Kamil Vavra | @vavkamil

Offensive website security | Bug bounty | Ethical hacking

🕵️Whoami 💰Bug bounty 📖Blog 💻GitHub 📢Talks 🏆LinkedIn 📩Contact

Public talks

Feel free to contact me, if you want to arange something for your company. I usually speak on non-profit conferences, but sometimes do private courses/talks as well. I do security awareness & educational trainings for developers at work.

Recent publis talks / courses

OWASP Czech Chapter Meeting

Nov 8, 2023 | By @vavkamil

Hacking a Cruise Ship

Have you ever wondered what happens in international waters? It’s not just the waves that can be unpredictable, especially when an ethical hacker decides to spend a vacation on board. Cruising the high seas with curiosity and little to do, just a laptop, the majestic Norwegian fjords as the backdrop, and time on his hands, what possibly could go wrong?


OWASP Czech Chapter Meeting

Jun 22, 2023 | By @vavkamil

Solving CAPTCHAs for Fun

We will explore how traditional Captchas work and look at their evolution into the modern solutions we encounter daily. Let’s compare a variety of vendors and the unique features they offer. But the question remains: are these CAPTCHAs sufficient in protecting your web applications against attackers and bots? And what about artificial intelligence?


Security Meetup

April 27, 2022 | By @vavkamil

Compromised Keys

What would you do if you found random keys without knowing whom they belong to or where they grant access? A red team exercise applied in a real-world, social experiment with a twist.


OWASP Czech Chapter Meeting

April 05, 2022 | By @vavkamil

Compromised Keys

What would you do if you found random keys without knowing whom they belong to or where they grant access? A red team exercise applied in a real-world, social experiment with a twist.


OWASP Czech Chapter Meeting

November 25, 2021 | By @vavkamil

WordPress Supply Chain Attack

Novel attack vector affecting WordPress websites. This talk will focus on the research from the beginning, explaining the motivation and exploration phase. A new scanner tool will be released, along with the Docker container for local testing. Lastly, you will get a chance to see the redacted results from the bug bounty hunting, recon process, and struggle with triage of the reports. TBU, currently still a 0day :)


OWASP Czech Chapter Meeting

August 5, 2021 | By @vavkamil

I know where you live

An introduction into the KARMA attack, exploiting the behavior of some Wi-Fi devices, where vulnerable clients broadcast a “preferred network list” (PNL), which contains the SSIDs of access points to which they have previously connected. We will revisit the old technique, current defenses applied by vendors and build a custom access point using Raspberry Pi & Python.

Slides Resources


Ethical hacking - web security

Agenda

2020-11-09
OWASP Top 10
Burp Suite Community
OWASP Juice Shop
Secure code review
Tor, bitcoin, darknet
Data breaches
Phishing 101

Ethical hacking - web security

Agenda

2020-08-24 2020-08-25
OWASP Top 10 Secure code review
Burp Suite Community WordPress hacking
OWASP Juice Shop JavaScript hacking
Router Exploit Kits Tor, bitcoin, darknet
Bug Bounty Data breaches
Open-source tools Phishing 101

Ethical hacking - web security

Agenda

2020-08-03 2020-08-04
OWASP Top 10 Secure code review
Burp Suite Community WordPress hacking
OWASP Juice Shop JavaScript hacking
Router Exploit Kits Tor, bitcoin, darknet
Bug Bounty Data breaches
Open-source tools Phishing 101

Ethical hacking - web security

Agenda

2020-06-24 2020-06-25
OWASP Top 10 Secure code review
Burp Suite Community WordPress hacking
OWASP Juice Shop JavaScript hacking
Router Exploit Kits Tor, bitcoin, darknet
Bug Bounty Data breaches
Open-source tools Phishing 101

OWASP Czech Chapter Meeting

Agenda


Kybernetická bezpečnost

Agenda


OWASP Czech Chapter Meeting

Agenda


SABO Bootcamp

Agenda


CTJB

Agenda


Kulatý stůl k tématům kybernetické bezpečnosti

Agenda


Hackerský camp CTJB

Agenda


IT konference HackerFest

Agenda


Content on this site is licensed under a Creative Commons Attribution 4.0 International License
🄯 2019‐2024 - @vavkamil - Open-source Github pages - Powered by Jekyll & The Hacker theme - Subscribe via RSS