM – Talk 3: "The state of MQTT: Revisiting past security concerns" with Kasparas Bražėnas.
We journey back to DEF CON 24, where Lucas Lundgren and Neal Hindocha revealed their concerns about MQTT, a lightweight messaging protocol crucial for many IoT devices. Fast forward to 2023: How have things changed? Have the security threats of the past been adequately addressed, or do we still face the same challenges? We’ll explore the current landscape of MQTT servers in different countries and assess whether recommendations were applied. This talk aims to introduce listeners to the MQTT protocol, inform about potential privacy/security risks, and provide a few tips on how to secure your MQTT space.

8:30 PM – Food, drinks, and chatting

10.00 PM – Doors close

More about our speakers:
Rokas Tiškus – Application Security Engineer at Nord Security. I am passionate about researching various random cybersecurity topics and looking for new threats in our world.

Valeriy Shevchenko – Security Engineer at Semrush, Researcher, and Bug bounty hunter.

Kasparas Bražėnas – Application Security Engineer at Nord Security – a security specialist that started his career in Customer Success. I believe such experience provides new perspectives on security and gives ideas on possible vulnerabilities.