Adventures in Spearphishing: The Good, The Bad, and The Ugly
Spearphishing is a known tactic, but how about using spam as a phishing vector? This presentation introduces “phishing spam”, an open-source Spearphishing Toolkit. The need, process and methods used for spearphishing are illustrated through an actual client case from Radically Open Security. The case has a surprising ending with an ethical + philosophical twist. This is the kind of story that only comes from the trenches.
Capture the Flag
This demo is a custom built demo targeting the level of the participants. Melanie will set up a hacking environment in which the participants will partake in a custom hacking challenge battling in teams. Besides hacking challenges, this demo can be altered for beginners with challenges like lock picking.
Cross-site scripting (XSS)
We have all received an e-mail with a suspicious link or attachment. During this demo Melanie will show what the consequences are if you click on a malicious link in an e-mail. She will tell participants more about how hackers use the technique cross-site scripting and the tool Browser Exploitation Framework (BeEF). Using the same tools Melanie will demonstrate how she can make webpages dance on your screen, turn the webcam on and sniff passwords.
Enterprises as a Tool for Activism
We have entered the era of President Trump. Activists, NGOs, and charities thus need to reexamine the stability of (and motives behind) their funding sources. Surprisingly, business is an excellent tool that one can leverage to change the system. While business is not perceived as sexy by most activist-types, this talk will explain why social enterprises are tactical, lightweight, independent, effective, and why they are now more important than ever.
Nonprofit Companies: Experiments in Business Model Hacking
This presentation introduces the concept of the Nonprofit Company (based upon the Dutch concept of a Fiscal Fundraising Institution). Melanie Rieback is the CEO/Co-founder of Radically Open Security, the world’s first non-profit computer security consultancy company. She will present a few case studies (in the IT industry), and provide a number of compelling reasons why your next startup should be… not-for-profit!
Open-Source and Exponential Business
Both startups and multinationals cling to outdated reasons for proprietary business models: “competitors will steal our stuff”, “services aren’t scalable”, “corporate customers won’t take us seriously if our product is free”. However, in the modern world of Uber+AirBNB and DevOps-style BizDev, these assumptions no longer apply. This talk will explain why open-source is the best way for your company to achieve disruptive success in your industry.
Password cracking demo
Having a strong password is part of securing your data. In this demo Melanie will explain the theory behind passwords, explain what a strong password or -sentence means and she will show how she can crack actual passwords given by participants of the demo.
In this talk Melanie Rieback introduces the basics of Pentesting ChatOps, and will discuss the processes and open-source tools needed to enable Pentesting ChatOps within your own organization.
ChatOps, a concept originating from Github, is chatroom-driven DevOps for distributed teams, using chatbots (like Hubot) to execute custom scripts and plugins. We have applied the concept of ChatOps to the penetration testing workflow, and found that it fits outstandingly – for everything from routine scanning to spearphishing to pentest gamification. This talk discusses the tools that we use (RocketChat, Hubot, Gitlab, pentesting tools), and provides battle stories of using Pentesting ChatOps in practice.
Red and Blue Team Pentesting
In this custom built demo. Melanie will set up a simulation with a war like pentesting challenge. The red team will try and attack while the blue team has to monitor and defend. This interactive demo is a great way to learn more about the attacker mindset and how to defend yourself against attackers.
Retrieve passwords from computer memory
Nowadays we spend a lot of time behind our computer ,which means our computer stores a lot of data and even data we have forgotten about. Melanie will show how she can retrieve all kinds of unencrypted data, for instance passwords, from a (Windows) computer.
Why Cyber security Belongs to the Commons
When it comes to IT assets: Is there a tension between security and openness? The prevailing wisdom is that there is. As Melanie Rieback explains, there needn’t be. Melanie discusses how open source methods and transparency help to improve security. Those who want to defend against cyberattacks should cooperate with each other, because the truth is attackers do too.
Wi-fi and pineapple demo
Public wi-fi access points are everywhere nowadays. In this demo Melanie Rieback will show how dangerous these widely available public wi-fi networks are. Using a ‘pineapple’ device, Melanie will show how she can collect data and interfere with how you surf the internet. During the demo you can connect your own device with the pineapple and see for yourself what others can see and do while you’re using public wi-fi.