… the missing FIN notes ..

We did it! We managed to carry out the 7th edition of BSidesLjubljana and from so far (super positive) feedbacks it feels we made another great event.

Tickets, released in two batches, were literally gone in a few minutes, yet again!!! Our new venue Računalniški muzej / Slovenian Computer History Museum was packed with 130 BSidesLjubljana participants. 30% more than we initial planned with new venue, but sadly due to space limitation 50% less than previous year (before COVID).

It seems information security communities and enthusiasts are starving for events like this, so it gives us acknowledgment we are on the right path. \o/

We are very grateful to everybody and want to say the biggest THANK YOU to:

• All participants for creating a great and true unconference BSides-like vibe as well as all the hype on twitter (#BSidesLjubljana)!
• Speakers for participating by sharing your expertise by giving talks and carrying out workshops. We are happy there were 9 lightning talks in the end – thank you for your contribution!
• @Ministraitor for flying all the way to Ljubljana once again to video record all talks!
• All the sponsors and strategic partners for covering most of the costs and making BSidesLjubljana FREE for all participants: Pareto Security, 0patch, 3FS, VIRIS
• All community sponsors for – taking care of working wireless equipment: Sfera IT; an extra hand with PR & Marketing: OWASP Slovenia/Maribor, SecTalks, Ogrodje podcast; taking care of legal/financial activities: LUGOS
• Računalniški muzej / Slovenian Computer History Museum (@muzej) for hosting us and making sure Club Mate was there for all the hackers.
• Media sponsor Help Net Security.

Video recordings are now published on this site with all the slide decks we received from the speakers.

If you blog about the event and experience, please let us know – we would love to hear it and share it forward. When tweeting about it, please use hashtag #BSidesLjubljana.

Thank you for coming to Security BSidesLjubljana 0x7E7. We hope you had a great time and we will see you again next year! In the meanwhile maybe see you at some other BSides event.

— BSides Ljubljana Team

See you all in 12h!

We have already started the countdown while we are in final preparation for another BSidesLjubljana event in 7 days!

Status update while you do the countdown with us:

• BSidesLjubljana 0x7E7 agenda for the 16th of June is online now. Fingers crossed, this is final, and there will be no more cancellations. (There are still some empty track slots – if you would like to participate and share something – you get a TICKET in exchange :))) )
• BSidesLjubjana is again completely SOLD OUT, and we still have people on the waiting list for tickets! If you have a ticket, but you’re not coming, please return the ticket via Eventbrite or let us know so that we can pass it on to someone else. Thank you!
• It’s awesome to see that there are individuals, who bought supporting tickets, and companies, that are supporting us, that see great value in supporting community events like ours! Thank you Pareto Security, 0patch, 3FS !
• We are inviting you to participate also by sharing something with us by giving a <7min Lightning talk. More information and how to apply in the Lightning talks section.

Thanks for tweeting using #BSidesLjubljana hashtag! See you next Friyay!

Level: Low Tech

Abstract:
Everybody’s focus is on the security of PaaS services (such as AWS), but are we paying enough attention to the security of data in our SaaS applications?

We believe that the security of third-party integrations is an underestimated point of risk, given the general belief that vendors will take care of their applications’ security. However, the new world of interconnected SaaS applications creates new risks which have not yet been examined in sufficient detail. Even though your primary vendor may be secure, what if your data is leaked to vendors which are insecure or malicious? With the use of custom interconnectivity methods and limited protocols such as OAUTH2, the permissions of integrations are often questionable and hard to understand.

Do you use Jira? Slack? Have you looked at webhooks? Do you have unknown Google Integrations? Do you understand the permissions these apps can use?

These are just a few ways how apps may be unknowingly leaking your data to third parties. This talk will be focused on highlighting some of the lesser known ways to check if your SaaS application is leaking your data and also provide mitigation strategies to reduce these risks.

Want to know more? Then this talk is for you!

Bio:
Boris Sieklik is a Senior Director of Information security at MongoDB and a strong believer in cybersecurity being a business enabler. He has more than 10 years of experience in cybersecurity leadership roles across different industries including Finance, Anti-malware and Tech and companies. Previously, he published a new DDoS amplification attack which was covered in international media. He holds a number of certifications including OSCP, CeH and others. Additionally, Boris holds a MSc with Distinction in Advanced Security and Digital Forensics from Edinburgh Napier University and First Class BSc. in Computer Networks from Middlesex University London.

Video/recordings:

[Slides (PDF)] [Recording (MP4)]

Hey,

Let's play a simple #CTF game for free #BSidesLjubljana #ticket? Follow this thread 🧵 pic.twitter.com/YqFKVQ0DdN

— BSides Ljubljana (@BSidesLjubljana) May 18, 2023

Here are rules:

• Download the following file https://0x7e7[dot]bsidesljubljana[dot]si/hidden_gold.zip
• Solve it and extract flag `ctf{}`
• Go to https://bsidesljubljana-0x7e7.eventbrite.com and enter the flag as the access code to collect your FREE ticket. CODE is flag as `ctf{<CODE>}`
• Let others, and us know about it! Tweet that you have successfully extracted the flag and collected the ticket including the hashtag #BSidesLjubljana