Crypto 24 / 7 News

Difference between revisions of “Gothenburg” From OWASP (One intermediate revision by the same user not shown) Line 63: in January no date set yet. Subscribe to our mailinglist for updates about * 2018-01-16: Sven Schleier – OWASP Mobile Security Testing Guide (MSTG) [https://youtu .be Latest revision as of 14:40, 14 February 2018 Welcome to the Gothenburg chapter homepage
The chapter leaders are: Mikael Wecksten Daniel Hedemalm
OWASP Göteborgs vision är att väcka intresse för och sprida kunskap om hur man bygger säkra mjukvarusystem. Den är att tillhandahålla en balanserad mix av de senaste rönen inom akademisk säkerhetsforskning (spets och framkant), etablerade säkerhetstekniker och designprinciper för direkt tillämpning (bredd och mogenhet). De viktigaste elementen i konstruktionen av säkra applikationer är design och utvecklingsmetodik. OWASP Göteborg skall därför bidra till att öka säkerhetstänkandet hos programvaruutvecklare.

OWASP Göteborg når ut till utvecklare, projektledare och säkerhetspersoner genom att erbjuda intressanta föredrag och demonstrationer kring säkerhet – både i stort och i smått. Communityhack-dagar, mingel, inhemska och utländska talare profilerar oss som en seriös aktör som erbjuder intresserade en mötesplats där de kan träffa likasinnade, utbyta idéer samt diskutera de senaste inom området.

Vem som helst är varmt välkommen till våra möten!
För att delta i mötena måste du gå med i våran: OWASP Sweden-mailinglistan .
Är du intresserad av att hjälpa till eller har förslag på spännande och intressanta föredrag och/eller talare är du välkommen att kontakta oss.
Tidigare presentationer hittar du i våran YouTube-kanal: owaspgbg .
Följ oss på Twitter https://twitter.com/owaspgbg
och vi finns också på Facebook: https://www.

facebook.com/owaspgbg/ 2018-01-16: Sven Schleier – OWASP Mobile Security Testing Guide (MSTG) [1] 2018-01-16: Jeroen Willemsen – All about the keying material [2] OWASP Gothenburg 2017 2017-10-16 Johan Rydberg Möller – Practical HTTP Header Attacks [3] 2017-10-16 Mikael Falkvidd – IoT LPWAN security Sigfox and LoRaWAN [4] 2017-08-23 OWASP SäkPub – Talk about CTF 2017-04-06 Jesper Larsson – Hacking embedded Systems for fun and profit video 2017-04-06 Ben Stock – Large Scale Web Vulnerability Notification video 2017-01-31 Scott Helme – Hacking the Nissan Leaf video 2017-01-31 Anders Rosdahl – Car Hacks 101, An overview of noticed automotive (in)security cases OWASP Gothenburg 2016 2016-11-24 Lucas Lundgren and Neil Hindocha – LIGHT WEIGHT PROTOCOL! SERIOUS EQUIPMENT! CRITICAL IMPLICATIONS! video 2016-11-24 Pierre Pavlidès – Overview of some automotive RKE systems video 2016-11-24 Marielle Eide – The new General Data Protection Regulation – Are you ready video 2016-11-24 Janne Haldesten: Please hold, your call is being rerouted – Vulnerabilities in the SS7 protocol video 2016-11-24 Avi Douglen – Passwords, Rehashed All Over Again video 2016-10-20 Filip Kälebo – Advanced traffic obfuscation made easy video 2016-10-20 Daniel Hausknecht Content Security Policy – The silver bullet without silver video 2016-10-20 Joachim Strömbergson – Leakage, Side Channels and Exfiltration in Computer Systems video 2016-06-09 Tero Hänninen – Enterprise threat hunting; cheap, fun and effective! video 2016-06-09 Johanna Abrahamsson – Incident detection for free! video 2016-03-22 Lars Andrén – Source Code Analysis of Web Frameworks video 2016-03-22 Lars Andrén – What is static code analysis (SCA) video
2016-03-22 – Static code analysis for the masses
We have been trying to put together an event on static code analysis for ages so naturally we jumped at the opportunity when Lars approached us. The only question was how to find a matching speaker for slot number two? Discussing the setup with Lars, we soon realized we needed no second speaker – Lars had material for more than one event on his own. This is going to be an epic evening! The goal for the session is to give the participants enough knowledge to be able to determine what kind of tool as best suitable for their own projects.

We will end the evening with a hands-on workshop where the theories from the evening will be used in practice. Tonights sponsor is ÅF – once again we will meet at their great office at Grafiska vägen 2.
Who is Lars Andrén? I am a software engineer by education and work, currently working at security startup Keypasco in Gothenburg. Three intense years of my life was spent developing the SCA “CodeSecure” at the company Armorize in Taipei, Taiwan ROC.

Most of my time was spent with the core analyzer, which doesn’t make me a bona fide security expert, but does give me a unique insight in the workings of SCA tools. When I don’t scan source code I paint Warhammer models that I less and less frequently have time to play with.
Preparations for the workshop Download and install Eclipse Helios https://eclipse.

org/downloads/packages/release/helios/sr2 Download and install OWASP LAPSE+ LAPSE+ can be found here https://www.owasp.

org/index.php/OWASP_Gothenburg_Day_2015
2015-10-20 – Security Tapas
While preparing for OWASP Gothenburg Day we realised we need something that is quite the opposite of a giant all-day event with international speakers. We need a small and cosy down-to-earth session with local speakers. Like a hackathon but with some kind of agenda.

Small demonstrations, primers on a subject or technology, a lightning talk or even a small hands on workshop. To make room for a lot of people we keep them short, aiming for 15-20 minutes for presentations with some additional room for workshops. OWASP will open up the floor, while you, our community, sets the agenda and take place on stage. Thanks to our sponsor ÅF we’ll have a cool venue on the 16th floor and something to eat and drink.

Pls, send us a short title, your suggested time slot size in minutes and whether this is a workshop or not (defined by the fact that participants will require to bring some kind of equipment and will be expected to perform some kind of activity) to [email protected] OR let us know through the ticket registration form. You are of course very welcome to attend even if you don’t have something to present.

Going dark – Mattias Jidhage
Mac Hack Backup Attack – Jonas Magazinius
Livepatching the linux kernel – Mikael Falkvidd
An introduction to QubesOS – Fredrik Strömberg
Hands on with wifi security – Anders Rosdahl
OWASP Security Shepherd – Viktor Hedberg
Introduction to Android app security review – Mikael Wecksten
TrustZone, TEE and mobile security – Peter Gullberg
2015-04-15 – D-FENS
Let’s talk defense. Offense might be a bit more fun (admit it – there is a small evil mini-me inside all of us that wants nothing but wielding the mighty power of the hack that ruled them all) but let’s face it, there are only so many wrongdoing organisations with world domination aspirations that will hire you to develop attacks on company time. For most of us that wants a paycheck within security, defence is on the menu. So, how should we effectively use our company’s sparse resources to make it harder for an attacker to breach our defenses and when that inevitably happens anyway; how do we find the bad code and remove it? The event is sponsored by Omegapoint, so we wish to thank them in advance for food, drinks and the venue! The event will be held in English!
Agenda
17:30 Event starts with a light snack and drink.
18:00 A word from our sponsor Omegapoint and a Community update
18:15 Defender economics
20:00 Beer, snacks and some serious security live chat
Approx.

21:00 Event ends
Speaker bios and abstracts
Andreas Lindh – Defender Economics
There are a lot of preconceptions about defense, the most prevalent one probably the “defenders dilemma” in which it is stated that an attacker only needs to find one weakness to compromise a network while a defender needs to defend all of them. While this may be true in a technical sense, things become a lot more complicated once you apply real world considerations. Preconceptions like this are often the foundation on which risk management and ultimately defense strategies are based, something that has led to a number of false but generally accepted assumptions about attackers and their capabilities, and how to defend against them. This talk will discuss the capabilities, and more importantly the limitations, of different types of attackers. Using the ancient wisdom of the Teenage Mutant Ninja Turtles, the speaker will explain how knowledge of an attacker’s limitations can be leveraged to raise the cost of attack, something that will tip the scale in the defenders favor.

The speaker will also explain how different defensive measures will affect different types of attackers, how they are likely to react to them, and in the end how to get them to hopefully move on to another target.
Andreas Lindh (@addelindh) is a security analyst and engineer working for I Secure Sweden in Gothenburg, Sweden. He specializes in threat & vulnerability analysis, intrusion detection and generally making his clients more secure. When he’s not dissecting threats or kicking some intruder off a network somewhere, he likes to write crappy Python code and make bad puns on Twitter. Andreas has previously presented his work at, among others, Black Hat USA, Virus Bulletin and 44Con.
Michael Boman – Search and Destroy the unknown
What do you do after realizing that you have been infected by a previously unknown sample that your antimalware vendor failed to detect, or you are unsure that you have up-to-date antimalware products on all systems in your environment? Perhaps you are not able to install antimalware on some endpoints due to regulatory restrictions. So how do you go about to detect malware that hasn’t been detected by your antimalware software? Learn how you can make use of the sources of detection you already have, like your firewall logs, to detect unknown threats on your network and help you locate and extract the malicious software causing the issue.

Once you got your hands on a sample you can analyze it for artifacts the malware creates. Those artifacts, called Indicators of Compromise (IOC), can be used to detect additional malware infections on your SMB or Enterprise network using tools you might already have or can easily be acquired freely from the internet.
Michael Boman (@mboman) is a senior malware analyst at the Malware Research Institute and has been presenting at several large security conferences including 44CON and DEEPSEC in the recent years about malware research, everything from finding malware samples to analyze suspected files at speed and on budget.

Michael has been interested in malicious software since he got his own machine infected even though he followed all the best practices having his computer up-to-date with both patches and antimalware software. The fact that the only thing that notified him about the infection was the built-in Windows firewall asking if it was OK to open a port for a piece of executable. And the rest, as they say, is history. Malware Research Institute is an organization that promotes malware research, tools and techniques for aspiring and seasoned malware analysts.

Malware Research Institute has a blog where they publish interesting resources for malware researchers over at