BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: FlowMate and CSTC for Advanced Pentesting\n   When: 
 Friday\, Aug 11\, 15:00 - 16:59 PDT\n   Where: Flamingo - Savoy - AppSec V
 illage - Pod 3 - [1]Map\n   Speakers:Florian Haag\,Matthias GÃ¶hring\n\n  
  SpeakerBio:Florian Haag\n   Florian Haag is a senior security consultant 
 at usd AG with experience\n   in penetration testing\, software security a
 ssessments as well as code\n   reviews. He is specialized in penetration t
 ests of thick client\n   applications\, leveraging his background in softw
 are development to\n   reverse engineer proprietary client applications an
 d network\n   protocols. In previous scientific work\, he worked on novel 
 approaches\n   to application-level data flow analysis to improve penetrat
 ion testing\n   coverage. In addition\, he analyzed website clones used in
  phishing\n   campaigns and the frameworks that are used by fraudsters to 
 create and\n   operate cloned websites.\n\n   SpeakerBio:Matthias GÃ¶hring
 \n   Matthias Göhring is security consultant and penetration tester at usd
 \n   AG\, an information security company based in Germany with the missio
 n\n   #moresecurity. He is Head of usd HeroLab\, the division of usd\n   s
 pecialized in technical security assessments. In addition\, he holds\n   l
 ectures at Technical University Darmstadt and University of Applied\n   Sc
 iences Darmstadt on ethical hacking and penetration testing. In\n   previo
 us scientific work\, he focused on network and communication\n   security 
 as well as software security.\n\n   Previous publications:\n   - Catching 
 the Clones â€“ Insights in Website Cloning Attacks\, Risk\n   Connect Conf
 erence\, 2021 - Path MTU Discovery Considered Harmful\, IEEE\n   38th Inte
 rnational Conference on Distributed Computing Systems\n   (ICDCS)\, 2018 -
  Tor Experimentation Tools\, IEEE Security and Privacy\n   Workshops\, 201
 5 - On randomness testing in physical layer key\n   agreement\, IEEE 2nd W
 orld Forum on Internet of Things (WF-IoT)\, 2015\n\n\n   Description:\n   
 With our two open-source BurpSuite extensions FlowMate and the Cyber\n   S
 ecurity Transformation Chef (CSTC) we want to step up penetration\n   test
 ing of web applications to the next level. FlowMate is a plugin\n   that h
 elps to identify all data flows of a application by only\n   analyzing req
 uests to and responses from the target. In the background\n   it creates a
  graph you can browse visually to identify data flows to\n   test for inje
 ction vulnerabilities. The CSTC like the swiss-army knive\n   for pentesti
 ng. It enables you to define custom recipes that can be\n   applied to out
 going or incoming requests. This gives you the\n   possibility to alter HT
 TP messages in transit in various ways. The\n   only limit here is your cr
 eativity.\n   '\n\n   1. #FlamingoThirdFloor\n\n\n
DTEND:20230811T235900Z
DTSTART:20230811T220000Z
LOCATION:APV - Flamingo - Savoy - AppSec Village - Pod 3
SUMMARY:FlowMate and CSTC for Advanced Pentesting
END:VEVENT
END:VCALENDAR