OWASP - User contributions [en]

Copenhagen

2019-11-11T12:50:15Z

AlessandroBruni:

The Copenhagen local chapter organizes quarterly events to promote OWASP and information security in general.

We (re)started from the OWASP-Denmark local chapter with an [https://www.eventbrite.com/myevent?eid=50365223740 initial event on October 25th].

== Events ==
If interested in giving a talk, please send a message to [mailto:Alessandro.Bruni@owasp.org Alessandro Bruni].

=== November 25th, 2019 [https://www.meetup.com/OWASP-Copenhagen-Chapter/events/266380643/] ===

==== Let’s Encrypt: An Automated Certificate Authority to Encrypt the Entire Web ====
'''Speaker:''' Alex Halderman

'''Abstract:''' Let’s Encrypt is a free, open, and automated HTTPS certificate authority (CA) created to advance HTTPS adoption to the entire Web. Since its launch in late 2015, Let’s Encrypt has grown to become theworld’s largest HTTPS CA, accounting for more currently valid certificates than all other browser-trusted CAs combined. By January2019, it had issued over 538 million certificates for 223 million domain names. We describe how we built Let’s Encrypt, including the architecture of the CA software system (Boulder) and the structure of the organization that operates it (ISRG), and we discuss lessons learned from the experience. We also describe the design of ACME,the IETF-standard protocol we created to automate CA–server inter-actions and certificate issuance, and survey the diverse ecosystem of ACME clients, including Certbot, a software agent we created to automate HTTPS deployment. Finally, we measure Let’s Encrypt’s impact on the Web and the CA ecosystem. We hope that the success of Let’s Encrypt can provide a model for further enhancements to the Web PKI and for future Internet security infrastructure.

==== Social Engineering For Physical Intrusions ====
'''Speaker:''' Sarka "the pirate queen"

'''Objectives:''' Objective is to let people understand what are different social engineering exploits that can be used against them, their employees or their loved ones. After holistic approach of different human attack vectors I use for my social engineering attacks for physical intrusions, I will step to the defensive side to let the audience understand what controls to put in place to stop a real malicious attackers.

'''Description:''' Social Engineering has many different faces from using open source intelligence (OSINT), phishing, vishing, smishing and all the other '-ishings',dropping weaponized USB flash drives to eventually getting right in middle of your target's own office! As there are many tools and described ways of all the -ishings, but almost all of them do not require any interaction with target. And I would like to focus on physical intrusions. If you are interested how I break into buildings like a pirate queen, I will explain how to interact with our target directly and that requires certain knowledge of techniques and skills.

There are many different skills and techniques while approaching a human target and testing their security. I would like to look at different human attack vectors.I also look at how to use this knowledge to not only understand world around us and better our own situational awareness, but I also explain why this is a fun topic we should teach our employees that would help with defending our company but also our loved ones. I like to uncover my offensive thinking while using facial expressions , body language or psychology research but I also see myself though someone else's eyes, who's daily bread is defending networks and tries to understand human factor while deploying defense in depth at work.

=== August 29th, 2019 [https://www.meetup.com/OWASP-Copenhagen-Chapter/events/263639514/] ===
# '''Title:''' Reporting on BSides Las Vegas and DEF CON '''Presenter:''' Christian Dinesen, NNIT
# '''Title:''' Approaching Bluetooth in 2019 '''Presenter:''' Martin Schroter '''Abstract:''' Although Bluetooth has been around for the better part of 30 years, we keep innovating on the technology and new uses are found every year. I want to cover: vulnerabilities in Bluetooth 1 up to 5; understanding the cryptography of Bluetooth; going over the considerations your company needs to make, when you decide to adopt Bluetooth into your infrastructure; know your tools Ubertooth sniffing, btlejuice, btlejack, gattacker; jamming Bluetooth drones mid air! Can we really trust this technology and what are the challenges?
# '''Title:''' Experiences in OSINT '''Presenter:''' Bjarne Tersbøl, Special Advisor at Konkurrence- og Forbrugerstyrelsen / Danish Competition and Consumer Autority

=== May 27th, 2019 [https://www.meetup.com/OWASP-Copenhagen-Chapter/events/260941433/] ===
# '''Title:''' Security in LPWAN IoT, a comparison (SigFox, LoRaWaN, NB-IoT) '''Name:''' Florian Coman '''Bio:''' Security Analyst at TDC, MSc in Telecommunication at DTU '''Abstract:''' I've investigated the security features and possible vulnerabilities of some LPWAN IoT technologies: the license-free SigFox and LoRaWAN and the cellular NB-IoT. I have looked at their End-to-End architecture (from end-device to application server) and I will present some of my findings during the talk.
# '''Title:''' “Just Hacker Things with Jayson” '''Name:''' Jayson E. Street (http://jaysonestreet.com/) '''Abstract:''' Instead of a usual talk, this will be an open discussion. He will share several stories of his travels & exploits (focused around Social Engineering where Jayson has mnay years of experience) but mostly will be there to answer questions about hacking, blue team, red team and DEF CON Groups! So come with questions and expect a few answers and a lot of great hugs!

=== March 28th, 2019 [https://www.meetup.com/OWASP-Copenhagen-Chapter/events/258987408/] ===
# '''Title:''' XSSER: From XSS to RCE 3.0 '''Abstract:''' This presentation demonstrates how an attacker can utilise XSS to execute arbitrary code on the web server when an administrative user inadvertently triggers a hidden XSS payload. Custom tools and payloads integrated with Metasploit's Meterpreter in a highly automated approach will be demonstrated live, including post-exploitation scenarios and interesting data that can be obtained from compromised web applications. This version includes more payloads for common web apps and various other improvements too!" '''Author:''' Hans-Michael Varbaek / TDC Group

=== October 25th, 2018 [https://www.eventbrite.com/e/owasp-local-meetup-tickets-50365223740#] ===
# '''Title:''' An ice-cold Boot to break BitLocker '''Authors:''' Olle Segerdahl & Pasi Saarinen / F-Secure

== Sponsors ==
* TDC [https://tdc.dk/]
* Dubex [https://www.dubex.dk/]
* IT-University of Copenhagen [https://www.itu.dk/]
{{Chapter Template|chaptername=Copenhagen|extra=The chapter leader is [mailto:alessandro.bruni@owasp.org Alessandro Bruni].
|mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-denmark}}

== Local News ==

'''Meeting Location: IT University of Copenhagen'''

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:Europe]]

Copenhagen

2019-11-11T11:46:54Z

AlessandroBruni: november 25th event

The Copenhagen local chapter organizes quarterly events to promote OWASP and information security in general.

We (re)started from the OWASP-Denmark local chapter with an [https://www.eventbrite.com/myevent?eid=50365223740 initial event on October 25th].

== Events ==
If interested in giving a talk, please send a message to [mailto:Alessandro.Bruni@owasp.org Alessandro Bruni].

=== November 25th, 2019 ===

==== Let’s Encrypt: An Automated Certificate Authority to Encrypt the Entire Web ====
'''Speaker:''' Alex Halderman

'''Abstract:''' Let’s Encrypt is a free, open, and automated HTTPS certificate authority (CA) created to advance HTTPS adoption to the entire Web. Since its launch in late 2015, Let’s Encrypt has grown to become theworld’s largest HTTPS CA, accounting for more currently valid certificates than all other browser-trusted CAs combined. By January2019, it had issued over 538 million certificates for 223 million domain names. We describe how we built Let’s Encrypt, including the architecture of the CA software system (Boulder) and the structure of the organization that operates it (ISRG), and we discuss lessons learned from the experience. We also describe the design of ACME,the IETF-standard protocol we created to automate CA–server inter-actions and certificate issuance, and survey the diverse ecosystem of ACME clients, including Certbot, a software agent we created to automate HTTPS deployment. Finally, we measure Let’s Encrypt’s impact on the Web and the CA ecosystem. We hope that the success of Let’s Encrypt can provide a model for further enhancements to the Web PKI and for future Internet security infrastructure.

==== Social Engineering For Physical Intrusions ====
'''Speaker:''' Sarka "the pirate queen"

'''Objectives:''' Objective is to let people understand what are different social engineering exploits that can be used against them, their employees or their loved ones. After holistic approach of different human attack vectors I use for my social engineering attacks for physical intrusions, I will step to the defensive side to let the audience understand what controls to put in place to stop a real malicious attackers.

'''Description:''' Social Engineering has many different faces from using open source intelligence (OSINT), phishing, vishing, smishing and all the other '-ishings',dropping weaponized USB flash drives to eventually getting right in middle of your target's own office! As there are many tools and described ways of all the -ishings, but almost all of them do not require any interaction with target. And I would like to focus on physical intrusions. If you are interested how I break into buildings like a pirate queen, I will explain how to interact with our target directly and that requires certain knowledge of techniques and skills.

There are many different skills and techniques while approaching a human target and testing their security. I would like to look at different human attack vectors.I also look at how to use this knowledge to not only understand world around us and better our own situational awareness, but I also explain why this is a fun topic we should teach our employees that would help with defending our company but also our loved ones. I like to uncover my offensive thinking while using facial expressions , body language or psychology research but I also see myself though someone else's eyes, who's daily bread is defending networks and tries to understand human factor while deploying defense in depth at work.

=== August 29th, 2019 [https://www.meetup.com/OWASP-Copenhagen-Chapter/events/263639514/] ===
# '''Title:''' Reporting on BSides Las Vegas and DEF CON '''Presenter:''' Christian Dinesen, NNIT
# '''Title:''' Approaching Bluetooth in 2019 '''Presenter:''' Martin Schroter '''Abstract:''' Although Bluetooth has been around for the better part of 30 years, we keep innovating on the technology and new uses are found every year. I want to cover: vulnerabilities in Bluetooth 1 up to 5; understanding the cryptography of Bluetooth; going over the considerations your company needs to make, when you decide to adopt Bluetooth into your infrastructure; know your tools Ubertooth sniffing, btlejuice, btlejack, gattacker; jamming Bluetooth drones mid air! Can we really trust this technology and what are the challenges?
# '''Title:''' Experiences in OSINT '''Presenter:''' Bjarne Tersbøl, Special Advisor at Konkurrence- og Forbrugerstyrelsen / Danish Competition and Consumer Autority

=== May 27th, 2019 [https://www.meetup.com/OWASP-Copenhagen-Chapter/events/260941433/] ===
# '''Title:''' Security in LPWAN IoT, a comparison (SigFox, LoRaWaN, NB-IoT) '''Name:''' Florian Coman '''Bio:''' Security Analyst at TDC, MSc in Telecommunication at DTU '''Abstract:''' I've investigated the security features and possible vulnerabilities of some LPWAN IoT technologies: the license-free SigFox and LoRaWAN and the cellular NB-IoT. I have looked at their End-to-End architecture (from end-device to application server) and I will present some of my findings during the talk.
# '''Title:''' “Just Hacker Things with Jayson” '''Name:''' Jayson E. Street (http://jaysonestreet.com/) '''Abstract:''' Instead of a usual talk, this will be an open discussion. He will share several stories of his travels & exploits (focused around Social Engineering where Jayson has mnay years of experience) but mostly will be there to answer questions about hacking, blue team, red team and DEF CON Groups! So come with questions and expect a few answers and a lot of great hugs!

=== March 28th, 2019 [https://www.meetup.com/OWASP-Copenhagen-Chapter/events/258987408/] ===
# '''Title:''' XSSER: From XSS to RCE 3.0 '''Abstract:''' This presentation demonstrates how an attacker can utilise XSS to execute arbitrary code on the web server when an administrative user inadvertently triggers a hidden XSS payload. Custom tools and payloads integrated with Metasploit's Meterpreter in a highly automated approach will be demonstrated live, including post-exploitation scenarios and interesting data that can be obtained from compromised web applications. This version includes more payloads for common web apps and various other improvements too!" '''Author:''' Hans-Michael Varbaek / TDC Group

=== October 25th, 2018 [https://www.eventbrite.com/e/owasp-local-meetup-tickets-50365223740#] ===
# '''Title:''' An ice-cold Boot to break BitLocker '''Authors:''' Olle Segerdahl & Pasi Saarinen / F-Secure

== Sponsors ==
* TDC [https://tdc.dk/]
* Dubex [https://www.dubex.dk/]
* IT-University of Copenhagen [https://www.itu.dk/]
{{Chapter Template|chaptername=Copenhagen|extra=The chapter leader is [mailto:alessandro.bruni@owasp.org Alessandro Bruni].
|mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-denmark}}

== Local News ==

'''Meeting Location: IT University of Copenhagen'''

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:Europe]]

File:Reporting on BSides Las Vegas and DEF CON - Christian Dinesen.pdf

2019-09-10T13:52:37Z

AlessandroBruni:

Presentation

Copenhagen

2019-08-02T11:20:19Z

AlessandroBruni: /* Events */

Copenhagen

2019-08-02T11:03:40Z

AlessandroBruni: /* August 29th, 2019 */

Copenhagen

2019-08-01T09:21:30Z

AlessandroBruni: /* May 27th, 2019 [draft] */

Copenhagen

2019-04-26T12:09:26Z

AlessandroBruni: /* May 27th, 2019 */

Copenhagen

2019-04-26T12:07:58Z

AlessandroBruni: New date and program

Aarhus

2019-04-26T11:23:55Z

AlessandroBruni:

'''NOTE: Due to restructuring of local chapters, the Danish chapter has now been split in two: the [[Copenhagen|Copenhagen chapter]], and the [[Aarhus|Aarhus chapter]] (still to be opened officially). Use the respective pages to get in touch with the local organizers!'''

{{Inactive Chapter}}

{{Chapter Template|chaptername=Denmark|extra=The chapter leader position is '''OPEN'''.
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denmark|emailarchives=http://lists.owasp.org/pipermail/owasp-denmark}}

[[Category:OWASP Chapter]]

Copenhagen

2019-04-02T15:07:55Z

AlessandroBruni: Added new event, included talk titles and authors

Copenhagen

2019-03-27T09:21:29Z

AlessandroBruni: Added sponsor section

Copenhagen

2019-03-11T10:43:17Z

AlessandroBruni: Local events

Copenhagen

2019-02-11T10:04:28Z

AlessandroBruni: Mailing list, description, meeting place, last events