Name: December Meetup - "One SSO to rule them" & "Investigating a Data breach event"
Start: 2017-12-14T18:30:00+08:00
End: 2017-12-14T20:30:00+08:00
Location: Ernst & Young (EY)

Address:
EY office meeting room, Level 14

Agenda

• Food, Drinks & Networking (15 mins) (Don't forget to bring your business card)

• Introduction & Announcement (10 mins)

• One SSO to rule them all: The PS_TOKEN (40mins)

• Break (5 mins) • Investigation on the recent Data Breach event (30 mins)

Abstracts

One SSO to rule them all: The PS_TOKEN by Sayed Hamzah

The PS_TOKEN is the Single Sign-On (SSO) implementation for Oracle Peoplesoft applications, which provide operational support for enterprises such as Human Resource Management and Customer Relationship Management operations. The PS_TOKEN allows users to access multiple Oracle Peoplesoft applications without the need to log in repeatedly.

However. the current design of the PS_TOKEN generation is flawed, allowing any attacker to have the ability to forge the PS_TOKEN and impersonate as any valid user within the Oracle Peoplesoft applications in order to gain access to confidential information without the knowledge of the user's password.

Investigating the recent Data Breach and Exposure by Ildaf

Speakers' Bio

Sayed Hamzah: Currently working as a Security Consultant in Centurion Information Security, Hamzah has a vast amount experience in the areas of penetration testing for mobile/web applications and enterprise network infrastructures. His skillset is further complimented with his acquisition of Offensive Security certifications (OSCP, OSCE) and CREST Registered Tester (CRT) certifications. In addition, Hamzah has been actively involved in the establishment of the Offensive Cyber Security Club in Nanyang Technological University, providing training for club members who have a keen interest in vulnerability assessment and penetration testing as a career in the future.

Ildaf: A cyber threat intelligence analyst & researcher who dives into the 3 layers of the web and relies mainly on OSINT tools and SOCMINT to conduct research and gather intelligence.

Hang Lima Jebat

Ryan Baxendale

Emil Tan

Randen Rosete

Division Zero (Div0) – Singapore Cybersecurity Community

Division Zero (Div0)

IIC Productions Pte Ltd

Red Alpha

CyberSG TIG Collaboration Centre

Technology

Hacking

Ethical Hacking

Cybersecurity

Information Security

Computer Security

Network Security

Application Security

Software Security

Web Security

Web Application Security

Cloud Security

Penetration Testing

White Hat Hacking

December Meetup - "One SSO to rule them" & "Investigating a Data breach event"

Ernst & Young (EY)

Share

Division Zero (Div0) – Singapore Cybersecurity Community

December Meetup - "One SSO to rule them" & "Investigating a Data breach event"

Division Zero (Div0) – Singapore Cybersecurity Community

Details

Sponsors

Members are also interested in