BEGIN:VCALENDAR VERSION:2.0 PRODID:Data::ICal 0.24 BEGIN:VEVENT DESCRIPTION: 'Title: The Rocky Balboa Guide to Security Research: Getting Back Up\n When You Get Knocked Down\n When: Saturday\, Aug 12\, 12:20 - 12:59 PDT\n Where: Flamingo - Mesquite - Cloud Village - [1]Map\n\n SpeakerBio:Liv Matan \, Cloud Security Researcher at Ermetic\n Liv Mata n is a cloud security researcher at Ermetic\, where he\n specializes in application and web security. He previously served in\n the 8200 Intelli gence Corps unit as a software developer. As a bug\n bounty hunter\, Liv has found several vulnerabilities in popular\n software platforms\, suc h as Azure web services\, Facebook and Gitlab.\n In his free time\, Liv boxes\, lifts and plays Capture the Flag\n (CTF).Liv studied computer sc ience at the Weizmann Institute of\n Science\, in Israel.\n Twitter: [ 2]@terminatorLM\n\n Description:\n Vulnerability research is sometimes perceived as a glamorous pursuit\,\n where researchers constantly uncov er security flaws and find critical\n exploits that can lead to catastro phic results. In this talk\, we show\n you what it's really like behind the scenes of cloud vulnerability\n research.\n\n We discuss the lesso ns learned while dealing with the barriers and\n challenges that arise w hen searching for and reporting new\n vulnerabilities to the biggest clo ud vendors. We will present the\n mindset we embrace to find common grou nd in major services\, and the\n importance of a responsible disclosure process. We debate why we\, the\n researchers\, are accountable for our findings and how we should push\n the cloud vendor for the best bug reso lution.\n\n Often\, vulnerability talks are about the researcher's great est success\n stories. This talk also explores the unexpected benefits o f coming up\n short in vulnerability research. We argue that these ""los ses"" can\n provide valuable insights into security research\, allowing us to\n better understand a system's strengths and weaknesses and its se curity\n stack.\n\n The session draws on real-world examples\, includi ng a major\n vulnerability we uncovered that affected multiple Azure web services\,\n exploitation of internal communication channels across var ious CSPs\,\n and our go-to approach when exploring new unfamiliar cloud services.\n We close the session by discussing each vendor's unique app roach to\n fixing reported security issues.\n\n Join us for this thoug ht-provoking talk and discover the hidden side\n of vulnerability resear ch. You'll come away with a new appreciation\n for the challenges and re wards of this fascinating field and a deeper\n understanding of its role in keeping us all safe and secure.\n\n '\n\n 1. #FlamingoThirdFloor\n 2. https://twitter.com/terminatorLM\n\n\n DTEND:20230812T195900Z DTSTART:20230812T192000Z LOCATION:CLV - Flamingo - Mesquite - Cloud Village SUMMARY:The Rocky Balboa Guide to Security Research: Getting Back Up When Y ou Get Knocked Down END:VEVENT END:VCALENDAR