Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Hackers Conference. Show all posts

nullcon Goa 2017 - E Hacking News coverage


Nullcon Goa which took place between 3rd and 4th march has successfully brought together Hackers, CXOs, Security researchers, other persons who are interested in Information Security to share their research and discuss critical issues faced in the field.

nullcon Goa 2017 Highlights:

Day 1:

"Increasing your impact on Facebook Bug Bounty" by Jack Whitton explained in detail some of the statistics of their Bug Bounty Program. They also explained the difference between a good bug report and a bad one.Also what does not constitute as a bug.They also pointed out areas of facebook that need more testing.

In his talk about Nearly generic fuzzing of XML-based formats Nicolas Gregoire talked on his new XML fuzzer and how it is works. He also talked about how it was used to find vulnerabilities in Firefox , Adobe and many other popular tools. He also briefly talked about the next levels of testing he is gonna do on SVG. You can follow him here:

Drone Hijacking and other IoT hacking with GNU Radio and SDR by Arthur Garipov was very informative as he explained from the basics and showed the talk attendees on how to get stated with your own SDR setup for hacking. He also demonstrated hacking of a wireless mouse and drone by using a SDR.

Barbarians at the Gate(way) by Dave Lewis he talked about the latest happenings on the Internet and mainly focused on DDOS attack trends over the past year.

Christopher Truncer released 3.0 version of Veil Framework at nullcon- a tool designed to generate metasploit payloads that bypass common anti-virus solutions.

Daniel Bohannon showed how to do obfuscation in Powershell commands and how to detect them.





Day 2:
The keynote by Karsten Nohl titled "When enough is enough: The limits of desirable security." was very intresting to listen to. He talked about the mistakes that the security community is doing and if we are all concentrated on the wrong things when some basic issues have not yet been fixed.

In the talk on "Case study of SS7/Sigtran assessment" Akib Sayyed talked about how his team tested the SS7 networks and the vulnerabilities that were found. He also released a tool called "safeseven" that can be used to test SS7 networks.

Timur Yunusov gave a talk on ATM Security and different logical attacks that can be done against them. He explained how to bypass kiosk screens,boot into safemode's,use hardware attacks and much more.

Ajin Abraham talked on his latest project "Injecting Security into Web apps with Runtime Patching and Context Learning" .He talked about a new concept called RASP and explained its difference from a WAF.He also gave a live demo of the RASP he developed and how it blockes XSS,SQLI and RCE. He also talked about future ideas that he is going to implement to his tool.

Snippets from nullcon:

    * "Cyber security in India is growing rapidly." Josh Armour, Security Program Manager at Google says. "We are happy to be present at the nullcon conference"
   
    * Asif Baig, a Bug hunter who found security bugs in major companies and have been listed in many Hall of fames.
   
    * Yogendra Jaiswal, DIMT Raipur student, in interview with EHN told that he found Cross Site Scripting vulnerability in Linkedin and have participated in Bugcrowd's private hunt. He also said he found 2-Step authentication bypass in wordpress.com
   
    * Sushmil, from tesseract - a startup company, said they are developing a "Cyber Threat Intelligence" product that gathers information from multiple sources and helps client to prevent cyber attacks.
   
    * Vishwaraj Bhattari said he found bugs in top companies including Google, Facebook, twitter.


Presentation Slides:

 

XOR Conference 2015


XOR Conference 2015, an International Security conference was held from 17th Oct. to 18th  Oct in Kochi, was sponsored by  Cyber security and Privacy Foundation(CSPF).

The event started with the two training sessions. One was on Web App Security and Exploitation by Ajin Abraham, Francis Alexander, and another one on  Hardware\IOT security and Exploitation by Yashin Mehaboobe. Both the training session aimed at educating the attendees about the possible threats and how to deal with them.

The next day is followed by numerous talks and discussion session by various security researchers.

Santhosh Kumar, a Security researcher tabled a talk on the topic “Windows Management Instrumentation – A Frontdoor For Malwares!”. It was an  introduction to WMI and demonstrate the various ways that WMI can be used as an attacker’s swiss army knife, how malware authors are using this to leverage their exploits, how the present day tools can be used and how to protect against these type of attacks.

Arjun T.Unnikrishnan, an Undergraduate from Amritha University talked on Radare2, which provides a framework to effectively perform binary tasks with least amount of busy work.

Kunal Relan, a Security Researcher from  Aarvee Idealabs discussed on Pentest Ninja,  an extension for Firefox Desktop Browse,  which is a semi-automated SQLi injection Takeover Tool. It turns on like a sidebar and can test web applications on the go with live view.

Rahul Sasi, Founder & CTO  of CloudSek, talked on anonymous topics, whereas security researcher from Citrix Systems, Riyaz Walikar, talked about various methods of obtaining administrator privileges in a Windows environment, and another researcher Rakesh Paruchuri presented his presentation on Return Oriented Programming.

Abhinav Mishra, a Senior Security Consultant in To The New Digital, presented his paper which deals with the security mechanism that some of the newest online retailers apply, the technology they rely upon and obviously the ways to hack all this. This research paper focus on understanding the whole online payment process and the vulnerabilities associated with them.

Anto Joseph, a Security Engineer in  Citrix R&D, focused on various attacks/attack vectors and how to exploit vulnerabilities in Android based devices.

Hack In Paris 5th edition - The French Cyber Security Conference

 Sysdream, a French company which provides auditing skills and training from an attacker’s perspective to those companies which require a high level of security for their information systems, is organizing 5th edition of Hack in Paris (HIP) from 15th June to 19th this year in France.

The HIP, which is said to be the most awaited event for security professionals, includes training and conferences sessions.

According to an announcement, the event, which will be entirely in English, brings IT security professionals like: information system directors, managers and security officers together with hacking experts.

The announcement said for the first three days, the participants will be given 13 training classes by international experts like: Aditya Gupta, founder of Attify, Peter Van Eeckhoutte, founder of Corelan Team, Richard Hollis, Chief Executive Officer of Risk Factory Limited, Mario Heiderich, security researcher, Nikhil Mittal, researcher, Gnesa Gianni, security research and professional trainer at Ptrace Security and many others.

The training will be given on various topics like: ANDROID/IOS EXPLOITATION, CORELAN “ADVANCED”, CORELAN “FOUNDATIONS”, DESIGNING AN EFFECTIVE 27001 ISMS, HACKING WEB APPLICATIONS – CASE STUDIES OF AWARD-WINNING BUGS IN GOOGLE, YAHOO, MOZILLA AND MORe, HARDWARE HACKING LABORATORY FOR SOFTWARE PENTESTERS, IOS APPLICATION EXPLOITATION, MASTERING BURP SUITE PRO - 100% HANDS-ON and among others.

The training session will be held at Sysdream, 14 Place Marie-Jeanne Bassot,92300 Levallois-Perret France.

More details available about the training at: https://www.hackinparis.com/trainings-2015

On the remaining two days of the HIP, there will be 16 talks, including two keynote addresses and one debate with world-renowned speakers like: Winn Schwartau, Jose Lopes Esteves, Chaouki Kasmi, Mario Heiderich and others.
The conference will be held at Académie Fratellini, 1-9 rue des Cheminots 93210 La Plaine Saint Denis France.

More details available about the conferences at: https://www.hackinparis.com/talks-2015

Nullcon international security conference 2014

Recently we all witnessed this season of NULLCON unfold, NULLCON, which is India’s biggest Security Conference that happens in Goa every year, this year it was held on 14th of Feb, and its tagline being ”Spread Love, Not Malware”.

This year’s Nullcon International Conference was filled with speakers from across the Globe with various interesting papers that were presented. This year’s Nullcon did see some of the upcoming talents of Indian Cyber Space.

The event started off with a bang with the Night Talks on 13th night which was followed by a Grand Party. The evening part of the talks even had “Black Shield Award” segment which brought out the eminent personalities being awarded the Black Shield Award. The Achievers List of Black Shield is as follows:


The day talks started on 14th morning and went on till 15th evening. This year’s Nullcon’s talks featured various well known Security Researchers such as Rahul Sasi, Alexander Polyakov, LavaKumar Kuppan, Vivek Ramachandran, Saumil Shah and many more. And as Nullcon always tries to bring out the budding talents from India, this time we did have upcoming talents from Indian Infosec Community such as Yahin Mehboobe, Ankita Gupta, Abhay Rana and many more.

One of the major paparazzi grabber this time was the Ultra Geeky nullcon2014 hardware badge that was developed by Indian researchers “Amay Gat” and “Umesh Jawalikar”.

One of the new things that was seen this time at Nullcon was the NULLCON AMMO which showcased some of the coolest, geekiest opensource tools developed by young Indian Researchers and Developers.

The tools found at Nullcon Ammo were:
  • OWTF (The Offensive Web Testing Framework) – By: Abharam Aranguren & Bhardwaj Machhiraju.
  • NoSQL Exploitation Framework – By: Francis Alexander.
  • XML Chor – By: Harshal Jamdade.
  • Drup Snipe - By: Sukesh Reddy and Ranjeet Senger.
  • OWASP Xenotix XSS Exploitation Framework – By: Ajin Abharam
And there were plenty of other tools too that got featured this time at Nullcon Ammo event.

Overall this season of Nullcon was filled with more geekness , fun, party and awesome feast of Information and Knowledge for Infosec Enthusiasts. It was really more exciting than the previous season of Nullcon. The experience this time the hackers had was the best. For a Hacker , you can’t ask anything better than Nullcon. 

Defcon Kerala Information Security Meet 2014


DEFCON KERALA chapter is pleased to announce that the second edition of DEFCON Kerala 2014 will be held on March 8th at Hotel Travancore Court, Kochi. DEFCON Kerala (DC0497) is the first DEFCON Chapter in Kerala and is a DEFCON USA Registered group for promoting and demonstrating research and development in the field of Information Security. We are a group of Information Security Enthusiasts actively interested in promoting information security.

Whether you are an information security expert, researcher or newbie in the field of information security, we have the right events to satisfy your appetite. This year DEFCON Kerala bring you a host of events which include.

KEYNOTE SESSION
N. Vinayakumaran Nair, Assistant Commissioner, Hi-Tech Cell, Kerala Police

TECHNICAL TALKS
Be there with us to hear from the experts who are at the forefront of information security research. This year we have about 12 Technical Talks that demonstrate Information Security Research in various fields.

  • WI-Hawk - Anamika Singh, Product Specialist
  • Android Security and Mobile OS Security in General - Anto Joseph, Technical Consultant
  • Compromising a DB via the XSS Vulnerability. XSS + Metasploit + Social Engineering -Fadli B. Sidek&VikneshwaranVeeran, Security Consultants
  • Security through Obscurity No More Alive - Gaurav Raj Anand, Independent Researcher
  • XMLChor-XPATH Injection exploitation - HarshalJaiprakashJamdade, Security Researcher
  • Interactive Web Security Testing with IronWASP- Lavakumar, Founder IronWASP
  • Windows 8 Forensics - Nikhalesh Singh Bhadoria, Information Security Researcher
  • DrupSnipe: Vulnerability Scanner for live Drupal powered website - Ranjeet Singh Sengar and Sukesh Reddy, Security Researchers
  • Securing the Web-Native Bridge in Hybrid Mobile Apps - Sachinraj Shetty, Application Security Manager
  • Android Forensics and Security Analysis - Santhosh Kumar, Independent Security Researcher.
  • To be announced - Francis Alexander, Security Researcher, OpenSecurity
  • HackSpace Workshop - YashinMehaboobe, Security Researcher, OpenSecurity

HACKSPACE-Free Hardware hacking workshop


HackSpace is a free and interactive hands on workshop on hardware hacking. It'll cover everything from basic microcontroller programming to hardware based attacks. Workshop will start with basic programming fundamentals. This will serve as a base for the rest of the class. Attendees will be introduced to various boards such as the Raspberry Pi, various Arduino boards as well as boards such as the MSP430 Launchpad.

The course will include fundamentals of bus protocols such as UART,I2C and SPI and how they are used. This will all be covered from an HackSpace is a free and interactive hands on workshop on hardware hacking. It'll cover everything from basic microcontroller programming to hardware based attacks. Workshop will start with basic programming fundamentals. This will serve as a base for the rest of the class. Attendees will be introduced to various boards such as the Raspberry Pi, various Arduino boards as well as boards such as the MSP430 Launchpad. The course will include fundamentals of bus protocols such as UART,I2C and SPI and how they are used. This will all be covered from an InfoSec perspective. Attendees will learn how to utilize the boards for penetration testing and security research.

DEFKTHON CTF
DEFKTHON CTF is DEFCON Kerala's trademark CTF. This is a jeopardy style CTF with challenges categorized into Recon, Reversing, Web, Crypto and Miscellaneous. The CTF is open to all and will be online on March 3rd 9.00 IST and will run till March 4th 21.00 IST. Stay tuned to http://ctf.defconkerala.com/


BEST SPEAKER AWARD

Cyber Security and Privacy Foundation(CSPF) will award the best speaker a grant of Rs.10,000. The Speakers will be judged by a Committee including Team DEFCON Kerala and an honorable member form CSPF. Delegates can contribute 50% to this selection process.

Top 5 reasons to attend DEFCON KERALA 2014
Access to cutting edge Technical Talks.
Access to Hack Space, the Hardware Hacking workshop.
Certificate of Participation.
Slides, Tools or Materials provided by the Speaker.
A niche networking platform.


Entry Pass: Rs.1100
Student Pass: Rs.800 (with discount code)
DISCOUNT CODE: STUDENT_14
Complimentary food coupons for all attendees.

Visit: www.defconkerala.com
Register Here: http://defconkerala.com/registration.html

DEFCON Kerala 2014: Call For Papers is Open Now


DEFCON Kerala (DC0497) is a DEFCON USA Registered group for promoting information Security Research. We arrange up an environment of Hackers, Developers, Security Analysts, Security Enthusiasts, and the Corporate Security Stake holders before you.

Defcon Kerala is a platform for Security Researchers, both professionals and students to present their technical research papers and their creativity related to “Computer Security”. Defcon Kerala will be a stepping stone for professionals, beginners, and students by providing a starting point to advance their knowledge and skillsets.

Topic of Interest
  • New Security Tools
  • New Exploits Vulnerabilities and Zero Days
  • Cyber Forensics
  • Lock Picking & Physical Security exploitation
  • Web Application & Network Security
  • Antivirus/IDS/Firewall/filter evasion techniques
  • Social Engineering
  • Browser Exploitation
  • Mobile Application Security and Exploitation
  • Wireless Security
  • Denial of Service Attacks
  • Hardware Hacking/ SCADA Hacking
  • Honeypots
  • Encryption and Cryptography 
  • Fuzzing and Exploitation 
  • Open Source Security 
  • Anonymity in Internet
  • Carding and Black Market Analysis

NOTE: These are just some sample topics. You can send any topics related to Information Security.

Submission Format
Send your papers to cfp@defconkerala.com

Follow the format given below:
Name:
Designation:
Mobile:
Twitter Handle:
Brief Biography:
Paper Title:
Paper Abstract:
Publishing any Tools/Vulnerabilities/Zero Days (YES/NO, If Yes Specify the details):
Any Additional Requirements:
Attach a face photo shot to be published in the website.

IMPORTANT
Presentation Time: 30 mins

Speaker Benefits
  • Complimentary Pass to the Event
  • Certificate of Speaking
  • Food Coupons

Important Dates
CFP is open: 25th December 2013
CFP Submission Deadline: 10th February 2014
Complete set of Speakers will be published: 20th February 2014
Defcon Kerala Meet 2014 Scheduled on: 8th March 2014

Frequently visit our website for notifications and changes.
Stay tuned to www.defconkerala.com

DefCamp 2013 : International hacking and information security conference in Romania

 

Between 29-30th of November, Crystal Palace Ballroom, Bucharest is hosting the fourth edition of one of the most hypnotizing events on hacking & INFOSEC in Romania and South-Eastern Europe - DefCamp. The list of special guests contains big names, such as Raoul Chiesa, founder and president of The Security Brokers and Carsten Eiram, Chief Research Officer at Risk Base Security.

The conference that will take place this fall will engage participants in discussions about how to travel for free with Bucharest Public Transit (RATB and Metrorex), hijacking control of your car, hacker profiling, 0days, PRISM, mobile security problems, DDOS, networking, P2P networks, D&D APT’s, social engineering, camera surveillance, metasploit, header analysis, application security research, NSA, Snowden, privacy concerns, credit cards, Romanian Internet scanning, networking, P2P networks, SSL ripper lock picking, copyrights, Romanian laws, secure system administration with key industry specialists from Romania and abroad holding presentations.
 
The conference will also include a series of hands-on activities such as DCTF (DefCamp Capture the Flag), App2Own, Hack The Machine and Spot The Cop, rewarded with prizes.

Keynote presentations will be held by our special guests:
  •  Raoul "Nobody" Chiesa, president of The Security Brokers
  •  Carsten Eiram, Chief Research Officer at Risk Base Security.
  • The awesomeness is powered up by:
  •   Kizz MyAnthia, Senior Penetration Tester – Shadowlabs at HP Enterprise Security
  •  Nathan LaFollette “httphacker”, Senior Security Consultant – Shadowlabs at HP Fortify
  •  Nir Valtman, R&D Chief Security Officer at Retalix
  •  Robert Knapp, Co-Founder & CEO CyberGhost SRL
  •  Milan Gabor, CEO at Viris
  •  Adrian Furtuna, Security Consultant at KPMG Romania
  •  Bogdan Alecu, System Administrator at Levi9 and one of DefCamp's traditional speakers
  •  Alex Negrea, Co-founder at docTrackr.com
  •  Andrei Costin, PhD student with EURECOM & Co-Founder/Lead-Researcher at Firmware.RE
  •  Ionut Popescu, Security Consultant at KPMG
  •  Dan Catalin Vasile, Board Member of OWASP Romania
  •  Brindusa Stefan Cristian, Lead-Developer at RogentOS GNU/Linux
  •  Radu Stanescu, IT Security Consultant & Trainer Sandline
  •  Bogdan Manolea, legi-internet.ro
  •  Bogdan-Ioan Åžuta, Independent Security Researcher.

“We have awaited the 48 hours of DefCamp 2013 since the closing moment of the last edition. It is hypnotizing to exchange ideas, to compete, to expand your knowledge and to meet people who you know only from the virtual world. I wish I could also participate to fully enjoy these moments!", said Andrei Avădănei, founder and coordinator of the Defcamp conference in a press release.

DefCamp managed, in just 4 editions, to be the most awaited conference in the entire information security and hacking scene in Eastern Europe. It's the perfect time to join and feel the vibes.

For more details you can access our website or contact us directly at contact@defcamp.ro.  Don't forget to sign up! European students pay only 50% of the ticket!

Defcon Kerala 2013 - Call for papers


Defcon Kerala (DC0497) is a Defcon USA Registered group for promoting and demonstrating research and development in the field of Information Security. We are a group of Information Security Enthusiasts. Defcon Kerala is a platform for students, professionals, geeks, and nerds to present there technical research papers and show case their skills. Speakers are invited to present papers on various information security related research topics before the delegates and interact them.

Some Topics of Interest:

Disclosure of new Hacking Tools

New Vulnerabilities and Zero Day Exploits

Cyber Forensics

Lock picking & physical security exploitation

Web Application & Network Security

Antivirus/IDS/Firewall/filter evasion techniques

Social Engineering

Metasploit Framework

Web Browser Exploitation

Mobile Application Security and Exploitation

Wireless Security

Denial of Service Attacks

Hardware Hacking/ SCADA Hacking

Honeypots

Fuzzing Techniques

Open Source Security

Cyber Laws, Cyber warfare, Cyber Ethics

Anonymity in Internet

Carding and Black Market Analysis

NOTE: These are just some sample topics. You can send any topics related to Information Security.

Paper Submission Details

Please send your papers to this email


Follow the format given below:

=========================================================

Author Name:

Mobile:

Brief Biography:

Paper Title:

Paper Abstract:

Paper Outline:

Publishing/Disclosing any Tools/Vulnerabilities/Zero Days (YES/NO):

Any Additional Requirements:

=========================================================

NOTE: Paper should be submitted in PDF, DOC, DOCX, or ODF Format. Presentation should not exceed 25mins. If your paper is selected then you will be notified soon and you should register for a Speaker Pass.

Register

Buy your speaker pass for Defcon Kerala 2013 Meet

Please Register only after you get a notification by email that your paper is selected.

Click here => REGISTER

Important Dates

Call For Papers is open: 13th January 2013

Call For Paper submission Deadline: 1st April 2013

Defcon Kerala Meet 2013 Scheduled on: 21st April 2013


Hacking & Security Conference ClubHack 2012 to start from November 30, 2012


India’s first & renowned hacking conference ClubHack 2012 is going to start from November 30th, 2012 in Pune. Venue for the ClubHack 2012 is The Hotel O which is located on north main road in Koregaon Park in Pune.

ClubHack 2012 is four day conference which will be featuring 15 technical briefings, 4 workshops & Hacknight. Workshops are divided as pre conference & post conference which will allow geeks 7 professionals to attend more than one workshop.

On first day of event (November 30) pre conference workshops & Hacknight are scheduled. Powershell for hackers by Nikhil Mittal & Securing Mobile applications – Exploits Demystified and Solutions Simplified by Dinesh Shetty & Ashish Rao are scheduled as pre conference workshops. Hacknight will be conducted at Amiworks Pvt. Ltd. on Senapati Bapat road at Pune. It will be start from 7pm of Nov 30th to 8am of Dec 1st. Hacknight is a complete night-out of making new products/plugins/modules/scripts, etc. With Hacknight hackers, developers will get a chance to work on project they always wanted to.

Event will be inaugurated on December 1st & ClubHack will launch a surprise tool. Later on technical briefings will start till December 2nd evening. Topics for technical briefings containing infrastructure security, smart grid security, legal nuances to cloud, hacking & securing iOS apps, information security, hacking using NFC into smart phones, content type attacks, demonstration of tools like Hybrid Analyzer for Web Application Security (HAWAS), XSS Shell, FatCat & real time recording system.

On last day of ClubHack 2012, post conference workshops will be conducted. Workshops are Putting application security maturity models in practice by Ketan Vyas & Hackers vs. Developers by K.V.Prashant & Akash Mahajan.

ClubHack 2012 is powered by leading IT security Solutions Company - Quick Heal, global cyber intelligence firm – iSight Partners & Computer Society of India. Media partners for event are The Hacker News (internationally recognized news source), ISACA (Information Systems Audit and Control Association) & eHacking News (Information Security News portal).

Registrations for event are open till midnight before the workshops & technical briefings scheduled dates. On the spot registration facility is also provided. You can register to event by visiting this link
 http://www.clubhack.com/2012/registrations

Detailed Schedule:

Day 1, November 30th, 2012:
  • Pre conference workshops - Powershell for hackers by Nikhil Mittal & Securing Mobile applications – Exploits Demystified and Solutions Simplified by Dinesh Shetty & Ashish Rao
  • Hacknight at Amiworks, Pune
Day 2, December 1st, 2012:
  • Inauguration, Keynote
  • Special tool Launch by ClubHack team
  • Technical Briefings
Day 3, December 2nd, 2012:
  • Technical Briefings
Day 4, December 3rd, 2012: 
  • Post conference workshop - Putting application security maturity models in practice by Ketan Vyas & Hackers vs. Developers by K.V.Prashant & Akash Mahajan.

Venue:
The Hotel O.
North Main Road, Koregaon Park,
Pune, India

Registrations open for India's Pioneer Hackers Conference - ClubHack 2012

Carrying reputation of being India's first and best hacking & network security event, Team ClubHack proudly bringing the 6th edition of ClubHack Hacking and Security Conference with more exciting activities. Registrations for technical briefings, Hacknight & workshops have been opened on 1st November 2012 & also announced the early bird discount for registrations upto November 8th, 2012. ClubHack 2012 will be featuring secure development thought 12 technical briefings & 5 workshops.

ClubHack 2012 is highly technical conference with 2 days of Technical Briefings and 2 days of hand-on training workshops. Event includes a specialized hands-on training workshop for Network Admins, DBAs, Developers, Researchers, Architects, Govt. Agencies, Auditors and Students. ClubHack2012 is loaded with more number of talks, more workshops and a special event HackNight. ClubHack has always thought of the community and is still the most cost effective yet biggest security event of the country.

For the first time ClubHack have introduced new event for hackers & developers - HackNight in ClubHack2012 which is a complete night-out of making new products/plugins/modules/scripts, etc. With HackNight hackers, developers will get a chance to work on project they always wanted to. It will be a night where actual hackers spend time not to “break” into someone but to “make” something interesting and the best part, get a chance to present the same to the audience of ClubHack. You will get detailed information about HackNight here

http://www.clubhack.com/2012/event/hacknight

There are benefits of attending the 4 days conference: Attendees can meet directly with people from industry, geeks, entrepreneurs etc. & talk with them. Businessmen can achieve multiple lead generations from opportunities from corporate & government. People can do business development and partner recruitment while sharing thoughts and opinions about market. Meet with other vendors as well as open source projects to generate business development and product innovation opportunities. Also another good advantage is that people working in industry can earn lot of CPE credits!

ClubHack2012 has 4 specialized workshops:-
  • Hackers vs. Developers by K.V.Prashant & Akash Mahajan
  • Securing Mobile applications by Dinesh Shetty & Ashish Rao
  • Managing Application Security by Ketan Vyas
  • PowerShell for Hackers by Nikhil Mittal
You will get detailed information about workshops here http://www.clubhack.com/2012/event/workshops

Topics for technical briefings are listed below:
  • Detecting and Exploiting XSS with Xenotix XSS Exploit Framework by Ajin Abraham
  • Smart Grid Security by Falgun Rathod
  • HAWAS – Hybrid Analyzer for Web Application Security by Lavakumar Kuppan
  • Real Time Event Recording System, the tool for Digital Forensics Investigation by Madhav Limaye
  • Content-Type attack -Dark hole in the secure environment by Raman Gupta
  • Legal Nuances to the Cloud by Ritambhara Agrawal
  • FatCat Web Based SQL Injector by Sandeep Kamble
  • Hacking and Securing iOS applications by Satish Bommisetty
  • Infrastructure Security by Sivamurthy Hiremath
  • Critical Infrastructure Security by Subodh Belgi
  • XSSshell by Vandan Joshi
  • Anatomy of a Responsible Disclosure – Zero Day Vulnerability in Oracle BI Publisher by Vishal Kalro
  • Stand Close to Me, & You’re pwned! : Owning SmartPhones using NFC by Aditya Gupta & Subho Halder
  • The difference between the “Reality” and “Feeling” of Security: Information Security and the Human Being by Anup Narayanan & Thomas Kurian
Who should attend:-
  • Chief Technology Officers,
  • Chief Security Officers,
  • Network Administrators, DBAs,
  • Security Researchers and Practitioners,
  • System and network architects and designers,
  • Business analysts, auditors & technical educations students and
  • Anyone who is interested in information security.

You can get detailed information about technical briefings here
http://www.clubhack.com/2012/event/technical-briefings/

To register for event please click here




ClubHack 2012 scheduled to happen on 30th Nov, 1st, 2nd & 3rd of December


clubhack 2012

The 6th edition of ClubHack has been scheduled to happen on 30th Nov, 1st, 2nd & 3rd of December 2012. The list of events includes Hack Night, Keynote sessions, Technical talks, Workshops, CTF.

Hack Night: A night where actual hackers spend time not to “break” into someone but to “make” something interesting.

ClubHack2012 presents 5 separate workshops that includes 'Securing Mobile applications – Exploits Demystified and Solutions Simplified', 'Managing Application Security', 'PowerShell for Hackers', 'Hackers vs. Developers', 'Advanced Pentesting Techniques'.

There is 12 technical briefings.
  • Detecting and Exploiting XSS with Xenotix XSS Exploit Framework (Ajin Abraham)
  • Smart Grid Security (Falgun Rathod)
  • HAWAS – Hybrid Analyzer for Web Application Security (Lavakumar Kuppan)
  • Real Time Event Recording System, the tool for Digital Forensics Investigation (Madhav Limaye)
  • Content-Type attack -Dark hole in the secure environment (Raman Gupta)
  • Legal Nuances to the Cloud (Ritambhara Agrawal)
  • FatCat Web Based SQL Injector (Sandeep Kamble)
  • Hacking and Securing iOS applications (Satish Bommisetty)
  • Infrastructure Security (Sivamurthy Hiremath)
  • Critical Infrastructure Security (Subodh Belgi)
  • XSSshell (Vandan Joshi)
  • Anatomy of a Responsible Disclosure – Zero Day Vulnerability in Oracle BI Publisher (Vishal Kalro)
If you register before November 8, you will get early bird discount. The registration details can be found here.

nullcon security conference Delhi 2012 Highlights/Agenda


We at nullcon feel proud to be at the forefront of the IT Security arena in the Asian IT Industry. With the fourth event in the row, we continue to deliver the latest and responsible vulnerability disclosures and their mitigation solutions which help organizations take proactive and timely protective measures to safeguard their critical data and assets.

nullcon Delhi is being held on 26 - 29 Sept 2012 at The Leela Kempinski, Gurgoan.

Highlights

1. Day one keynote by CEO Natgrid,Mr. Raghu Raman. Talk Title: Battle of the Minds

2. Day two keynote by Global Security Evangelist and renowned speaker. Mr. Richard Thieme. Talk Title: Staring into the Abyss.

3. Security Conclave on Critical Infrastructure Protection: Focused Panel discussion of 90 minutes with participation from Govt. and corporate. Expert panelists from PSUs (Public Sector Undertaking) and large private organizations to create the road map for the protection standard and processes. This year's theme is Critical Infrastructure Protection and will be focused on organizations managing and developing critical infrastructure and organizations offering solutions and risk consulting on the same.

4. Executive Briefing: Exclusive two hours sub-event for senior management and the CIO’s to present summarized content of conference talks/events.

5. Prototype sub-event: An excellent opportunity/platform for organization to speak/showcase/present (30 Min Talk) new innovative security technologies to the conference attendees to attract industry recognition and to promote their brand.

6. 20+ Exhibitors from security industry.

7. 20+ presentations by security experts on ground breaking defensive and offensive security technologies.

8. Seven security Training by industry experts on deep technical and critical security sbjects.

9. Null Job fair for hiring the best in the security industry.

10. Attendees from varied Industry verticals.

11. Supported by Microsoft (MSRC USA), Praxeva, SANS and Hacker5.

12. Some of the exhibitors include WatchGuard, Symantec, Microsoft, Praxeva, SANS, JNR, Search Lab, Innobuzz, ACPL, LFY, Payatu

nullcon Delhi is a must attend for all those who share an interest in IT security. It is our endeavor to be continually delivering the best in IT Security. For more details please visit http://nullcon.net.

Pre-con registration is closing on 31st August. FREE Registration for Exhibition and Job Fair.

Group discount available. For offline registration, kindly drop an email to register@nullcon.net

Tools released at Defcon can crack widely used PPTP encryption in under a day

Security researchers released two tools at the Defcon security conference which can be used to crack the encryption of any PPTP (Point-to-Point Tunneling Protocol) as well as WPA2-Enterprise (Wireless Protected Access) sessions which use MS-CHAPv2 for authentication.


MS-CHAPv2 is an authentication protocol created by Microsoft and introduced in Windows NT 4.0 SP4. Despite its age, it is still used as the primary authentication mechanism by most PPTP virtual private network (VPN) clients.

ChapCrack can take captured network traffic that contains a MS-CHAPv2 network handshake (PPTP VPN or WPA2 Enterprise handshake) and reduce the handshake's security to a single DES (Data Encryption Standard) key.


This DES key can then be submitted to CloudCracker.com -- a commercial online password cracking service that runs on a special FPGA cracking box developed by David Hulton of Pico Computing -- where it will be decrypted in under a day.


The CloudCracker output can then be used with ChapCrack to decrypt an entire session captured with WireShark or other similar network sniffing tools.


PPTP is commonly used by small and medium-size businesses -- large corporations use other VPN technologies like those provided by Cisco -- and it's also widely used by personal VPN service providers, Marlinspike said.


The researcher gave the example of IPredator, a VPN service from the creators of The Pirate Bay, which is marketed as a solution to evade ISP tracking, but only supports PPTP.


Marlinspike's advice to businesses and VPN providers was to stop using PPTP and switch to other technologies like IPsec or OpenVPN. Companies with wireless network deployments that use WPA2 Enterprise security with MS-CHAPv2 authentication should also switch to an alternative.

Keith Alexander, NSA Chief, asks hackers to make internet more secure

National Security Agency Director Gen. Keith Alexander, also the head of the U.S. Cyber Command, took the unprecedented step on Friday of asking a convention of unruly hackers to join him in an effort to make the Internet more secure.

In a speech to the 20th annual Def Con gathering in Las Vegas, four-star General Keith Alexander stressed common ground between U.S. officials and hackers, telling them privacy must be preserved and that they could help by developing new tools.

"You're going to have to come in and help us," Alexander told thousands of attendees.

The conference founder, Jeff Moss, known in hacking circles as the Dark Tangent, told the conference he had invited Alexander, who rarely gives speeches, because he wanted them to learn about one of the world's "spookiest, least known" organisations.

Attendees were respectful and gave modest applause, though several said they were concerned about secret government snooping and the failure of authorities thus far to stop foreign-backed attacks.

"Americans pay taxes so that federal agencies can defend them," said a researcher who asked not to be named. "I see it as a hard sell asking a business entity to spend money for the common good."

Alexander won points by wearing the hacker "uniform" of jeans and a tee shirt, wandering the halls and praising specific hacking efforts, including intrusion detection tools and advances in cryptology.

He also confronted civil liberties concerns that are a major issue for many researchers devoted to the internet.

Taking questions screened by Moss, Alexander denied that the NSA had dossiers on millions of Americans, as some former employees have suggested.

"The people who would say we are doing that should know better," he said. "That is absolute nonsense."

Alexander used the speech to lobby for a cyber security bill moving through the Senate that would make it easier for companies under attack to share information with the government and each other as well as give critical infrastructure owners some reward for adhering to future security standards.

"Both parties see this as a significant problem," he said, adding that the experts like those at Def Con should help in the process. "What are the standards that we should jointly set that critical networks should have?"

In addition to conducting electronic intelligence gathering, primarily overseas, the defence-department-controlled NSA is charged with protecting the American army from cyber-attacks.

Increasingly, it has been sharing its findings with the FBI to aid in criminal cases and with the department of homeland security, which warns specific industries of new threats.

Displaying a slide with the logos of several dozen of companies breached by criminals or spies in the past two years, Alexander said only the most competent even knew they had been hacked.

"There are 10 times, almost 100 times more companies that don't know they have been hacked," he said.

14th July 2012 null Bangalore Monthly Meetup

null meetup on Saturday 14th July 2012 starting at 09:30 AM. No registrations, no fees, just come with
an open mind :)

The Bangalore meet, as usual, is divided into 2 parts, the monthly
talks and the Training on Reverse Engineering. The Reverse Engineering
training will start at 12:30 PM by the SecurityXploded/Garage4Hackers
team.

The schedule for this months meet is as outlined below:

  • 09:30 - 10:10: Hands on Web Application Security: Mutillidae -
  • Vulnerable Web App - Satish
  • 10:10 - 10:25: Introductions
  • 10:25 - 11:05: Burpsuite for Beginners - Saran
  • 11:05 - 11:20: Networking
  • 11:20 - 12:00: Basics of IDS/IPS - Pravin
  • 12:00 - 12:20: Feedback & Topic discussion for next monthly meet
  • 12:20 - 12:30: Break
  • 12:30 - 01:50: Advanced Malware Analysis - Monnappa

VENUE DETAILS
Kieon, 3rd Floor, 302 Prestige Sigma,
3 Vittal Mallya Road,
Bangalore 560001
Opposite Bishop Cottons Girls School, Above Emirates Airlines office.
Map Location: http://g.co/maps/dahhv
Parking is available in the building. See you there.

Null Bangalore Meet Scheduled on 21st April 2012


Hi All,

We will have this month's null/OWASP/Garage4hackers/SecurityXploded Bangalore meetup on Saturday 21st April 2012 starting at 10.00 AM. No registrations, no fees, just come with an open mind :)

The Bangalore meet, as usual, is divided into 2 parts, the monthly talks and Training on Reverse Engineering. The Reverse Engineering training will start at 12:45 PM by the SecurityXploded/ Garage4Hackers team. The RE training for this month is completely hands-on and everyone is required to get their laptops fully charged for the exercises.

Also, we have a guest speaker from the US, Mr. Arshad Noor, who is also a speaker at the ongoing OWASP AppSec AsiaPac 2012, Sydney - Australia, who will be talking about RC3 - Regulatory Compliant Cloud Computing.

TALKS
1. Believe it or not SSL Attacks - Akash Mahajan
2. News Bytes - Satyendra
3. RC3 - Regulatory Compliant Cloud Computing - Arshad Noor

4. Practical Reversing & Unpacking Part 1 - Harsimran & Nagershwar


VENUE DETAILS
Kieon, 3rd Floor, 302 Prestige Sigma,
3 Vittal Mallya Road,
Bangalore 560001
Opposite Bishop Cottons Girls School, Above Emirates Airlines office.

Map Location: http://g.co/maps/dahhv

Parking is available in the building.

NB: As discussed in the last month's meet, we will have a basic 30 minute primer on Cross Site Request Forgery by Satish at 9:30 AM, before the main talks begin at 10:00 AM. All those who would be interested to learn, understand the basics of CSRF and to watch some cool demos are requested to be present at 9:30 AM.

Regards,
karniv0re

c0c0n 2012 - Call For Papers and Call For Workshops


c0c0n announced the Call for Papers and Call for Workshops for c0c0n 2012, a 3-day Security and Hacking Conference (1 day pre-conference workshop and 2 day conference), full of interesting presentations, talks and of course filled with fun!

The conference topics are divided into four domains as follows:
  • Info Sec - Technical
  • Info Sec - Management
  • Digital Forensics and Investigations
  • Cyber Laws and Governance.

We are expecting conference and workshop submissions on the following topics, but are not limited to:
  • New Vulnerabilities and Exploits/0-days
  • Open Source Security&Hacking Tools
  • Antivirus/Firewall/UTM Evasion Techniques
  •  Software Testing/Fuzzing
  •  Network and Router Hacking
  •  Malware analysis & Reverse Engineering
  •  Mobile Application Security-Threats and Exploits
  •  Advanced Penetration testing techniques
  •  Web Application Security & Hacking
  •  Browser Security
  •  Hacking virtualized environment
  •  WLAN and Bluetooth Security
  •  Lockpicking & physical security
  •  Honeypots/Honeynets
  •  Exploiting Layer 8/Social Engineering
  •  Cloud Security
  •  Critical Infrastructure & SCADA networks Security
  •  National Security & Cyber Warfare
  •  Cyber Forensics, Cyber Crime & Law Enforcement
  •  IT Auditing/Risk management and ISO 27001


CFP Review Committee:

0x01 - Armando Romeo
0x02 - Dinesh O Bareja
0x03 - Peter Giannoulis
0x04 - Simon Bennetts (a.k.a. Psiinon)
0x05 - Vahan Markarov

For more details about the Review Committee, visit - http://is-ra.org/c0c0n/cfp.html


Submission Guidelines:

Email your submission to: cfp [at] is-ra [dot]org
Email subject should be: CFP c0c0n2012 - <Paper Title>
Email Body:

Personal Information:


>> Speaker Name:
>> Job Role/Handle:
>> Company/Organization:
>> Country:
>> Email ID:
>> Contact Number:
>> Speaker Profile: (max 1000 words)

>> If there is additional speaker please mention it here following the above format.

Presentation Details:

>> Name/Title of the presentation:
>> Paper Abstract: (max 3000 words)
>> Presentation Time Required (20, 30, 50 Minutes)
>> Is there any demonstration? Yes or No
>> Are you releasing any new tool? Yes or No
>> Are you releasing any new exploit? Yes or No

Other Needs & Requirements:

>> Do you need any special equipment?
>> We will be providing 1 LCD projector feed, 2 screens, microphones, wired and/or wireless Internet.
>> If you have any other requirement, Please mention it here and the reason.

Remember these Dates!


>> CFP Opens: 16th Mar 2012
>> CFP Closing Date: 30th Apr 2012
>> Speakers list online: 21th May 2012
>> Workshop Dates: 02nd Aug 2012
>> Conference Dates: 03rd and 4th Aug 2012

*NOTE:* We should not promote vendor/product oriented submissions hence it will be rejected.


Speaker Benefits:


>> Complimentary Conference registration.
>> Complementary Accommodation for 2 nights.
>> Complementary conference passes.
>> Invitation to c0c0n-Blast (The Networking Lungi party).
>> Travel Reimbursement - The selected speaker will receive travel reimbursement, to the extent available with existing ISRA /conference funds.
>> Only one speaker will be eligible for the benefits in case there are two or more speakers for a talk.

Thanks and Regards,
-c0c0n Team-

Null Bangalore meeting scheduled on 10th March 2012


Null ,The Open Security Community scheduled the next Bangalore meeting on 10th March 2012 starting at 10.00AM.  As usual, there is no registrations ,no fees.

They divided the meeting into two parts , the first one is monthly talks and second one is Training on Reverse Engineering.  The Reverse Engineering training will start at 12:45 PM by the SecurityXploded/Garage4Hackers team.

Monthly talk covers News Bytes(Riyaz),Hack IM CTF part 2(Himanshu),Computer image acquistion(Nithin),Belive it or not SSL attacks(Akash), Reversing tools guide( swapnil).


VENUE DETAILS
Kieon, 3rd Floor, 302 Prestige Sigma,
3 Vittal Mallya Road,
Bangalore 560001
Opposite Bishop Cottons Girls School, Above Emirates Airlines office.

Map Location: http://g.co/maps/dahhv

Parking is available in the building.

Defcon Rajasthan(DC91141) - Invitation for the March 2012 Meet

Defcon Rajasthan invite all of you for our first meet which is going to held on 25th March 2012.

Defcon Rajasthan (DC91141) is a Defcon Registered group of people interested in exploring technology and it implications in security. It mostly consists of information assurance professionals and enthusiasts.

The main purpose of this group is to organize technical talks and hands on experience on topics of interest. While seasoned speakers will be invited to present for the initial several presentations. Our intention is to have local people with less experience present as well. This will allow younger professionals and researchers to get used to preparing a technical presentation and sharing it with an audience.

Why this meet ??

The main motivation behind this group is to have a place where technical people can discuss technical topics and problems and hopefully find solutions to them. There are multiple social groups of security professionals in the India but none of them seams to stick outside of the pub... so as a result, during one of those meetings, the idea was born and here it is...



[ Tickets for the Meet]

For General Public : 700 INR (Lunch Included)

For Students: 600 INR (Lunch Included)

Hotel Reservation is also available.

To book the tickets mail to rajasthan@defcon.co.in
or you can call us on +91-7597113236


[ Time of the Meet ]

On 25th March 2012

From 10 AM to 6 PM

Do make sure that your at the venue by 9:45 AM


[ Venue of the Meet ]

Royal Seminar Hall,

Near Bus Stand & Railway Station (Only 5 min walking distance from both Bus Stand and Railway Station)

Opposite Pink City Petrol Pump, Khasa Kothi Flyover,

M.I. Road, Jaipur, Rajasthan - 302001

Call for Paper - DEF CON Rajasthan March 2012 Meet

DEFCON Rajasthan invites unique and fresh research papers for March 2012 Jaipur Meet.

Defcon Rajasthan (DC91141) is a Defcon Registered group of people interested in exploring technology and it implications in security. It mostly consists of information assurance professionals and enthusiasts.

The main purpose of this group is to organize technical talks and hands on experience on topics of interest. While seasoned speakers will be invited to present for the initial several presentations. Our intention is to have local people with less experience present as well. This will allow younger professionals and researchers to get used to preparing a technical presentation and sharing it with an audience.



Paper shold be..
-> Paper should be of current subject and not more than 1 year old.
-> Papers can be on your own research with proof of concept.
-> Topics of interest includes everything related to Security.
-> Topics related to mobile security or any mobile operating system.
-> Any new methods of hacking or any 0day/tool disclosure.


Some of Example Topics are :-
  •  Wireless Security
  • Network Security
  •  Web Application Vulnerability
  •  Mobile Security
  • Cloud Computing
  •  Computer Forensics
  •  Cyber Laws
  •  Buffer Overflow
  • Reverse Engineering
  •  Exploits and 0day Vulnerability etc etc

** The above are just sample, the Paper can be of any topic related to security.

Your submission must contain the following information.
Please send your paper to rajasthan@defcon.co.in

1. Author name
2. Title of the Paper
3. Email Address
4. Mobile Number
5. Provide Supporting Materials for your paper in form of PDF or Links
6. Presentation Format must be in PDF for submission.

PS: Presentation should not exceed more than 20 minutes

—————————–
Further Information on Dates:
—————————–
Paper submission last date : 10 March 2012
Notification of paper Acceptance : 12 March 2012
Paper Presentation : 25 March 2012
Please send your paper to rajasthan@defcon.co.in