David Sopas – Web Security Researcher

My Events

This is Category description, it is not prominent by default; however, you may show it.

08/12/18 IoT , My Events # , , , , ,

Exfiltrate all the things at BSidesLisbon18

Last week BSidesLisbon was legendary. More than 400 attendees, beer, “pastel de nata” and of course – amazing talks.
This was my third participation as a speaker and first time co-presenting a talk with my friend and colleague Pedro Umbelino.

We worked very hard on this topic during the last year and we wanted to show two live demos on the event. It wasn’t easy, specially when few hours earlier we scanned for BLE and NFC devices and there was so much noise 🙂

Credits: https://twitter.com/bsideslisbon

In the end, the smart bulb and NFC exfiltration demos went very well /* btw – we prayed a lot to the demo gods */ and we got nice feedback.
I would like to thank all the people that saw our presentation, which was packed as you can see on Coopers’ photo:

Credits: https://twitter.com/Ministraitor

You can see the all presentation here – https://www.youtube.com/watch?v=3UJBAkl8Y2A.

To be honest, I didn’t watch many talks because I was always on the hallway con, brainstorming with my friends – but the ones I saw they were very interesting.
Again the organization was on their top game and it’s pleasure for me to be there each year.

In the end I said goodbye to BSidesLisbon in an amazing Cantonese restaurant.
Cya next year!

no responses
23/11/18 IoT , My Events # , ,

Part of my research shown on DEFCON 26

Part of my research shown on DEFCON 26

The video got public and I needed to share this with all my followers.

It was, that I know of, the first time my research was presented on DEFCON. It was presented on the IoT Village by Erez Yalon, who I have the pleasure to work with.
It covers Privacy on IoT devices and that any user is vulnerable to that.

Personally it was another thing I can take from my bucket list… Checked!

no responses
23/10/18 Meetings , My Events # , , , ,

Semana Informática and BSides Lisbon

So I scheduled my last talks for this year.

At 31 October, I’ll be at FEUP in Semana Informática to present – Breaking IoT!
And for the third time, I’ll have the honor to be at BSides Lisbon on 29th and 30th November giving a talk with my friend and collegue Pedro Umbelino – Exfiltrate all the things!

If by any chance you’ll be in one of these events feel free to approach me and say Hi!

no responses
20/04/18 My Events , News # , ,

Reflected File Download webinar

Reflected File Download webinar

On 13th March I did a webinar for Checkmarx showing in around 30 minutes what is and how you can exploit the web vector Reflected File Download.

You can still watch the recorded version at RFD: Still Threatening the Biggest Names on the Web.

Had a lot of fun doing it because it was my first webinar 🙂 ‘Til next time!

no responses
13/11/17 My Events # , , ,

BSides Lisbon 2017 was awesome

BSides Lisbon 2017 was awesome

BSides Lisbon 2017 was great \o/
It was my second BSides Lisbon (both as a speaker) and it’s amazing that the organization keeps improving this con.

It had awesome talks, and with the help of my great friend Duarte – we hosted a mini lockpicking village which had a great success.

I didn’t saw as many talks I wanted – because I was in the hallway cons with my mates but still I took some pictures:

Also I have the pleasure of working for three companies that sponsored this event – Checkmarx, Char49 and Cobalt. Thanks guys!

BTW you can download my presentation slides at Github » https://github.com/dsopas/talks/blob/master/Desktop/bsides_gtfo_pdf.pdf

Cya next year guys!

no responses
11/10/17 Meetings , My Events

Guess who’s coming to BSides Lisbon 2017?

… you’re right! This guy 🙂

After my presentation last year, I decided to submit again a talk to the best infosec event in Portugal – BSides Lisbon. My talk GTFO Mr. User will be about:

In this talk, the author will present real case scenarios (aka hacking to PoC) showing the danger of large organizations ignoring high and critical security issues, with repercussions that would affect millions should the security threats fall into the wrong hands. Additionally, this talk will share tips on how to properly disclose bugs to companies without being a real Trump.

I’ll also bring some hardware to play during the event, specially for BLE hacking, and other few surprises in my talk (say what?!).
Don’t forget to check out the other speakers and buy your ticket!

no responses
17/08/16 Bug Bounty , My Events # , , ,

BSides Lisbon 2016

Guys I’ll be a speaker at BSides Lisbon 2016 with the talk – “The way of the bounty”.
If you want to know some of my tips and secrets on bug bounty programs don’t forget to schedule in your calendar – 11th November.

no responses