We are excited to announce a full day event with lots of good workshops, swags, food and drinks...OWASP Bay Area chapter along with Pacific Hackers group are proud to present a full day minicon. We would like to thank Datatheorem for hosting this event.
Agenda
9.30 AM-11.30AM :- OWASP TOP 10 workshop
9.30 AM-11.30AM:- Car Hacking 101 workshop (online)
11.30AM-12.30PM:- Lunch
12.30PM-2.30PM :- Mobile Application Security (Workshop)
2.30PM-4.30PM :- Workshop on K8s security, Batten Down the Hatches! A Cluster Security Hardening Journey
4.30-5.30:- Introduction to CSA chapter and talk on DNS Takeover by Satish G
5.30pm-7Pm :- Happy Hour
Lock picking:- All day
### #1Title:
OWASP TOP 10 workshop
Abstract:
(To Be updated later)Beginner level workshop with focus on learning OWASP top10 from penetration testing and a developers perspective.
Presenter:
Zach Heller(https://zacheller.dev/whoami/), Cybersecurity Consultant and Ethical Hacking Educator. Speaker are various conferences, B.S./M.S. in Computer Science. Head of Cybersecurity Curriculum Development at The Coding School in LA.
### 2#Title:
Car hacking 101(Online)
### Abstract:
- Introduction to Automotive Security.
- Understanding CAN protocol and Internals.
- Attacking ICsim functions using open-source tools.
- briefing on various tools available for getting started in car hacking.
**Speaker:**Kartheek Lade is an IoT Security Researcher at Payatu who works in Hardware & Automotive Security verticals of IoT, as he is constantly learning about ISO/SAE 21434 and wireless security. Kartheek loves contributing and being a part of security communities and helping people get started in InfoSec. he is also been a speaker at BlackHat Asia, C0c0n, BSides Delhi etc
### Title:
Mobile Application Security (Workshop) (1PM-3PM)
Presenters: Himanshu Dwivedi, Pavan Walvekar, Ethan Arbuckle
Abstract:
From smartphones to tablets to watches, users are relying more and more on the convenience of mobile technology. Organizations must meet this growing trend with greater security measures to support critical business functions and protect sensitive data on enterprise devices. Mobile architectures, applications, networks and services must all be developed and managed in compliance with the oversight of a strong IT workforce.
This course provides an in-depth technical overview of the security features and limitations of modern mobile operating systems, including the top risks and vulnerabilities, every IT professional needs to know.
What you will learn:
Mobile application security measures
Models to develop and secure Android applications
Security detection and measures in iOS
Trends in mobile device management (MDM)
Prerequisites:
We recommend that you have the equivalent of a BS in computer science, or a background in cybersecurity. Workstation with Android Studio and Android Device. Workstation with Xcode and iOS Device
Required: Computer with AndroidStudio Installed and configured to build Android Apps.
Required: Install jadx https://github.com/skylot/jadx for reverse engineering.
Required: Install ADB https://developer.android.com/studio/command-line/adb
Optional: A test android phone with developer mode enabled.
Optional: Install Apktool https://ibotpeaches.github.io/Apktool/ for reverse engineering.
Optional: Install dex2jar https://github.com/pxb1988/dex2jar/tree/2.x for reverse engineering
Title:
Batten Down the Hatches! A Cluster Security Hardening Journey
### Abstract:
Your career is really taking off and you’ve finally landed that security engineer role at the company of your dreams. At your first daily standup meeting, the Chief Security Officer welcomes you aboard and gives you your first major project to lead which is aptly named, “Operation: Cluster Lockdown”.
In this hands-on workshop, the instructors will dive into the methods used to perform a successful real world Kubernetes security audit. Attendees will learn through instructor-led scenarios how to perform cluster / workload inventory, rapidly assess the security posture of workloads, enforce least privilege for end-users and service accounts, and comply with established compliance standards.
Each workshop attendee will utilize a public cloud environment and run a number of real-world workloads. The tools and methodologies covered in this workshop will give attendees the real world experience to perform a rapid Kubernetes security posture audit in their own organization’s clusters.
Speaker:- Jimmy Mesta(https://www.linkedin.com/in/jimmymesta/), Founder and CTO KSOC
5pm-7PM
Happy Hour, Meet industry experts mentors, Learn from there experiences, (Some of the Mentor's names will be updated later)