Listen to the latest episode of the Secure Developer podcastListen now
close

DSC Poland

Be ready to protect, they are ready to attack!

Register

Date

September 7, 2022

Time

6pm CEST

Location

In-Person - Virtual (Hybrid)
ABB CTC - Starowiślna 13A, 31-038 Kraków

play_circle

Questions? Join the conversation on Discord channel

About the event:

This chapter event will welcome Rener Alberto, Senior Pentester at ABB, and Pawell Kusiński, Senior IT Security Consultant at Securing.

 

Agenda

Session 1: Rener Alberto’s session will cover the Pentest Automation Approach. The enumeration is a very important process of Pentesting. Some tools can be used to help the identification of products, version, vulnerabilities and possible exploits.

This presentation will cover some tools and the methodology that will help you understand and start your automation process.

Session 2: Pawel Kusiński’s session will be all about Risks in Serverless Technologies. Serverless computing is not only a popular option in the cloud environments, but also a suggested method for creating a lot of things! Did you even think about how it works under the hood? Is serverless really server-less? How execution environment works? Is persistence even possible in this event-driven compute service? I won’t be lying – Remote Code Executions are rare, but what if there is one in your function? I will show how to use it to acquire persistency and exfiltrate more data than function role gives.

Let’s discover:
– How the infrastructure in serverless works.
– Why persistence is possible in this semi-volatile environment.
– How to research serverless environment using pseudo shell over HTTP.
– How can we make use of an RCE vulnerability to obtain a persistence – exploitation demo will be shown! Possible mitigations.

 

🗣️ Join the discussion on our Discord server!

Pawel Kusiński

Senior IT Security Consultant at Securing

About Pawel Kusiński

On daily basis I deal with application security (web & mobile) but I am particularly interested in cloud security.

I am also a fan of participating in various types of associations related to whole IT Security field – I also had the opportunity of hosting and conducting a few workshops in this domain.

Of course, the learning process is continuous, so I am eager to learn new things.

Rener Alberto

Senior Pentester at ABB

About Rener Alberto

 I have 13 years of experience in Cyber Security with focus on Penetration Testing. I’m a CTF player, pentester, researcher and speaker on cyber security related events.

We use cookies to ensure you get the best experience on our website.Read Privacy Policy
close