Copenhagen

The Copenhagen local chapter organizes quarterly events to promote OWASP and information security in general.

We (re)started from the OWASP-Denmark local chapter with an initial event on October 25th.

Events
If interested in giving a talk, please send a message to [mailto:Alessandro.Bruni@owasp.org Alessandro Bruni].

Let’s Encrypt: An Automated Certificate Authority to Encrypt the Entire Web
Speaker: Alex Halderman

Abstract: Let’s Encrypt is a free, open, and automated HTTPS certificate authority (CA) created to advance HTTPS adoption to the entire Web. Since its launch in late 2015, Let’s Encrypt has grown to become theworld’s largest HTTPS CA, accounting for more currently valid certificates than all other browser-trusted CAs combined. By January2019, it had issued over 538 million certificates for 223 million domain names. We describe how we built Let’s Encrypt, including the architecture of the CA software system (Boulder) and the structure of the organization that operates it (ISRG), and we discuss lessons learned from the experience. We also describe the design of ACME,the IETF-standard protocol we created to automate CA–server inter-actions and certificate issuance, and survey the diverse ecosystem of ACME clients, including Certbot, a software agent we created to automate HTTPS deployment. Finally, we measure Let’s Encrypt’s impact on the Web and the CA ecosystem. We hope that the success of Let’s Encrypt can provide a model for further enhancements to the Web PKI and for future Internet security infrastructure.

Social Engineering For Physical Intrusions
Speaker: Sarka "the pirate queen"

Objectives: Objective is to let people understand what are different social engineering exploits that can be used against them, their employees or their loved ones. After holistic approach of different human attack vectors I use for my social engineering attacks for physical intrusions, I will step to the defensive side to let the audience understand what controls to put in place to stop a real malicious attackers.

Description: Social Engineering has many different faces from using open source intelligence (OSINT), phishing, vishing, smishing and all the other '-ishings',dropping weaponized USB flash drives to eventually getting right in middle of your target's own office! As there are many tools and described ways of all the -ishings, but almost all of them do not require any interaction with target. And I would like to focus on physical intrusions. If you are interested how I break into buildings like a pirate queen, I will explain how to interact with our target directly and that requires certain knowledge of techniques and skills.

There are many different skills and techniques while approaching a human target and testing their security. I would like to look at different human attack vectors.I also look at how to use this knowledge to not only understand world around us and better our own situational awareness, but I also explain why this is a fun topic we should teach our employees that would help with defending our company but also our loved ones. I like to uncover my offensive thinking while using facial expressions, body language or psychology research but I also see myself though someone else's eyes,  who's daily bread is defending networks and tries to understand human factor while deploying defense in depth at work.

August 29th, 2019

 * 1) Title: Reporting on BSides Las Vegas and DEF CON  Presenter: Christian Dinesen, NNIT
 * 2) Title: Approaching Bluetooth in 2019  Presenter: Martin Schroter  Abstract: Although Bluetooth has been around for the better part of 30 years, we keep innovating on the technology and new uses are found every year.  I want to cover: vulnerabilities in Bluetooth 1 up to 5; understanding the cryptography of Bluetooth; going over the considerations your company needs to make, when you decide to adopt Bluetooth into your infrastructure; know your tools Ubertooth sniffing, btlejuice, btlejack, gattacker; jamming Bluetooth drones mid air!  Can we really trust this technology and what are the challenges?
 * 3) Title: Experiences in OSINT  Presenter: Bjarne Tersbøl, Special Advisor at Konkurrence- og Forbrugerstyrelsen / Danish Competition and Consumer Autority

May 27th, 2019

 * 1) Title: Security in LPWAN IoT, a comparison (SigFox, LoRaWaN, NB-IoT)  Name: Florian Coman  Bio: Security Analyst at TDC, MSc in Telecommunication at DTU  Abstract: I've investigated the security features and possible vulnerabilities of some LPWAN IoT technologies: the license-free SigFox and LoRaWAN and the cellular NB-IoT. I have looked at their End-to-End architecture (from end-device to application server) and I will present some of my findings during the talk.
 * 2) Title: “Just Hacker Things with Jayson”  Name: Jayson E. Street (http://jaysonestreet.com/)  Abstract: Instead of a usual talk, this will be an open discussion. He will share several stories of his travels & exploits (focused around Social Engineering where Jayson has mnay years of experience) but mostly will be there to answer questions about hacking, blue team, red team and DEF CON Groups! So come with questions and expect a few answers and a lot of great hugs!

March 28th, 2019

 * 1) Title: XSSER: From XSS to RCE 3.0  Abstract: This presentation demonstrates how an attacker can utilise XSS to execute arbitrary code on the web server when an administrative user inadvertently triggers a hidden XSS payload. Custom tools and payloads integrated with Metasploit's Meterpreter in a highly automated approach will be demonstrated live, including post-exploitation scenarios and interesting data that can be obtained from compromised web applications. This version includes more payloads for common web apps and various other improvements too!"  Author: Hans-Michael Varbaek / TDC Group

October 25th, 2018

 * 1) Title: An ice-cold Boot to break BitLocker  Authors: Olle Segerdahl & Pasi Saarinen / F-Secure

Sponsors

 * TDC
 * Dubex
 * IT-University of Copenhagen

Local News
Meeting Location: IT University of Copenhagen

Everyone is welcome to join us at our chapter meetings.