OWASP Porto Chapter

OWASP Porto Chapter meetup: #10 - Winter Sunset, March 11th, 2026 at 18:00.

IMPORTANT: OWASP is sunsetting Meetup soon, so we're getting ahead of it. For that reason, RSVPs for this event are happening through this registration form.

Register above to save your seat! Thanks for bearing with us through the transition!

Stay connected! Join us on the official OWASP Slack using this Slack Invite Link and hop into #chapter-porto to say hello!

Agenda:
18:00 - Intro and Welcome by the OWASP Porto chapter leadership
18:15 - Extending C2 Traffic Detection Methodologies: From TLS 1.2 to TLS 1.3-enabled Malware by Carlos Novo
19:00 - Stealing the keys from the octopus: Exfiltration of git credentials in Argocd by João Marono
20:00 - Dinner and Drinks

Talks:

Extending C2 Traffic Detection Methodologies: From TLS 1.2 to TLS 1.3-enabled Malware
By Carlos Novo

Abstract: As the Internet evolves from TLS 1.2 to TLS 1.3, it offers enhanced security against network eavesdropping for online communications. However, this advancement also enables malicious command-and-control (C2) traffic to evade malware detectors and intrusion detection systems more effectively. Given the pressing need to accurately detect malicious C2 communications, this talk examines the extent to which existing C2 classifiers for TLS 1.2 are less effective when applied to TLS 1.3 traffic, posing a central research question: Is it possible to adapt TLS 1.2 detection methodologies for C2 traffic to work with TLS 1.3 flows? We answer this question affirmatively by introducing new methods for inferring certificate size and filtering handshake/protocol-related records in TLS 1.3 flows. These techniques enable the extraction of key features to enhance traffic detection and can be used to preprocess data flows before applying C2 classifiers. To our knowledge, these are the first findings to showcase specialized TLS 1.3 C2 traffic classification.

Bio: Carlos Novo is a Research Engineer at VORTEX CoLab and is pursuing a PhD in Computer Science at the University of Porto.
He holds a Master's Degree in Electrical and Computer Engineering, majoring in Telecommunications, Electronics, and Computers, and specializing in communication networks and systems.
Carlos' research interests include cybersecurity, network traffic-based intrusion detection, and adversarial machine learning. He has published multiple conference papers and has been an invited assistant at the University of Porto, teaching lab classes for courses such as Security of Systems and Networks, Computer Security Foundations, and Networks and Systems Management. At VORTEX Colab, Carlos has been applying his expertise to projects and proposals, primarily in Vehicle-to-everything (V2X) communications.

Linkedin: https://www.linkedin.com/in/carlos-novo

---------

Stealing the keys from the octopus: Exfiltration of git credentials in Argocd
By João Marono

Abstract: This talk explores a novel technique for exfiltrating Git credentials from ArgoCD, a popular open-source GitOps continuous delivery tool for Kubernetes. By leveraging Kubernetes's default DNS behavior and ArgoCD’s certificate management feature, an authenticated attacker can deceive ArgoCD into connecting to a malicious service that mimics a trusted Git server. The technique enables attackers to intercept and extract sensitive credentials, such as personal access tokens, passwords, and GitHub App access tokens, which can compromise entire repositories and organizations, exfiltrate source code and secrets, and potentially set up a malicious CI/CD. Blog post link: https://futuresight.club/posts/0x00_exfiltrate_git_credentials_argocd.html

Bio: By day, João Marono works at NOS's cybersecurity team as a DevSecOps, working on tools like SOAR, SIEM, CLM, Kubernetes, and a bit of cloud. By night, he does security research in open-source projects for the Future Sight Group. His areas of expertise are Kubernetes and web exploitation. This year, he has already achieved two medium CVEs in services such as Apache Superset and Flask AppBuilder, a popular Flask framework.

Linkedin: https://www.linkedin.com/in/joaomarono/