[Owasp-egypt] OWASP Cairo Chapter in Bluekaizen CSCamp 18 Nov. 2016
mohamed.alfateh at owasp.org
Thu Nov 17 22:13:01 UTC 2016
For the third year, our chapter is participating in the CsCamp event, don't
miss the chapter sessions on the first day starting 5 PM.
The Hidden Venom : Dangerous Formats
(By: *Fady Othman*)
In the past years, we have seen the development of client-side attacks and
how hackers became smarter and smarter. We came to a realization that you
don't really need a zero day or advanced exploit to spread a malware or
ransomware. all what you need is a good social engineering trick and the
knowledge of how to abuse a legitimate file format. In this talk, we will
have a look at seemingly non-harmful file formats and how they can be
abused to spread malware.
Exploiting PHP Serialized Objects for Authentication bypass
(By: *Ebrahim Hegazy*)
In this session, I will talk about PHP Serialized Objects as following: 1-
What is PHP Serialized/Unserialize Objects and how it works, 2- Demo Code
on PHP Serialized Objects, 3- Exploitation scenarios for Serialized
Objects, 4- Practical example of exploiting Serialized Objects for
Authentication bypass & Privilege Escalation.
The Hidden Venom : Detecting APTs at web application layer
(By: *Mohamed Alfateh*)
Detecting and defending against Multi - Stage Advanced Persistent Threats
(APT) Attacks is a challenge for mechanisms that are static in its nature
and are based on blacklisting and malware signature techniques. The
comprehensive analysis and correlation can discover behavior indicative of
APT-related attacks and data exfiltration. In the web application layer,
other techniques are used to detect the sophisticated web attacks. In this
presentation, we will discuss some techniques that could be used to deal
with the APTs in the web application layer.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-egypt