Every year CONFidence is one of the most important events for us and is supported by our entire team.
We prepare substantive lectures, meet with clients, and at the same time we try to surprise the participants, challenge the more and less advanced of them, and get everyone interested.
Here you can read about last year’s CONFidence edition.
Attacking AWS: the full cyber kill chain, Paweł Rzepa
The aim of the presentation was to show the difference between safety assessment in a “cloud” infrastructure and test environments in a classical architecture. Paweł involved the audience in an interactive sample attack on a company in AWS environment. The participants voted and decided live about the events.
Attacking AWS Workshop, Paweł Rzepa
In addition to the presentation, Paweł also prepared a few hours of workshops. During the workshops, the participants could test live examples of how to detect and use configuration errors in AWS-based services
We need to go deeper – testing inception apps, Jakub Kałużny
Jakub introduced the attendees to the world of “inception apps” with multiple layers of obfuscation, encoding and encryption. He pointed out technical aspects of this type of security, but also the process of organizing penetration tests in special-risk applications. Currently, they often do not include the fact that the testing team may need additional time to deobfuscate communication before even starting the tests.
As every year, our stand offered a challenge.
Last year during the SecuRadar Challenge, we focused on the old good XSS susceptibility. This year’s unicorns were just a cover for SQL Injection. What was the challenge?
Using a QR code you had to register your “unicorn” in the application. Unicorns were assigned different weight, and the aim was to hunt the most valuable ones. To make the task harder, the most valuable unicorns belonged to the SecuRing team! So the best hackers who managed to take over our unicorns were rewarded with presents – each of them chose a prize for himself. In addition, at the end of the second day of the conference, the guys whose unicorns were at the top of the list won tickets for the next CONFidence edition.
Fingerprint cloning, NFC cards and alarm blocking – that’s what we prepared for the participants in our Security Playground. Everyone could try their hand as a hacker – some of you were really impressed!
We would like to thank all CONFidence participants and … see you next year!