Level: Advanced Subject Matter

The idea is to first explain in depth how dynamic memory management works in glibc, as well as what could go wrong in the process of allocating or freeing memory. We will take a look at heap-based buffer overflows, use after free vulnerabilities, and why these two are the leading cause of software-based exploits even in 2023. how other allocators(for example scudo) prevent them, and of course also how to exploit them in different scenarios and environments(this will be the live demo part). I will also present the protections that have been put in place by system software developers in order to try and restrict the damage that these vulnerability classes can cause if exploited successfully.

Bio:
Aleksander Mundjar is CTF player, cybersecurity researcher, college student.

Level: low tech and technical

Workshop:

Working together to master a Box Challenge. Learn and apply tools, tactics and procedures in analyzing a vulnerable box.

An unrecorded workshop session in which we solve an interactive TryHackMe (THM) Challenge together.

The goal is to have a joint hacking session in which you will learn something as well as be able to put what you have learned into practice. You should actively participate in the workshop.

▽▽▽▽▽▽▽▽▽▽Requirements▽▽▽▽▽▽▽▽▽▽

• Own laptop
• Basic knowledge about Linux CLI/command line (handling of basic commands (cd, ls, mkdir, etc..))
• Search engine of your choice
• Kali Linux virtual machine (recommendation) or installed directly on your laptop
• TryHackMe Free Account

▽Procedure of the session:▽

I will choose an unnamed challenge box in advance from THM. This challenge is suitable for beginners and should be a web challenge which potentially ends with a Linux part. Except for the Challenge Box pre-selection and the setup of the Virtual Machine (VM) based on Kali Linux, there are no preparations from my side.
During the workshop we will try to find and exploit the vulnerabilities together. The idea would be that the workshop participants provide ideas how we can attack the box. I would then demonstrate suitable as well as unsuitable ideas live. In doing so, I will show you common tools and methods I use to approach such problems.

Maybe we’ll manage to successfully pwn the box together!

Bio:
Petar ‘Hetti’ Kosic is an IT security expert from Vienna and part of the finest Viennese hackspace Metalab. In his spare time he loves to go to community-based IT (security) conferences and camps, where he also gives talks about various (IT Sec) topics. You can also find him at the Chaos Computer Club Vienna (C3W) and on some weekends he is flag hunting with the successful academic CTF team We_0wn_Y0u.

CFP is closed! We got 23 submissions, and in the following days, we will start announcing the chosen talks/workshops. Although CfP is closed and you still think you have something to share, let us know via email cfp[at]bsidesljubljana[dot], twitter @BSidesLjubljana or Mastodon @[email protected].

Oh, yes tickets.

While participation is FREE, you still need a ticket.

Tickets will go out in two rounds:

• May 12th, 10 am (CET),
• May 26th, 10 am (CET).

.. and yes, the amount of tickets is very very limited, due to this year’s venue capacities. Please take a ticket only if you are really planning to come and participate. For more details, see tickets page for more details. Keep in mind that besides the free tickets, there are also supporter tickets available, which help us cover some of the costs. Be a supporter or if you are a company, consider sponsoring us.

Our CfP dragon has some news regarding CfP deadline!

                              /   \       
 _                    )      ((   ))     (
(@)                  /|\      ))_((     /|\
|-|                 / | \    (/\|/\)   / | \                  (@)
| | ---------------/--|-voV---\`|'/--Vov-|--\-----------------|-|
|-|                     '^`   (o o)  '^`                      | |
| |                           `\Y/'                           |-|
|-|                                                           | |
| |          CfP DEADLINE EXTENDED - 10th May                 |-|
|-|                                                           | |
| |                                                           |-|
|_|___________________________________________________________| |
(@)          l   /\ /          \\       \ /\   l            `\|-|
             l /   V            ))       V   \ l              (@)
             l/                //             \I
                               V

Are you doing something interesting, super exciting, and fun that you would like your peers to hear about? BSides is organized by the community for the community, and everyone is encouraged to participate. If you would like to share the excitement about the work you do and enable others to learn from you and gain recognition in the community, give a talk at the event. CfP is still open (for 10 extra days), so hurry up and submit your talk here: .//cfp/

We are announcing the upcoming 7th edition of Security BSidesLjubljana: it will take place on the ** Friday, 16th June 2023 **. Save the date now! :)

The preparations for another *Aw3s0m3* event are in full swing. But: BSides is a community-driven information security event, and like every year, we won’t be able to make it without YOU. This is a call for participation to all infosec enthusiasts out there!

Here is how YOU can help:

• Give a talk or workshop

Are you doing something interesting, super exciting and fun that you would like your peers to hear about? BSides is organized by the community for the community and everyone is encouraged to participate. If you like to share the excitement about the work you do, if you want to enable others to learn from you and if you want to gain recognition in the community, give a talk or a workshop at the event. Call for papers is now open, the submission deadline is the 30th of April 2023! Please see the CFP page for more details.

• Spread the word

Every share is invaluable! Follow us on Twitter @BSidesLjubljana, spread the word about BSidesLjubljana and CFP on social networks, among your friends and colleagues – share, tweet, retweet, blog, reblog, use hashtag #BSidesLjubljana. Make some noise! (Thank you <3)

• Sponsor

BSidesLjubljana is a free, non-profit, community-driven event for information security experts and enthusiasts to meet, share ideas and collaborate. It would not be possible without the generous help of sponsors to keep it free for all participants. Would you like to support the initiative? Maybe you know someone or a company who can help us? More information about sponsorship together with sponsorship kit is available on the Sponsors page.

• Volunteer

To be able to make everything fall into place, we will need an extra team of enthusiastic volunteers. If you would like to help us out on the 16th June 2023 and be a part of the team to make this event happen, reach us by sending an email to hello [at] bsidesljubljana [dot] si. Present yourself in a few words and let us know why you want to help at this particular event. Beforehand, we are also looking for:

• • passionate HTML/CSS hackers out there to improve/ refresh ascii/ hackerish design of https://bsidesljubljana.si
  • passionate designer to help us with co-creating BSidesLjubljana representation.

• Attend the event

Don’t miss out on the best part – talks, workshops, CTF, networking and more. Between February and April, free tickets in a limited amount will be released. We will announce more information later.

Dates to remember:

• 6th March 2023: CFP Open
• 30th April 2023: CFP Deadline
• April – June: Tickets available (limited amount)
• 16th June 2023: BSidesLjubljana 0x7E7

Follow up on BSidesLjubljana announcements:

• subscribe to BSidesLjubljana mailing list (right bottom side of this page)
• @BSidesLjubljana on Twitter, use hashtag #BSidesLjubljana
• https://bsidesljubljana.si/