More organizations are applying a DevOps methodology to optimize software development. One of the main tools used in this process is a continuous integration (CI) tool that automates code changes from multiple developers working on the same project. In 2019, GitHub released its own CI tool called GitHub Actions. According to GitHub, GitHub Actions help you automate tasks within your software development life cycle, and it has been gaining a lot of adoption from developers.
This workshop will demonstrate how GitHub Actions work and show security tools to protect your applications from attackers. First, we’ll dive deeply into the Actions, the language, and the runners, the servers provided by GitHub to run your Actions. Then, we’ll show how to run SAST, DAST, and SCA using open source or free tools into your pipeline just using GitHub Actions. We’ll set up Actions for each tool to scan our application for security vulnerabilities at every pull request. We’ll leverage SonarCloud for SAST, OWASP ZAP for DAST, and Snyk for SCA.
Outline:
Outline:
Bio: As an Information Security Specialist, Magno Logan specializes in various subjects, including Cloud, Container, Application Security Research, Threat Modeling, and Kubernetes Security. He boasts multiple international certifications and is a sought-after speaker at worldwide security conferences, presenting in countries such as Canada, the US, Brazil, and Europe. In addition to his professional accomplishments, Magno is the founder of the JampaSec Security Conference and the OWASP Paraiba Chapter. He has previously served as a Snyk Ambassador and member of the CNCF Security TAG, Kubernetes SIG Security, and OpenSSF.
Reverse-engineering is a useful skill when you want to really understand what a program does. While most of this knowledge can be applied across different types of software, reversing malware presents its own unique challenges; number one being that the author usually doesn’t want you to analyze it.
In this hands-on workshop, we are going to look at various techniques used by malware creators. We will also cover issues specifically related to reversing malware, including:
Requirements:
We will provide a virtual machine with the required tools pre-installed, including Ghidra. However, feel free to install and use your preferred reverse engineering tool (IDA, Binary Ninja, Iaito, etc.)
Attendees are expected to have at least a basic level understanding of one low-level programming language such as C/C++.
Knowledge of the following is not required but will be of use (if you want to prep beforehand)
Bio: Alexandre is a malware researcher at ESET since 2021. Working with the Montreal team, his research is focused on tracking APT groups and their toolsets. He has previously presented about APTs and attribution at Botconf, Sleuthcon, Hackfest, and BSidesMTL. He is also involved in mentoring students getting started in infosec. His interests include operating systems fundamentals and writing shell scripts to automate tasks that don’t always need to be automated.
Limited seating
Registration for the workshops is available with the purchase of a ticket. A small fee is required to show commitment. Please note that the workshop will be in English.