Skip to content

Commit

Permalink
remote update file
Browse files Browse the repository at this point in the history
  • Loading branch information
@OWASPFoundation
OWASPFoundation committed Jul 28, 2024
1 parent 6e47b2d commit 2999ada
Showing 1 changed file with 10 additions and 20 deletions.
30 changes: 10 additions & 20 deletions _data/community_events.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,26 +79,6 @@
"timezone": "Australia/Brisbane",
"description": "Hello hackers, security enthusiasts, and the like.\nFor this upcoming OWASP meetup we are going to do things a little different. Over the past few years, we have presented on numerous web /API vulnerabilities, this time we are going to exploit some of these weaknesses!!\nYes, that\u2019s right, less talking more hacking!\nAs we have a mixed group of attendees, including executives, students, developers, security experts and enthusiasts, and to stay on brand :D, let\u2019s focus on exploiting vulnerabilities present within Try Hack Me\u2019s OWASP Juice Shop.\nListed below are the things you will need to participate:\n\u00b7 Laptop (one that can be used for exploiting weaknesses (Try Hack Me\u2019s OWASP Juice Shop), perhaps not a corporate laptop :D)\n\u00b7 Internet (Mobile hotspot in case the venue\u2019s Wi-Fi cannot be used for any reason)\n\u00b7 Try Hack Me account (Can be a free version)\n\u00b7 Optional \u2013 Linux based VM + Try Hack Me VPN if you prefer to test from a local machine. Otherwise, you can spin up a cloud based Try Hack Me Linux based VM to conduct testing from.\nFor those that have already completed this room well done!! Feel free to attend and perhaps pick another room or HTB to focus on, attend for the vibes/social aspect \nFor those who have never performed pen testing of any kind, no stress, we can provide support/answer any questions that you may have. This is a judgement free zone, there are no dumb questions!!\nHope to see you all there\n\nVenue will be announced soon (Brisbane CBD)"
},
{
"group": "Cairo",
"repo": "www-chapter-cairo",
"name": "Secure by Design: Empowering Enterprise Security through Application Governance",
"date": "2024-07-27",
"time": "10:00+03:00",
"link": "https://www.meetup.com/owasp-cairo-chapter/events/302273299",
"timezone": "Africa/Cairo",
"description": "In today's rapidly evolving digital landscape, securing applications is a critical concern for enterprises. This joint event, organized by the OWASP Cairo Chapter and ISACA Cairo Chapter, aims to equip security professionals, developers, and IT leaders with the knowledge and tools necessary to integrate security throughout the application development lifecycle.\n\nThe event will feature two key sessions:\n[10:00 AM - 10:45 AM]\u2060 \u2060Integrating Security into the Development Lifecycle: Governance Frameworks and Best Practices [Speaker: Mohamed Alfateh]\n\\- Discover strategies for embedding security within Agile\\, Waterfall\\, and DevSecOps methodologies\n\\- Explore the security manager's role in fostering collaboration\\, driving security awareness\\, and measuring the effectiveness of security initiatives\n\n[10:45 AM - 11:30 AM]\u2060 \u2060Secure Coding Practices for Web Applications [Speaker: Mohammed Sherif]\n\\- Explore secure coding principles and techniques to mitigate common application vulnerabilities\n\\- Learn about secure coding standards\\, code review best practices\\, and automated security testing\n\nThrough a combination of expert presentations, interactive discussions, and real-world case studies, attendees will gain a comprehensive understanding of secure application development and the essential role of security governance in empowering enterprises to build secure, resilient, and compliant software solutions."
},
{
"group": "Chennai",
"repo": "www-chapter-chennai",
"name": "Hacking AWS: Hands-On exploitation of cloud services",
"date": "2024-07-27",
"time": "10:00+05:30",
"link": "https://www.meetup.com/chennai-owasp-meetup-group/events/302116015",
"timezone": "Asia/Kolkata",
"description": "**Note:** **1\\. Participants can attend the event by invitation only\\, as we have limited seating\\. Venue details will be sent to selected participants\\.**\n**2\\. This workshop is intended for peoples who already have basic knowledge in AWS environment only\\, not for newbies/beginners\\.**\n\n**Hacking AWS**\nAn immersive 8-hour workshop designed for Blackbox Pentesters looking to enhance their skills in attacking and exploiting AWS resources.\nThis beginner-friendly session dives deep into AWS security, focusing on identifying and exploiting vulnerabilities in various AWS services.\n\n**What You Will Learn**\nThroughout the workshop, attendees will gain hands-on experience in:\n\\- Enumerating and Reconnaissance: Identifying and mapping AWS resources\\.\n\\- IAM Misconfigurations: Exploiting flaws in IAM roles and policies\\.\n\\- S3 Bucket Exploitation: Accessing and exfiltrating data from misconfigured S3 buckets\\.\n\\- EC2 Instance Attacks: Gaining unauthorized access to EC2 instances\\.\n\\- Other Common Misconfigurations: Identifying and exploiting other prevalent AWS vulnerabilities\\.\n\n**Capture the Flag (CTF) Event**\nThe workshop will conclude with a Capture the Flag (CTF) event, allowing attendees to apply what they've learned in a simulated AWS environment.\nThe CTF event will end on the same day, but the labs will remain accessible for 48 hours post-session for further practice.\n\n**Ideal Audience**\nThis workshop is best suited for individuals aiming to work on breaking into AWS environments, including:\n\\- Offensive Security Engineers\n\\- Pentesters Specializing in Cloud Security\n\\- Security Engineers\n\\- Technical Cloud Security Consultants\n\n**Not Suitable For**\nRed Teamers: This session does not cover advanced attack tactics, defense evasion, C2 hosting, or advanced data exfiltration.\nBlue Teamers & Defenders: Defensive strategies against these attacks are not covered.\nBeginners to AWS: Basic understanding of AWS and cloud computing concepts is required.\nRequirements for Participation\nAWS Account: Each attendee must have their own AWS account with root/admin access. Free tier accounts are sufficient.\nAWS CLI v2: Must be installed on the attendee's system.\nHardware: Attendees must bring their own laptops with internet connectivity.\nKnowledge Base: Basic familiarity with AWS services and concepts like IAM, Lambda, EC2, etc., is needed.\n\n**Kindly Fill this form for registration :** [https://forms.gle/GSTZZmfpEUHiDYHN6](https://forms.gle/GSTZZmfpEUHiDYHN6)"
},
{
"group": "Chile",
"repo": "www-chapter-chile",
Expand Down Expand Up @@ -139,6 +119,16 @@
"timezone": "Europe/Berlin",
"description": "Hello everyone, we're excited to invite you to our OWASP Chapter meeting #66! Our Chapter serves central Germany, particularly within the Rhine-Main (Hesse) region, as a platform to discuss and share information and application security topics. Anyone who is interested and enthusiastic about application security or security in general is welcome. All meetings are free and open. You do not have to be an OWASP member.\n\nThere will also be plenty of time to socialize before and after the event.\n\n_What are we going to talk about?\n\n**1\\. Talk:** **Security at Scale - Mastering Cloud Security in the Cyberwar Era**\n\n*Dominik Sowinski, Cybersecurity Architect & Cybersecurity Community Lead, Siemens*\n\nIn the midst of rapid cloud transformation, industrial organisations face an ever-evolving cyber threat landscape, exacerbated by global events such as the war in Ukraine. This presentation will address the latest APT activities and the significant risks they pose to cloud infrastructures and critical industrial operations. We will explore cutting-edge strategies, technical considerations and essential processes to rapidly adapt and secure cloud environments at scale against these relentless threats. The presentation will help you understand how to fortify cloud applications and infrastructure in this dynamic threat landscape.\n\n**2\\. Talk: Let's talk vulnerabilities**\n\n*Vinit K., Independent security research and threat hunting*\n\nA talk and live demo on cybersecurity threats involving terminal emulators and SSH. We will explore how URL handling in iTerm2 and Hyper can be abused for code execution, as well as delve into the recent CVE-2023-51385 vulnerability, which allows unexpected code execution via SSH ProxyCommand. The session will include interactive segments where the audience can contribute exploit ideas and deepen their understanding of these critical security issues.\n\n_Afterwards?\nWe will pre- and conclude the evening with the possibility of **socializing** at the venue with **free food and cold & hot drinks**. For everyone who's interested, we will continue socializing at the Bockenheimer Weinkontor afterward.\n\n_When?\nOur Meetup takes place on 31.07.2024 from 18.00 to 21.30 o'clock CEST.\n\n_Where?\nCHECK24 Frankfurt is located at Speicherstra\u00dfe 55 in Frankfurt am Main, ca. 15min within walking distance of Frankfurt Hauptbahnhof.\n\n_Interested in **giving a talk** yourself?\nSubmit your talk here: https://www.papercall.io/owasp-chapter-frankfurt\n\n_And now?\nSave the date, **spread the word,** and bring your friends and colleagues along to our event.\n\n_Follow Us!\nAlso, follow us here and refer to our [OWASP Frankfurt site](https://owasp.org/www-chapter-germany/stammtische/frankfurt/) for information, including slides and recordings of previous presentations\n\nWe're looking forward to seeing you at our event!"
},
{
"group": "Hungary",
"repo": "www-chapter-hungary",
"name": "LLM AppSec in 3 takes: local-first, SDLC, psychology [en, upd2]",
"date": "2024-08-08",
"time": "18:00+02:00",
"link": "https://www.meetup.com/owasp-hu/events/302470528",
"timezone": "Europe/Budapest",
"description": "In collaboration with CyEx we treat LLMs security in three different takes: Practicioner's insights into cooking local-first business solutions securely; SDLC related practical examples from a cybersec management veteran; Psychology vs LLMs/GenAI vs safety/security as seen by an academic psychology researcher. One can visit the event in person in Budapest or follow it live online.\n\n Sidenote1: Do not forget to hop over to 'OWASP Top 10 for LLM apps': [https://genai.owasp.org/llm-top-10/](https://genai.owasp.org/llm-top-10/)\n\n1\u20e3 18:10 **Applied LLM security: How to cook the local ones (plus tips for API users)**\n** Irina Nikolaeva**, Head of Data Science at Raft Digital Solutions, Russia\nWith her master's degree and academic papers in applied mathematics and statistics, Irina is literally a scientist in the field where notions of science and artificial intelligence are exaggerated. Her many years of practical experience with ML in general, and DL, NLP, LLMs and others before the Coming of ChatGPT makes her approach chill and dehyped. Irina will give tips on how to protect your solution from LLM leaking data/PII, treating users inadequately or giving bad advice. Our expert's good advice will be focusing on local-first solutions, which she has accumulated experience in, as it is the choice of implementation which is reasonably favorable in a sanctioned country. However, folks implementing business solutions using the popular LLM APIs are expected to get their valuable share of advice too. [30 mins talk, 15 mins Q/A, break]\n\n2\u20e3 19:05 **LLM Sprinkles for your SDLC Sundae**\n** Craig Balding**, Independent Cyber Security Consultant, UK\nOne of the fathers of cybersec red teaming, today Craig's top interest is AI security research and education, and his technical and non-technical consulting has also turned primarily to that direction. The current session applies his many years of cybersec leadership and navigating secure development in large financial institutions to the new situation created by the emerging omnipresence of LLMs -- how SDLC, secure software development methodologies and practices change. The session will be showing small, practical examples of using LLMs and hopefully give attendees food for thought to run their own experiments (and share back to OWASP anything useful!) [20 mins talk, 15 mins Q/A, break]\n\n3\u20e3 19:50 **Utilizing the psychology of generative language models to get better and safer behavior**\n** Kekecs Zolt\u00e1n**, PhD, Researcher, Assistant Professor, ELTE Faculty of Education and Psychology, HU\n\"We commonly point out flaws in anthropomorphizing generative language models, but we rarely talk about the benefits. This talk will describe the similarities and differences in the functioning of LLMs compared to human psychology, touching on topics of memory, thinking/reasoning, cognitive biases and stereotypes, goals and motivation, emotions, and consciousness. We will discuss how we can utilize the advances in human behavioral science and neuroscience to better understand the behavior of generative models, and to achieve better and safer results with these systems.\" [20 mins talk, 15 mins Q/A]\n\nIn-person participants will enjoy the benefit of **networking**, free beer, refreshments or tea-like drinks. \n**Host**: [CyEx.hu](https://cyex.hu/), a Budapest-based cyber security service provider, whose founders are prominent figures in Hungarian pentesters' education\n **Doors open at 17:45**\nBudapest, Eln\u00f6k u. 1, 1089 [Nagyv\u00e1rad t\u00e9r metro]\n[https://maps.app.goo.gl/oKrqHMfhpyxnnpFs9](https://maps.app.goo.gl/oKrqHMfhpyxnnpFs9)\n **Online**:\nTelegram (live stream, panel, questions)\n[https://t.me/owasphu](https://t.me/owasphu)\nYoutube (broadcast, questions)\n[link TBD]\n\nProduced by: Timur Khrotko, OWASP HU\n\n Sidenote2: Another OWASP and LLMs related thingy to know about is the below checklist:\n[https://genai.owasp.org/resource/llm-applications-cybersecurity-and-governance-checklist-english/](https://genai.owasp.org/resource/llm-applications-cybersecurity-and-governance-checklist-english/)"
},
{
"group": "Jacksonville",
"repo": "www-chapter-jacksonville",
Expand Down

0 comments on commit 2999ada

Please sign in to comment.