Pentests für Einsteiger – das Metasploit Framework und andere Tools
12.05.2020 | 14.03.2019

No software is without a bug - but you should do your utmost to find and fix many of them - especially critical vulnerabilities. One well-known tool for penetration testing is the Metasploit framework. It combines exploits for known vulnerabilities with useful payloads to actively exploit them. It also brings tools to specifically scan systems for information.

In this talk, we’ll look at the features of the Metasploit Framework in detail. We’ll learn how exploits actually work, how to detect common vulnerabilities and how to actively exploit them. Using the intentionally vulnerable Metasploitable VM, we’ll be able to test out the Metasploit Framework live.

Linux-Stammtisch München (virtual) | Internal Seminar @ QAware GmbH
Consistency, Availability and Partition Tolerance in Practice - A deep dive into CockroachDB
06.03.2020 | 18.02.2020

Most IT systems rely on some sort of persistent storage. This problem has been solved a long time ago and market niches seem to be satisfied. In this field, CockroachDB declares itself to be “resilient, horizontal scale across multiple clouds with always-on availability and data partitioned by location”. Because databases like PostgreSQL or MySQL already offer high availability features, we will discuss if there is a need for new HA database at all. We learn about features, up- and downsides, distribution and resiliency of CockroachDB. CockroachDB can be used with a PostgreSQL driver, which enables existing projects to use it out of the box. We will examine if this really is that easy and which obstacles you might need to overcome. Also, we will have a look if CockroachDB is consistent, available and partition tolerant at the same time, like they claim on their website.

Internal Seminar @ QAware GmbH | Cloud Native Night Munich
Making the internet faster - HTTP/3 und QUIC

Since its introduction, the HTTP protocol has been based on TCP. This makes it reliable, but also relatively slow, because a TCP handshake must be performed for each resource offered. HTTP/2 has tried to compensate for this disadvantage with multiplexing.

To get rid of the limitations of TCP, Google has developed QUIC (Quick UDP Internet Connections). QUIC and the HTTP/3 it enables are intended to significantly speed up client-server communications on the Internet.

In this Lightning Talk, we’ll see a summary of the old HTTP protocols and what advantages and disadvantages they bring. We learn how QUIC and HTTP/3 fit into the OSI stack, what improvements the new protocols bring, and what IT security looks like in the process. We’ll also take a look at the practical applications that are already available today.

Internal Seminar @ QAware GmbH


Private meets Enterprise: Auswertung von Tinder-Daten mit Apache Ignite
14.06.2019 | 09.09.2018

What is actually the most used emoji on Tinder? And which is the most popular #hashtag? This talk not only shows funny evaluations of “open” APIs using the in-memory computing framework Apache Ignite, but also takes a critical look at the mass collection and “provisioning” of private data. IT day | MRMCD (Darmstadt)
Kein Backend, kein Problem - statische Webseiten mit Jekyll

Jekyll is a generator that turns plain text and Markdown into HTML. With the simple template syntax Liquid you can build arbitrarily complex websites that only need a web server. This also eliminates a large part of potential security gaps and performance problems. Once the basic framework is created, further data, blogposts, tables etc. can be added only with Markdown and without HTML knowledge.

On the other hand, you have to do without some dynamic features - e.g. a search function - or upgrade them on the client side.

This talk shows how Jekyll can be used to set up websites for different use cases in a flash. It also shows how to retrofit dynamic features like a search function in the browser.

Internal Seminar @ QAware GmbH


Leveraging the power of SolrCloud and Spark with OpenShift

One of the most commonly used big data processing frameworks is Apache Spark. Spark manages to process large datasets with parallelization. Solr is a search platform based on Lucene. Solr can be distributed across a cluster using ZooKeeper for configuration management. Both applications can be combined to create performant Big Data applications.

But what if you want to scale up horizonally and add a node? In a manual setup, you’d have to install the new node manually. Cluster orchestrators like OpenShift claim to solve this problem. This talk shows how to put Spark, Solr and ZooKeeper into containers, which can then be scaled individually inside a cluster using OpenShift. We will cover OpenShift details like DeploymentConfigs, StatefulSets, Services, Routes and Persistent Volumes and install a complete, failsafe and horizontally scaleable SolrCloud / Spark / Zookeeper cluster in seconds. You will also learn about the drawbacks and pitfalls of running Big Data applications inside an OpenShift cluster.

Munich Kubernetes/Cloud-Native Meetup


(Un)professionelle Unkrautvernichtung: Ransomware vs. Antivirus

Ransomware continues to pose a major threat to the IT landscape. This presentation shows motivation, functionality and (more or less bad) ways to protect oneself against ransomware. For an example, a small experiment will test how ransomware can be hidden from virus scanners.

MRMCD (Darmstadt)
GitHub Twitter