OWASP Porto Chapter

#10 - Winter Sunset

Wed, Mar 11 · 6:00 PM WEST

Five9 Inc., Rua de Anselmo Braamcamp 119, 4000-082 Porto, Porto, PT

OWASP Porto Chapter meetup: #10 - Winter Sunset, March 11th, 2026 at 18:00. With support from Five9

IMPORTANT: OWASP is sunsetting Meetup soon, so we're getting ahead of it. For that reason, RSVPs for this event are happening through this registration form.

Register above to save your seat! Thanks for bearing with us through the transition!

Stay connected! Join us on the official OWASP Slack using this Slack Invite Link and hop into #chapter-porto to say hello!

Agenda:
18:00 - Intro and Welcome by the OWASP Porto chapter leadership
18:05 - The Modern Hacker – From Insight to Impact by Karsten Nohl
18:35 - Extending C2 Traffic Detection Methodologies: From TLS 1.2 to TLS 1.3-enabled Malware by Carlos Novo
19:10 - Stealing the keys from the octopus: Exfiltration of git credentials in Argocd by João Marono
20:00 - Dinner and Drinks

Talks:

The Modern Hacker – From Insight to Impact
By Karsten Nohl

The role of hackers is often misunderstood. We break into systems, but we equally desire to improve technology.
Since I started 20 years ago, the corporate attitude towards ethical hackers has flipped from hostility to embrace. At the same time, our hacker community still looks down upon "the management", stuck in our echo chamber where business decisions are mistaken for ignorance.
This keynote revisits how far we have already come in co-evolving technology through mutation and hacking “selection”. Celebrations are in order! And yet we need ever more Robin Hoods to ensure technology evolves securely.

Bio: Karsten is a cryptographer and security researcher known for challenging security assumptions in proprietary systems. He serves as the Chief Innovation Officer at Allurity and is the Founder of Security Research Labs in Berlin (srlabs.de) and Autobahn Security in Jakarta (autobahn-security.com).
Karsten gained prominence for exposing major vulnerabilities in GSM, SIM cards, payment systems, and the SS7 protocol. He has served as interim CISO for major telecommunications groups including Reliance Jio and Axiata, and holds a Ph.D. from UVA. He regularly presents at major security conferences such as Black Hat and CCC.

Linkedin: https://www.linkedin.com/in/karsten-nohl/

---------

Extending C2 Traffic Detection Methodologies: From TLS 1.2 to TLS 1.3-enabled Malware
By Carlos Novo

Abstract: As the Internet evolves from TLS 1.2 to TLS 1.3, it offers enhanced security against network eavesdropping for online communications. However, this advancement also enables malicious command-and-control (C2) traffic to evade malware detectors and intrusion detection systems more effectively. Given the pressing need to accurately detect malicious C2 communications, this talk examines the extent to which existing C2 classifiers for TLS 1.2 are less effective when applied to TLS 1.3 traffic, posing a central research question: Is it possible to adapt TLS 1.2 detection methodologies for C2 traffic to work with TLS 1.3 flows? We answer this question affirmatively by introducing new methods for inferring certificate size and filtering handshake/protocol-related records in TLS 1.3 flows. These techniques enable the extraction of key features to enhance traffic detection and can be used to preprocess data flows before applying C2 classifiers. To our knowledge, these are the first findings to showcase specialized TLS 1.3 C2 traffic classification.

Bio: Carlos Novo is a Research Engineer at VORTEX CoLab and is pursuing a PhD in Computer Science at the University of Porto.
He holds a Master's Degree in Electrical and Computer Engineering, majoring in Telecommunications, Electronics, and Computers, and specializing in communication networks and systems.
Carlos' research interests include cybersecurity, network traffic-based intrusion detection, and adversarial machine learning. He has published multiple conference papers and has been an invited assistant at the University of Porto, teaching lab classes for courses such as Security of Systems and Networks, Computer Security Foundations, and Networks and Systems Management. At VORTEX Colab, Carlos has been applying his expertise to projects and proposals, primarily in Vehicle-to-everything (V2X) communications.

Linkedin: https://www.linkedin.com/in/carlos-novo

---------

Stealing the keys from the octopus: Exfiltration of git credentials in Argocd
By João Marono

Abstract: This talk explores a novel technique for exfiltrating Git credentials from ArgoCD, a popular open-source GitOps continuous delivery tool for Kubernetes. By leveraging Kubernetes's default DNS behavior and ArgoCD’s certificate management feature, an authenticated attacker can deceive ArgoCD into connecting to a malicious service that mimics a trusted Git server. The technique enables attackers to intercept and extract sensitive credentials, such as personal access tokens, passwords, and GitHub App access tokens, which can compromise entire repositories and organizations, exfiltrate source code and secrets, and potentially set up a malicious CI/CD. Blog post link: https://futuresight.club/posts/0x00_exfiltrate_git_credentials_argocd.html

Bio: By day, João Marono works at NOS's cybersecurity team as a DevSecOps, working on tools like SOAR, SIEM, CLM, Kubernetes, and a bit of cloud. By night, he does security research in open-source projects for the Future Sight Group. His areas of expertise are Kubernetes and web exploitation. This year, he has already achieved two medium CVEs in services such as Apache Superset and Flask AppBuilder, a popular Flask framework.

Linkedin: https://www.linkedin.com/in/joaomarono/