TBA - Likely around September 1 - currently organising speakers.
Date: Wednesday, 28th July 2010
- Robert Lee, PriceWaterHouse Coopers, Vulnerabilities & Google’s Jarlsberg Application
- Alex Kouzemchenko, Azimuth Security, WAFs: How I love Thee.
Date: Tuesday, 20rd April 2010
- Louis Nyffenegger - ‘SQL injection in “order by” clauses’
- Raphael Speyer – ECMAscript 5
- Christian Heinrich - OWASP Top Ten 2010
- Daniel Grzelak – Recon Tool Demonstration
Date: Tuesday, 23rd March 2010
- PDF Hacking - Paul Theriault (Link TBA)
- The plan is to run an informal workshop style presentation with the following objectives:
- Provide an introduction to PDF format, scripting capabilities and other “features” you wouldn’t expect to see in a document format
- Learn some basic tools & techniques for analyzing malicious PDF files, for great justice
- Learn some basic tools & techniques for creating malicious PDF files, for great science
- Look at the security implications of PDFs and what can be done in an enterprise environment to reduce these risks (uninstall Reader?)
- Incident Case Study - Charles Carmakal (Link TBA)
- Review of the security breach landscape in the US and go through an interesting case study. It involved organised criminals from eastern Europe, over $100M of losses, and incredible sophistication. The initial point of entry for this breach was the web - SQL injection, linked databases, privilege escalation, development/deployment of custom malware.