OWASP Gotheburg: Unofficial Security Fest Pre-Party

Welcome to OWASP Gothenburg’s unofficial warmup session to Security Fest for an evening with food, drink and interesting keynotes with the Cybersecurity Community! You do not need a ticket to Security Fest to attend, everyone with a cybersecurity interest are welcome

Where: Assured Security Consultants,Norra Allégatan 7, 413 30 Göteborg

Agenda:

• 17:30 - 18:00 - Doors open
• 18:00 - 18:45 - The Single-Packet Shovel: Digging for Desync-Powered Request Tunnelling, Thomas Stacey

HTTP Request Tunnelling is making a comeback thanks to HTTP/2 Desync Attacks, but it’s still living in the shadow of its louder sibling, HTTP Request Smuggling. In this talk, we’ll uncover tunnelling bugs hiding in plain sight across major platforms like IIS, Azure Front Door, and AWS ALB. You'll see a brand-new detection technique in action, blending the sleek “Single-Packet Attack” with classic desync tricks. Along the way, I’ll share the rollercoaster of diving into security research for the first time—and the surprising lessons that came with it. Whether you're a seasoned hacker or just curious, you’ll leave with practical ways to bend existing tools to your will, without the need for any significant coding experience.

• 18:45 - 19:00 - Short break

• 19:00 - 20:00 - Under the Hood: Automotive Cybersecurity, Steven van Acker & Johannes Weschke

Modern vehicles are no longer just machines: they’re complex, connected computer networks on wheels. Attackers and penetration testers approach these systems with the goal of uncovering weaknesses, often revealing vulnerabilities that emerge from assumptions and overlooked details.

In this talk, you’ll get a look under the hood from the perspective of those who test and challenge vehicle security. We’ll explore the technologies involved, the tools and techniques used during assessments, and the skill sets required to evaluate them. Whether you’re a seasoned infosec pro or just starting out, you’ll gain insights into the world of automotive security testing and how to begin your own journey in this rapidly evolving field.

• 20:00+ - Overtime + hangout @ Assured’s office

After the talks are done, Assured’s office will remain open for all event participants to hang out. There will be beer and good company served!

Thomas is a penetration tester, security researcher and full-time Lego enthusiast with a passion for exploring and applying new (and far too complicated) attack technique.

Steven holds two master’s degrees and a PhD in cybersecurity, has led top CTF teams, and has run [OverTheWire.org](http://overthewire.org/) for over 25 years, helping thousands get started in hacking. He’s into reverse engineering, wireless, and breaking things that weren’t meant to be broken — all while avoiding paperwork. Steven also serves on the OWASP Gothenburg board, makes a solid fika, and occasionally remembers he used to run half marathons.With over 10 years of experience in automotive security

Johannes brings deep expertise in protecting modern vehicles from emerging cyber threats. His hands-on approach to technology is reflected in his work designing custom microcontrollers and exploring systems at their lowest levels. Passionate about understanding how things truly work, he bridges the gap between hardware and cybersecurity to deliver robust, real-world solutions.