All videos

  • FSCONS 2017 - Maria Xynou - Collect evidence of Internet Censorship (1:07:18)
  • NUUG
  • Since 2012, the Open Observatory of Network Interference (OONI) project has been invesnsorship around the world. OONI's network measurement software has shed light on many scary, yet interein how information controls are being deployed. From Deep Packet Inspection (DPI) technology being used to block media websites during heavy political protests, to country-wide internet blackouts during elections and other events. This talk will highlight some of the most striking internet censorship events that have been detected by OONI over the last years, and will include a discussion of their relation and relevance to social and political events. This talk will also explain how you can take action to uncover evidence of internet censorship in your country and beyond. Recorded by NUUG for FSCONS.
  • When exploits are blind - Chris Dale (0:49:11)
  • NUUG
  • Demonstration based presentation. Only intro and outro powerpoint slides. Demonstrate user enumeration using timing attacks. Especially prominent when companies have implemented bcrypt/scrypt/pbkdf#2. Attack vector which is very useful in many cases today, notably against Lync/Skype4B installations today. Further password spray into a solution. Discover, analyze and fully exploit reverse-shell command injection. How to find these across large systems? How dose vulnerability scanners work, and how do they detect this? Introduction to Burp Collaborator. Introduction to script for merging attack data into hundreds of Burp Collaborators. Discover, analyze and fully exploit blind SQL Injection. Demonstrating Burp Intruder cluster bomb attack to enumerate out table data. Recorded at the OWASP Norway Day by NUUG.
  • Modern Web Application Vulnerabilities - Erlend Oftedal (0:44:04)
  • NUUG
  • With the emerging popularity of bug bounty programs, lesser known and even brand new vulnerability classes are gaining popularity. This talk will give a walk-though of some of these vulnerabilities, how they occur in modern web applications and how they can be found and fixed. Recorded at the OWASP Norway Day by NUUG.
  • The State of Your Supply Chain - Andrew Martin (1:03:21)
  • NUUG
  • Container security often focuses on runtime best-practices whilst neglecting delivery of the software in the supply chain. Application, library, and OS vulnerabilities are a likely route to data exfiltration, and emerging technologies in the container ecosystem offer a new opportunity to mitigate this risk. Treating containers as immutable artefacts and injecting configuration allows us to "upgrade" images by rebuilding and shipping whole software bundles, avoiding configuration drift and state inconsistencies. This makes it possible to constantly patch software, and to easily enforce governance of artefacts both pre- and post-deployment. In this talk we detail an ideal, security-hardened container supply chain, describe the current state of the ecosystem, and dig into specific tools. Grafeas, Kritis, in-toto, Clair, Micro Scanner, TUF, and Notary are covered, and we demo how to gate container image pipelines and deployments on cryptographically verified supply chain metadata. Recorded at the OWASP Norway Day by NUUG
  • Machine Learning for Security - Alan Saied (0:47:37)
  • NUUG
  • The ability to mathematically classify patterns, predict events and/or identify abnormalities within a wide range of data is known as Machine Learning. For the purpose of this conference , we explain the power of data and how it can be used with Machine Learning models to identify abnormal behaviour within complex environments. We also explain the ingredients and the steps required to build a Machine Learning models to serve security tasks. This will further be followed by its complications in terms of false positives, accuracy of detection and validity of model and how this can be improved. Recorded at the OWASP Norway Day by NUUG.
  • Linux Security APIs and the Chromium Sandbox - Patricia Aas (0:53:47)
  • NUUG
  • The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context in this talk. Recorded at the OWASP Norway Day by NUUG.
  • Venn av Nøff (0:06:08)
  • Empo AS
  • Det er høst og tid for Nasse Nøff å komme inn i varmen etter en lang sesong ute i hagen. Søndag 2.november hadde foreningen Venn av Nøff sin årlige innbæring. I tillegg blir det utdeling av NÆ!-prisen. Følg med.
  • What We’ve Learned From Billions of Security Reports - Scott Helme (0:59:29)
  • NUUG
  • Running one of the largest security reporting platforms of its kind, we handle billions of security reports for our customers every single month. Come and learn how we've scaled from handling 10,000 reports per month to 10,000 reports per second and the many evolutions our infrastructure has gone through. Alongside that come and see how, with our bird’s-eye view of such a diverse ecosystem, we’ve helped identify malware in a multinational organisation, had a malicious browser plugin taken down and much more! Recorded at the OWASP Norway Day by NUUG.
  • FSCONS 2017 - Trust, Elections and Twitter - Patricia Aas (1:04:06)
  • NUUG
  • What happened from beginning to end. What made the news and what didn't. How did it feel to be in it and how I was treated by the public, by the government and by the media. How transparency and suspiciousness is fundamental to an election system and how the lack of transparency drove me to dig further into the ballot counting system in Norway.
  • Sintel (0:14:49)
  • NUUG
  • Historien om Sintel og hennes ekspedisjon for å finne babydragen hun ble kjent med.
  • Decentralized Open Source Mesh Networks - Benedict Lau (1:12:23)
  • NUUG
  • Benedict Lau, en bidragsyter og arrangør på (Toronto Mesh), besøker oss for å snakke om å bygge nettverk for mesh-nettverk som er selvadresserende, desentralisert og fungerer uten internettforbindelse. Vi vil diskutere peer-to-peer-applikasjoner som det interplanetariske filsystemet (IPFS) og Secure Scuttlebutt (SSB), både teknisk og å utforske sosial dynamikk som oppstår når brukerne har eierskap og kontroll over webapplikasjonene de bruker. Foredraget vil gå på engelsk.