BEGIN:VCALENDAR VERSION:2.0 PRODID:-//OpenACalendar//NONSGML OpenACalendar//EN X-WR-CALNAME:IT Security Kassel / Nordhessen Meetup: Security Meetup 0x36 ( Remote) (Nr 54) - Open Tech Calendar BEGIN:VEVENT UID:10734@otc.opentechcalendar.co.uk URL:https://opentechcalendar.co.uk/event/10734-security-meetup-0x36-remote- nr-54 SUMMARY:IT Security Kassel / Nordhessen Meetup: Security Meetup 0x36 (Remot e) (Nr 54) DESCRIPTION:Vorträge / Talks:\n\n1. Deserialization attacks (Matthias)\n\n( Description below)\n\n2. Phishing Campaign with Gophish - Open Source Phis hing Framework - This talk is in German :) (Sergej)\n\nDescription to Dese rialization attacks:\n\nSerializing data is a way of making your code pers istent. However\, if you load this stored data into your application givin g the user the possibility to change it\, it can be like delivering her/hi m direct access into your code. And besides changing the behaviour of the application\, what this means\, if the codes allows it\, is direct control over your server.\nThis attack is part of the OWASP Top 10 by now (https: //owasp.org/www-project-top-ten/).\nI will show the the vulnerability in d ifferent demos\, from easy to difficult ones.\nIf you want to have a look in advance\, you can do so in the labs here: https://portswigger.net/web-s ecurity/deserialization/exploiting\n\nSprache wird je nach Publikum gewähl t - Language is chosen depending on the audience\n\n==\n\nDie Remote-Zugan gsdaten gehen an alle registrierten Teilnehmer am Tag des Meetups.\nThe re mote access data will be sent to all registered participants by email on t he day of the meetup.\n\nDie Veranstaltung ist offen\, jeder ist gerne wil lkommen!\nWenn Du Fragen hast\, einfach in die Kommentare schreiben: Es fi ndet sich sicherlich jemand der sie beantwortet.\nFalls du selbst etwas vo rstellen willst\, z.B. wenn Du etwas Cooles entdeckt hast oder schlicht te ilen willst gerne her damit! Wir freuen uns auf jeden Vortrag egal wir lan g er ist.\n\nThe event is open\, everyone is welcome!\nIf you have any que stions\, just write in the comments: You will surely find someone to answe r them.\nIf you want to present something yourself\, e.g. if you've discov ered something cool or just want to share it! We are looking forward to ev ery presentation no matter how long it is.\n\nDauer der Vorträge / Duratio n of the talks:\nNormal: Max 1h 30\, Shorty: Kurzvortrag / Short talk\n\nW eitere Ressourcen IT-Security-Meetup Kassel / Further resources IT-Securit y-Meetup Kassel:\n\n- Alte Vorträge / Talks from the past:\n-- https://git hub.com/it-security-kassel-nordhessen/meetup\n-- https://www.youtube.com/w atch?v=nTpTSOVXSTU&list=PLGrnDfwTFZ7nluvGOIIR1GXHCEAnuLR1o\n\n- Musik / Mu sic:\n-- https://soundcloud.com/user-272351705/sets/monatliches-security-m eetup\n\no --------------------------------------------------------------- ------------\n\nGewünschte Themen für weitere Veranstaltungen / Desired to pics for further events:\n\n- BurpSuite\n- WS-Security\n- Rest Security OW ASP / Rest API\n\n- Bug Bounty Hunting\n\n- Social Engineering - Ad Target ing\n- Elliptic Curve Crypto Basics\n\n- Reverse Engineering Radare\n- Ida Pro Workflow\n\n- DFF Digital Forensics Framework\n\n- Kaputtes WLAN / KR ACK\n- Router-Hacks (AVM z.B.)\n\no -------------------------------------- -------------------------------------\n\n-- Sponsor --\n\nMicromata GmbH\n Conference Room\, Github Quota :)\nhttps://opentechcalendar.co.uk/event/10 734-security-meetup-0x36-remote-nr-54\nPowered by Open Tech Calendar X-ALT-DESC;FMTTYPE=text/html:
Vorträ\;ge / Talks:
1. Deserialization attacks (Matthias)
(Description below)
2.
Phishing Campaign with Gophish - Open Source Phishing Framework - This ta
lk is in German :) (Sergej)
Description to Deserialization attacks:
Serializing data is a way of making your code persistent. However\
, if you load this stored data into your application giving the user the p
ossibility to change it\, it can be like delivering her/him direct access
into your code. And besides changing the behaviour of the application\, wh
at this means\, if the codes allows it\, is direct control over your serve
r.
This attack is part of the OWASP Top 10 by now (https://owasp.org/ww
w-project-top-ten/).
I will show the the vulnerability in different dem
os\, from easy to difficult ones.
If you want to have a look in advance
\, you can do so in the labs here: https://portswigger.net/web-security/de
serialization/exploiting
Sprache wird je nach Publikum gewä\;hl
t - Language is chosen depending on the audience
==
Die Remo
te-Zugangsdaten gehen an alle registrierten Teilnehmer am Tag des Meetups.
The remote access data will be sent to all registered participants by
email on the day of the meetup.
Die Veranstaltung ist offen\, jeder
ist gerne willkommen!
Wenn Du Fragen hast\, einfach in die Kommentare
schreiben: Es findet sich sicherlich jemand der sie beantwortet.
Falls
du selbst etwas vorstellen willst\, z.B. wenn Du etwas Cooles entdeckt has
t oder schlicht teilen willst gerne her damit! Wir freuen uns auf jeden Vo
rtrag egal wir lang er ist.
The event is open\, everyone is welcome
!
If you have any questions\, just write in the comments: You will sure
ly find someone to answer them.
If you want to present something yourse
lf\, e.g. if you've discovered something cool or just want to share it! We
are looking forward to every presentation no matter how long it is.
Dauer der Vorträ\;ge / Duration of the talks:
Normal: Max 1h 30\,
Shorty: Kurzvortrag / Short talk
Weitere Ressourcen IT-Security-Me
etup Kassel / Further resources IT-Security-Meetup Kassel:
- Alte V
orträ\;ge / Talks from the past:
-- https://github.com/it-security-
kassel-nordhessen/meetup
-- https://www.youtube.com/watch?v=nTpTSOVXSTU
&\;list=PLGrnDfwTFZ7nluvGOIIR1GXHCEAnuLR1o
- Musik / Music:
-
- https://soundcloud.com/user-272351705/sets/monatliches-security-meetup
&bull\; ------------------------------------------------------------
---------------
Gewü\;nschte Themen fü\;r weitere Veranstal
tungen / Desired topics for further events:
- BurpSuite
- WS-Sec
urity
- Rest Security OWASP / Rest API
- Bug Bounty Hunting
<
br>- Social Engineering - Ad Targeting
- Elliptic Curve Crypto Basics
- Reverse Engineering Radare
- Ida Pro Workflow
- DFF Digi
tal Forensics Framework
- Kaputtes WLAN / KRACK
- Router-Hacks (
AVM z.B.)
&bull\; -------------------------------------------------
--------------------------
-- Sponsor --
Micromata GmbH
C
onference Room\, Github Quota :)
More info: https://ope ntechcalendar.co.uk/event/10734-security-meetup-0x36-remote-nr-54
< p style="font-style:italic\;font-size:80%">Powered by Open Te ch Calendar DTSTART:20201021T160000Z DTEND:20201021T190000Z LAST-MODIFIED:20201019T112652Z SEQUENCE:133459729 DTSTAMP:20200903T182607Z END:VEVENT END:VCALENDAR