#5 Jupiter

OWASP Porto Chapter meetup: April 15th, 2025, at 18:00. With support from Critical Techworks.

We are excited to bring you another OWASP Porto event. As always, we hope to see you at our next meetup!

How to get there: The event will be at Critical Techworks. See the event location below for the full address.

Schedule

18:00 - Intro and Welcome by the OWASP Porto chapter leadership

18:15 - Hacking Embedded Devices - From Black Box to UID 0 by Zezadas

19:00 - Lessons Learned and How Not to Choose Your Next Drive by Paulo Silva

20:00 - Drinks & Dinner by Critical Techworks.

Talks

Title: Hacking Embedded Devices - From Black Box to UID 0

Speaker: Zezadas

Abstract: Prepare to bend the rules of time and uncover the secrets of an embedded device in a way that even the most adventurous time traveler wouldn’t even dream to explore. In this enlightening presentation, Zezadas, a security researcher, leads you through the remarkable process of gaining root access in an unsuspecting video converter embedded device. Witness the fusion of expertise and creative problem-solving as Zezadas shares a step-by-step account of their exploits. Discover firsthand that hacking embedded devices, often perceived as daunting, can be accessible, enjoyable, and, most importantly, a journey through time. Whether you’re a security aficionado or simply curious about the intersection of technology and time-travel, this talk promises to entertain, educate, and inspire.

Bio: Zezadas is a dedicated security researcher with a strong passion for exploring the intricacies of hardware hacking. With a wide-ranging skill set and an unyielding curiosity. As a committed advocate for cybersecurity education, Zezadas frequently shares knowledge and experiences at renowned cybersecurity conferences worldwide. These include events such as BsidesLisbon, BsidesBangalore, BerlinSides, AlligatorCon, WarCon, 0xOPOSEC, and many others.

Title: Lessons Learned and How Not to Choose Your Next Drive

Speaker: Paulo Silva

Abstract: Don't worry, we can (also) hear your thoughts—'No, the car manufacturers' security talk again. No!' But fear not, this time we're shifting gears. Instead of focusing on cars, we'll use lessons from our research to highlight security pitfalls that plague organizations across industries. From cloud bucket misconfigurations to BOLA bugs giving users more power than a valet with your Ferrari keys, we'll share real-world lessons learned, laugh at the chaos, and discuss how to avoid these traps. Anyway, those fancy PoCs may strike again: the best way to prove impact and get rid of annoying web flaws. Buckle up—it’s a wild ride!

Bio: Paulo is a security practitioner with a solid background in software development, who has spent the last decade focused on identifying critical vulnerabilities and breaking software. He is a long-time OWASP volunteer and co-leader of the OWASP API Security Project, where he advocates for secure API practices and contributes significantly to mitigating security risks in the API landscape.

How to get there: Critical Techworks Porto. Rua Dr. António Luís Gomes 10, 4000-091 Porto.