#09 The Truth

We continue on track to meet our goal of doing at least one event per quarter so without further ado, it's time for our second OWASP Lisboa event of 2025 🎉

The meetup takes place on April 2nd, 2025, at 18:00, and is sponsored by INSCALE and AP2SI.

The venue is the INSCALE Office at Av. da Liberdade 36, 8th floor.

Enter the building and take the elevators on the left to the 7th floor. Go through the black door on the left and go up one flight of stairs to the 8th floor. You will have arrived at your destination.

The schedule is the following:

18:00 - Quick intro by the OWASP Lisboa chapter leadership team

18:15 - Can APIs Be the Silent Players in the Social Engineering Game? by Teresa Pereira

19:00 - ~Jedi~GenAI Mind Tricks - Are these the secure chatbots you’re looking for? by Bruno Morisson

20:00 - Drinks & Dinner by INSCALE

Talks:

Title: Can APIs Be the Silent Players in the Social Engineering Game?

Speaker: Teresa Pereira

Abstract: This talk delves into the pervasive yet often overlooked role of APIs in the realm of social engineering. Through a comprehensive exploration of case studies, security vulnerabilities and ethical considerations, this talk uncovers the hidden risks associated with APIs and gives you proactive measures to mitigate the potential for social engineering attacks facilitated by these silent weapons.

Bio: Teresa Pereira, also known as starmtp, is a Cyber Threat Hunter at Siemens Energy with expertise in penetration testing, red teaming, API security, and threat hunting. Previously at KPMG Portugal, she specialized in vulnerability exploitation, OSINT, social engineering, and API pentesting.

A dynamic and engaging speaker, Teresa has shared her expertise at prominent events, including apidays Paris 2023, apidays London 2024, the Geek Girls Portugal Conference 2024, apidays Paris 2024 and OWASP Porto Meetup. Her professional credentials include API Security Certified Professional (ASCP) and Certified in Cybersecurity (CC).

Ranked among the top 4% on TryHackMe, Teresa is a Women in Security and Privacy (WISP) Volunteer, an APIsec University Ambassador, and also co-leads the OWASP Leiria Chapter, where she actively supports the cybersecurity community. She developed the course 'Getting Started in API Pen-Testing' for APIsec University and authored the insightful article 'How Can HTTP Status Codes Tip Off a Hacker?'.

In 2024, Teresa was named API Security Person of the Year (ASPY) by the APIsec University board. In 2025, she created a room on TryHackMe entitled 'Vulnerability Chaining'.

With a degree in Computer Engineering and a strong passion for mentoring, Teresa is dedicated to advancing cybersecurity awareness and resilience across diverse industries.

Title: ~Jedi~GenAI Mind Tricks - Are these the secure chatbots you’re looking for?

Speaker: Bruno Morisson

Abstract: After experimenting with various public challenges on LLM chatbots—like Gandalf, PromptAirlines, and more—I decided to build my own. Not just to understand how LLMs work, but to see how easily I could break them.

In this talk, I’ll dive into the security risks of Generative AI, particularly LLM chatbots, and explore vulnerabilities that are often overlooked. From sensitive information disclosure to prompt injections and jailbreaking, I’ll walk through real-world examples showing just how these systems can be manipulated.

No tinfoil hat required.

Bio: Bruno Morisson is a seasoned cybersecurity expert with over two decades of experience in offensive security, penetration testing, and red teaming. As the Partner and Offensive Security Services Director at Devoteam Cyber Trust, he leads world-class security testing across web and mobile applications, IoT, OT/SCADA, and threat-led penetration testing frameworks like TIBER-EU and DORA.

Beyond his professional work, Bruno is a driving force in the cybersecurity community. He is the founder and organizer of BSidesLisbon, Portugal’s top security conference, and serves as a CREST Europe Council member, helping shape industry standards. His research contributions include multiple CVE disclosures, Metasploit modules, and publications on SAP security, honeypots, and Linux audit systems.

Bruno holds an MSc in Information Security from Royal Holloway, University of London, alongside an impressive list of certifications, including OSCP, CISSP, CISA, and GIAC GPEN.

And in case you were wondering—yes, this entire bio was generated by GenAI.