​Tech MeetUp: CYBERSECURITY

Tech MeetUp: Cybersecurity

• When: 16.10.2024 (Wednesday) 18:00
• Where: Browar Lubicz, Kraków

Join us for a Cybersecurity evening when industry experts dive into the details of offensive security and defence mechanisms, targeting professionals and enthusiasts alike. Our three sessions will explore the art of privilege escalation, the persistence of widespread vulnerabilities exemplified by Log4Shell, and the usage of sudo in the context of secure system administration.

The meeting will be packed also with valuable insights and engaging discussions!

Agenda:

Got r00t? - Basics of Privilege Escalation - by Michał Droński

About the topic: System Access has been granted... and now what? To escalate or not, that's the question. This presentation will cover the basics of privilege escalation, an important skill that every professional focused on offensive security, either from the red or blue side, should be familiar with. We will scratch the surface of privilege escalation basics, so if you're planning a career in cybersecurity, you're a cybersec enthusiast or want to answer the 'got r00t?' question, then this talk will suit you.

About the Speaker: Michał is an ethical hacker with over 7 years of experience in IT security and various offensive security certifications such as OSCP and OSWP. Michal holds a Master's degree in Cybersecurity obtained from the Georgia Institute of Technology, based in the United States, Atlanta.

Three steps that can protect your service from being incorporated into a bot army - by Piotr Furman

About the topic: Modern bot armies count hundreds of thousands or even millions of devices. A botnet revealed in September of this year has over a quarter of a million members, and one of the attack vectors used to spread the infection is the CVE-2021-44228 vulnerability, also known as Log4Shell. What makes a vulnerability known for three years still present in modern products? Using Log4Shell as an example, I will show how to detect this type of vulnerability in three different ways, and why you should perform each one of them.

About the Speaker: Piotr is a security engineer working in Motorola Solutions. Over the years he helped numerous development teams in the company to implement various security scans of their web applications. Piotr holds a CompTIA Certified Technical Trainer certificate, and for a few years he was one of the lecturers delivering an internal boot camp for employees preparing for the CompTIA Security+ exam. He is also an ISC2 member with CISSP certification.

From zero to root - How users exploit sudo for privilege escalation - by Maciej Klesiewicz

About the topic: In the game of privileges, sudo is your wildcard - but play it wrong, and you could be granted more power than you asked for. The presentation will explore sudo within the privilege escalation context, focusing on how this command is used to execute tasks with elevated privileges. It will cover common configuration mistakes that can lead to unintended privilege escalation.

About the Speaker: Maciej is a Security Engineer on the Product Security Consultant Team at Motorola Solutions. In this role, he is responsible for providing security advisory services, conducting product security reviews, advising on risk management, assessing security scan results etc. Maciej holds several industry-recognized certifications, including CISSP, Security+ and PenTest+.

Join us on Wednesday (16.10) at Browar Lubicz. The meeting will start at 6 pm