Public talks
Feel free to contact me, if you want to arange something for your company. I usually speak on non-profit conferences, but sometimes do private courses/talks as well. I do security awareness & educational trainings for developers at work.
Recent publis talks / courses
OWASP Czech Chapter Meeting
November 14, 2024 | By @vavkamil
SSRF Adventures: Chaining Your Way Through the Network
Explore the journey of transforming rendering trouble into a critical security vulnerability. This talk will unravel how combining creative offensive techniques, strategic exploit chaining, and leveraging third-party services beyond the edge can lead to significant breakthroughs in application security defenses. Attendees will gain practical insights into using automation and DAST tools to uncover similar issues in real-world scenarios. This short talk promises valuable takeaways for penetration testers and eye-opening lessons for those dedicated to securing web applications and sensitive internal data.
OWASP Czech Chapter Meeting
Hacking a Cruise Ship
Have you ever wondered what happens in international waters? It’s not just the waves that can be unpredictable, especially when an ethical hacker decides to spend a vacation on board. Cruising the high seas with curiosity and little to do, just a laptop, the majestic Norwegian fjords as the backdrop, and time on his hands, what possibly could go wrong?
PraSec.cz
Hacking a Cruise Ship
Have you ever wondered what happens in international waters? It’s not just the waves that can be unpredictable, especially when an ethical hacker decides to spend a vacation on board. Cruising the high seas with curiosity and little to do, just a laptop, the majestic Norwegian fjords as the backdrop, and time on his hands, what possibly could go wrong?
OWASP Czech Chapter Meeting
Solving CAPTCHAs for Fun
We will explore how traditional Captchas work and look at their evolution into the modern solutions we encounter daily. Let’s compare a variety of vendors and the unique features they offer. But the question remains: are these CAPTCHAs sufficient in protecting your web applications against attackers and bots? And what about artificial intelligence?
Security Meetup
Compromised Keys
What would you do if you found random keys without knowing whom they belong to or where they grant access? A red team exercise applied in a real-world, social experiment with a twist.
OWASP Czech Chapter Meeting
Compromised Keys
What would you do if you found random keys without knowing whom they belong to or where they grant access? A red team exercise applied in a real-world, social experiment with a twist.
OWASP Czech Chapter Meeting
November 25, 2021 | By @vavkamil
WordPress Supply Chain Attack
Novel attack vector affecting WordPress websites. This talk will focus on the research from the beginning, explaining the motivation and exploration phase. A new scanner tool will be released, along with the Docker container for local testing. Lastly, you will get a chance to see the redacted results from the bug bounty hunting, recon process, and struggle with triage of the reports. TBU, currently still a 0day :)
OWASP Czech Chapter Meeting
I know where you live
An introduction into the KARMA attack, exploiting the behavior of some Wi-Fi devices, where vulnerable clients broadcast a “preferred network list” (PNL), which contains the SSIDs of access points to which they have previously connected. We will revisit the old technique, current defenses applied by vendors and build a custom access point using Raspberry Pi & Python.
Ethical hacking - web security
- 2020-11-09
Private online course
Agenda
| 2020-11-09 |
|---|
| OWASP Top 10 |
| Burp Suite Community |
| OWASP Juice Shop |
| Secure code review |
| Tor, bitcoin, darknet |
| Data breaches |
| Phishing 101 |
Ethical hacking - web security
- 2020-08-24 - 2020-08-25
Private 2 day course (Prague)
Agenda
| 2020-08-24 | 2020-08-25 |
|---|---|
| OWASP Top 10 | Secure code review |
| Burp Suite Community | WordPress hacking |
| OWASP Juice Shop | JavaScript hacking |
| Router Exploit Kits | Tor, bitcoin, darknet |
| Bug Bounty | Data breaches |
| Open-source tools | Phishing 101 |
Ethical hacking - web security
- 2020-08-03 - 2020-08-04
Private 2 day course (Brno)
Agenda
| 2020-08-03 | 2020-08-04 |
|---|---|
| OWASP Top 10 | Secure code review |
| Burp Suite Community | WordPress hacking |
| OWASP Juice Shop | JavaScript hacking |
| Router Exploit Kits | Tor, bitcoin, darknet |
| Bug Bounty | Data breaches |
| Open-source tools | Phishing 101 |
Ethical hacking - web security
- 2020-06-24 - 2020-06-25
Private 2 day course for 3-rd party company (Brno)
Agenda
| 2020-06-24 | 2020-06-25 |
|---|---|
| OWASP Top 10 | Secure code review |
| Burp Suite Community | WordPress hacking |
| OWASP Juice Shop | JavaScript hacking |
| Router Exploit Kits | Tor, bitcoin, darknet |
| Bug Bounty | Data breaches |
| Open-source tools | Phishing 101 |
OWASP Czech Chapter Meeting
- 2019-12-11 - 2019-12-12
Regular OWASP meeting in Prague
Agenda
- An introduction to the router exploit kits
- OWASP Top 10 workshop
Kybernetická bezpečnost
- 2019-11-20 - 2019-11-21
Workshop on annual “cyber security” university conference (e-konference.utb.cz)
Fakulta aplikované informatiky – Tomas Bata University in Zlín
Agenda
- WORKSHOP – „Burp Suite & OWASP Top 10“
OWASP Czech Chapter Meeting
- 2019-10-31
Regular OWASP meeting (https://www.eventbrite.com/e/owasp-czech-chapter-meeting-registration-74841933237#)
Agenda
- OWASP Top 10 workshop
SABO Bootcamp
- 2019-07-31 (Olomouc)
Agenda
- White/black hat hacking
- Google dorks & phishing
- OWASP Top 10
- Offensive JavaScript
- Kali Linux
- Bug bounty
- Burp Suite
- DVWA
- OWASP Juice-Shop
- Web Security Academy
CTJB
- 2019-05
Hacker camp (ctjb.net)
Agenda
- Bug Bounty ~ Work Smarter, Not Harder
- https://vavkamil.cz/wp-content/uploads/2019/05/ctjb_2019_bugbounty.pdf
Kulatý stůl k tématům kybernetické bezpečnosti
- 2016-06
CEVRO Institut, z.ú.
Agenda
- Webová bezpečnost
~ Kamil Vávra se bude věnovat bezpečnosti webových aplikací jak z hlediska vývojáře, tak i uživatele. Popíše nejčastější zranitelnosti i způsoby, jak jim předcházet a bránit se jejich zneužití.
Hackerský camp CTJB
- 2015-04
ctjb.net
Agenda
- Infecting Google Chrome from PowerShell
~ v této přednášece uvidíte, jak je snadné pomocí PowerShellu ve Windows 7 obejít antivirové programy a kompletně ovládnout internetový prohlížeč uživatele s omezeným oprávněním.
IT konference HackerFest
- 2014-10
GOPAS, a.s. (hackerfest.cz)
Agenda
- Kali Pwn Pad – vyzbrojen tabletem je nebezpečím pro společnost
~ Z přednášky Kamila Vávry si účastníci „odnesou“ ucelený přehled o tom, jak je pro útočníka snadné otestovat a vyhodnotit zabezpečení sítě z mobilního zařízení a následně provádět útoky.