This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Copenhagen"

From OWASP
Jump to: navigation, search
(Events)
(november 25th event)
Line 5: Line 5:
 
== Events ==
 
== Events ==
 
If interested in giving a talk, please send a message to [mailto:[email protected] Alessandro Bruni].
 
If interested in giving a talk, please send a message to [mailto:[email protected] Alessandro Bruni].
 +
 +
=== November 25th, 2019 ===
 +
 +
==== Let’s Encrypt: An Automated Certificate Authority to Encrypt the Entire Web ====
 +
'''Speaker:''' Alex Halderman
 +
 +
'''Abstract:''' Let’s Encrypt is a free, open, and automated HTTPS certificate authority (CA) created to advance HTTPS adoption to the entire Web. Since its launch in late 2015, Let’s Encrypt has grown to become theworld’s largest HTTPS CA, accounting for more currently valid certificates than all other browser-trusted CAs combined. By January2019, it had issued over 538 million certificates for 223 million domain names. We describe how we built Let’s Encrypt, including the architecture of the CA software system (Boulder) and the structure of the organization that operates it (ISRG), and we discuss lessons learned from the experience. We also describe the design of ACME,the IETF-standard protocol we created to automate CA–server inter-actions and certificate issuance, and survey the diverse ecosystem of ACME clients, including Certbot, a software agent we created to automate HTTPS deployment. Finally, we measure Let’s Encrypt’s impact on the Web and the CA ecosystem. We hope that the success of Let’s Encrypt can provide a model for further enhancements to the Web PKI and for future Internet security infrastructure.
 +
 +
==== Social Engineering For Physical Intrusions ====
 +
'''Speaker:''' Sarka "the pirate queen"
 +
 +
'''Objectives:''' Objective is to let people understand what are different social engineering exploits that can be used against them, their employees or their loved ones. After holistic approach of different human attack vectors I use for my social engineering attacks for physical intrusions, I will step to the defensive side to let the audience understand what controls to put in place to stop a real malicious attackers.
 +
 +
'''Description:''' Social Engineering has many different faces from using open source intelligence (OSINT), phishing, vishing, smishing and all the other '-ishings',dropping weaponized USB flash drives to eventually getting right in middle of your target's own office! As there are many tools and described ways of all the -ishings, but almost all of them do not require any interaction with target. And I would like to focus on physical intrusions. If you are interested how I break into buildings like a pirate queen, I will explain how to interact with our target directly and that requires certain knowledge of techniques and skills.
 +
 +
There are many different skills and techniques while approaching a human target and testing their security. I would like to look at different human attack vectors.I also look at how to use this knowledge to not only understand world around us and better our own situational awareness, but I also explain why this is a fun topic we should teach our employees that would help with defending our company but also our loved ones. I like to uncover my offensive thinking while using facial expressions , body language or psychology research but I also see myself though someone else's eyes,  who's daily bread is defending networks and tries to understand human factor while deploying defense in depth at work.
  
 
=== August 29th, 2019 [https://www.meetup.com/OWASP-Copenhagen-Chapter/events/263639514/] ===
 
=== August 29th, 2019 [https://www.meetup.com/OWASP-Copenhagen-Chapter/events/263639514/] ===

Revision as of 11:46, 11 November 2019

The Copenhagen local chapter organizes quarterly events to promote OWASP and information security in general.

We (re)started from the OWASP-Denmark local chapter with an initial event on October 25th.

Events

If interested in giving a talk, please send a message to Alessandro Bruni.

November 25th, 2019

Let’s Encrypt: An Automated Certificate Authority to Encrypt the Entire Web

Speaker: Alex Halderman

Abstract: Let’s Encrypt is a free, open, and automated HTTPS certificate authority (CA) created to advance HTTPS adoption to the entire Web. Since its launch in late 2015, Let’s Encrypt has grown to become theworld’s largest HTTPS CA, accounting for more currently valid certificates than all other browser-trusted CAs combined. By January2019, it had issued over 538 million certificates for 223 million domain names. We describe how we built Let’s Encrypt, including the architecture of the CA software system (Boulder) and the structure of the organization that operates it (ISRG), and we discuss lessons learned from the experience. We also describe the design of ACME,the IETF-standard protocol we created to automate CA–server inter-actions and certificate issuance, and survey the diverse ecosystem of ACME clients, including Certbot, a software agent we created to automate HTTPS deployment. Finally, we measure Let’s Encrypt’s impact on the Web and the CA ecosystem. We hope that the success of Let’s Encrypt can provide a model for further enhancements to the Web PKI and for future Internet security infrastructure.

Social Engineering For Physical Intrusions

Speaker: Sarka "the pirate queen"

Objectives: Objective is to let people understand what are different social engineering exploits that can be used against them, their employees or their loved ones. After holistic approach of different human attack vectors I use for my social engineering attacks for physical intrusions, I will step to the defensive side to let the audience understand what controls to put in place to stop a real malicious attackers.

Description: Social Engineering has many different faces from using open source intelligence (OSINT), phishing, vishing, smishing and all the other '-ishings',dropping weaponized USB flash drives to eventually getting right in middle of your target's own office! As there are many tools and described ways of all the -ishings, but almost all of them do not require any interaction with target. And I would like to focus on physical intrusions. If you are interested how I break into buildings like a pirate queen, I will explain how to interact with our target directly and that requires certain knowledge of techniques and skills.

There are many different skills and techniques while approaching a human target and testing their security. I would like to look at different human attack vectors.I also look at how to use this knowledge to not only understand world around us and better our own situational awareness, but I also explain why this is a fun topic we should teach our employees that would help with defending our company but also our loved ones. I like to uncover my offensive thinking while using facial expressions , body language or psychology research but I also see myself though someone else's eyes,  who's daily bread is defending networks and tries to understand human factor while deploying defense in depth at work.

August 29th, 2019 [1]

  1. Title: Reporting on BSides Las Vegas and DEF CON Presenter: Christian Dinesen, NNIT
  2. Title: Approaching Bluetooth in 2019 Presenter: Martin Schroter Abstract: Although Bluetooth has been around for the better part of 30 years, we keep innovating on the technology and new uses are found every year. I want to cover: vulnerabilities in Bluetooth 1 up to 5; understanding the cryptography of Bluetooth; going over the considerations your company needs to make, when you decide to adopt Bluetooth into your infrastructure; know your tools Ubertooth sniffing, btlejuice, btlejack, gattacker; jamming Bluetooth drones mid air! Can we really trust this technology and what are the challenges?
  3. Title: Experiences in OSINT Presenter: Bjarne Tersbøl, Special Advisor at Konkurrence- og Forbrugerstyrelsen / Danish Competition and Consumer Autority

May 27th, 2019 [2]

  1. Title: Security in LPWAN IoT, a comparison (SigFox, LoRaWaN, NB-IoT) Name: Florian Coman Bio: Security Analyst at TDC, MSc in Telecommunication at DTU Abstract: I've investigated the security features and possible vulnerabilities of some LPWAN IoT technologies: the license-free SigFox and LoRaWAN and the cellular NB-IoT. I have looked at their End-to-End architecture (from end-device to application server) and I will present some of my findings during the talk.
  2. Title: “Just Hacker Things with Jayson” Name: Jayson E. Street (http://jaysonestreet.com/) Abstract: Instead of a usual talk, this will be an open discussion. He will share several stories of his travels & exploits (focused around Social Engineering where Jayson has mnay years of experience) but mostly will be there to answer questions about hacking, blue team, red team and DEF CON Groups! So come with questions and expect a few answers and a lot of great hugs!

March 28th, 2019 [3]

  1. Title: XSSER: From XSS to RCE 3.0 Abstract: This presentation demonstrates how an attacker can utilise XSS to execute arbitrary code on the web server when an administrative user inadvertently triggers a hidden XSS payload. Custom tools and payloads integrated with Metasploit's Meterpreter in a highly automated approach will be demonstrated live, including post-exploitation scenarios and interesting data that can be obtained from compromised web applications. This version includes more payloads for common web apps and various other improvements too!" Author: Hans-Michael Varbaek / TDC Group

October 25th, 2018 [4]

  1. Title: An ice-cold Boot to break BitLocker Authors: Olle Segerdahl & Pasi Saarinen / F-Secure

Sponsors

  • TDC [5]
  • Dubex [6]
  • IT-University of Copenhagen [7]

OWASP Copenhagen

Welcome to the Copenhagen chapter homepage. The chapter leader is Alessandro Bruni.


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Local News

Meeting Location: IT University of Copenhagen

Everyone is welcome to join us at our chapter meetings.