Skip to content

Details

This month's presentation is from Shubham Shah (shubs), bug bounty legend and CTO of Assetnote. He’ll be presenting his “Beginner’s Guide to Reverse Engineering Enterprise Web Applications”.

Description:
When you see vulnerabilities discovered in enterprise web applications that lead to 0days and CVEs, it’s likely that the source code of that product was audited. As a beginner, you might be wondering, how do I get that source code? What do I do after I’ve gotten it? How do I disclose it in a co-ordinated way? These are some of the questions I usually get from beginners wanting to find their own 0day vulnerabilities. In this talk, I’ll discuss different acquisition techniques, what to generally look for once getting the source code (with examples), and how to ultimately disclose the issues to the vendor. This talk is a revised version of my OWASP DevSlop talk (How to do Code Review - The Offensive Security Way - https://www.youtube.com/watch?v=fb-t3WWHsMQ).

There are limited spots. So it'll be strictly RSVP, with a potential ban for those who RSVP but don't show up or release their spot at the last minute. We don't wanna do this, but please don't RSVP if you can't make it, or please update your RSVP if you can't make it closer to the date.

Face 2 face meetup only. No streaming / recording!

5:45pm for a 6pm start. Access to the venue closes at 6pm. You will have a hard time getting into the building if you’re late!

If you're interested in presenting for future SecTalks BNE events, hit us up, via brisbane@sectalks.org. You'll be reserved a spot if you end up presenting.

Please volunteer if you'd like to run a group attempt at a boot2root or some other "workshop" style thing.

Lots of fun technical security learnings to be had! Or just come and be social :)

Here are some thing to take note of:
1. Bring your laptop / wifi hotspots if you intend to do any CTF or workshops.
B. Clean up after yourself! Doing so ensures we can have the same venue next time.
XII. Have fun. Learn. Mentor if you are able to. Participate, or just socialise. This is supposed to be a fun, learning event for the security and hacker community.
(insert bullet point here) Be excellent to each other.

There will be catering courtesy of our AWESOME sponsors, <>!

If you can't find us or get into the venue, please call 0422 141 584, 0481 233 401, or 0410 435 669 or shoot us a message on Meetup / Slack and we can help out.

Events in Brisbane City

Sponsors

Sponsor logo
Oz Hack
Oz Hack sponsors prizes for the SecTalks Brisbane CTF.
Sponsor logo
Telstra
Telstra sponsors the great venue where SecTalks is held!
Sponsor logo
Alcorn Group
Alcorn Group co-sponsors the catering at the SecTalks Brisbane events.
Sponsor logo
PwC
PwC co-sponsors the catering at the SecTalks Brisbane events.

Members are also interested in