On May 21st, 2019 the OWASP Czech Chapter Meeting took place in the Microsoft offices in Prague 4. The event is organized by the local OWASP chapter leaders Daniel Mács & Jan Kopecký, and it gathers security enthusiasts, developers and students not only from Prague but also neighboring cities. The event, free of charge, offers 3 hours long workshops in the morning, and talks in the afternoon. Full event agenda here.

In this edition we were extremely happy and grateful of being able to participate and contribute to the event not only with talks but also by giving a workshop in the morning. If you missed the event, don’t worry, Daniel and Jan announced in the closing notes that there will be another OWASP chapter meeting/conference in October! (Follow the news at @owasp_czech).

In the morning, part of our team was enjoying one of the workshops “Security & Lockpicking” by the TunaCTF team. The workshop was designed as a CTF and had online challenges in different categories, but also had physical challenges! The TunaCTF team brought different locks with varying complexity that participants should unlock in order to earn points for the CTF.

Simultaneously, two of our members were teaching the other workshop “Getting Your Hands Dirty: IoT Botnet Analysis” were they walked the audience through a real IoT malware capture, how to analyze it, and how to summarize the findings once the analysis is done.

After the workshops, the first talk titled “NSA Hacking Tools” was given by Lukáš Antal. In this talk Lukáš showed a demo of how to use the NSA hacking tools and exploits released by Shadow Brokers in 2017 to not only gain access to a computer, but also to steal information from it.

The next talk was presented by two of our members, Simona Musilova and Sebastian Garcia from the Aposemat Project. Their talk, “Does Your IoT expose You? Honeypots, Attacks and Decryption in an Edimax Camera”, started by describing the lab infrastructure they currently use in their Aposemat project where they have a myriad of IoT devices acting as honeypots. One of those devices is an Edimax camera. Sebastian continued explaining and summarizing some of the most interesting attacks the Edimax camera had received over the past year, and how (surprisingly!) none of them were actually targeting the Edimax camera itself. Most of the attacks received were generic attacks attempting to exploit other technologies or devices. Simona explained how looking at the traffic of the camera trying to find possible malware infections they discovered something else. The normal traffic of the Edimax camera was quite suspicious and that started her journey reversing the firmware of the camera trying to understand why it connects so often to the Edimax servers and what data could possibly be sending to those servers.

After the first afternoon break, our team members Jan Fajfer & Kamila Babayeva from the Civilsphere Project presented “We Know Where You Are: How Most Mobile Applications Jeopardize Your Security”. In this short talk they gave a brief overview of why mobile security is so important, what are the typical issues they found while analyzing traffic of mobile applications, and how the issues they found are not isolated cases, these issues affect millions of users. They gave a short live demo in where they were able to intercept the traffic of a local transport application, change the directions shown to the user, and send the user to a different destination.

This short talk was followed by a very interesting presentation by Petr Stuchlík, “The messaging menagerie”. In this talk he showed how prevalent message oriented systems are, and how insecure they are. His talk provided a comprehensive summary of today’s most used message oriented technologies and issues within them.

After this talk, Sebastian García from Stratosphere and Anna Shirokova from Avast IoT Lab and Stratosphere collaborator, presented their talk “Cybercriminal Activities Managing a New Android Botnet”. In this talk they described how analyzing the network traffic of one botnet led to the discovery of a new botnet they named Geost, and also to uncover a new world of cybercriminal activities and monetization of attacks targeting Android devices. This presentation covered just the tip of the iceberg in their investigation, and the full research will be presented in this year Virus Bulletin Conference.

In overall we had an amazing day. The organizers did an amazing job on the event (thank you!), and the environment was open and welcoming. The event size is perfect to promote interactions among participants. Next edition, as announced in the closing notes, will take place also in Prague at the end of October 2019. Stay tuned!