TalksCheckout our recent talks.
RSA Conference 2021
Participants in this session will get a walk-through on MindAPI - an online mind-map that combines years of experience in API security testing. It's divided into two sections. Reconnaissance and Testing (Follows OWASP API Security Top 10 guidelines and other security guides). Get a tuned methodology, documentation and open-source tools to get help on the path of securing APis.
Cyber & Cloud Expo - WebConference
Assista à Conferência de David Sopas sobre o "Na segurança, o elo mais fraco somos nós”, que decorreu no dia 9 de Outubro de 2020.
DEF CON 28SM AppSec Village
In this session, we will analyze four real-world examples of different high impact android vulnerabilities. We will show how we discover, developed, and leveraged the vulnerabilities into a fully working proof-of-concept, devised meaningful attack scenarios (demos included), and how our work was approached by the different vendors.
DEF CON 28SM AppSec Village
Do you speak API? Surely you do, even if you don't notice them in your world wide web everyday use. APIs are proved to be beneficial for business, but with great power comes great responsibility and some of them have serious problems. Last year we put a lot of effort to build and release the OWASP API Security Top 10 project. Then, we decided to go wild and have some fun. Now we will present our findings, from OWASP API Security Top 10 to lots of fun and profit. Join us to learn common API pitfalls: how to find and abuse them. It won't hurt. Unless your data is in there...
BSides Lisbon 2018
This talk is based on our research on airgap systems and covert channel exfiltration methods. Nation state spying users seems pretty common these days and we will show the audience how to implement these covert channels using NFC and visible light.
The presentation will be divided into two parts. Starting with a brief explanation on airgaps and data exfiltration, moving on to some of the existing techniques and finishing it with some of our own unpublished research, live demos included.
The speakers will show how is possible to exfiltrate information using two different methods. First by abusing an IoT Bluetooth Low Energy light bulb and retrieve the information reflected off a wall or any other surface with an off-the-shelf smartphone. Then a different approach on NFC will be shown. What if you can use the NFC chip of a device with a longer range? And transmit information even behind walls?
By the way, the speakers are not responsible for feds getting ideas on this talk. This is kind of a disclaimer.
DEF CON 26 IoT VILLAGE
Cheaper devices that consume less power - What more can you ask for? SECURITY!. Based on multiple tests we have done across a variety of devices, we can conclude that there are still many vendors who lack the security awareness and fail to protect their users. All tested devices were vulnerable to various degrees: A smart scale, a smart lock, a smart band, a smart light bulb and even Amazon’s Alexa. Live demos included!
BSides Lisbon 2017
In this talk, the author will present real case scenarios (aka hacking to PoC) showing the danger of large organizations ignoring high and critical security issues, with repercussions that would affect millions should the security threats fall into the wrong hands. Additionally, this talk will share tips on how to properly disclose bugs to companies without being a real Trump.
BSides Lisbon 2016
"The way of the bounty" tells the experience that I had in the last year regarding bug bounty programs. I'll give a brief introduction to what bug bounties is but my main focus will be to deliver the best and most of the common vulnerabilities I found on bug bounty programs. Where to search? Can I still find issues on public programs? Does bug bounty affects the security industry in some way?