Last active
July 27, 2024 03:54
-
-
Save unfo/797f2dff3566832e4d7fb425a0499c53 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#%% | |
""" | |
Converts https://disobey.fi/2024/program html into .ics feed | |
only fix i needed to do was change the duplicate | |
<div id='timetable-day-1'> to <div id='timetable-day-2'> | |
""" | |
from bs4 import BeautifulSoup, NavigableString | |
import lxml | |
html_content = open('program.html','r').read() | |
soup = BeautifulSoup(html_content, 'lxml') | |
from icalendar import Calendar, Event | |
from datetime import datetime, timedelta | |
import hashlib | |
# Create a calendar | |
cal = Calendar() | |
base_url = 'https://disobey.fi/2024/' | |
days = ['1', '2'] | |
stages = ['main', 'cs', 'ws'] | |
stage_names = {'main': 'Main stage', 'cs': 'Security Theater', 'ws': 'Workshop' } | |
dates = [ | |
datetime(2024, 2, 16, 0, 0, 0), | |
datetime(2024, 2, 17, 0, 0, 0), | |
] | |
for day in range(1,3): | |
day_content = soup.find(name='div', attrs={'id': f'timetable-day-{day}' }) | |
for stage in stages: | |
stage_content = day_content.find('div', class_=stage) | |
stage_events = [] | |
empty_counter = 0 | |
for event in stage_content.contents: | |
if event.name == 'div': | |
event_classes = event.get('class', []) | |
# print(f'div with {event_classes}') | |
if 'empty' in event_classes and len(stage_events) > 0: | |
# print(f'Found padding: {event}, total = {empty_counter}') | |
empty_counter += 1 | |
if event.name == 'a': | |
if empty_counter > 0 and len(stage_events) > 0: | |
timepad = timedelta(minutes=empty_counter * 15) | |
print(f'Found {timepad} of padding for event') | |
stage_events[-1]['dtend'] = timepad | |
empty_counter = 0 | |
title_cell = event.find(name='div', attrs={'class': 'cell-header'}) | |
title = title_cell.find('h2').get_text(strip=True) | |
author = title_cell.find('span').get_text(strip=True) | |
time_cell = event.find('div', class_='mobile-date') | |
# Initialize a variable to hold the target text | |
time_of_event = None | |
# Iterate through the contents of the parent div | |
for content in time_cell.contents: | |
# Check if the content is a NavigableString and not just whitespace | |
if isinstance(content, NavigableString) and content.strip(): | |
# This assumes the first non-whitespace NavigableString after the inner div is the target | |
time_of_event = content.strip() | |
break | |
if len(author) > 0: | |
summary = f'{title} by {author}' | |
# print(f'Found event: {time_of_event}: {author} - {title}') | |
else: | |
summary = f'{title}' | |
# print(f'Found event: {time_of_event}: {title}') | |
link = base_url + event['href'] | |
# print(f'\t-> {base_url}{link}') | |
base_date = dates[day-1] | |
[hour,minutes] = [int(x) for x in time_of_event.split(':')] | |
event_start = datetime(2024, 2, 15+day, hour, minutes, 0) | |
event_data = { | |
'summary': summary, | |
'dtstart': event_start, | |
'dtend': None, | |
'dtstamp': datetime.utcnow(), | |
'location': stage_names[stage], | |
'url': link, | |
'uid': hashlib.md5(summary.encode('utf-8')).hexdigest() | |
} | |
# use md5 as uid so it is consistent => can update same event with fixes | |
stage_events.append(event_data) | |
if empty_counter > 0 and len(stage_events) > 0: | |
timepad = timedelta(minutes=empty_counter * 15) | |
print(f'Found {timepad} of padding for event') | |
stage_events[-1]['dtend'] = timepad | |
empty_counter = 0 | |
for index, event in enumerate(stage_events): | |
timepad = event['dtend'] | |
if index == len(stage_events) - 1: | |
event['dtend'] = datetime(2024, 2, 15+day+1, 0, 0, 0) - timepad | |
else: | |
if timepad is not None: | |
event['dtend'] = stage_events[index+1]['dtstart'] - timepad | |
else: | |
event['dtend'] = stage_events[index+1]['dtstart'] | |
ical_event = Event() | |
for key,value in event.items(): | |
ical_event.add(key, value) | |
cal.add_component(ical_event) | |
#%% | |
file_path = 'output_disobey2024.ics' | |
with open(file_path, 'wb') as f: | |
f.write(cal.to_ical()) | |
# %% |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from icalendar import Calendar, Event | |
from datetime import datetime, timedelta | |
import pytz | |
import hashlib | |
import json | |
# Base URL for event links | |
base_url = "https://disobey.fi/2024/profile/" | |
# Initialize the calendar | |
cal = Calendar() | |
# source: https://disobey.fi/2024/inc/schedule.json | |
schedule_fp = open('schedule.json', 'r').read() | |
schedule_data = json.loads(schedule_fp) | |
days = schedule_data['schedule']['conference']['days'] # Navigate directly to the nested events list | |
for day in days: | |
for room in day['rooms']: | |
for event in day['rooms'][room]: | |
# Extract relevant information | |
title = event['title'] | |
start_dt = datetime.fromisoformat(event['date']) | |
duration = event['duration'].split(':') | |
duration_td = timedelta(hours=int(duration[0]), minutes=int(duration[1])) | |
end_dt = start_dt + duration_td | |
abstract = event['abstract'] | |
room = event['room'] | |
slug = event['slug'] | |
# Create the event | |
ical_event = Event() | |
ical_event.add('summary', title) | |
ical_event.add('dtstart', start_dt) | |
ical_event.add('dtend', end_dt) | |
ical_event.add('description', abstract) | |
ical_event.add('location', room) | |
ical_event.add('url', base_url + slug) | |
ical_event['uid'] = event['guid'] | |
# Add event to calendar | |
cal.add_component(ical_event) | |
# Save the .ics file | |
file_path = 'schedule.ics' | |
with open(file_path, 'wb') as f: | |
f.write(cal.to_ical()) | |
file_path |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BEGIN:VCALENDAR | |
BEGIN:VEVENT | |
SUMMARY:Doors Opening and registration | |
DTSTART:20240216T113000 | |
DTEND:20240216T123000 | |
DTSTAMP:20240212T120141Z | |
UID:262ef33a2f67100a010347d2b628f479 | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-235-doors-opening-and-regi | |
stration | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Opening ceremony by NotMyNick by NotMyNick | |
DTSTART:20240216T123000 | |
DTEND:20240216T130000 | |
DTSTAMP:20240212T120141Z | |
UID:df982e45386873010aa78c253d07dc93 | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-233-opening-ceremony-by-no | |
tmynick | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:KEYNOTE : Cyber and data security within the critical role of\n | |
securing the sensitive data at the Social Insurance Institution | |
of\n Finland by Nina Nissilä | |
DTSTART:20240216T130000 | |
DTEND:20240216T140000 | |
DTSTAMP:20240212T120141Z | |
UID:7bd6739eaa097a3c01a0d236d2be7693 | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-232-keynote-cyber-and-data | |
-security-within-the-critical-role-of-securing-the-sensitive-data-at-the-s | |
ocial-insurance-institution-of-finland | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Hardware Hacking all the things\, on a budget - You can do it too! | |
by Tomi Koski | |
DTSTART:20240216T140000 | |
DTEND:20240216T150000 | |
DTSTAMP:20240212T120141Z | |
UID:e798f10f8986792aa5252c70e0474a02 | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-141-hardware-hacking-all-t | |
he-things-on-a-budget-you-can-do-it-too- | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Beyond Code Security: How CSPM Can Help to Secure Your Cloud and\n | |
Avoid Configuration Disasters by Mikael Nilsson | |
DTSTART:20240216T150000 | |
DTEND:20240216T153000 | |
DTSTAMP:20240212T120141Z | |
UID:eb99d9323b75ca6513064e17c7d98ccc | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-127-beyond-code-security-h | |
ow-cspm-can-help-to-secure-your-cloud-and-avoid-configuration-disasters | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Guarding Your Digital Realm: Heimdall – Your Shield in the World | |
\n of Web and API Security\, Where Vigilance Comes at No Cost | |
by Shivam Saraswat | |
DTSTART:20240216T153000 | |
DTEND:20240216T160000 | |
DTSTAMP:20240212T120141Z | |
UID:18d4fc4669aa97fd5d74eda573c53c2a | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-136-guarding-your-digital- | |
realm-heimdall-your-shield-in-the-world-of-web-and-api-security-where-vigi | |
lance-comes-at-no-cost | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Scripting your recon: Turning data into Red Team intel by Yianna P | |
aris | |
DTSTART:20240216T170000 | |
DTEND:20240216T180000 | |
DTSTAMP:20240212T120141Z | |
UID:60b496c7d5ec067d9548e3ee639dc347 | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-203-scripting-your-recon-t | |
urning-data-into-red-team-intel | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Hacking hearts and minds by Joakim Tauren | |
DTSTART:20240216T180000 | |
DTEND:20240216T190000 | |
DTSTAMP:20240212T120141Z | |
UID:cc5f23d69cafc33d3f950fd5a4e1c31f | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-140-hacking-hearts-and-min | |
ds | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:How Much Dirty Laundry Are Your Smart Home Devices Airing About\n | |
You? by Jack Fitzsimons | |
DTSTART:20240216T190000 | |
DTEND:20240216T200000 | |
DTSTAMP:20240212T120141Z | |
UID:49ac3bbea0903b56f9526de70dee7d3c | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-190-how-much-dirty-laundry | |
-are-your-smart-home-devices-airing-about-you- | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Weaponizing Plain Text: ANSI Escape Sequences as a Forensic\n | |
Nightmare by STÖK | |
DTSTART:20240216T201500 | |
DTEND:20240216T211500 | |
DTSTAMP:20240212T120141Z | |
UID:e009cf616ffa11d59a1ef31aa8167469 | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-150-weaponizing-plain-text | |
-ansi-escape-sequences-as-a-forensic-nightmare | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Creating monsters by joohoi | |
DTSTART:20240216T211500 | |
DTEND:20240216T221500 | |
DTSTAMP:20240212T120141Z | |
UID:b62ae3aade89c809fbf05f845daef552 | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-212-creating-monsters | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Doors close at 23:00 | |
DTSTART:20240216T223000 | |
DTEND:20240216T230000 | |
DTSTAMP:20240212T120141Z | |
UID:f9b293e638e28d1b00e3f175202a3092 | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-237-doors-close-at-23-00 | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Wi-Fi Roaming Security and Privacy by Karri Huhtanen | |
DTSTART:20240216T140000 | |
DTEND:20240216T150000 | |
DTSTAMP:20240212T120141Z | |
UID:7591f00061f48bdffd7bec0d2ef87689 | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-154-wi-fi-roaming-security | |
-and-privacy | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:EU hype decoded: CISO Mindx2 crystal ball insights and call for\n | |
action! by Daria Catalui\, Päivi Brunou | |
DTSTART:20240216T150000 | |
DTEND:20240216T160000 | |
DTSTAMP:20240212T120141Z | |
UID:d43d6c9890d7f95d7e58e04f7abd4b10 | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-199-eu-hype-decoded-ciso-m | |
indx2-crystal-ball-insights-and-call-for-action- | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Everybody relax\, it's the Police by Viivi Lehtinen\, Aki Somerkal | |
lio\, Sari Latomaa | |
DTSTART:20240216T170000 | |
DTEND:20240216T180000 | |
DTSTAMP:20240212T120141Z | |
UID:3e69427c4a789fc945d5d7be236270da | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-160-everybody-relax-it-s-t | |
he-police | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:I was almost a cybercriminal by Sergey Ichtchenko | |
DTSTART:20240216T180000 | |
DTEND:20240216T183000 | |
DTSTAMP:20240212T120141Z | |
UID:17886a82db6e61ba2e1175168d7912ad | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-156-i-was-almost-a-cybercr | |
iminal | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Securing GenAI? How far will DevSecOps take you and how to go\n | |
further? by Satu Korhonen | |
DTSTART:20240216T183000 | |
DTEND:20240216T193000 | |
DTSTAMP:20240212T120141Z | |
UID:dcfa0667047bb0b333ba5380d9c1d0ea | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-139-securing-genai-how-far | |
-will-devsecops-take-you-and-how-to-go-further- | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:"Purple Teaming in Action: Beyond the Hype" by Tuomo Makkonen | |
DTSTART:20240216T200000 | |
DTEND:20240216T210000 | |
DTSTAMP:20240212T120141Z | |
UID:3d2bdeafbd15fdd87769af1dccd6f133 | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-208--purple-teaming-in-act | |
ion-beyond-the-hype- | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Beyond RBAC: Avoid broken ACLs in control planes with declarative\ | |
n Relation-based Access Control by Lucas Käldström | |
DTSTART:20240216T210000 | |
DTEND:20240216T220000 | |
DTSTAMP:20240212T120141Z | |
UID:06a05607d8ea7bab91c41e9a685270d2 | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-221-beyond-rbac-avoid-brok | |
en-acls-in-control-planes-with-declarative-relation-based-access-control | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Supervised hacking - Senior and the Junior crew by Petar 'Hetti' K | |
osic | |
DTSTART:20240216T141500 | |
DTEND:20240216T171500 | |
DTSTAMP:20240212T120141Z | |
UID:b9e135962f4f8617aee95daae22adf8c | |
LOCATION:Workshop | |
URL:https://disobey.fi/2024/profile/disobey2024-171-supervised-hacking-sen | |
ior-and-the-junior-crew | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Mobile Device Forensics 101 by Timo Miettinen | |
DTSTART:20240216T180000 | |
DTEND:20240216T210000 | |
DTSTAMP:20240212T120141Z | |
UID:2fc6fe84cbcef72a2a0c8f4e9571855d | |
LOCATION:Workshop | |
URL:https://disobey.fi/2024/profile/disobey2024-122-mobile-device-forensic | |
s-101 | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Doors Opening and registration | |
DTSTART:20240217T100000 | |
DTEND:20240217T103000 | |
DTSTAMP:20240212T120141Z | |
UID:262ef33a2f67100a010347d2b628f479 | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-236-doors-opening-and-regi | |
stration | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:I'm a script kiddie\, bypassing your antivirus and EDR systems by | |
Anne Hautakangas (Annenaattori) | |
DTSTART:20240217T110000 | |
DTEND:20240217T120000 | |
DTSTAMP:20240212T120141Z | |
UID:c664e01c67313b4c71f150a77658a862 | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-145-i-m-a-script-kiddie-by | |
passing-your-antivirus-and-edr-systems | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Smoke and Mirrors: How to hide in Microsoft Azure by Christian Phi | |
lipov\, Aled Mehta | |
DTSTART:20240217T120000 | |
DTEND:20240217T123000 | |
DTSTAMP:20240212T120141Z | |
UID:3c49b60887632738f64826d7cafba486 | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-213-smoke-and-mirrors-how- | |
to-hide-in-microsoft-azure | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:KEYNOTE : Circling Dragons: Red Team Lessons From Modern Breaches | |
by Jason Lang | |
DTSTART:20240217T130000 | |
DTEND:20240217T140000 | |
DTSTAMP:20240212T120141Z | |
UID:a18cadb7f535d70185332bc6bcfcb39c | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-204-keynote-circling-drago | |
ns-red-team-lessons-from-modern-breaches | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Breaking Badly: Domains\, Callbacks\, Tokens and Exploits by Jarkk | |
o Vesiluoma | |
DTSTART:20240217T140000 | |
DTEND:20240217T150000 | |
DTSTAMP:20240212T120141Z | |
UID:2dceeee3c1314d0b69d9cecc40facd9d | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-133-breaking-badly-domains | |
-callbacks-tokens-and-exploits | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Hacking around with Satellite\, Aerospace\, Avionics\, Maritime\,\ | |
n Drones: Crashing/Exploiting at the speed of SDR. by Andrei | |
Costin | |
DTSTART:20240217T150000 | |
DTEND:20240217T160000 | |
DTSTAMP:20240212T120141Z | |
UID:34cec0628d4390c91c6a06bf5bec3f18 | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-197-hacking-around-with-sa | |
tellite-aerospace-avionics-maritime-drones-crashing-exploiting-at-the-spee | |
d-of-sdr- | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Zero Trust - Dope or Nope? by Sami Laiho | |
DTSTART:20240217T170000 | |
DTEND:20240217T180000 | |
DTSTAMP:20240212T120141Z | |
UID:c718b75d67624116007b73502065aa0a | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-202-zero-trust-dope-or-nop | |
e- | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:A two-part Saga: Continuing the Journey of Hacking Malware C2s. by | |
Vangelis Stykas | |
DTSTART:20240217T180000 | |
DTEND:20240217T190000 | |
DTSTAMP:20240212T120141Z | |
UID:a92e97121387e2474927262cd6c96143 | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-144-a-two-part-saga-contin | |
uing-the-journey-of-hacking-malware-c2s- | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:All your frontend are belong to us - Crawling through Javascript\n | |
using AST's by Matias Huhta | |
DTSTART:20240217T190000 | |
DTEND:20240217T200000 | |
DTSTAMP:20240212T120141Z | |
UID:50d5743901aa85986e9e55e92554a514 | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-142-all-your-frontend-are- | |
belong-to-us-crawling-through-javascript-using-ast-s | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Exploring Generative AI’s Threat to Social Justice and Democracy | |
by Maria Bique\, Dimitri aka d4e5 | |
DTSTART:20240217T201500 | |
DTEND:20240217T211500 | |
DTSTAMP:20240212T120141Z | |
UID:74475c6b062d2cf1ee042f22e26f07c8 | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-205-exploring-generative-a | |
i-s-threat-to-social-justice-and-democracy | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Closing ceremony by NotMyNick | |
DTSTART:20240217T211500 | |
DTEND:20240217T214500 | |
DTSTAMP:20240212T120141Z | |
UID:66165d220220384f66808781ed755f4f | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-234-closing-ceremony | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Doors close at 22.30 | |
DTSTART:20240217T220000 | |
DTEND:20240217T223000 | |
DTSTAMP:20240212T120141Z | |
UID:43338d776668bcf54620ff2701740dd4 | |
LOCATION:Main stage | |
URL:https://disobey.fi/2024/profile/disobey2024-238-doors-close-at-22-30 | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Integral Theory for Hackers by Sami Kivelä | |
DTSTART:20240217T120000 | |
DTEND:20240217T123000 | |
DTSTAMP:20240212T120141Z | |
UID:dd53c0c45f3c789e3e3c28ddcca1b06f | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-217-integral-theory-for-ha | |
ckers | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Building automated system for deploying lots of situational\n | |
awareness (SA) systems for when SHTF by Eero 'rambo' af Heurlin\, | |
Henri Kovanen | |
DTSTART:20240217T141500 | |
DTEND:20240217T151500 | |
DTSTAMP:20240212T120141Z | |
UID:369a640c9a61155e797682bb6c455132 | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-173-building-automated-sys | |
tem-for-deploying-lots-of-situational-awareness-sa-systems-for-when-shtf | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Cybersecurity in the Gaming Industry by Massimo Nardone | |
DTSTART:20240217T151500 | |
DTEND:20240217T154500 | |
DTSTAMP:20240212T120141Z | |
UID:5cc685e417c110138caccdad04b96d83 | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-184-cybersecurity-in-the-g | |
aming-industry | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:The rising flame of community participation and engagement by Bian | |
ca Buznean | |
DTSTART:20240217T164500 | |
DTEND:20240217T174500 | |
DTSTAMP:20240212T120141Z | |
UID:8c3d732fd35d666445688df9b5b678bc | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-200-the-rising-flame-of-co | |
mmunity-participation-and-engagement | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Identifying Cross-Account Attack Paths in AWS Environments at\n | |
Scale by Aleksi Kallio | |
DTSTART:20240217T180000 | |
DTEND:20240217T183000 | |
DTSTAMP:20240212T120141Z | |
UID:f702a04e5260a2abd7d35cbd9967afce | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-215-identifying-cross-acco | |
unt-attack-paths-in-aws-environments-at-scale | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Have U Been Invited (episode 2)? - macOS logic bugs by Mikko Kentt | |
älä (Turmio) | |
DTSTART:20240217T190000 | |
DTEND:20240217T193000 | |
DTSTAMP:20240212T120141Z | |
UID:7327d4590c775d3740fda49e2512bf40 | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-158-have-u-been-invited-ep | |
isode-2-macos-logic-bugs | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:CERT and NCSC 101 by Jussi Eronen | |
DTSTART:20240217T194500 | |
DTEND:20240217T204500 | |
DTSTAMP:20240212T120141Z | |
UID:f85b0492981a6c88071de609462532d3 | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-167-cert-and-ncsc-101 | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Beyond Bullet Points: Creating An Engaging & Effective Security\n | |
Training by Anne Oikarinen | |
DTSTART:20240217T104500 | |
DTEND:20240217T124500 | |
DTSTAMP:20240212T120141Z | |
UID:f048ef89bca799b83c1d69ce068a9ce5 | |
LOCATION:Workshop | |
URL:https://disobey.fi/2024/profile/disobey2024-159-beyond-bullet-points-c | |
reating-an-engaging-effective-security-training | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Hacking AI Models by Riku Juurikko\, Ilja Ikonen\, Svitlana Chapli | |
nska | |
DTSTART:20240217T140000 | |
DTEND:20240217T170000 | |
DTSTAMP:20240212T120141Z | |
UID:525ec7ebdc83176dc384f4af2d3ece69 | |
LOCATION:Workshop | |
URL:https://disobey.fi/2024/profile/disobey2024-198-hacking-ai-models | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Advanced WiFi Attacks for Red Team Professionals by r4ulcl\, Rober | |
to | |
DTSTART:20240217T171500 | |
DTEND:20240217T211500 | |
DTSTAMP:20240212T120141Z | |
UID:25113f2f2df9bd782a60944c96df4b90 | |
LOCATION:Workshop | |
URL:https://disobey.fi/2024/profile/disobey2024-147-advanced-wifi-attacks- | |
for-red-team-professionals | |
END:VEVENT | |
END:VCALENDAR |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BEGIN:VCALENDAR | |
BEGIN:VEVENT | |
SUMMARY:Doors Opening and registration | |
DTSTART;TZID="UTC+02:00":20240216T113000 | |
DTEND;TZID="UTC+02:00":20240216T123000 | |
UID:303b7cdb-64e9-53eb-97e9-107a7ce7d853 | |
DESCRIPTION:Doors Opening and registration. | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-235-doors-opening-and-regi | |
stration | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Opening ceremony by NotMyNick | |
DTSTART;TZID="UTC+02:00":20240216T123000 | |
DTEND;TZID="UTC+02:00":20240216T130000 | |
UID:e524ef3b-b51b-584c-84b8-9f23a07cd535 | |
DESCRIPTION:Opening of the Disobey 2024 event. | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-233-opening-ceremony-by-no | |
tmynick | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:KEYNOTE : Cyber and data security within the critical role of secu | |
ring the sensitive data at the Social Insurance Institution of Finland | |
DTSTART;TZID="UTC+02:00":20240216T130000 | |
DTEND;TZID="UTC+02:00":20240216T140000 | |
UID:22b993c1-4000-50de-8bd3-e3e05d1516f1 | |
DESCRIPTION:In her speech Nina Nissilä opens up Kela’s critical role in | |
Finnish society and what the cyber and data security means for a business | |
where there is a high need to secure the most sensitive data of the peopl | |
e living in Finland.\n\nSocial media www.linkedin.com/in/ninanissila | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-232-keynote-cyber-and-data | |
-security-within-the-critical-role-of-securing-the-sensitive-data-at-the-s | |
ocial-insurance-institution-of-finland | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Hardware Hacking all the things\, on a budget - You can do it too! | |
DTSTART;TZID="UTC+02:00":20240216T140000 | |
DTEND;TZID="UTC+02:00":20240216T150000 | |
UID:fde6805c-04ba-5afe-bb9d-cd4ac3210421 | |
DESCRIPTION:HW-hacking all the things\, tips and tricks with a budget! The | |
presentation aims to raise awareness of HW-hacking among hackers and comm | |
on people. Share some backgrounds from electronics manufacturing\, testing | |
phases\, development and other included processes . Also\, the idea is to | |
show how to possibly lift firmware from range of devices and offer an eas | |
y'ish solution to build your boot camp for HW-hacking. No soldering or sup | |
er wonky equipment required to start hacking\, easy entry-level! | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-141-hardware-hacking-all-t | |
he-things-on-a-budget-you-can-do-it-too- | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Beyond Code Security: How CSPM Can Help to Secure Your Cloud and A | |
void Configuration Disasters | |
DTSTART;TZID="UTC+02:00":20240216T150000 | |
DTEND;TZID="UTC+02:00":20240216T153000 | |
UID:095d2338-bf2b-58ba-8f7b-5eaabbceb6cf | |
DESCRIPTION:**What if I told you that your code security is not enough?** | |
You need to ensure your deployment is secure as well! Developing Software- | |
as-a-Service applications requires security both from a development perspe | |
ctive as well as from a deployment perspective. Facts: \n- The Verizon 202 | |
3 Data Breach Investigations Report shows that misconfigurations are a per | |
sistent cause for data breaches over the years and account for a fair chun | |
k of confirmed breaches [(verizon.com/dbir)](https://verizon.com/dbir).\n- | |
According to [OWASP Top 10:2021](https://owasp.org/Top10)\, in 90% of the | |
applications they examined\, they found some form of misconfiguration.\n\ | |
nThis is where Cloud Security Posture Management (CSPM) solutions come int | |
o play. They work as a bridge between security\, operations and developmen | |
t to ensure the code is deployed in a secure fashion and helps organizatio | |
ns avoid breaches due to configuration errors.\n\nIt doesn't matter if you | |
r code has zero vulnerabilities based on your sophisticated SAST/DAST/IAST | |
scans and if you've ensured your third-party libraries are all patched us | |
ing your state-of-the-art SCA scans if your cloud configuration allows una | |
uthorized access to your object storage. In addition\, underlying configur | |
ation mistakes can lead to disaster when an attacker chains their attacks | |
and is able to escalate their privileges\, move laterally or establish per | |
sistence. | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-127-beyond-code-security-h | |
ow-cspm-can-help-to-secure-your-cloud-and-avoid-configuration-disasters | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Guarding Your Digital Realm: Heimdall – Your Shield in the World | |
of Web and API Security\, Where Vigilance Comes at No Cost | |
DTSTART;TZID="UTC+02:00":20240216T153000 | |
DTEND;TZID="UTC+02:00":20240216T160000 | |
UID:6fd25711-ba8f-59c6-b071-fa7857daf0ec | |
DESCRIPTION:In the ever-evolving landscape of cybersecurity threats\, safe | |
guarding web applications and APIs is imperative. We faced this challenge | |
head-on\, leading to the creation of Heimdall. It's not just a cybersecuri | |
ty tool\; it's a transformative solution. Heimdall's innovative approach a | |
nd unique features have redefined our security monitoring\, offering an ef | |
ficient and holistic defense against vulnerabilities. | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-136-guarding-your-digital- | |
realm-heimdall-your-shield-in-the-world-of-web-and-api-security-where-vigi | |
lance-comes-at-no-cost | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Scripting your recon: Turning data into Red Team intel | |
DTSTART;TZID="UTC+02:00":20240216T170000 | |
DTEND;TZID="UTC+02:00":20240216T180000 | |
UID:67ffa41f-1c58-5237-ab5c-fba1d6fea3cb | |
DESCRIPTION:Some would argue that without good recon\, you limit your chan | |
ce of successful entry or exploitation. I happen to be one of those people | |
. Reconnaissance is not just one step in a process\, but a continuous acti | |
vity. The deeper you go\, the more loose threads you want to pull at\, and | |
sometimes it gets tedious\, repetitive\, too niche to find a tool... I'll | |
show you how I use Python and Jupyter Notebooks to script my recon\, auto | |
mate the overwhelming stuff and get useful insights out of all the data I | |
collect. Whether scripting feels too daunting\, or you're already convince | |
d and want to create your own tool - this talk is for you. | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-203-scripting-your-recon-t | |
urning-data-into-red-team-intel | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Hacking hearts and minds | |
DTSTART;TZID="UTC+02:00":20240216T180000 | |
DTEND;TZID="UTC+02:00":20240216T190000 | |
UID:4a4e2fd7-8561-5396-aa99-89549b5cbc69 | |
DESCRIPTION:My personal journey into social skills\, how I acquired them\, | |
what I did along the way and some advice and tips to different topics wit | |
hin the social skills spectrum and how that can help you to get security o | |
n the top of the agenda via influencing and other fun social skills. I try | |
to inspire especially technical people to start learning more about socia | |
l skills\, because they will help you in your career and help you have a b | |
igger impact. | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-140-hacking-hearts-and-min | |
ds | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:How Much Dirty Laundry Are Your Smart Home Devices Airing About Yo | |
u? | |
DTSTART;TZID="UTC+02:00":20240216T190000 | |
DTEND;TZID="UTC+02:00":20240216T200000 | |
UID:81a876f2-cf20-59b9-b4ca-42e6716f0ec6 | |
DESCRIPTION:Smart home technology allows us to turn on our heating so it's | |
nice and warm before we get through the door\, or control all the lights\ | |
, TVs\, and speakers in the house. It can even tell us when the fridge is | |
running low on something\, or when the laundry cycle has finished. But\, b | |
y embracing these conveniences\, how much are we giving up in the process | |
via the apps they need to function?\n\nWe're going to take a look at a cou | |
ple of apps that accompany these smart devices throughout this talk. We'll | |
start with diving into the privacy policies of each to see just how up-fr | |
ont they are about the data they're collecting and who it gets shared with | |
/sold to. After that\, we'll move onto where the data is going\, how often | |
it gets collected\, and ultimately which third parties also get to know y | |
ou. | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-190-how-much-dirty-laundry | |
-are-your-smart-home-devices-airing-about-you- | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Weaponizing Plain Text: ANSI Escape Sequences as a Forensic Nightm | |
are | |
DTSTART;TZID="UTC+02:00":20240216T201500 | |
DTEND;TZID="UTC+02:00":20240216T211500 | |
UID:b4e215ca-309c-5ce5-901d-81cbd476d334 | |
DESCRIPTION:Ever interacted with a logfile from a external facing system u | |
sing cli tools like\, cat\, grep or awk using a terminal? Well then this p | |
resentation is for you! We will explore how ANSI escape sequences can be u | |
sed to inject\, vandalize\, and even weaponize plaintext logfiles of moder | |
n applications. | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-150-weaponizing-plain-text | |
-ansi-escape-sequences-as-a-forensic-nightmare | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Creating monsters | |
DTSTART;TZID="UTC+02:00":20240216T211500 | |
DTEND;TZID="UTC+02:00":20240216T221500 | |
UID:1bd4c031-9e7a-5239-a40e-ae93761ec701 | |
DESCRIPTION:Open source maintenance comes with a burden of a ton of hard d | |
ecisions related to design\, technical aspects\, user interface\, even cod | |
ing styles. \nWhen software gains mass adoptation and gets its spot in wor | |
kflows of the large audience additional considerations should be taken int | |
o account. \nThings like backwards compatibility and intuitive UX for new | |
features are now on table.\n\nBy sharing experiences of rapid adoptation a | |
nd hurdles through the lifespan of ffuf\, this talk is aiming to shed some | |
light on these issues\, as well as answering questions like: \n\nFeature | |
requests and even some large contributions where the contributor might hav | |
e worked for weeks for a feature might not be compatible with the software | |
philosophy or roadmap\, how to deal with those?\n\nHow much hand holding | |
is necessary and should it be implemented if the cost is flexibility?\n\nH | |
ow far the responsibility of the software maintainer reaches when the tool | |
s are used in a harmul way and what they can do to mitigate it? | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-212-creating-monsters | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Doors close at 23:00 | |
DTSTART;TZID="UTC+02:00":20240216T223000 | |
DTEND;TZID="UTC+02:00":20240216T230000 | |
UID:d62a9bf1-9611-597e-9ee2-5437e19112d8 | |
DESCRIPTION:Doors close at 23:00 | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-237-doors-close-at-23-00 | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Wi-Fi Roaming Security and Privacy | |
DTSTART;TZID="UTC+02:00":20240216T140000 | |
DTEND;TZID="UTC+02:00":20240216T150000 | |
UID:14e66418-b99d-5909-aedd-b99e0adb0121 | |
DESCRIPTION:Wi-Fi network security presentations are often about breaking | |
the link level (radio) encryption or deploying evil twin Wi-Fi access poin | |
ts to perform man-in-the-middle attacks. This presentation focuses instead | |
to the security and privacy in Wi-Fi roaming\, offloading and federated n | |
etworks\, where there are different issues and vectors to utilise or defen | |
d against. | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-154-wi-fi-roaming-security | |
-and-privacy | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:EU hype decoded: CISO Mindx2 crystal ball insights and call for ac | |
tion! | |
DTSTART;TZID="UTC+02:00":20240216T150000 | |
DTEND;TZID="UTC+02:00":20240216T160000 | |
UID:1bddd5df-e48d-5513-a691-9b24698a90cd | |
DESCRIPTION:Unlock the secrets behind the EU hype! As regulations on AI\, | |
cybersecurity\, social media\, data\, and resilience take center stage\, c | |
uriosity builds. But do we grasp the true impact ? Embark on a 45-minute j | |
ourney with us\, delving deep into deciphering the EU's influence on the c | |
yber ecosystem.\nObjective: Demystify EU regulations and kindle the flame | |
of curiosity in our cybersecurity community. From ENISA working groups to | |
standard mirror committees\, we unveil insights on navigating this complex | |
regulatory landscape. It's more than compliance—it's about seizing oppo | |
rtunities\, exploring use cases\, and preparing for what's on the horizon. | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-199-eu-hype-decoded-ciso-m | |
indx2-crystal-ball-insights-and-call-for-action- | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Everybody relax\, it's the Police | |
DTSTART;TZID="UTC+02:00":20240216T170000 | |
DTEND;TZID="UTC+02:00":20240216T180000 | |
UID:717dffb5-b6dd-5c44-a775-492a5c7339f0 | |
DESCRIPTION:Modern societies face problems that cannot be solved with the | |
traditional way of policing.\nThe numbers of cyber offenders are rising\, | |
the damage they cause is alarming and the\naverage age of offenders is dec | |
lining. The police simply cannot arrest themselves out of\ncybercrime. The | |
relationship between hackers and law enforcement is often perceived as so | |
mewhat adversarial. There may be historical reasons for this\, which are p | |
erhaps amplified by how each side is portrayed by the media and popular fi | |
ction. But just as law enforcement has\nrecognized the value of public-pri | |
vate partnerships in their fight against crime\, it has become\napparent t | |
hat the hacker community has a lot to offer to the prevention of juvenile\ | |
ncybercrime. In this talk Project Lead and Inspector of the National Burea | |
u of Investigation\nshare their thoughts and experience on how to increase | |
and cultivate the dialogue and trust\nbetween young enthusiasts\, the inf | |
osec community and the police for the prevention of cybercrime. | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-160-everybody-relax-it-s-t | |
he-police | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:I was almost a cybercriminal | |
DTSTART;TZID="UTC+02:00":20240216T180000 | |
DTEND;TZID="UTC+02:00":20240216T183000 | |
UID:bae7915f-6523-53b0-90f6-42508f972f56 | |
DESCRIPTION:I managed to avoid this fate\, but I was almost on the wrong p | |
ath. Find out what I\, you\, and the National Bureau of Investigation (KRP | |
) can do to tackle cybercrime. | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-156-i-was-almost-a-cybercr | |
iminal | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Securing GenAI? How far will DevSecOps take you and how to go furt | |
her? | |
DTSTART;TZID="UTC+02:00":20240216T183000 | |
DTEND;TZID="UTC+02:00":20240216T193000 | |
UID:8250951e-3c78-5dad-9d1e-568f1abe9ff8 | |
DESCRIPTION:This talk looks at the core of Generative AI and proposes secu | |
ring it from DevSecOps best practices appended with MLSecOps. | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-139-securing-genai-how-far | |
-will-devsecops-take-you-and-how-to-go-further- | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:"Purple Teaming in Action: Beyond the Hype" | |
DTSTART;TZID="UTC+02:00":20240216T200000 | |
DTEND;TZID="UTC+02:00":20240216T210000 | |
UID:bcfc2937-7c74-5251-a37b-8598e7b05caa | |
DESCRIPTION:While buzzwords like "Purple Teaming" frequently circulate in | |
the cybersecurity realm\, not all discussions about it are rooted in pract | |
ical\, real-world application. Delving beyond the buzz\, this talk seeks t | |
o demystify Purple Teaming by providing tangible examples of its efficacy. | |
Through real-world cases\, we'll dissect how the combined might of Red an | |
d Blue Teams can offer unparalleled security outcomes. \n\nTalk objectives | |
\n- Debunking Myths: Address common misconceptions and overhyped beliefs a | |
bout Purple Teaming. \n- Real-World Validation: Offer case studies showcas | |
ing Purple Teaming's genuine value in addressing diverse security challeng | |
es. \n- Strategies Beyond the Buzzwords: Illuminate proven strategies that | |
have consistently yielded success in Purple Teaming exercises. \n- Lookin | |
g Forward: Contemplating the future of Purple Teaming in the evolving thre | |
at landscape. | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-208--purple-teaming-in-act | |
ion-beyond-the-hype- | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Beyond RBAC: Avoid broken ACLs in control planes with declarative | |
Relation-based Access Control | |
DTSTART;TZID="UTC+02:00":20240216T210000 | |
DTEND;TZID="UTC+02:00":20240216T220000 | |
UID:740afae8-e548-5a3f-8e85-c1ce20a182b4 | |
DESCRIPTION:The top 1 security risk in OWASP’s latest API Security Risks | |
lists is [“Broken Object Level Authorization”](https://owasp.org/API- | |
Security/editions/2023/en/0xa1-broken-object-level-authorization/)\, and t | |
he third one [“Broken Object Property Level Authorization”](https://ow | |
asp.org/API-Security/editions/2023/en/0xa3-broken-object-property-level-au | |
thorization/). Thus\, helping developers mitigate these risks through best | |
-practices and frameworks can be highly beneficial for our community.\n\nT | |
his talk will discuss some means that could be applied to build API server | |
s (or more generally\, control plane) in a way they are less susceptible t | |
o these attacks: through \n\n\n\n* uniformity of API server structure (thi | |
s is probably quite known to most security professionals\, but good to cov | |
er)\, and\n* relation-based access control (ReBAC)\, a superset of both RB | |
AC and ABAC\, which allows for finer-grained and declarative access contro | |
l.\n\nThis gives us\, a way to avoid “oops\, I forgot to implement the a | |
uthorization if check for this API resource (or field)” and escape the i | |
nevitability of an unmaintainable amount of imperative if checks in the AP | |
I servers such as “if the authenticated user belongs to a group with mag | |
ic string ‘employees’\, it should have access to all documents with pr | |
efix /company_public”.\n\nA declarative model of the authorization model | |
\, and a graph based structure of the authorization state can be audited\, | |
visualized and pentested more easily than custom code for each resource i | |
n the API.\n\nIn the end\, Lucas will do a demo of this paradigm working i | |
n action. All code is open source and fully reproducible for anyone. The a | |
udience will after this talk have practical knowledge about how they can f | |
ormalize their access control in an extensible\, uniform and auditable way | |
for their projects. | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-221-beyond-rbac-avoid-brok | |
en-acls-in-control-planes-with-declarative-relation-based-access-control | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Supervised hacking - Senior and the Junior crew | |
DTSTART;TZID="UTC+02:00":20240216T141500 | |
DTEND;TZID="UTC+02:00":20240216T171500 | |
UID:f2709ac6-265c-5efe-b77d-9104ecfc2f48 | |
DESCRIPTION:A supervised hacking session. Get familiar to tools\, tactics | |
and methodologies for analysing vulnerable online services. | |
LOCATION:Workshop | |
URL:https://disobey.fi/2024/profile/disobey2024-171-supervised-hacking-sen | |
ior-and-the-junior-crew | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Mobile Device Forensics 101 | |
DTSTART;TZID="UTC+02:00":20240216T180000 | |
DTEND;TZID="UTC+02:00":20240216T210000 | |
UID:7024b12e-424b-5f72-acbc-530baf25c98d | |
DESCRIPTION:This workshop will give an introduction to data collection and | |
analysis methods to conduct mobile device forensics on iOS and Android de | |
vices as well as an opportunity to test your new skills in a CTF. Don't fo | |
rget to bring your own laptop! | |
LOCATION:Workshop | |
URL:https://disobey.fi/2024/profile/disobey2024-122-mobile-device-forensic | |
s-101 | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Doors Opening and registration | |
DTSTART;TZID="UTC+02:00":20240217T100000 | |
DTEND;TZID="UTC+02:00":20240217T103000 | |
UID:ba01b39d-cb3d-57bc-8530-a2d94181257d | |
DESCRIPTION:Doors Opening and registration | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-236-doors-opening-and-regi | |
stration | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:I'm a script kiddie\, bypassing your antivirus and EDR systems | |
DTSTART;TZID="UTC+02:00":20240217T110000 | |
DTEND;TZID="UTC+02:00":20240217T120000 | |
UID:27c24f9f-ca3c-5b32-9d47-b51adc2b5794 | |
DESCRIPTION:What happens when a malware infects a machine? How good does a | |
malware developer need to be in order to bypass an antivirus? How well ca | |
n an EDR spot new malware threats? How can I get started experimenting w | |
ith self-developed (safe?) malware? If you have ever asked any of these qu | |
estions\, I have answers for you.\n\nThis presentation walks you through t | |
he process of script kiddie malware development\, DLL sideloading malware | |
technique and explains how the malware could be used against a victim. Aft | |
er the theory part I will share the results I have gotten from my testing | |
with different AV and EDR systems. There is no one system that can save yo | |
u\, no matter the hype. | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-145-i-m-a-script-kiddie-by | |
passing-your-antivirus-and-edr-systems | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Smoke and Mirrors: How to hide in Microsoft Azure | |
DTSTART;TZID="UTC+02:00":20240217T120000 | |
DTEND;TZID="UTC+02:00":20240217T123000 | |
UID:4ed68af0-f3d9-516f-8fa1-13d36011ad19 | |
DESCRIPTION:As organisations develop their cloud usage\, and mature their | |
cloud security operations\; attackers have had to identify and develop met | |
hods to avoid detection. Our talk will explore techniques that would allow | |
attackers to evade Graph Activity logs\, along with methods to enable mal | |
icious actions to blend in with legitimate activity. | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-213-smoke-and-mirrors-how- | |
to-hide-in-microsoft-azure | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:KEYNOTE : Circling Dragons: Red Team Lessons From Modern Breaches | |
DTSTART;TZID="UTC+02:00":20240217T130000 | |
DTEND;TZID="UTC+02:00":20240217T140000 | |
UID:6f407957-c3f3-596e-a4b0-3c8f8378e4a1 | |
DESCRIPTION:Red teamers and pentesters are paid to simulate real threat ac | |
tors\, but who is really mimicking who? This talk will analyze technical d | |
etails from recent breaches and provide a red teamer's perspective on atta | |
cks that are working against modern defenses\, useful tradecraft tips\, an | |
d how defenses can be improved. Stories will be shared\, and hype debunked | |
. xD | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-204-keynote-circling-drago | |
ns-red-team-lessons-from-modern-breaches | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Breaking Badly: Domains\, Callbacks\, Tokens and Exploits | |
DTSTART;TZID="UTC+02:00":20240217T140000 | |
DTEND;TZID="UTC+02:00":20240217T150000 | |
UID:34760931-cb08-5a30-9d09-d2033336bf2e | |
DESCRIPTION:A thrilling journey into the intricate exploitation of web of | |
domain intricacies and exploits. This presentation will unravel an intrigu | |
ing narrative where a seemingly innocuous delve into an unusual domain met | |
amorphoses into a meticulous bug bounty exploration\, ultimately unveiling | |
profound vulnerabilities and leading to a full compromise of company infr | |
astructure. In a span of 2.5 weeks\, a seemingly inconsequential expired d | |
omain metamorphoses into a treacherous trap\, illuminating weaknesses in R | |
ancher\, Kubernetes\, and varied client endpoints. This journey\, punctuat | |
ed by failed attempts and discarded research\, is a testament to the relen | |
tless pursuit of cybersecurity knowledge and the potential rewards of dili | |
gent\, innovative exploration. | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-133-breaking-badly-domains | |
-callbacks-tokens-and-exploits | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Hacking around with Satellite\, Aerospace\, Avionics\, Maritime\, | |
Drones: Crashing/Exploiting at the speed of SDR. | |
DTSTART;TZID="UTC+02:00":20240217T150000 | |
DTEND;TZID="UTC+02:00":20240217T160000 | |
UID:ac5ca835-bba5-52c0-88b7-a8c032a076e1 | |
DESCRIPTION:Hacking around with Satellite\, Aerospace\, Avionics\, Maritim | |
e\, Drones: Crashing/Exploiting at the speed of SDR.\n\nThis talk is a mas | |
hup of 7+ peer-reviewed papers from JYU.fi (yeah\, cool top-level research | |
"Made in Finland!") spanning work over 3+ years\, where we overview appli | |
cation security in critical domains such as Satellite\, Aerospace\, Avioni | |
cs\, Maritime\, Drones (SAAMD)\, and how they can be attacked via unprotec | |
ted interfaces of ADS-B\, AIS\, ACARS\, GDL90\, EPIRB and similar protocol | |
s. | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-197-hacking-around-with-sa | |
tellite-aerospace-avionics-maritime-drones-crashing-exploiting-at-the-spee | |
d-of-sdr- | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Zero Trust - Dope or Nope? | |
DTSTART;TZID="UTC+02:00":20240217T170000 | |
DTEND;TZID="UTC+02:00":20240217T180000 | |
UID:a64af084-dab1-5aa4-b2ba-6721b6ad57a6 | |
DESCRIPTION:Zero Trust must be the worst name in the history of Security. | |
But is it just a bad name? Does it really offer worthwhile goals or is it | |
an overkill? I hear sales pitches for it\, like for many other security so | |
lutions\, that concentrate on "What we can't allow anymore because of chan | |
ged security landscape" all the time. Why does security have to be so nega | |
tive? A well done Zero Trust environment gives you "the ability to work as | |
efficiently and securely\, whether you are sitting in Starbucks or the co | |
rporate office" - Which I believe most of us want. Come and listen to this | |
talk about rights and wrongs of how to achieve Zero Trust and how keep Se | |
curity as what it's meant to be - a support function for a happy workforce | |
. | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-202-zero-trust-dope-or-nop | |
e- | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:A two-part Saga: Continuing the Journey of Hacking Malware C2s. | |
DTSTART;TZID="UTC+02:00":20240217T180000 | |
DTEND;TZID="UTC+02:00":20240217T190000 | |
UID:5e3b5b3f-7a38-5d27-aabc-596c479ad7c7 | |
DESCRIPTION:C2 servers of mobile and Windows malware are usually left to t | |
heir own fate after they have been discovered and the malware is no longer | |
effective. We are going to take a deep dive into the rabbit hole of attac | |
king and owning C2 servers\, exposing details about their infrastructure\, | |
code bases\, and the identity of the companies and individuals that opera | |
te and profit from them. | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-144-a-two-part-saga-contin | |
uing-the-journey-of-hacking-malware-c2s- | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:All your frontend are belong to us - Crawling through Javascript u | |
sing AST's | |
DTSTART;TZID="UTC+02:00":20240217T190000 | |
DTEND;TZID="UTC+02:00":20240217T200000 | |
UID:d7357865-d149-5243-8f5f-91bcd0c5f90f | |
DESCRIPTION:In this talk we'll be exploring a new Work-in-Progress project | |
codenamed "Lurker"\, which aims to analyze the minified or unminified jav | |
ascript of web applications\, track calls to external API's\, and enumerat | |
e the calls and their parameters for use in applications like FFUF and oth | |
er API pentesting tools. | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-142-all-your-frontend-are- | |
belong-to-us-crawling-through-javascript-using-ast-s | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Exploring Generative AI’s Threat to Social Justice and Democracy | |
DTSTART;TZID="UTC+02:00":20240217T201500 | |
DTEND;TZID="UTC+02:00":20240217T211500 | |
UID:17234c57-e905-5aec-9887-a1ed635fbf23 | |
DESCRIPTION:Large Language Models (LLMs) are significantly transforming th | |
e way we work. Within cybersecurity\, professionals and researchers have i | |
dentified an arms race: LLM-based tactics for both offense and defense try | |
ing to outpace each other. Companies mainly worry about their Intellectual | |
Property being used to train these models. But\, \npersonal data is incr | |
easingly used to train data sets\, and privacy authorities are starting - | |
or should definitely start - to worry about this. Yet how LLMs may harm i | |
mpact individuals\, social justice and society at large remains poorly und | |
erstood. In this talk\, Maria and Dimitri explore some of the current and | |
emerging threats of generative AI to societies and social justice\, as wel | |
l as some of the possible solutions and countermeasures. | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-205-exploring-generative-a | |
i-s-threat-to-social-justice-and-democracy | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Closing ceremony | |
DTSTART;TZID="UTC+02:00":20240217T211500 | |
DTEND;TZID="UTC+02:00":20240217T214500 | |
UID:280b9243-4bce-5215-b11d-1e1f69d5e74b | |
DESCRIPTION:Closing ceremony | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-234-closing-ceremony | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Doors close at 22.30 | |
DTSTART;TZID="UTC+02:00":20240217T220000 | |
DTEND;TZID="UTC+02:00":20240217T223000 | |
UID:1e4f881b-f605-56bc-a1fc-f3fd0176757f | |
DESCRIPTION:Doors close at 22.30 | |
LOCATION:Main Stage | |
URL:https://disobey.fi/2024/profile/disobey2024-238-doors-close-at-22-30 | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Integral Theory for Hackers | |
DTSTART;TZID="UTC+02:00":20240217T120000 | |
DTEND;TZID="UTC+02:00":20240217T123000 | |
UID:2208ef12-8fb0-57cf-aad7-061bba1f2304 | |
DESCRIPTION:With the rise of AI we look for tools to deal with security ri | |
sks caused by deception\, gullibility and the human factor. Ken Wilber’s | |
Integral Theory is a holistic framework on human\, societal and cultural | |
development that provides one of the most comprehensive toolkits for under | |
standing motivation and change. I will present the main tenets of the theo | |
ry and suggest ways how security professionals and the hacker community ca | |
n benefit from these insights. | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-217-integral-theory-for-ha | |
ckers | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Building automated system for deploying lots of situational awaren | |
ess (SA) systems for when SHTF | |
DTSTART;TZID="UTC+02:00":20240217T141500 | |
DTEND;TZID="UTC+02:00":20240217T151500 | |
UID:1f6870d2-9f79-5f2e-a2bf-5d8fdde75240 | |
DESCRIPTION:A volunteer group has been developing a system for very quickl | |
y making available situational awareness tools like TAK (https://tak.gov/) | |
to ad-hoc groups with BYOD. Due to the context this is developed for secu | |
rity of enrolment\, device revocation etc are extremely important. | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-173-building-automated-sys | |
tem-for-deploying-lots-of-situational-awareness-sa-systems-for-when-shtf | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Cybersecurity in the Gaming Industry | |
DTSTART;TZID="UTC+02:00":20240217T151500 | |
DTEND;TZID="UTC+02:00":20240217T154500 | |
UID:c30467ee-418e-57cc-99d2-8dd827578650 | |
DESCRIPTION:Cybersecurity is a critical concern in the gaming industry due | |
to the significant financial investments\, personal data\, and intellectu | |
al property at stake. | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-184-cybersecurity-in-the-g | |
aming-industry | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:The rising flame of community participation and engagement | |
DTSTART;TZID="UTC+02:00":20240217T164500 | |
DTEND;TZID="UTC+02:00":20240217T174500 | |
UID:6ad93c1e-5fb8-5e6e-a5ee-15bef224230f | |
DESCRIPTION:Networking vs community. \n*Why is forming a sense of communit | |
y in the cyber security scene important? \n*Have we managed to create mean | |
ingful connections within the cyber security domain that will help us as i | |
ndividuals or as entities (public or private) improve our cyber security p | |
osture?\n*Why is it important to create a cyber resilient individual or en | |
tity?\nThe formation of cyber communities can help solve a lot of the pain | |
points in the field of cyber\, such as attracting and retaining talent\, | |
dealing more effectively with coordinated and targeted attacks\, building | |
a more accurate threat intelligence picture.\nCase studies presented to st | |
rengthen the argument: \n*A. Nordic Financial CERT \n*B. Women4Cyber Denma | |
rk | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-200-the-rising-flame-of-co | |
mmunity-participation-and-engagement | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Identifying Cross-Account Attack Paths in AWS Environments at Scal | |
e | |
DTSTART;TZID="UTC+02:00":20240217T180000 | |
DTEND;TZID="UTC+02:00":20240217T183000 | |
UID:0d5232e8-a916-5cc2-843b-759ac6984366 | |
DESCRIPTION:Cross-account IAM role trust relationships can enable complex | |
and hard to detect attack paths in AWS environments. In large AWS organiza | |
tions\, analysing such paths manually is practically impossible due to man | |
y different configurations involved. But what if we could simplify such an | |
alysis a bit?\n\nThis talk will outline how attackers could exploit AWS IA | |
M role trust relationships and demonstrate how to reveal the routes attack | |
ers could take inside your AWS environment. | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-215-identifying-cross-acco | |
unt-attack-paths-in-aws-environments-at-scale | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Have U Been Invited (episode 2)? - macOS logic bugs | |
DTSTART;TZID="UTC+02:00":20240217T190000 | |
DTEND;TZID="UTC+02:00":20240217T193000 | |
UID:4e0b158b-f34a-57b6-9b6d-9b5052a5e61f | |
DESCRIPTION:In this presentation I will tell my story how I found a zero-c | |
lick vulnerability in macOS Calendar\, which allows an attacker to add or | |
delete arbitrary files inside the Calendar sandbox environment.This will d | |
irectly lead to arbitrary code execution. I will demonstrate how this can | |
be combined with Gatekeeper evasion and TCC evasion with Photos to comprom | |
ise user sensitive Photos iCloud data.\n\nFirst part of the vulnerability | |
chain was covered on my presentation at Disobey 2023. Now with macOS Sono | |
ma\, all the chained vulnerabilities are fixed and I can finally share all | |
the details. | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-158-have-u-been-invited-ep | |
isode-2-macos-logic-bugs | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:CERT and NCSC 101 | |
DTSTART;TZID="UTC+02:00":20240217T194500 | |
DTEND;TZID="UTC+02:00":20240217T204500 | |
UID:fde4cbf5-0e60-5cfc-a510-3595a5b88ed3 | |
DESCRIPTION:This talk is a crash course in the world of Computer Emergency | |
Response Teams and National Cyber Security Centres. Hundreds of these tea | |
ms strive to protect their respective corners of the internet from inciden | |
ts and vulnerabilities. Unlike security operations centres\, they usually | |
don't have direct control of the protected systems. Instead\, they rely on | |
information exchange with their peers and co-operation networks to get ti | |
mely advice on current threats to their customers.\n\nInformation exchange | |
might not sound like much\, but in practice it has saved us all from harm | |
many times over. Come hear some of the stories. | |
LOCATION:Security Theater | |
URL:https://disobey.fi/2024/profile/disobey2024-167-cert-and-ncsc-101 | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Beyond Bullet Points: Creating An Engaging & Effective Security Tr | |
aining | |
DTSTART;TZID="UTC+02:00":20240217T104500 | |
DTEND;TZID="UTC+02:00":20240217T124500 | |
UID:3bf1213e-9899-597e-886e-a2e2ba32a377 | |
DESCRIPTION:Are you looking to create a DIY security awareness training fo | |
r your entire staff? Or perhaps you’d like your team to learn your compa | |
ny processes\, such as incident response?\n\nIf you want to go beyond bull | |
et points and avoid putting your training participants in a coma\, this wo | |
rkshop is for you. We’ll go through the elements of engaging and interac | |
tive training that makes learning fun and effective. Using the exercises i | |
n this workshop\, you can draft your next awesome information security tra | |
ining. \n\nNo more boring slide shows with a useless multiple-choice exam | |
at the end! Let’s create fun training content with stories and interacti | |
vity instead. | |
LOCATION:Workshop | |
URL:https://disobey.fi/2024/profile/disobey2024-159-beyond-bullet-points-c | |
reating-an-engaging-effective-security-training | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Hacking AI Models | |
DTSTART;TZID="UTC+02:00":20240217T140000 | |
DTEND;TZID="UTC+02:00":20240217T170000 | |
UID:6f855059-0fb2-5eb1-a86e-fc28b86ed29b | |
DESCRIPTION:This workshop is about hacking the AI.\n\nWe will first go thr | |
ough the fundamentals of responsible AI practices\, including security tes | |
ting basics & principles. We are going to take the hacker's approach to AI | |
use cases and see if we can make them do something they aren't supposed t | |
o.\n\nParticipants will have the opportunity to test out a few models from | |
beginner to advanced level. | |
LOCATION:Workshop | |
URL:https://disobey.fi/2024/profile/disobey2024-198-hacking-ai-models | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Advanced WiFi Attacks for Red Team Professionals | |
DTSTART;TZID="UTC+02:00":20240217T171500 | |
DTEND;TZID="UTC+02:00":20240217T211500 | |
UID:2c05ffe3-e036-595f-bb7d-8790c8c7b724 | |
DESCRIPTION:Learn advanced WiFi attacks used by red teams to gain unauthor | |
ized access to wireless networks in a 100% virtualized lab. Perform WiFi r | |
econnaissance\, advanced attacks against corporate networks evading securi | |
ty configurations and monitor alerts generated in a WIDS to understand def | |
ensive measures. | |
LOCATION:Workshop | |
URL:https://disobey.fi/2024/profile/disobey2024-147-advanced-wifi-attacks- | |
for-red-team-professionals | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Why I prefer to focus on threats over risks | |
DTSTART;TZID="UTC+02:00":20240217T183000 | |
DTEND;TZID="UTC+02:00":20240217T184500 | |
UID:603cece4-7264-5528-a642-0a0bf80c6b95 | |
DESCRIPTION:Risk based approach have for a long time been all the rave whe | |
n it comes to cyber security. In this talk I talk why I prefer a cyber thr | |
eat based approach over a cyber risk based one. | |
LOCATION:Community Village | |
URL:https://disobey.fi/2024/profile/disobey2024-218-why-i-prefer-to-focus- | |
on-threats-over-risks | |
END:VEVENT | |
BEGIN:VEVENT | |
SUMMARY:Muddying the Waters: Turning Clear Phishing Ponds into Murky Swamp | |
s | |
DTSTART;TZID="UTC+02:00":20240217T184500 | |
DTEND;TZID="UTC+02:00":20240217T190000 | |
UID:6fa299b4-4fdd-58ce-82ec-fc124a471cb9 | |
DESCRIPTION:Ever wondered what you could do with those pesky phishing emai | |
ls besides hitting 'delete'? Have you ever wanted to fight back? In this t | |
alk\, I'll walk you through how I did it\, so that you can too—all from | |
the comfort of your sofa. You'll learn how simple it can be to help protec | |
t the innocent by making life harder for criminals\, all while having fun | |
and learning new skills at the same time. | |
LOCATION:Community Village | |
URL:https://disobey.fi/2024/profile/disobey2024-168-muddying-the-waters-tu | |
rning-clear-phishing-ponds-into-murky-swamps | |
END:VEVENT | |
END:VCALENDAR |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment