David Sopas – Web Security Researcher

My Events

This is Category description, it is not prominent by default; however, you may show it.

10/08/20 Meetings , My Events # , ,

Our DEF CON 28 day was a blast

Our DEF CON 28 day was a blast

4 portuguese security researchers presented at DEF CON this year. I’m sure that was a record 🙂

  • Paulo Silva and I with API (in)Security TOP 10: Guided tour to the Wild Wild World of APIs (which you can check the recording on Youtube).
  • Pedro Umbelino and João Morais with Android Bug Foraging (check the talk on Youtube)

With this in our mind, we gathered together at Char49 meeting room and saw it together… with drinks and pizza.

The fun was just starting. On Pedro and João talk, they included a never shown video  before regarding Google Camera issue which included myself being a victim of this vulnerability.

We even did the CONs tradition of “Shoot the N00b” for first time speakers – drink a shot before the talk. The poison was Pedro Umbelinos’ homemade firewater. I would lie if I would say that it didn’t hurt going down 🙂

In the end we had lot of fun and I hop enext year we can be together again giving a talk at DEF CON. Who knows?

PS: A new entry on my bucket list can now be checked – be a speaker at DEF CON.

 

no responses
30/07/20 Meetings , My Events # , , ,

DEF CON 28 here I go

Even in safemode, DEF CON 28 will be legendary, specially because for the first time… I’ll be a speaker 🙂
Some of my research was already present at DEF CON but now I’ll be actually speaking at the best security event in the world.

Paulo Silva and I will be talking about API (in)Security TOP 10: Guided tour to the Wild Wild World of APIs at AppSec Village and you can’t miss it.

Check out the agenda and don’t forget also to check Android Bug Foraging from my mates Pedro Umbelino and João Morais.

 

no responses
04/03/20 My Events # , , ,

Speaker at ENEI2020

Speaker at ENEI2020

Last wednesday I gave a talk at ENEI2020 with the topic – “Do I need a hoodie to hack a bank?”. It was focused on a red-team assessment I did and it was to show computer students a little bit about security, specially:

  • Recon
  • Social Engineering
  • Implants
  • Dead-drops

It was quite interesting because I got a lot of good feedback from the audience.
I hope they liked it.

no responses
08/12/18 IoT , My Events # , , , , ,

Exfiltrate all the things at BSidesLisbon18

Last week BSidesLisbon was legendary. More than 400 attendees, beer, “pastel de nata” and of course – amazing talks.
This was my third participation as a speaker and first time co-presenting a talk with my friend and colleague Pedro Umbelino.

We worked very hard on this topic during the last year and we wanted to show two live demos on the event. It wasn’t easy, specially when few hours earlier we scanned for BLE and NFC devices and there was so much noise 🙂

Credits: https://twitter.com/bsideslisbon

In the end, the smart bulb and NFC exfiltration demos went very well /* btw – we prayed a lot to the demo gods */ and we got nice feedback.
I would like to thank all the people that saw our presentation, which was packed as you can see on Coopers’ photo:

Credits: https://twitter.com/Ministraitor

You can see the all presentation here – https://www.youtube.com/watch?v=3UJBAkl8Y2A.

To be honest, I didn’t watch many talks because I was always on the hallway con, brainstorming with my friends – but the ones I saw they were very interesting.
Again the organization was on their top game and it’s pleasure for me to be there each year.

In the end I said goodbye to BSidesLisbon in an amazing Cantonese restaurant.
Cya next year!

no responses
23/11/18 IoT , My Events # , ,

Part of my research shown on DEFCON 26

Part of my research shown on DEFCON 26

The video got public and I needed to share this with all my followers.

It was, that I know of, the first time my research was presented on DEFCON. It was presented on the IoT Village by Erez Yalon, who I have the pleasure to work with.
It covers Privacy on IoT devices and that any user is vulnerable to that.

Personally it was another thing I can take from my bucket list… Checked!

no responses
23/10/18 Meetings , My Events # , , , ,

Semana Informática and BSides Lisbon

So I scheduled my last talks for this year.

At 31 October, I’ll be at FEUP in Semana Informática to present – Breaking IoT!
And for the third time, I’ll have the honor to be at BSides Lisbon on 29th and 30th November giving a talk with my friend and collegue Pedro Umbelino – Exfiltrate all the things!

If by any chance you’ll be in one of these events feel free to approach me and say Hi!

no responses
20/04/18 My Events , News # , ,

Reflected File Download webinar

Reflected File Download webinar

On 13th March I did a webinar for Checkmarx showing in around 30 minutes what is and how you can exploit the web vector Reflected File Download.

You can still watch the recorded version at RFD: Still Threatening the Biggest Names on the Web.

Had a lot of fun doing it because it was my first webinar 🙂 ‘Til next time!

no responses
13/11/17 My Events # , , ,

BSides Lisbon 2017 was awesome

BSides Lisbon 2017 was awesome

BSides Lisbon 2017 was great \o/
It was my second BSides Lisbon (both as a speaker) and it’s amazing that the organization keeps improving this con.

It had awesome talks, and with the help of my great friend Duarte – we hosted a mini lockpicking village which had a great success.

I didn’t saw as many talks I wanted – because I was in the hallway cons with my mates but still I took some pictures:

Also I have the pleasure of working for three companies that sponsored this event – Checkmarx, Char49 and Cobalt. Thanks guys!

BTW you can download my presentation slides at Github » https://github.com/dsopas/talks/blob/master/Desktop/bsides_gtfo_pdf.pdf

Cya next year guys!

no responses
11/10/17 Meetings , My Events

Guess who’s coming to BSides Lisbon 2017?

… you’re right! This guy 🙂

After my presentation last year, I decided to submit again a talk to the best infosec event in Portugal – BSides Lisbon. My talk GTFO Mr. User will be about:

In this talk, the author will present real case scenarios (aka hacking to PoC) showing the danger of large organizations ignoring high and critical security issues, with repercussions that would affect millions should the security threats fall into the wrong hands. Additionally, this talk will share tips on how to properly disclose bugs to companies without being a real Trump.

I’ll also bring some hardware to play during the event, specially for BLE hacking, and other few surprises in my talk (say what?!).
Don’t forget to check out the other speakers and buy your ticket!

no responses
17/08/16 Bug Bounty , My Events # , , ,

BSides Lisbon 2016

Guys I’ll be a speaker at BSides Lisbon 2016 with the talk – “The way of the bounty”.
If you want to know some of my tips and secrets on bug bounty programs don’t forget to schedule in your calendar – 11th November.

no responses