Dear OWASP fellows,

It’s our pleasure to inform you that the next local chapter meeting will be held on November 14th 2018 at Microsoft/Skype office, Vyskočilova 1561/ 4a, Building Delta, Praha 4.

This time we prepared for you a day full of interesting speakers and workshops. The admission is as usual free of charge.

Schedule

Workshops

9:00 - 12:00 Sebastian Garcia & Veronica Valeros: Getting Your Hands Dirty: How to Analyze the Behavior of Malware Traffic and Web Connections

9:00 - 12:00 Fabien Thalgott: Capture The Flag challenge

Talks

12:05 - 12:15 Opening ceremony with OWASP chapter leaders - Jan Kopecký & Daniel Mács

12:15 - 12:30 Petr Stuchlík: The webhosting has no rights!

12:30 - 13:00 PIZZA TIME!

13:00 - 13:45 Tomáš Charvát: Clustering of botnet traffic and behavioral classification of the cluster in SMTP protokol

13:45 - 14:00 break

14:00 - 14:45 Adéla Haníková: All roads lead to domain admin

14:45 - 15:00 break

15:00 - 15:45 Jan Kopecký: Red and Purple Teaming

15:45 - 16:00 break

16:00 - 16:45 František Střasák: Detecting malware even when it is encrypted

16:45 - 17:00 break

17:00 - 17:45 Martin Klubal: The Zeitgeist of Darknet

Information about the trainers and workshops

Getting Your Hands Dirty: How to Analyze the Behavior of Malware Traffic and Web Connections

Sebastian Garcia

Sebastian is a malware researcher and security teacher that has extensive experience in machine learning applied on network traffic. He created the Stratosphere IPS project, a machine learning-based, free software IPS to protect the civil society. He likes to analyze network patterns and attacks with machine learning. As a researcher in the AIC group of Czech Technical University in Prague, he believes that free software and machine learning tools can help better protect users from abuse of their digital rights. He has been teaching in several countries and Universities and working on penetration testing for both corporations and governments. He was lucky enough to talk in Ekoparty, DeepSec, Hacktivity, Botconf, Hacklu, InBot, Security Sessions, ECAI, CitizenLab, ArgenCor, Free Software Foundation Europe, VirusBulletin, BSides Vienna, HITB Singapore, CACIC, etc. As a co-founder of the MatesLab hackspace he is a free software advocate that worked on honeypots, malware detection, distributed scanning (dnmap) keystroke dynamics, Bluetooth analysis, privacy protection, intruder detection, robotics, microphone detection with SDR (Salamandra) and biohacking.

Veronica Valeros

Veronica is a researcher and intelligence analyst from Argentina. Her research has a strong focus on helping people and involves different areas from wireless and bluetooth privacy issues to malware, botnets and intrusion analysis. She has presented her research on international conferences such as BlackHat, EkoParty, Botconf and others. She is the co-founder of the MatesLab hackerspace based in Argentina, and co-founder of the Independent Fund for Women in Tech. She is currently the director of the CivilSphere project at the Czech Technical University, dedicated to protect civil organizations and individuals from targeted attacks.

Workshop outline

Introduction
Goal: To get to know each other, to know what the training goals are, how the training is organized, and what is the training dynamics.

About the trainer
About the participants
Why to analyze network traffic?

Fundamentals
Goal: To review the basic principles of network security topics so everybody is on the same page. The concepts of networking are displayed from the security point of view. You should finish the module knowing what we are doing, why and how to approach the network analysis.

What’s the attendees current knowledge about networking?
OSI model and TCP/IP model
Basic protocols
What is an attack?
Familiarizing with network traffic tools
- Traffic Analysis Capture #1

Analysis Methodology & Exercises
Goal: To introduce the core methodology of malware traffic analysis, what questions need to be answered, and the core tools that can be used to answering those questions.

Hands-On Exercises
- Traffic Analysis Capture #2
- Traffic Analysis Capture #4
- Traffic Analysis Capture #8
- Traffic Analysis Capture #9
Conclusions

Capture The Flag challenge

Fabien Thalgott

Fabien is an information security professional working as a Security consultant at Toreon in Belgium. He has broad experience in web application and mobile pentesting as well as source code reviews. During his free time he loves to dig into cutting edge technology and losing himself in VR.

Workshop outline

This time we bring you CTF challange! The student CTF will pitch students in small groups against each other trying to solve security challenges. A wide variety of skills will be needed, so choose your time wisely if you want to win. Gather your top crypto analysts, coders, researchers and debuggers and prepare for a half day of sweating, swearing and cheering as you learn new skills and solve puzzles. In order to participate in our Student CTF personal registration is needed. The actual groups can be formed at the CTF itself in case you do not have a group of 4 to 6 people. The doors open at 8h45 and the CTF starts at 9h00. The CTF will be stopped at 12h00. Bring sufficient fluids to keep you going during an adrenaline fuelled day.

Information about the speakers and talks

Petr Stuchlík

Developer and network traffic analyst, who enjoys security challenges of modern web applications. From freelancing, Peter crossed corporate sector and eventually ended up founding a software company, where he is currently producing apps for big data visualization.

The webhosting has no rights!
A lightning talk about the fact how (not-only) czech webhostings ignore a fundamental best-practice and thus helping the attacker to score.

Tomáš Charvát

Tomáš is IT security expert and visionary with many years of expertise in email security and threat intelligence as the co-founder of Excello and Virusfree - the cloud antispam engine.

Clustering of botnet traffic and behavioral classification of the cluster in SMTP protocol

Virusfree.cz is protecting million's of email users, that are being attacked by millions of Botnet zombies. To separate Botnet traffic from legitimate email we use real-time clustering and behavioral analysis of identified cluster's. Hundred of such cluster's are being classified every minute and botnet payload is being identified without prior knowledge what it gonna be. Clustering has discovered that, there are around 6 mil. zombie's that were used to attack SMTP in last 6 months in CEE region. At least 2mil. of those zombies are active every month.

Adéla Haníková

Captivated by the story of Enigma Adéla started her studies of mathematics with focus on information security. She discovered Capture the Flag competitions during the studies and found a great interest in that. After graduation she figured out that you can look for vulnerabilities and make a living out of it. It has been already three years since she has been working as a penetration tester in Czech company AEC a.s.

All roads lead to domain admin

Have you ever wondered how an attacker might gain domain admin access to your domain? There might be ways you did not dream of even in the wildest dreams. In this talk you will see some of the classic ones as well as those less believable we have seen in recent years.

Jan Kopecký

Jan is IT security professional who has spent more than last 10 years with hacking things. He mostly hacks web applications, infrastructure and writes exploits (rather for fun than profit:). Jan is founder of small yet exclusive IT security company captes.cz. He is also employee of Nationale Nederlanden and OWASP chapter leader for Czech Republic.

Red and Purple Teaming

Red teaming and Purple teaming are very popular words in IT security world nowadays. The idea of this talk is to explain what RT and PT are about, how it can be done and what are important things to keep in mind for successful execution. I will share lessons which I have learnt during last few years of delivering RT and PT as a full time employee and also an independent consultant. Do not expect talk which is filled with technical details, it is rather introduction and collection of useful tips to make sure that your first experience with either Red or Purple teaming will be as painless as possible.

František Střasák

Frenky is master student of Artificial Intelligence in FEE in CTU in the Czech Republic. He is focus on AI in cyber security.

Detecting malware even when it is encrypted

With the increasing amount of malware HTTPS traffic, it is a challenge to discover new features and methods to detect malware without decrypting the traffic. A detection method that does not need to unencrypt the traffic is cheaper (because no traffic interceptor is needed), faster and private, respecting the original idea of HTTPS. Our research goal is to detect malware HTTPS connections using data, that does not need to unencrypt the traffic.

Martin Klubal

Martin is a senior IT Specialist actively involving in the ethical hacking about more than 15 years. He worked for well-known Czech companies as well as for the international institutions. He is focused on practical knowledge and custom research in several areas like pentesting, social engineering, darknet and red teaming. Currently, he is gaining experience in the Russian Federation.

The Zeitgeist of Darknet
How does look like the Darknet in the year of 2018? How is the ecosystem involved by the Bitcoin volatility or several LE activities? What did bring the next-generation Hidden Service protocol and why is the darknet not so secure as you probably think? Let’s show, how easy is to compromise some popular darknet servers.

Additional information

• If using public transportation you can either go to the metro station Budějovická and walk 5 minutes. There is also a bus stop Vyskočilova nearby, one stop away from the metro. For cars there are plenty of paid parking lots in the surrouding area.

• Unless stated otherwise, talks will be in English and the recordings will be available online ( with speakers' permission) after the convention

• For the workshops, please come at least 15 minutes ahead of time, otherwise it can happen that your seat is taken by somebody on the waiting list.

• There will be some snacks and soft drinks prepared for you during the event. Also, there is a small cafe next to the conference hall where you can purchase hot drinks.

• The venue is on the ground floor of the office building. There will be signs showing you way to the conference hall and the lecture room for workshops.