Hacking & Offensive Security

• OWASP Juice Shop’s 10th Anniversary – Björn Kimminich took us on a journey through the evolution of one of the most popular web security training applications, showcasing new hacking challenges and project milestones.
• How to Hack a Company in a Day – Yvonne Johnson revealed how common misconfigurations and human errors allow attackers to escalate privileges and take over entire networks.
• Mob-Hacking Workshop – Attendees tackled Juice Shop challenges together, discovering new vulnerabilities.

Defensive & Risk Management Strategies

• Introduction to Risk Storming – Dave introduced innovative ways to assess security risks in software development.
• Where Did Risk Management Go? – Christian explored how organizations can reclaim effective risk assessment strategies.
• Detecting False Positives in CVE Lists – Techniques for refining vulnerability intelligence were discussed.

AI & Emerging Technologies

• AI-Augmented Audits – A deep dive into the challenges and opportunities of using AI in security assessments.
• Hacking AI – How security professionals can approach AI systems from an attacker’s perspective was demonstrated.
• Using Golang for Security Tools – Powerful applications of Go in developing security solutions for Windows were showcased.

Building Security Culture & Developer-Focused Security

• Security Champion’s Journey – Lisi shared strategies for embedding security into development teams and driving security improvements within organizations.
• Which Security Tools Should Developers Know? – Chris introduced essential tools for securing everyday development workflows.
• Making Security Understandable – A workshop exploring new ways to communicate security concepts effectively was covered.

Hands-On Workshops & Challenges

• Private PKI with ACME – Uli guided attendees through setting up their own private certificate authority.
• Make Your Own Juice Shop Theme – A creative session where participants personalized their own security training environments was conducted.
• Introduction to Complexity Theory (Cynefin) – Dave explored how complexity theory applies to cybersecurity decision-making.

Career & Community Growth

• How to Get Into InfoSec Without an IT Background – A practical session for newcomers looking to break into the industry was covered.
• AMA: 20+ Years as a Consultant – A candid discussion on career lessons and failures in cybersecurity was a rapid discussion session.
• Personal Finance for Security Professionals – A unique topic on financial planning insights for those navigating the security industry was discussed.

Networking, Games & More!

Beyond the talks and workshops, attendees connected through security-themed board games, open-ended discussions, and casual networking sessions. Whether it was playing Capture The Flag, discussing the future of security research, or just enjoying coffee and snacks, osco 2024 fostered a collaborative and welcoming environment.