• Fox-IT


    Fox-IT, one of the top Dutch security companies, is inviting the ladies of InfoSec and female security enthusiasts in The Netherlands for an evening about Red & Blue Teaming in Delft. https://www.fox-it.com/en/ They will be hosting us at their office in Delft and is providing drinks and food. Are you team red or team blue? Next to the Pokemon red and blue video games, we know two important teams in cyber security. The principle is simple: red tries to hack, blue tries to defend. During this night, we will get an insight in what techniques Fox-IT uses to improve the detection services for our customers (hint: data science!). But is it possible to evade detection and incident response? During a blue team and red team talk, you will see how this is an ongoing cat-and-mouse game. Who will win? Maybe you do, as we are doing a small red vs blue exercise after dinner :) See you on October 23! ***Attention*** Please bring an ID card in order to get into the building!!! PRESENTERS: Anne Postma is a data scientist at Fox-IT and helps analysts from different departments to get the most out of their data with techniques like statistics and machine learning. She studied Industrial Design Engineering where the spark to design the best solutions for different types of users originated. In her own time she’s a foodie who loves to think about how to find the best restaurants to eat (restaurant recommendations are always welcome!) and will draw or sing to get out of her head. She has worked for Fox-IT for 5+ years now and will present what her day looks like and how she’s helping the blue team with new detection models. Sanne Maasakkers works as a security expert / ethical hacker at Fox-IT. In her current role, she mainly deals with performing penetration tests on internal networks or web applications to prevent malicious hackers at their customers. Assignments that include social engineering, like obtaining physical access to the building, sending out phishing emails containing malware or voice phishing makes her feel like James Bond. Next to this she stands ‘for a more secure society’, for example during awareness trainings, hack demos and guest lectures. During her talk, she will tell how the Fox Red Team tries to evade the blue team (and Anne's awesome work!) during red team assignments. AGENDA: 18:00-18:30 --> Walk-in & introductions 18:30-19:00 --> Blue by Anne Postma 19:00-19:30 --> Red by Sanne Maasakkers 19:30-19:45 --> Break 19:45-20:15 --> Red vs Blue 20:15-20:30 --> Questions & Wrap-up 20:30-21:00 --> Networking Are you a woman working or interested in computer security? Sign up!

  • WICCA Goes Hardwear!

    Hotel NH Den Haag

    Great news!!! The organisers of hardwear.io have invited us to their after-training reception for a great networking opportunity! Hardwear.io is the biggest hardware security conference in Europe, and possibly in the world. It is a platform where researchers showcase and discuss their innovative research on attacking and defending hardware. https://hardwear.io/netherlands-2019/ This event takes place during the hardwear.io week, right after the trainings and before the official conference starts, directly at the venue in The Hague WTC. This will be a casual event for WICCA ladies to meet with hardware security specialists and hear about different experiences in the field. Some of the trainers and trainees will still be around! As a hardware security introduction, we will have a few toys to play with: - a hackable Bluetooth bunny - locks to lockpicks - a Proxmark There will be beer and wine. Expect a bunch of delicious (vegan) samosas as well! Trivia: hardwear.io is spelled as such because of the idea of "wearing your hardware".

  • Dutch Police: Fighting Cybercrime with OSINT

    Deloitte Amsterdam

    WICCA is going awol to a session organised together with the Dutch Police. This session is WOMEN-ONLY. Deloitte will be hosting us all with food and drinks. Would you like to know more about Open Source Intelligence (OSINT)? Have you ever wondered what it is like to work at the Dutch Police? Join us for the upcoming OSINT session with Lisette Abercrombie and Maike Borst! We will walk through a real life case and see the crucial role OSINT can play in solving crimes. There will also be plenty of room for questions and war stories afterwards :) PRESENTERS: Lisette Abercrombie has been working for the Dutch National Police for over six years. After working in the serious and organized crime division in Amsterdam and the National High Tech Crime Unit, Lisette is currently working in regional police force of the province Noord Holland were she’s part of ‘Team Digital Investigations’ and helps different teams solve their cases using OSINT techniques. Maike Borst started her career in the Dutch National Police back in 1999, where she first worked as a police officer on the streets. After working in various divisions within the Police, she founded a special team focused on solving crimes using OSINT techniques five years ago. Currently, Maike is working as a Cyber Threat Analyst at Heineken. AGENDA: 18:00-18:30 --> Walk-in & introductions 18:30-19:30 --> Presentation of a case 19:30-19:45 --> Break 19:45-20:15 --> Questions & Stories 20:15-21:00 --> Networking Are you a woman working or interested in security and cyber crime? Sign up!

  • Secure Coding (... or the Art of Avoiding Data Breaches)

    WICCA is coming to The Hague for a session on secure coding and privacy-oriented software engineering. This session is organised together with Okuna and will cover the following topics: secure coding, privacy preservation, security and development. Okuna (previously Openbook) embodies the future of social media: a privacy-oriented and transparent platform that is secure by design, which strives for a better tomorrow for our online social circles. https://www.okuna.io/en/home Registration is now open for all. We're experimenting with Eventbrite for this one, so please get your ticket here as well: https://www.eventbrite.com/e/secure-coding-or-the-art-of-avoiding-memory-leaks-tickets-65510952021 *** Agenda *** 18:00-19:00 --> Walk-in, introductions 19:00-19:15 --> 15-minute opening: The biggest hacks caused by software flaws by WICCA 19:15-20:00 --> The Engineering of an Ethical Social Network, by Joel Hernández, the founder of Okuna 20:00-20:45 --> Why Security Professionals Should Write Code by Vincent Ruijter, Okuna's hacker-in-residence 20:45-22:00 --> Networking

  • Wick-Ed: Offensive Security

    KPN Teleport

    WICCA kicks off a new initiative to teach ladies about security: Wick-Ed! Because of the high Offensive Security training demand, we will be doing the first Wick-Ed session on Offensive Security on July 29. KPN will be hosting us again and is providing food and drinks. For anyone who could not attend the 2-day training on May 25-26, this is the occasion to pick up on the basics of offsec! The course will include offensive security principles, show some hacking demos, and talk about how common hackers break into things. The target audience is beginners (with some web application, coding, and Unix knowledge required). This course is meant to introduce security-enthusiastic ladies to ethical hacking and penetration testing! It is different than the training in May as it will be lecture-oriented. Otherwise the material is the same. The course will be recorded by our awesome cameraman Cooper, @Ministraitor, and will be published online! Agenda: - 18:00: walk-in - 19:00: start - 19:45: 15-minute break - 20:00: 2nd half - 21:00: estimated end KPN will be hosting us again (big thanks to Jaya Baloo!) with food and drinks. All visitors are required to register prior to entering the building, so attendees will need to bring an ID card or passport. To make sure everything goes smoothly and because of the amount of people who will need to register, please gather around 18:00 so we can start at 19:00!

  • WICCA Drinks&Stories


    WICCA is breaking into Amsterdam for some drinks and hacker stories. Are you a woman working or interested in computer security? Join us for some goofy hacker fun! Male +1s are welcome. The event will start 20:00 and the place to be is: Pllek, which is reachable by (free) ferry from Amsterdam Centraal station. Just a heads-up, every one should take care of their own consumption, as this is just a get-together event among fellow willing WICCA ladies. Do you have an interesting hacker story to tell? Something that happened to you or some cool h4x0r shizzle you did? Do tell us!

  • Offensive Security 101


    WICCA is giving a two-day training in Offensive Security especially for beginners. Securify is hosting us in their Sloterdijk office and will be providing lunch and Club Mate! More on Securify: https://www.securify.nl/nl/ The training will include: - Basic infrastructure and web introduction - Network vulnerability scanning - Offensive Security tooling - Web application pwnage - OWASP Top 10 - Kernel exploits - A tiny bit about malware reversing - A Hackback CTF-like game - Demos and more demos! The training will have a mixed audience. We opened the registration early exclusively for women. The trainer is Valentine, ethical hacker from the KPN REDteam. Andrea from Deloitte and Sanne from Fox-IT will assist with the training. *** Planning *** Saturday - 10:00 - 10:30: walk-in - 10:30 - 12:30: training - 12:30 - 13:30: lunch - 13:30 - 15:00: training - 15:00 - 17:00: lab Sunday - 10:30 - 12:30: training - 12:30 - 13:30: lunch - 13:30 - 17:00: CTF time! Keep in mind that this training is meant as an introduction to offensive security and is exclusively for beginners. If you are already an advanced hax0ress, you might get a bit bored :') *** Prerequisites *** - Bring a laptop! - A Kali virtual machine https://www.kali.org/downloads/ (Virtual Box will do https://www.virtualbox.org/) There is some pre-knowledge required: some (web application) coding knowledge and being familiar with Unix terminology and command line usage. Regarding web applications, which is a strong subject in this training, there are multiple web guides you can follow. This one is quite alright: https://developer.mozilla.org/en-US/docs/Learn/Getting_started_with_the_web W3Schools also provide multiple tutorials regarding web applications: https://www.w3schools.com/ This is so you get basic knowledge on web architectures, JavaScript and HTML, and also how to deal with databases (SQL language). Regarding Linux knowledge and especially the use of the Unix terminal (Linux and MacOS) there is a cheat sheet for Unix commands: https://learntocodewith.me/command-line/unix-command-cheat-sheet/ And then, there is the concept of shells: secure shells and "getting a shell" on a system: https://www.ssh.com/ssh/ and https://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/

  • Kubernetes with WICCA & null Amsterdam @Adyen

    This evening session is a joint meetup between WICCA and null hosted by Adyen, where members from both communities are happily invited to attend. Adyen is a global payment service provider based in Amsterdam. They will be providing food and drinks for all of us!!! ^^ null (https://www.meetup.com/null-The-Open-Security-Group/) is India's largest open security community with chapters all over the world, including Amsterdam. null is an open, inclusive, responsible, and most importantly a completely volunteer driven community. Their aim is not only to spread information security awareness, but to learn from other members of the community. There will be two presentations, one by Daniel Lindner, lead data scientist from Adyen, and one given by Valentine (WICCA) and Vincent (null). The topic of the evening is Kubernetes. *** Agenda *** 18:00-19:00 --> Walk-in and food/drinks 19:00-19:45 --> Adyen talk 19:45-20:00 --> Break 20:00-20:45 --> Presentation by WICCA & null 20:45-21:30 --> Networking All visitors will have to register downstairs and pick up a badge that they will have to wear visibly at all time. *** Daniel Lindner from Adyen *** The Adyen Big Data Evolution: From Excel to Kubernetes *** WICCA & null Amsterdam *** A Monitoring Platform for Kubernetes Cluster Security Kubernetes is an open-source system for the deployment, scaling, and management of containerized applications. Common implementations of Kubernetes are not secure by default and a lot of information about the hardening of Kubernetes intrinsic security is not known to the public. Since version 1.7 though, the security level has increased and the common security risks have been mitigated. More information about Kubernetes attack and defense methodologies has become available. However, none of these published resources lay the focus on the logging mechanisms of Kubernetes and the possibility for detection of active threats. The system created is a combination of existing tools for a centralized audit system for Kubernetes instances. This system, named K8sCop, serves as a data analysis tool for the monitoring of cluster activity and detection of potentially malicious events. The presentation contains several demonstrations, where attacks are conducted against a Kubernetes instance, which are made visible in the Kubernetes Security Dashboard (K8SD) in Kibana. The presentation will describe how to set up the existing tools the following way: - How to store audit logs in Kubernetes instances - How to set up Elasticsearch with Kubernetes using the Fluent daemon - How to run the K8sCop analyzer for static or streaming analysis on Kubernetes log data - What types of Kubernetes incidents are labelled by K8sCop - How to import and view the Kubernetes Security Dashboard in Kibana All project material is opensource, such that organizations and individuals that require visibility over their Kubernetes infrastructure can use and adapt these tools to suit their own needs. The sources can be found at https://github.com/k8scop/k8s-security-dashboard

  • Hacking Hoomans

    Deloitte Amsterdam

    "Humans are the weakest link in the information security chain." - everyone in infosec This evening is hosted by Deloitte (thank you, Andrea!) and we will talk about all things physical security. Additionally, Deloitte will be providing food and drinks! Are you a woman interested or working in security? Sign up! This isn't going to be a formal presentation but something more like a casual workshop where we share our fun social engineering experiences and talk about breaking into buildings. Valentine will introduce some of the theory behind social engineering and hooman hacking, but in an open discussion instead of a lecture-like academic talk. After this, if you gals are up for it, we will test out some of our theories with an actual Social Engineering game ;))

  • Into the FireEye

    Singel 236

    Are you a woman working or interested in computer security? Sign up! This time, FireEye is inviting the ladies of InfoSec and female security enthusiasts in The Netherlands for a casual get-together in Amsterdam. FireEye will be hosting us at their office by Dam Square and is providing drinks and snacks. The event is women-only and is meant to be a space where we can share, support, and learn with each other. == A Day in the Life == Within the cyber-intelligence and research group of FireEye are a variety of different roles and missions that focus on discovering and tracking evil, predicting evil and helping our customers protect against it. Several different women in this team will be presenting on their role in this mission. This will range from direct customer interaction, tool development, malware analysis and threat tracking.