Level: Technical
Abstract:
IBM (Lotus) Notes/Domino systems had their haydays in the 1990ties. Still quote a lot of banks, insurances, etc. store loads of business relevant data in those applications and even expose them to the Web.
After a short introduction to the technology and security concepts behind Notes/Domino, I will guide you through the convinient options to extract data from these systems.
After a quick tour through the most dangerous worst practices in Domino administration, that open up vulernabilities we will end with password extraction and decryption.
Bio:
Martin Leyrer – Providing IT-Wizardry for money for over 20 years. Boldly managing systems where angels fear to tread. Easily distracted by everything shiny, blinky and new.
Posted in talks | Comments Off on Extracting “data” from IBM Lotus Notes (Martin Leyrer)
Level: Technical
Abstract:
Due to the increasing number of recommendations for people to use VPN’s for privacy reasons, more app developers are creating VPN apps and publishing them on the Apple App Store and Google Play Store. In this ’gold rush’, apps are being developed quickly and, in turn, not being developed with security fully in mind. The talk will cover the research (so far) for my final year dissertation/thesis around iOS VPN security analysing common traits and some of the weird findings.
The full proposal for my project an be found at https://jack.lu/s/Honours-Project-Proposal.pdf
Bio:
Jack Wilson is a final-year student at Abertay University in Scotland, studying BSc (Hons) Ethical Hacking. He works part-time as a security consultant and his interests include offensive and defensive security and privacy.
Video/recordings:
[Slides (PDF)] [Recording (MP4)]
Posted in talks | Comments Off on iOS VPN Security (Jack Wilson)
Level: Technical
Abstract:
Trape is a recognition tool that allows you to track people and make phishing attacks in real time, the information you can get is very detailed. Objective is to teach the world through this, how the big Internet companies could monitoring you, getting information beyond your IP, such as the sessions of your sites or Internet services.
Bio:
Jose Pino is a security researcher and businessman, expert in bug
hunting, known for helping to improve the security of companies like
Dropbox, EBay, PayPal, Mozilla, Microsoft, Twitter, Yahoo, MEGA including
Harvard University, recognized him by Have notified them of security
failures (violated their systems), and so has happened with more than 30
organizations and institutions of great prestige on the Internet.
Currently, he is the founder and CEO of Boxug, the first bug bounty
platform in Spanish speaking and this through innovation seeks to help
companies and government agencies through rewards programs, in order to
improve Internet security.
Jhonathan Espinosa is a Software Developer, has worked Developing Systems from 2007 in public entities as Francisco Jose of Caldas University, National Institute of Health and privates entities as WSP Global in Research and Development as Projects Leader. Currently is CTO in Boxug, developing tools and researchments for showing hack techniques and improve security systems.
Video/recordings:
[Slides (PDF)] [Recording (MP4)]
Posted in talks | Comments Off on Trape – the evolution of phishing attacks (Jose Pino & Jhonathan Espinosa)
Level: Technical
Abstract:
What are the tools to effectively manage a hackerspace? In this talk I’ll walk you through the infrastructure and services that we chose to set up at Mittelab Hackerspace, as well as the rationale behind the choice. We’ll explore how can people communicate better with the right tools, and what is needed to maximize collaboration potential.
The talk starts with what is in our experience needed to communicate effectively in a medium sized group (50-100 people), and then illustrates the tools and open source software that can be used to achieve that. There will be details on how to set up Discourse, Gitlab, Dokuwiki with central authentication via SAML and how FreeIPA can be used to manage hackerspace members’ access to both external (public) services and internal (wifi and computer login).
Bio:
Aljaž Srebrnič – I’m an embedded developer and part time sysadmin, I founded HaSGO and Mittelab, where I manage the internal infrastructure and services. My interests are IT, robotics, HAM radio, sysadmin/network stuff and 3D printing.
Video/recordings:
[Slides (PDF)] [Recording (MP4)]
Posted in talks | Comments Off on Bootstrapping a hackerspace (Aljaž Srebrnič)
Level: Security professionals
Abstract:
Whether you specialize in offense/penetration testing, defense, research or governance, there are many ways to make mistakes, especially in the fields that are not your main focus. Become one of those that do not learn the hard way, get free advice based upon my 20+ years of IT sec experience, and have some fun while attending this interdisciplinary lecture covering numerous subjects of interest for both experienced technicals and less technically inclined audience.
Bio:
Neven Biruski – During his 20+ years in the IT industry, he has had roles in design, development, deployment, testing, troubleshooting and optimization applying different technologies on number of projects from various business domains. He has obtained extensive experience in the security-related technologies ranging from design of high-security environments to performing and leading penetration testing teams, establishing and leading the security departments, hardening and responding to incidents in some of the biggest and most secure environments in the country along the way. Rest of the time he devoted to various consulting and training sessions, helping to educate various future system and security engineers.
Video/recordings:
[Slides (PDF)] [Recording (MP4)]
Posted in talks | Comments Off on How (not) to fail as a security professional [Lessons learned] (Neven Biruski)