VilniusSec invites all local infosec fans to meet up in a bar and connect with like-minded people. All events are published on our Meetup.com group group too. We also had a chat on Disobey's Mattermost, but it was turned off. We're working on another chat server. Check back later.

VilniusSec meetup #2^3

• What: talks by Tomas Lažauninkas and Aušrius Juozapavičius
• When: 2025-10-30 18:00
• Where: Vinted HQ, Švitrigailos 13, Vilnius
• Meetup link: https://www.meetup.com/vilniussec/events/310871853/

Talks:

1. Tomas Lažauninkas talk will explore two critical remote code execution vulnerabilities discovered through bug bounty hunting on an enterprise data platform. The first demonstrates how JavaScript-based variable substitution features can be exploited to achieve arbitrary code execution. The second showcases a creative attack chain combining a path traversal vulnerability in a package manager with SSH client configuration poisoning to achieve command execution.

2. Aušrius Juozapavičius will discuss how fraud is often treated as a singular event, but effective prevention and response demand a more nuanced understanding. This talk will introduce a systematic framework for classifying and dissecting the diverse types of fraudulent activities. Attendees will learn:

• Major categories and sub-species of fraud, moving beyond common labels to analyze the underlying mechanisms and intents.
• Patterns, tools, and psychological drivers common to different fraud types, allowing for more accurate risk modeling.
• Insight into how a taxonomic approach can be used to predict emerging fraud trends and strategically allocate detection and mitigation resources.

Past Events