Talkin' Security - April 2019

Join us on Monday, April 22nd for the fourth Talkin' Security event of the year

AGENDA

6:00 - 6:15pm: Networking

6:15 - 6:30pm: Introduction

6:30 - 7:15pm: Miguel Arroyo - Go Go Gadget...: An Intro to Return-Oriented Programming

Speaker Bio: Miguel Arroyo is a PhD Candidate @ Columbia University. His research interests are in computer security, computer architecture, and cyber-physical systems. His website is https://miguel.arroyo.me.

Summary of the Talk: In this talk we will cover the history and basics of return-oriented programming (ROP) through a number of examples in both X86 & ARM.

7:15 - 7:30 pm: Networking

7:30 - 8:15pm: Bence Nagy- Phish in a Barrel: The surprising effectiveness of… just asking people to let you in

Speaker Bio: Bence spent 4 years working as a backend engineer, and is now leading the Software Platform squad at Kiwi.com, working on making their engineers' experience with developing for Kiwi.com the best it can be. Simultaneously being responsible for application security and developer experience turned out to be a great way for him to acquire a more human approach to security than one might be used to. And by the way, after the talk, you should totally ask him for video game recommendations.

Summary of the Talk: Phishing is certainly not the most glamorous concept in security, but it's the closest thing the real world has to xkcd's $5 wrench (as per the classic https://xkcd.com/538) — even amongst the most tech-savvy targets. I'll be explaining how we breached our own security at Kiwi.com with the constraints of an outside attacker, and how you can easily do the same (I mean, to your own company, don't get any funny ideas!) To end on a positive note, I'll also introduce how we managed to phish-proof our employees, so that we could cross this one out from our list of worries.

• What to bring
Brilliant ideas, positive energy and good jokes