VilniusSec meetup #2^3

### VilniusSec meetup #2^3
Welcome to VilniusSec! Our not exactly eighth meetup:

• When: 2025-10-30 18:00
• Where: Vinted HQ. Švitrigailos str. 13, Vilnius.
• What: talks by Tomas Lažauninkas and Aušrius Juozapavičius

Brief agenda so you can plan your time better:

• 18:00 - 18:15 Gathering at Vinted HQ.
• 18:15 - 18:20 Welcome word
• 18:20 - 18:25 Short icebreaker
• 18:25 - 19:00 BugBounty adventures by Tomas
• 19:00 - 19:35 Fraudsters galore by Aušrius
• ~19:35 - onward, mingling and socialising at Vinted HQ
• ~20:30 we disperse in search of local bars with availability to continue with the usual beer and chat format.

The timelines in agenda are flexible as we will accommodate for questions and slight drift in allocated time.

As October is the month dedicated to cybersecurity awareness we are working on a bit of a different type of event to celebrate it properly. Stay tuned for details as they trickle in!

Talks:

1. Tomas Lažauninkas talk will explore two critical remote code execution vulnerabilities discovered through bug bounty hunting on an enterprise data platform. The first demonstrates how JavaScript-based variable substitution features can be exploited to achieve arbitrary code execution. The second showcases a creative attack chain combining a path traversal vulnerability in a package manager with SSH client configuration poisoning to achieve command execution.
2. Aušrius Juozapavičius will discuss how fraud is often treated as a singular event, but effective prevention and response demand a more nuanced understanding. This talk will introduce a systematic framework for classifying and dissecting the diverse types of fraudulent activities. Attendees will learn:

• Major categories and sub-species of fraud, moving beyond common labels to analyze the underlying mechanisms and intents.
• Patterns, tools, and psychological drivers common to different fraud types, allowing for more accurate risk modeling.
• Insight into how a taxonomic approach can be used to predict emerging fraud trends and strategically allocate detection and mitigation resources.
• Beer and chat location - decentralised.

To get an idea what is VilniusSec, check out the other CitySec groups at citysec.fi.