1. Homepage
  2. Events
  3. Barcamp Samstag

Barcamp Samstag 15.06.2019, 9:00 - 17:00

Time Table

08:00

Build-Up
Room: [3] REDTEAM PENTESTING

09:00

Arrival
Room: [3] REDTEAM PENTESTING

10:00

Welcome and Session Planning
Room: [3] REDTEAM PENTESTING
-
Room: [7] BOXCRYPTOR
-
Room: [10] ITERATEC
-
Room: [13] REWE DIGITAL
-
Room: [15] PROGRESSIVE IT

11:00

Microservices, DevOps & Security
Room: [7] BOXCRYPTOR
Actually using radare2
We'll go over: - What radare2 is - What it can do - Learning some basics - Solving a simple crackme challenge - Tips and tricks to get involved
Vasilij Schneidermann
Room: [10] ITERATEC
SOC: Event based vs. risk based
Security Operation Centers (SOC) often use an event-based approach to detect and investigate security incidents. There are ongoing discussions about switching to a risk-based approach. Is it ebtter? Lets omapre and discuss
Room: [15] PROGRESSIVE IT

12:00

My experience with IoT Security
What I`ve learned over the last 3-4 years.
Pablo Endres
Room: [3] REDTEAM PENTESTING
OWASP SecureCode Box
I will show you the Secure Code Box so you can play with it by your own
Room: [7] BOXCRYPTOR
Reporting of security issues
Vulnerabilities are often found by private bug hunters. Most companies don't offer a way to submit security related reports in an easy way. Instead the only way is to contact the customer support which is normally unable to handle the request. Related topics are: - Personal experience with bug reporting - Defining a tolerated scope for private security testing - Offering a simple way to submit a report - Dealing with reports (Bounties, Disclosure, ...)
Robin Meis
Room: [10] ITERATEC
How to SIEM
Sich ein SIEM zu aufen ist nur die halbe Miete. Dioe Protokollierungsvorhgaben des BSI umsetzen reicht auch nicht . Wir sprechen darüber was getan werden muss. / JUst buying a SIEM isn't enough. Applying BSI Grundschutz protocol policy doenst quite do the job
Holger Fastenrath
Room: [15] PROGRESSIVE IT

13:00

Lunch
Room: [3] REDTEAM PENTESTING
-
Room: [7] BOXCRYPTOR
-
Room: [10] ITERATEC
-
Room: [13] REWE DIGITAL
-
Room: [15] PROGRESSIVE IT

14:00

Lightning Talks
Room: [3] REDTEAM PENTESTING
-
Room: [7] BOXCRYPTOR
-
Room: [10] ITERATEC
-
Room: [13] REWE DIGITAL
-
Room: [15] PROGRESSIVE IT

15:00

WTF CTF
What are CTFs anyway and why would I want to play them? This proposal will cover: - What they are - Lots of tips and fun facts - Some hands-on practice on simple Web challenges
Vasilij Schneidermann
Room: [7] BOXCRYPTOR
OAuth 2.0: New Attacks and Security Recommendations
The IETF OAuth Working Group is working towards a new Security Best Current Practice (BCP) RFC that aims to weed out insecure implementation patterns for OAuth 2.0. It based on lessons learned in practice and on new attacks found through formal security analyses of OAuth and OpenID Connect. I would like to present and discuss this work.
Daniel Fett
Room: [10] ITERATEC
Build your own USB Rubber Ducky
Martin Junker
Room: [13] REWE DIGITAL
Threat Modeling: Tools, DevOps, and Flaw Patterns
An open discussion about your Threat Modeling experience. I actually have some questions: - What should tools be like that help DevOps Teams to perform continuous threat modeling? - Is there a learning curve for teams? Shall one start with the most advanced tool? - Beyonde STRIDE: Which are the controls we really need to look at? What are the Flaw patterns?
Lars
Room: [15] PROGRESSIVE IT

16:00

We decide is it secure, why?
A new technology arises, we are skeptical but
Reimar Bauer
Room: [7] BOXCRYPTOR
LangSec: Writing Your Own Parser is like Writing your own Crypto
I will give a short intro to LangSec to answer the question: Why are parsers, unparsers, and theoretical computer science key to most of the vulnerabilities we see today? I would love to discuss options and opinions how to get out of this software crises by discussing: - use of tools - does knowledge alone help - new programming language features to prevent entire bug classes like Injections
Lars
Room: [10] ITERATEC
Build your own USB Rubber Ducky
Martin Junker
Room: [13] REWE DIGITAL

17:00

Buffer Overflow and Stack Smashing 101
I will give an intro on the attack method buffer overflow and how stack smashing works.
Guido Schmitz
Room: [3] REDTEAM PENTESTING
Industrial safety and security
Industrial safety and security. Konsequenzen für den Arbeitsschutz durch Angriffe auf Industriesteuerungen.
Jonas Stein
Room: [10] ITERATEC
OWASP Dependency Check
Intro to Dependendies Check for JAva & Spring Boot
Room: [15] PROGRESSIVE IT

18:00

Wrap-Up Session
Room: [3] REDTEAM PENTESTING
-
Room: [7] BOXCRYPTOR
-
Room: [10] ITERATEC
-
Room: [13] REWE DIGITAL
-
Room: [15] PROGRESSIVE IT

19:00

Location