OWASP Frankfurt #56 & Kassel Security 0x4C Collective Event (Remote)

Hi all, we welcoming you to our upcoming OWASP Frankfurt Meetup. This time we are featuring a cooperation with the IT-Security Meetup Kassel, where both of our groups are co-hosting the event together.

_What's going to happen?
We are happy to offer you an interesting variety of talks centered around software vulnerability research.

Note that this Meetup will not be recorded, so make sure not to miss out on this!

_What are the talks?

_First Talk:
"Operationalizing Software Bill of Materials (SBOM) with CycloneDX and Dependency-Track" by Niklas Düster, Security Engineer at Payone and OWASP Project Co-Lead for OWASP Dependency Track and contributor for CycloneDX SBOM Standard
_Overview: Driven by incidents in the recent past, software supply chain security has gained lots of attention in the industry. An essential part of supply chain security is transparency which, similarly to physical supply chains, can be achieved using Bills of Materials (BOMs). With increasingly more governments, regulators and organizations asking for SBOMs, and more OSS projects providing them alongside their releases, the question of what to do with all these documents becomes prominent. In this talk we'll explore how BOMs can be utilized to identify various kinds of risk in your supply chain with OWASP Dependency-Track.

_Second Talk:
"Catching Transparent Phish: Understanding and Detecting MITM Phishing Kits" by. Prof. Nick Nikiforakis and Brian Kondracki, PhD Candidate from Stony Brook University.
_Overview
For over a decade, phishing toolkits have been helping attackers automate and streamline their phishing campaigns. Man-in-the-Middle (MITM) phishing toolkits are the latest evolution in this space, where toolkits act as malicious reverse proxy servers of online services, mirroring live content to users while extracting credentials and session cookies in transit. These tools further reduce the work required by attackers, automate the harvesting of 2FA-authenticated sessions, and substantially increase the believability of phishing web pages.

_Third Talk:
"Abusing cloud apps 101: Command and Control" by Dagmawi Mulugeta, Cloud Researcher at Netskope
_Overview
Abuses of apps like Slack, DropBox, GitHub, and OneDrive for command and control have even used app-specific features like channels in Slack and commits in GitHub to not only blend into normal traffic but also afford themselves the flexibility provided by the cloud application. This talk will explore this new threat landscape, showing some real-world examples of attacks exploiting cloud services, reviewing some of the most abused cloud applications, presenting some novel tactics for command and control, and sharing behavior- based defenses for these attacks. This talk will equip you with the information required to spot these attacks in your environments and strategies to reduce the attack surface.

_When
Wednesday, 24.08.2022, 18:00h - 20.00h CEST (ca. 2 hours)

_Where?
We will be hosting our Meetup via Zoom. Virtual Access details to be announced a few days before!

_Interested in giving a talk yourself?
Get in touch with us (Dan Gora, Jonas Becker or Johannes Schönborn)
_Interested in mentoring or being mentored?

We are exciting to announce our return of our OWASP Frankfurt Mentoring Program (details TBA). If you are interested in becoming a mentor for AppSec, Cloud Security, Ethical Hacking or Blue Teaming, please get in touch with the organisers (Dan Gora, Jonas Becker or Johannes Schönborn)!

_And now?
Save the date, spread the word and bring your friends and colleagues along to our event.

_Follow Us!
Also, follow us on Twitter #owasp_frankfurt and refer to our OWASP Frankfurt site for information including slides and recordings of previous presentations

We're looking forward to see you for this event!