December Meetup - "One SSO to rule them" & "Investigating a Data breach event"

Address:
EY office meeting room, Level 14

Agenda

• Food, Drinks & Networking (15 mins) (Don't forget to bring your business card)

• Introduction & Announcement (10 mins)

• One SSO to rule them all: The PS_TOKEN (40mins)

• Break (5 mins) • Investigation on the recent Data Breach event (30 mins)

Abstracts

One SSO to rule them all: The PS_TOKEN by Sayed Hamzah

The PS_TOKEN is the Single Sign-On (SSO) implementation for Oracle Peoplesoft applications, which provide operational support for enterprises such as Human Resource Management and Customer Relationship Management operations. The PS_TOKEN allows users to access multiple Oracle Peoplesoft applications without the need to log in repeatedly.

However. the current design of the PS_TOKEN generation is flawed, allowing any attacker to have the ability to forge the PS_TOKEN and impersonate as any valid user within the Oracle Peoplesoft applications in order to gain access to confidential information without the knowledge of the user's password.

Investigating the recent Data Breach and Exposure by Ildaf

Speakers' Bio

Sayed Hamzah: Currently working as a Security Consultant in Centurion Information Security, Hamzah has a vast amount experience in the areas of penetration testing for mobile/web applications and enterprise network infrastructures. His skillset is further complimented with his acquisition of Offensive Security certifications (OSCP, OSCE) and CREST Registered Tester (CRT) certifications. In addition, Hamzah has been actively involved in the establishment of the Offensive Cyber Security Club in Nanyang Technological University, providing training for club members who have a keen interest in vulnerability assessment and penetration testing as a career in the future.

Ildaf: A cyber threat intelligence analyst & researcher who dives into the 3 layers of the web and relies mainly on OSINT tools and SOCMINT to conduct research and gather intelligence.