OWASP

This is Dim Sum Labs' Public HackJam meet. Free! Everyone is welcome to join us. If you are an engineer, designer, programmer, artist, creator, innovator, visionary, entrepreneur, or inventor, join us for an evening of thought-provoking conversations. Or better yet, bring your projects, ask for help, and show them off. This is also your chance to test the space before becoming a member. Members have access to the space and all the [equipment within](https://www.dimsumlabs.com/equipment/), 24/7 for a very reasonable price! For details, [please see our website](https://www.dimsumlabs.com/become-a-member-of-dim-sum-labs/). Calling for show-and-tell: if you want to share your projects on coding, making, art, and tech venture projects, come jam with us on HackJam. We can accommodate and help you promote here. Contact us here or via the means listed below. Being Hong Kong's longest-running Hackerspace (since 2011), we are happy to host you, who may: * Be coming from out-of-town * Be from other Hacker/Maker/co-working spaces * Want to get hands-on and create * Wish to network with high-quality, friendly, like-minded people * Be curious about what all this is about * Just want to have a drink while coding. Can't arrive at the start time? Drop in when you can make it :) For more information, check out our website at [https://www.dimsumlabs.com](https://www.dimsumlabs.com), or chat with us (we are happy to chat with you): * Telegram: https://t.me/dimsumlabs * IRC Chat: #dimsumlabs on https://libera.chat/

This session of HKWD will be on creative tech and AI About Ilmari HEIKKINEN Award-winning Creative Technologist and SXSW 2025 Innovation Award winner with 20+ years of experience bridging the gap between high-performance engineering and visionary brand storytelling. A pioneer in web standards (WebGL) and an expert in Generative AI, I have spent the last decade as a high-level consultant for world-class agencies and in-house teams. He specializes in delivering "world-first" digital experiences for a portfolio of iconic brands including LVMH, Chanel, Google, and HSBC. Seeking a leadership role within Publicis Groupe to scale innovation, integrate emerging tech (AI/XR), and lead multidisciplinary teams in creating the next generation of immersive advertising. About Rhys Turner Rhys Turner is a Creative Technologist and Innovation Technologist, specialising in the intersection of technology, design, and luxury experiences. With a background in emerging technologies, AI, and interactive media, he explores innovative ways to enhance digital storytelling and customer engagement. His work focuses on blending creativity with technical innovation, pushing the boundaries of digital craftsmanship in the fashion and beauty industries. Sponsors and supporting partner Tronica - HKWD sponsor Event notes This event is first come first serve and will be letting people in on a capacity basis food and drinks buy by the bar vip reserved seats upon request 

Schedule 7:00 - Welcome mingle

 7:15 - Talk and Panel 8:00 - Q&A 8:30 - Forum and mingle

 Join our discord for better communication https://discord.com/invite/k6zSjSZUUE

 We are looking for:

 A venue Presenters

 Volunteers

 Sponsors

 If this is you please reach out. Join Zoom Meeting
https://us05web.zoom.us/j/81822390552?pwd=8ZSEqVJ0DGdA5mhnpa4lGaZnWsOxkK.1

 Meeting ID: 818 2239 0552

 Passcode: RSVP or DM for passcodeSponsored by tronica.io

**普及禪修課程 柏桑法師主講** **每堂課為獨立單元，不需報名，歡迎大家參加。** 每一個人都可以成為菩薩，讓生命從此不再平凡。在此課程，我們將學習到如何在生活中實踐佛陀所教授的六種完善行，成為現代菩薩，並發展究竟真理的智慧，體悟人生的真實意義。 12/5 超越夢幻 19/5 通往喜悅之道路 柏桑法師跟隨尊貴的格西格桑嘉措仁波切修習佛法逾二十年。她平易近人，教學清晰實用，並啟發我們怎樣活用佛法於日常繁忙生活之中。 歡迎大家隨喜功德，建議捐助：每課 $50。所有捐款均用於中心的運作及發展，為大眾提供學習珍貴佛法的機會。 詳情: [https://www.meditation.hk/2021/cwcgp/](https://www.meditation.hk/2021/cwcgp/) #現代佛法 #禪修課程

心肺訓練，速度訓練，循環訓練，高強度間歇性訓練... 做乜都好，肯去做已經成功左一半，運動好訓練好，唔使同其他人比，同自己比就可以喇 IG: j.lim_trainsanity_fitness **如下雨，訓練地點會改到體育館後門有蓋空地**

Chinese Fusion Bellydance All levels are welcomed! Tue/Sat/Sun $100/hr, or LSS Dance Class Membership Basic & Technique Drill Choreography Enquiry 查詢 : lssdance2012@gmail.com WhatsApp : 65230389 Participants may join LSS performance if learning progress satisfactory. Regular students no need to register here.

### ManageEngine Overview 09:15 - 10:00 AM ### External Speaker Session (Topic TBD) 10:00 - 10:30 AM ### Log360 Product Session 10:30 - 10:45 AM ### Coffee Break 10:45 – 11:15 AM ### Log360 Customer Panel 11:15 – 11:45 AM ### AD360 Product Session 11:45 – 12:15 PM ### AD360 Customer Session 12:15 – 01:00 PM ### Lunch Break 01:00 – 02:00 PM ### Certification & Raffle Draw

只要行出第一步，就可以擴闊生活圈子~ https://forms.gle/WtTsxUUErco3PKB5A 填左以上Google Form就可加入活動群😁 係香港識朋友話難唔難，話易唔易，所以都希望透過呢個平台令大家互相認識，一齊去吃喝玩樂~ 定期舉辦行山、水上活動、PARTY ROOM、睇戲、食飯又或大家諗到都可以建議版主去搞~

<<這不是活動,這是一個超過200人的活動群組>> 厭咗對住四幅牆？ 單身都可以過得好充實！ 我哋唔係嚴肅配對平台，而係你專屬嘅「單身玩樂俱樂部」💃🕺 就係想搵班Friend一齊癲一齊玩～ 由填表呢刻開始，你嘅社交生活即時Upgrade！ 👇立即Click入嚟加入我哋啦👇 https://forms.gle/bP4kxTspTqKrqSY76 🎯點解你要加入？ ✅ 識多啲同頻率嘅朋友，生活圈子自然闊 ✅ 自由參加冇壓力，鍾意玩咩就玩咩 ✅ 週末節目唔使再頭痕，我哋幫你搞掂 有咩好想玩？隨時PM版主 搞活動最緊要大家開心！ **獨樂樂不如眾樂樂～** **快啲入Group一齊創造回憶啦！** [交form後會盡快加你入群組](%E4%BA%A4form%E5%BE%8C%E6%9C%83%E7%9B%A1%E5%BF%AB%E5%8A%A0%E4%BD%A0%E5%85%A5%E7%BE%A4%E7%B5%84)

Fee: 7people $75/per 6-8pm court#3 請大家遵守以 1:請大家不要在遊戲其間進行羽毛球技術指導. 2:男與女閒聊時請保持一隻手距離. 3:遊戲已例明 羽毛球等級(ab,li,i 等等), 請按照自己所屬等級參與遊戲. 4:各下參加左的活動有指定場號, 如果自行走向其他埸由我們舉辦的活動的埸地打波, 我地可能會給予警告, 請不要挑戰我們的忍耐力。 5:如果少於48小時內取消出值, 都請交出值應付之金額。 如有違反, 一律blacklist. If you join my game for first time please send me your mobile no. to confirm your spot. Tel: 6019 8622 Ice Please Whatsapp or message me through meetup as soon as possible if you can't come. ‧ We will be playing 21 points doubles match ‧ Strictly NO BEGINNER ‧ The event is not first come first serve, I will pick suitable players in order to balance the level of the game. So if you are not on the attending list, please don't feel being offended, thanks for understanding ‧ Cancellation policy: Cancellation deadline is 48 hours prior to the start time of the game. Cancellation past the deadline will be marked as no-show and need to pay the no-show Fee.

**普及禪修課程 見道法師及善淨法師主講** **每堂課為獨立單元，不需報名，歡迎大家參加。** 「正如我想要離苦得樂，所有眾生也是這樣。以此觀點看來，我與眾生並無分別。」 《新禪修手冊》 我們有能力去放下自我中心的世界觀，以及體諒別人的經歷。這種能力又稱為慈悲心，對於我們在生命中尋找滿足與意義是至關重要的。此外，佛陀對空性 - 事物的真正本質的教學亦幫助我們化解自己與他人之間的隔閡，不讓我們感覺孤立、自我、跟其他眾生疏離。 修習自他相換這個不平凡的禪修，將空性和同理心互相結合，我們便會由心底經驗這種顛覆性的智慧。邀請你一起來探索這些想法，學習如何實際地提昇放下庸常自我的經驗，並且擁抱藉由跟他人產生共鳴和互通而帶來的溫暖和喜悅。 13/5 無所畏懼的菩薩 善淨法師主講 歡迎大家隨喜功德，建議捐助：每課 $50。 地址：上環干諾道中122-124號海港商業大廈一樓（上環地鐵站C出口轉右，面對信德中心）。 歡迎現居海外的人士透過網上參與。直播費用：每課$50。視頻只可以在課堂舉行時觀看，不設重播。 詳情 ：https://www.meditation.hk/2021/wed_cgp/ #現代佛法 #禪修課程

Fee: 7people $75/per 6-8pm court#2 請大家遵守以 1:請大家不要在遊戲其間進行羽毛球技術指導. 2:男與女閒聊時請保持一隻手距離. 3:遊戲已例明 羽毛球等級(ab,li,i 等等), 請按照自己所屬等級參與遊戲. 4:各下參加左的活動有指定場號, 如果自行走向其他埸由我們舉辦的活動的埸地打波, 我地可能會給予警告, 請不要挑戰我們的忍耐力。 5:如果少於48小時內取消出值, 都請交出值應付之金額。 如有違反, 一律blacklist. If you join my game for first time please send me your mobile no. to confirm your spot. Tel: 6019 8622 Ice Please Whatsapp or message me through meetup as soon as possible if you can't come. ‧ We will be playing 21 points doubles match ‧ Strictly NO BEGINNER ‧ The event is not first come first serve, I will pick suitable players in order to balance the level of the game. So if you are not on the attending list, please don't feel being offended, thanks for understanding ‧ Cancellation policy: Cancellation deadline is 48 hours prior to the start time of the game. Cancellation past the deadline will be marked as no-show and need to pay the no-show Fee.

LSS Smart Fitness 律動班系列 Wed/Sun $100/ 1-hr class ($350 /4-class) Please RSVP one week in advance Welcome to book other time slot (WhatsApp 65230389) Vibration x MFR 療癒律動 (Relax, Muscle release & Facial massage) Vibration Fitness (Stretch & Strength) 健體律動 Vibration x BellyFit 美型律動 (Body Shape-up with Bellydance Technique Drills) Vibration x Yoga 律動瑜伽 (Yoga Asana in vibration setting) https://eshop.cosway.com.hk/ One FREE trial class with any Cosway purchase receipt over HK$1000 under introducer code : HK370579B 以 HK370579B 作介紹人的 Cosway (網購或門市)購物消費，逾 HK$1000，可免費試上律動班系列一節

**Important time note:** Please plan on arriving between 5:30 and 6:00 as the elevators lock after 6 and you'll need to message us and we'll need to come get you. The building address is 4450 Bridge Park The entrance is 6620 Mooney St, Suite 400 You will need to scan your ID at the door to get a visitor badge. **Abstract** TBD **YouTube Link** TBD

Join us on Wednesday, May 13, 2026, from 6-8 PM EDT, for a unique and challenging event featuring the CMD+CTRL Cyber Range. OWASP Toronto is happy to host a Cyber Range event with CMD+CTRL! CMD+CTRL Cyber Ranges are intentionally vulnerable applications and websites that tempt players to steal money, view their boss’s salary, acquire expensive items for free, and conduct other nefarious acts. **Bring your laptop to participate in-person, or join virtually!** * In-person: In person: Security Compass, 325 Front Street West, Unit 103, Toronto, ON * Online: See registration below **You MUST register on the following site to participate:** https://web.cmdnctrlsecurity.com/owasp-toronto-register

Practical AI for Power BI Developers A year ago, “agentic AI” was mostly hype for Power BI teams. Today, it deserves your undivided attention. For Power BI pros, there is now a real opportunity to reduce repetitive development work, accelerate delivery, and help developers do more, but only when strong DataOps practices are in place to make AI workflows effective. This session is a no-nonsense introduction to effective AI patterns for Power BI and Fabric development. Along the way, we will make sense of the growing pile of terminology, including skills, plugins, hooks, and MCP. You will see examples of how modern AI tooling can help with development tasks across Power BI and Fabric, along with the prerequisites, guardrails, and DataOps principles needed to use it responsibly. Whether you're burned out on AI hype or already using Copilot CLI daily, this session will show you the foundations that are finally making AI-assisted development genuinely useful.

Bring your Raspberry Pi, Arduino, microcontroller, or any other electronic project and join fellow electronics makers for a night of creativity and collaboration! This session is open forum to share your current projects—whether complete or in progress, it’s all interesting! Whether you’re deep into embedded systems, exploring new ideas, or just getting started, you’ll find a welcoming space to collaborate, share, and get inspired. **New to electronics or curious about tinkering?** You’re absolutely welcome. If you’re a beginner and want to experiment, I’ll have a couple of starter kits available so you can try things out—whether that’s blinking your first LED, putting something on a display, or experimenting with simple sensors. No pressure and no experience required—just an interest in learning and building. While we continue to pursue a more permanent venue for this Meetup, we’ll be using public library facilities based on availability. This session will be at the Worthington Park Library in the Olentangy Meeting Room.

Columbus Code & Coffee is an inclusive, informal co-working session. People of all skill levels attend, and we love it that way. Many people (optionally) bring projects to work on, and many other people (optionally) socialize the entire time. It's entirely up to you! **What to Expect at the Intro Circle** \~\~\~\~\~\~\~\~\~\~\~\~\~ Near the beginning of the event (1:30 pm), we do a standup: * Organizer announcements, updates, and logistics Round 1 - (7 secs max): * Your name * What you're working on * What you can help others with Round 2: * Community events you wanna plug. If none, that's cool too. Round 3: * Job opportunities you're hiring for OR announce that you are looking for one. If none, that's cool. After the introduction circle, everything is self-organized! Feel free to work alone, pair up, attend one of our workshops/presentations, or mingle!

What does a trojan look like when it has over 900k+ combined installs and a Forbes write-up? Exactly like a legitimate Chrome extension. This session presents a technical dissection of two Chrome extensions, each with over one million active installations — that functioned as trojans in production environments, evading detection while operating through entirely legitimate browser APIs. These were not obscure tools. They were widely trusted, actively recommended, and covered by mainstream press before their malicious behavior was fully understood. We will walk through the actual source code of both extensions, showing precisely how the malicious functionality was constructed, concealed, and executed at scale. This analysis anchors a broader examination of how modern compromises actually succeed. Drawing on aggregated real-world incident data, we identify the technique categories currently delivering the highest adversary return, and why they keep working. Spoiler: it's rarely a zero-day. It's trust. The Chrome extension deep-dive will cover: * Line-by-line source analysis of how malicious functionality was embedded within working, useful software * Which browser permission scopes were abused, and why a million users — and their IT teams — didn't see it coming * The behavioral and structural indicators that distinguish a trojan extension from a legitimate one, and how to operationalize detection around them This session closes with a practical defensive prioritization framework built around observed attacker behavior: which mitigations are measurably reducing risk in production environments, which are consuming budget without impact, and a scoring methodology your team and leadership can apply immediately. **Source material:** Primary analysis of extension source code, corroborated by reporting from Forbes and other established outlets. **What this is not:** A vendor pitch, a speculative threat narrative, or a surface-level breach retrospective. **Who should attend:** Security architects, AppSec and cloud security practitioners, blue team leads, threat hunters, browser security practitioners, and security leaders responsible for prioritizing risk and investment decisions.

Our monthly PHP meetup. A virtual shindig courtesy of Zoom. Check back here for the details around 6:15 pm