SecTalks SYD0x35 (53rd) - SecTalks Live 2019

** RSVP will be open 48 hours before the meetup; 6pm 6th October **

# Presentation

This is SecTalks first joint live event! We are thrilled to have 'codingo' presenting from Melbourne, which will be live streamed to Sydney SecTalks. Due to room restrictions, we can only have 60 attendees for this event. However, there will be public live steam link to participate remotely.

Title: The Changing Landscape of Web Tooling: Open Source products, Tools and Techniques from 2019, and a crystal ball into 2020.

The sheer quality of open source tools has changed dramatically over this year. With new offerings and significant improvements in fuzzing, directory brute-forcing and subdomain discovery being so significant, the previous approaches documented heavily in courses, guides and discussed by others are in many cases no longer as relevant as they once were. We’ve also seen the rise in newer points of enumeration (such as build logs) and tools surrounding this ranging from discovery to API key verification. Additionally, previous attacks that were difficult to perform given a lack of tooling are now accessible to the masses given new tools and automation surrounding them. It’s important that both offensive and defensive security professionals are aware of these advancements so they can improve their workflows or detection methods.

by Michael Skelton.

Michael (also known as codingo) is the current Head of Researcher Enablement at Bugcrowd and is heavily active in the open source space as https://github.com/codingo. Michael has written and maintains a number of tools, focused on web application security including but not limited to Reconnoitre, NoSQLMap, VHostScan, and Interlace. Michael also helps to maintain a number of online resources of interest to defensive teams including tools and datasets for the mitigation of ransomware, crypto jacking, key verification, and fingerprinting of services that are vulnerable to subdomain takeovers.

# CTF
There will be bug bounty. Bring your laptop and 4G if you would like to participate.

# Sponsors
Almost all of our sponsors have open InfoSec positions that you can apply to directly using the links below. Please let them know that you found the job through SecTalks.

• Google Sydney (https://bit.ly/2IiKrCm)

• Atlassian Sydney (https://bit.ly/2Hk2qX1)

• ServiceNow (https://bit.ly/2uP0XRD)

• FireEye (https://bit.ly/2LMfvew)