TurkuSec June Meetup

Welcome to the June meetup! As usual, we will host two speakers. Everybody who is interested in information security and related topics are welcome to attend. Drinks and snacks will be provided. This event is powered by TurkuSec and will be last one in our much beloved venue.

The talks will be streamed on our Twitch channel: **twitch.tv/turkusec**

Date: 14.06.2024 (Friday)
Time: 17:45 – Onwards
Venue: SparkUp Turku (Tykistökatu 4B)

## Schedule:

17:45 – Doors Open
18:00 – Welcome & practical info
18:10 – “Detection Engineering” by Mikko Koivunen
Description: How to transition from being a consumer of security products to developing customised, threat-informed detection capabilities.
19:00 – Break
19:10 – “Exploiting Cross-Site Scripting Vulnerabilities to Improve the Effectiveness of Phishing Attacks” by Alexander Paltsev
Description: Social engineering attacks are traditionally included in the list of the most dangerous threats to information security. The information security community is aware of this and makes every effort to mitigate risks by combining technical and organisational countermeasures which nowadays seems to be quite effective.
As the old methods of delivering malware are restricted, hackers tend to use XSS vulnerabilities, considered by some specialists as medium-level threats, to make phishing attacks devastating and almost invisible for security controls.
In this presentation we discuss how a modern phishing attack is prepared and executed. We look at XSS vulnerabilities from a new angle and show how XSS can be used to increase the effectiveness of social engineering attacks.
20:00 – Pystyy Vetää (the last time in SparkUp)

## Speakers:

Mikko Koivunen – Independent Consultant, Koivunen Security Consulting Oy
Alexander Paltsev – Cyber Security Expert CISSP | BSCP | OSWE | OSWA | OSCP