Ruxmon Lightning Talks (September)

Ruxmon is a free monthly event where speakers from the local security community share their knowledge on a security topic ranging from introductory/beginner level to more advanced topics.

This month we are continuing with the new format of lightning talks (max 10 minutes). We are currently accepting submissions from speakers.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
The NeverEnding Story of a bug - Web(un)Logic - pimps

This lightning talk aims to explain the NeverEnding Story of an unsecure XML Deserialization bug in weblogic that can lead to unauthenticated RCE. The history of this bug starts in 2017 under the CVE-2017-3506 and got its latest bypass in 2019 as CVE-2019-2729. An exploit that was written by the speaker to exploit all those CVEs will also be demonstrated.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Security as Convenience: When safe is also easier - Ulisses Albuquerque

By providing known-good and safe preset building blocks for infrastructure, libraries and architecture patterns, security controls can be piggybacked in resources which make developers' jobs easier. During this talk we will discuss an implementation of this pattern and how hook points for security can be easily identified and leveraged, especially in cloud-first environments.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
SQL Injection - Luke

Some interesting things to do with SQL injection.