Upcoming Meetings

December 2025 Event: SV-ISSA Winter Holiday Party

Date: 
Thursday, December 11, 2025 - 5:30pm
RSVP: 
https://luma.com/xq4e035p?utm_source=issa_website
Topic: 

Close the year with your SV-ISSA community at The Oxford in Sunnyvale. This members-first, invitation-only holiday event brings together security leaders, practitioners, and friends for relaxed networking, light bites, and a festive toast to 2025.

Attendance is by approval only. Please submit your RSVP; we review requests within one business day.

​Who Should Attend

  • SV-ISSA Members (primary audience)
  • Invited Guests (sponsor guests, speakers, partners)
  • Chapter Volunteers & Leadership

​Why Attend

  • Reconnect & Celebrate: Cap off the year with your peers across the Valley.
  • Warm Intros: Meet practitioners, leaders, and collaborators in a casual setting.
  • Member-First Access: Limited capacity; priority for current SV-ISSA members.
  • Local Venue, Easy Vibe: Central Sunnyvale spot, light bites, great conversation.

​Registration & Approval

​To keep this an intimate, member-centric gathering, all registrations require approval.

  • Priority: Current SV-ISSA members
  • Invited guests: Must be listed by a member/sponsor
  • Waitlist: Enabled when we reach capacity; approvals roll as slots open
  • No walk-ins: Pre-approved entry only

​You’ll receive one of three emails after requesting a spot:

  1. Approved/Going – you’re confirmed 
  2. Pending/Waitlist – you’re queued, we’ll notify you if a seat opens
  3. Declined – eligibility/capacity constraints (with pointers to other events)

​Check-In Notes

  • Bring Photo ID (name should match your registration)
  • Show your Lu.ma confirmation (QR or email)
  • Transfer requests are not permitted
Location: 
The Oxford Kitchen and Gastropub
195 S Murphy Ave, Sunnyvale, CA 94086, USA
Due to limited capacity preregistration is required for this event.

January 2026 Event: Paywall Optional: Stream For Free with a New Technique — RRE

Date: 
Tuesday, January 20, 2026 - 5:30pm
RSVP: 
https://luma.com/d37df9le?utm_source=issa_website
Topic: 

Modern web applications don’t just expose APIs — they expose attack paths. Recursive Request Exploits (RRE) represent a new class of attack that chains interdependent web requests to bypass authentication, authorization, and even payment systems.

​This session introduces RRE as a repeatable methodology that uncovers hidden relationships between API and web calls, automates recursive discovery, and exploits business logic flaws that traditional testing overlooks. Through a real-world case study, you’ll see how this technique bypassed premium paywalls on a major streaming platform without breaking DRM or requiring authentication.

​More importantly, you’ll learn how RRE exposes fundamental weaknesses in checkout flows, subscription enforcement, and entitlement logic across modern digital platforms. This isn’t a one-off — it’s a shift in the threat landscape. Attendees will also receive a Burp Suite extension used to discover and weaponize these vulnerabilities for both offensive and defensive security.

This research was presented at DEFCON 33 and featured in WIRED Magazine (August 2025).

Key Topics Covered

  • ​How Recursive Request Exploits work and why they bypass traditional defenses
  • ​Mapping hidden request dependencies between web and API calls
  • ​Real-world case study: bypassing streaming paywalls without authentication or DRM tampering
  • ​How RRE exposes structural weaknesses in checkout, entitlement, and subscription logic
  • ​Demo + release of a Burp Suite extension for automated RRE discovery and exploitation
  • ​Defensive strategies for engineering, security, and product teams

Why Attend

  • ​Learn about a new exploit class shaping modern web security
  • ​See a real attack chain previously presented at DEFCON and featured in WIRED
  • ​Understand how attackers bypass payments, subscriptions, and entitlement logic
  • ​Receive open-source tooling to test your own systems
  • ​Connect with Silicon Valley’s cybersecurity community during networking, food, and refreshments

Agenda

​5:30–6:00 | In-Person Networking
5:55–6:00 | Virtual Session Opens
6:00–6:15 | ISSA Chapter Business
6:15–7:00 | Presentation
7:00–8:00 | Food & Refreshments

Speaker: 

Farzan Karimi
Senior Director of Attack Operations, Moderna
With 20 years of deep offensive security experience, Farzan has led high-impact red teams at Moderna, Google (Android Red Team), and Electronic Arts. His research has been featured by WIRED Magazine and highlighted on Ted Danson’s Advancements. He is a frequent speaker at DEFCON and Black Hat USA, known for his work on Pixel exploitation and cellular security.

Location: 

Register to See Address