OWASP Frankfurt Meetup #50
9 views
Skip to first unread message
Johannes Schönborn
Aug 23, 2021, 8:51:40 AM8/23/21
to germany...@owasp.org
Soll ja keiner vergessen werden, hoffe wir sehen uns:
https://www.meetup.com/IT-Security-Stammtisch-Frankfurt-OWASP-u-w/events/280033268/
We're looking forward to virtually meeting you during our #50th OWASP Meetup, this time with a focus on Vulnerability Research and Code Injection Techniques.
----------------------
KEY NOTE: Vulnerability Research of Linux Audit Framework (auditd) and CVE-2020-35501 by Felix Kosterhon (SECUINFRA GmbH)
Felix will share some results of his research about the Linux Audit Framework (auditd), which provides a powerful framework to monitor system and user activities. After a short introduction to auditd, he will present some quirks and pitfalls that can be exploited by attackers in order to avoid detection. He will point out various ways to deal with these problems in a reasonable manner to assure a reliable log policy. Furthermore, he will also briefly talk about the auditd-alternative auditbeat, a shipper from the elastic framework.
Presenter Bio: Felix graduated at TU Darmstadt with a Masters degree in IT Security. After graduation he joined SECUINFRA to protect companies from various attacks and to focus on Security Information and Event Management (SIEM) systems. Soon, he took over the company-internal responsibility for the Linux Audit Framework (auditd) and devoted a lot of time and effort to further understand auditd, which lead to the discovery of the auditd CVE 2020-35501 in November 2020. Besides his interests in security, Felix spends the majority of his sparetime doing various sports.
----------------------
LIGHTNING TALK: Malicious Code Injection via DOM Clobbering Technique by Matthias Altman (Micromata GmbH)
This Lightning Talk by Matthias Altman is application security exploit of DOM Clobbering. This exploit is a technique that uses HTML injection to
manipulate the DOM to ultimately inject malicious JavaScript.
Presenter Bio:
Matthias Altmann is a software developer and IT security expert at Micromata GmbH, where he and his colleagues colleagues in the area of IT security. He is also co-founder and organizer of the IT-Security Meetup Kassel and shares his expertise at conferences, in technical papers and occasionally on his blog.
----------------------
LIGHTNING TALK: Comparing Windows Host Auditing Tools for Pentests by Calvin Hansch
Imagine you're running a pentest on a windows-based host and your next actin is to identify local vulnerabilities. You run your favorite tools, but did you ever wonder what differences exist between tools such as PrivescAudit, WindowsEnum or PowerUp? Calvin will highlight a few of them and take us for a little test-drive.
Presenter Bio:
After working several years as a sys admin, Calvin joined the dark side of infosec as a pentester and red teamer. He's focussing on windows-based engagements.
----------------------
_and afterwards? We will conclude the evening with the option to socialise afterwards.
----------------------
THIS EVENT WILL BE RECORDED:
By attending this event, you agree with the event being recorded and published on YouTube. The recording includes Audio, Video and the Display Name of the speaker, so please mute and turn off your video if you do not agree. The Zoom Recording will made available on our YouTube Channel afterwards: https://www.youtube.com/channel/UCcSCpYuuGeEIn70KQCF-4gQ
----------------------
Interested in giving a presentation? Get in touch with us!
----------------------
_When
Wednesday, 25.08.2021, 18:30h - 20.30h CEST (ca. 2 hours)
_Where?
Access details to be announced a few days before via Meetup!
_And now?
Save the date, spread the word and bring your friends / colleagues and please sign up via Meetup!
Follow us on Twitter #owasp_frankfurt and read our Stammtisch site for further Frankfurt Stammtisch information: https://owasp.org/www-chapter-germany/stammtische/frankfurt/
We're looking forward for your attendance!
https://www.meetup.com/IT-Security-Stammtisch-Frankfurt-OWASP-u-w/events/280033268/
We're looking forward to virtually meeting you during our #50th OWASP Meetup, this time with a focus on Vulnerability Research and Code Injection Techniques.
----------------------
KEY NOTE: Vulnerability Research of Linux Audit Framework (auditd) and CVE-2020-35501 by Felix Kosterhon (SECUINFRA GmbH)
Felix will share some results of his research about the Linux Audit Framework (auditd), which provides a powerful framework to monitor system and user activities. After a short introduction to auditd, he will present some quirks and pitfalls that can be exploited by attackers in order to avoid detection. He will point out various ways to deal with these problems in a reasonable manner to assure a reliable log policy. Furthermore, he will also briefly talk about the auditd-alternative auditbeat, a shipper from the elastic framework.
Presenter Bio: Felix graduated at TU Darmstadt with a Masters degree in IT Security. After graduation he joined SECUINFRA to protect companies from various attacks and to focus on Security Information and Event Management (SIEM) systems. Soon, he took over the company-internal responsibility for the Linux Audit Framework (auditd) and devoted a lot of time and effort to further understand auditd, which lead to the discovery of the auditd CVE 2020-35501 in November 2020. Besides his interests in security, Felix spends the majority of his sparetime doing various sports.
----------------------
LIGHTNING TALK: Malicious Code Injection via DOM Clobbering Technique by Matthias Altman (Micromata GmbH)
This Lightning Talk by Matthias Altman is application security exploit of DOM Clobbering. This exploit is a technique that uses HTML injection to
manipulate the DOM to ultimately inject malicious JavaScript.
Presenter Bio:
Matthias Altmann is a software developer and IT security expert at Micromata GmbH, where he and his colleagues colleagues in the area of IT security. He is also co-founder and organizer of the IT-Security Meetup Kassel and shares his expertise at conferences, in technical papers and occasionally on his blog.
----------------------
LIGHTNING TALK: Comparing Windows Host Auditing Tools for Pentests by Calvin Hansch
Imagine you're running a pentest on a windows-based host and your next actin is to identify local vulnerabilities. You run your favorite tools, but did you ever wonder what differences exist between tools such as PrivescAudit, WindowsEnum or PowerUp? Calvin will highlight a few of them and take us for a little test-drive.
Presenter Bio:
After working several years as a sys admin, Calvin joined the dark side of infosec as a pentester and red teamer. He's focussing on windows-based engagements.
----------------------
_and afterwards? We will conclude the evening with the option to socialise afterwards.
----------------------
THIS EVENT WILL BE RECORDED:
By attending this event, you agree with the event being recorded and published on YouTube. The recording includes Audio, Video and the Display Name of the speaker, so please mute and turn off your video if you do not agree. The Zoom Recording will made available on our YouTube Channel afterwards: https://www.youtube.com/channel/UCcSCpYuuGeEIn70KQCF-4gQ
----------------------
Interested in giving a presentation? Get in touch with us!
----------------------
_When
Wednesday, 25.08.2021, 18:30h - 20.30h CEST (ca. 2 hours)
_Where?
Access details to be announced a few days before via Meetup!
_And now?
Save the date, spread the word and bring your friends / colleagues and please sign up via Meetup!
Follow us on Twitter #owasp_frankfurt and read our Stammtisch site for further Frankfurt Stammtisch information: https://owasp.org/www-chapter-germany/stammtische/frankfurt/
We're looking forward for your attendance!
Reply all
Reply to author
Forward
0 new messages