Hacktivity - The IT Security Festival in Central & Eastern Europe
MOM Cultural Center, Budapest // 8th October 2021
2021-10-08 08:00:00
GET YOUR TICKET
  • Home
  • News
  • Conference
    • What is Hacktivity?
    • Presentations
    • Workshop sessions
    • Speakers
    • HackCenter
    • Hackademy Programme
    • Call For Ideas
    • Newsletter
    • Visit Budapest
    • Hacktivity Badge
      • Badge HOWTO
      • Badge wifi setup
    • Call For Papers
  • Sponsors
    • Become a Sponsor!
    • Sponsors & Partners in 2021
  • About
    • About Us
    • Contact Us
    • Our Team
    • Program Committee
    • Privacy Policy
    • Terms & Conditions
    • House Rules
  • Home
  • News
  • Conference
    • What is Hacktivity?
    • Presentations
    • Workshop sessions
    • Speakers
    • HackCenter
    • Hackademy Programme
    • Call For Ideas
    • Newsletter
    • Visit Budapest
    • Hacktivity Badge
      • Badge HOWTO
      • Badge wifi setup
    • Call For Papers
  • Sponsors
    • Become a Sponsor!
    • Sponsors & Partners in 2021
  • About
    • About Us
    • Contact Us
    • Our Team
    • Program Committee
    • Privacy Policy
    • Terms & Conditions
    • House Rules
WORKSHOP

Workshop sessions

All the workshop sessions of #Hacktivity2021 can be found on this page. We reserve the right to change the program. Online registration for the workshop sessions will start 1 day before the conference. The registration URL will be published on this page and also sent out via newsletter. PLEASE NOTE: only ticket holders can enter the workshop sessions, so please make sure to get a ticket in case you would like to join.

BOB WORKSHOP ROOM
8 OCTOBER 2021
09:00 — 11:00
Live @ The Venue
Mindset Over Encyclopedia - Empowering Security Conscious Developers

This workshop is aimed at security-conscious software developers. Modern-day engineers must cultivate a security-aware mindset instead of memorizing an encyclopedia of vulnerabilities and countermeasures. Having a healthy dose of creativity and curiosity will get your farther than knowing acronyms. The workshop is designed to enhance your mindset and help you think “out-of-the-box.” You will be split into teams to solve challenges cooperatively in a virtual environment. Our scope is two well-known OWASP categories: “A03:2021-Injection” and “A05:2021-Security Misconfiguration”. After a brief introduction and real-world case studies, we will jump straight into hacking. By the end, you will look at vulnerabilities and countermeasures in a different light.

Live @ The Venue
Dániel Szpisjákdaniel_szpisjak
11:00 — 11:30
Coffee break
11:30 — 13:30
Live @ The Venue
Catch Me If You Can - Forensics with Free FireEye's Redline Tool

Doing host forensics is like solving an exciting mystery. We know something is wrong, we might get some alert from the host but we don’t know what happened (if anything). How the story started, it is an automated breach or hands-on keyboard attack, have they moved laterally, how they secured the persistence? Have they exfiltrated anything?
The forensics examiner should tell you a story when finishing his/her job.
During the first part of the presentation, I will introduce you the free FireEye Redline tool and we will walk through an incident together. Right after as a junior forensics investigator you will get your first assignment and you will have 60-90 minutes to solve the case. I will provide you hints every 10-15 minutes. Bring your own laptop (with VM if you wish) and install FireEye’s Redline 2.0 from here – https://fireeye.market/ before the workshop.

Live @ The Venue
Attila Bártfaibartfai_attila
13:30 — 14:00
Coffee break
14:00 — 16:00
Live @ The Venue
How to Steal Website Domains (aka Subdomain Takeover) Workshop

A workshop about subdomain takeover: nowadays, in the age of the cloud environment there are new surfaces to attack these systems. The cloud providers try to give us easier deployment scenarios. This is the breeding ground for the attack, which also affects larger organizations. In the first part of the workshop, we will review the theory and techniques, and then in the second part, we will take a sharp look at the attack in the wild. During the demo, we will go through the entire attack chain, create the Proof Of Concept, and discuss the steps of how to report a vulnerability ethically.

Live @ The Venue
Levente Molnárlevente molnar
BOBEK WORKSHOP ROOM
8 OCTOBER 2021
09:00 — 11:00
Live @ The Venue
Exploiting Type Confusion Vulnerability Workshop

During the workshop we will learn, how does the type confusion attacks are working against browsers. We will start from a type confusion vulnerability (CVE-2017-8601), and write an exploit based on it. We will learn, how to get the Vtable pointer by creating fake integer object. Then based on the VTable pointer how can we create create a fake array object, to implement a read/write primitive. By the help of the read/write primitive we find the address of the stack. Then overwrite the Return Address, to run code.

Live @ The Venue
Péter Zsíroszsiros_péter
11:00 — 11:30
Coffee break
11:30 — 13:30
Live @ The Venue
AWS Cloud Hacking Workshop

More and more companies are moving their applications to the cloud to reduce their costs or simplify their operations. However, these applications can be just as vulnerable as the traditional ones, costing massive sums for their owner if exploited by malicious actors.

In this workshop, you can learn the basics of cloud platforms and the fundamental differences between traditional and cloud-hosted applications, vulnerabilities and exploitation techniques. We will be using AWS, the most popular cloud platform, to analyze and exploit some of the most frequent vulnerabilities together.

Requirements for the hands-on parts:
– AWS Free Tier account and AWS CLI (optional)
– Burp Proxy (recommended) or any similar tool capable of submitting HTTP requests (e.g. curl)

Live @ The Venue
István Böhmistvan_bohm_hacktivity
13:30 — 14:00
Coffee break
14:00 — 16:00
Live @ The Venue
White Box Web Pentest Workshop

A shallow dive into deep water, the topic of web application security stretches wide so this workshop is laser focused. During white box application testing we use the source code to our advantage, uncovering issues that might otherwise remain hidden from standard grey box testing.
In this workshop we go through common examples and techniques to enumerate and find issues in a variety of languages. We will look at real-world applications and recreate exploits to understand how they were discovered. Experience is expected in web application testing as well as understanding code at a superficial level. For requirements: A laptop with your choice of text editor (we will use VSCode), Burp proxy and a python interpreter to run scripts.

Live @ The Venue
Péter Fejérpeter_fejer
ONLINE WORKSHOP SESSIONS VIA ZOOM
8 OCTOBER 2021
14:00 —16:00
Zoom
Appsec404 Workshop

Bob recently joined a big and very famous company, Appsec404, which conducts security assessments. Bob has always dreamed of working in this area, and now he has a chance, and he does not want to miss it. At the same time, he was not the only one hired and got the coveted position of an application security specialist, and Bob must prove himself as good as possible. Bob will have to solve many problems related to finding and fixing vulnerabilities to move up the career ladder. At least, the main thing is to do the job and not follow any sorts of rabbits, right?

During our workshop, you will help Bob and face many tasks related to finding vulnerabilities in various web applications and fixing them. To not go into details, we will study the vulnerabilities and reports published on HackerOne and Bugcrowd, and solve a few real problems. In addition, you will learn what needs attention when testing and implementing various functions in web applications and what can happen if certain functions are not used promptly.

Zoom
Ivan IushkevichIVAN-IUSHEKVICH-scaled-728x728
14:00 — 18:00
Zoom
Practical Mobile App Attacks by Example

If you are the kind of person who enjoys workshops with practical information that you can immediately apply when you go back to work, this workshop is for you, all action, no fluff 🙂

Attendants will be provided with training portal access to practice some attack vectors, including multiple mobile app attack surface attacks, deeplinks and mobile app data exfiltration with XSS.

This includes:

Lifetime access to a training portal
Vulnerable apps to practice
Guided exercise PDFs
Video recording explaining how to solve the exercises
This workshop is a comprehensive review of interesting security flaws that we have discovered over the years in many Android and iOS mobile apps: An entirely practical walkthrough that covers anonymized juicy findings from reports that we could not make public, interesting vulnerabilities in open source apps with strong security requirements such as password vaults and privacy browsers, security issues in government-mandated apps with considerable media coverage such as Smart Sheriff, apps that report human right abuse where a security flaw could get somebody killed in the real world, and more.

The workshop offers a thorough review of interesting security anti-patterns and how they could be abused, this is very valuable information for those intending to defend or find vulnerabilities in mobile apps.

This workshop is for those who are intending to broaden their knowledge of mobile security with actionable information derived from real-world penetration testing of mobile apps.

This is a hands-on workshop, FREE access to the slides, vulnerable apps to practice and recording: https://7asecurity.com/free-workshop-mobile-practical

Zoom
Abraham Arangurenabraham aranguren
Hacktivity Kft.
2143 Kistarcsa, Eperjesi u. 40/2
+3670 507 5833
[email protected]
Latest news
  • IMPORTANT INFO for HACKTIVITY2021 VISITORS
  • Blue-Team CTF Game Exclusively for Hacktivity Participants hosted by Binary Confidence
  • OFFICIAL PROGRAM has been ANNOUNCED for HACKTIVITY2021!
Looking for something?

Any content or design element on our website may only be used with the prior written approval of Hacktivity Kft.

 

© 2021, Hacktivity Kft. All rights reserved.