A night of Blackteaming, Supply Chain Attacks and DEFCON CTF

After a long hibernation we're back, stronger than ever, with a great lineup.

This is what we have so far:

Brian Harris: War Stories in Physical Penetration Testing
This is going to be a talk about the how the world continues to drive full speed ahead on cyber security, but when it comes to physical security we are often around 10-20 years behind. I will show some war stories, techniques and the like to highlight just how vulnerable even high security locations are when it comes to physical penetration testing and that if you have no physical security, you have no cyber security

Brian Harris has a long career of phyiscal pen testing (aka blackteaming) behind him. He can truly do some amazing stuff that can make you stop and wonder why we even bother having locks in the first place, so obviously you don't want to miss this!

Mikkel Rømer: Infiltrating modern companies using Supply Chain Attacks
Case: Visual Studio Code
Within this session we will be deep diving into Supply Chain attacks. Supply chain attacks is a growing phenomenon, which allows the adversary to infiltrate widely whilst gaining the trust of legitimate software brands. This session will be technical. We will be designing and implementing techniques throughout the presentation until a final malware is ready for deployment. With a fully custom build malware, targeting the modern text- and code editing application Visual Studio Code, we will investigate its potential in terms of detection within top class endpoint detect and response software such as CrowdStrike Falcon and Microsoft Defender for Endpoint. We will compare the results with similar execution done via the notorious adversary framework Cobalt Strike. Brace yourself for a thrilling journey through the shadows of the digital realm, where adversaries roam undetected.

Speaker bio from Mikkel coming up!

Adam Blatchley Hansen and William Ben Embarek: How to get 6th place at DEFCON CTF!
Every year the legendary hacker convention DEFCON hosts one of the oldest and most competitive cybersecurity CTF competitions in the world. This year, Kalmarunionen joined forces with teams from around the nordics as NORSECODE, and travelled to the finals in Las Vegas, where they took home a very impressive 6th place overall. In this talk Adam and William will share the story of the teams road to qualifying for, and competing at the DEFCON CTF finals. Introducing the world of "CTF" hacking competitions from the perspective of a top competitive team, and giving an inside look at what it takes to compete in international hacking competitions at the very highest level. From organisational strategies to interesting CTF challenges to internal team tooling, they'll go over what it took for Norsecode to outperform many much larger and more experienced teams, as well as some of the more unexpected challenges they encountered along the way!
Bio: Adam is a PhD student studying Cryptography at Aarhus university, as well Head Coach of Cyberlandsholdet and the current captain of Kalmarunionen and Norsecode. William is a Pentester at TDC NET, as well as being a longtime CTF player with Kalmarunionen he also handled onsite infrastructure for Norsecode during DEFCON finals in Vegas.

On top of this we'll be giving away the content of that big box of swag (B&B expansion decks included) from our friends at Black Hills Infosec a friend of us recently recovered from a rendez-vous with them af BSides Frankfurt and of course pizza and drinks as usual! (which is why you need to sign up so we know how many are coming. If you can't make it after signing up please update your RSVP to reflect that).

The lineup is not yet finalized but talks will be around 1 hour each. We start at 17.00 with a short introduction of OWASP Copenhagen, have a talk then pizza, drinks and mingling. After that we'll do the rest of the night's talk.

Join us - it'll be great!