DEFCON GROUP TRIVANDRUM - Virtual Weekly Breakout sessions

All of our sessions and meet-ups are OPEN and FREE to everyone!


Season 1: 2020


Upcoming Sessions


Session #5: Zero Trust Architecture: "Trust is the most dangerous Vulnerability"

Event Date : 22th Nov, 2020 : 07:00 PM to 08:00 PM
Virtual event : Live on Facebook and Discord

Sreemol Menon, EY

Bio: I am Sreemol Menon, working as Cyber security analyst in EY. I have an overall experience of 7 years , specifically in Information security field for 2 years. Currently handling Incident Response and Incident triaging tasks.Also I am a GIAC certified professional in Defensible Security Architecture.

Abstract: Zero trust architecture and its basics: Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access. “The strategy around Zero Trust boils down to don't trust anyone.

[Slides]


Previous Sessions


Session #5: Detecting Active Directory Attacks on ELK

Event Date : 15th Nov, 2020 : 07:00 PM to 08:00 PM
Virtual event : Live on Facebook and Discord

Rahul R, Activbytes

Bio: Currently working as a Security Consultant with Activbytes, Active CTF player and SOC Analyst.

Abstract: A beginner friendly session to detect various Active Directory Attacks on ELK Stack and configure custom Detection Rules on Elastic SIEM.

[Slides]


Session #4: Introduction to Android App pentesting

Event Date : 8th Nov, 2020 : 07:00 PM to 08:00 PM
Virtual event : Live on Facebook and Discord

Mohammed Shine, UST Global

Bio: Security Engineer at UST Global, Bugbounty hunter, Photographer.

Abstract: Introductory session about Android app security testing focused on beginners who are interested in android app pentesting.

[Slides]


Session #3: Client-Side Javascript Vulnerabilities - Demystified

Event Date : 1st Nov, 2020 : 07:00 PM to 08:00 PM
Virtual event : Live on Facebook and Discord

Sreeram KL, Security Enthusiastic

Bio: Student,bug hunter and web security enthusiast who loves to explore web based client side vulnerabilities.A proud member of DEFCON Group, Trivandrum and loves sharing knowledge back to the community.Also one of the top 30 bug hunters featured in Google Hall of Fame.

Abstract: With emerging web technologies, client-side javascript is getting more powerful. Like technologies, vulnerabilities never fail to grow. Postmessage misconfiguration, DOM XSS and cross site leaking are some of those hot topics in the industry. In this talk, I will be presenting how to uncover and fix those vulnerabilities.

[Slides]


Session #2: Emerging Fileless malware threats

Event Date : 25th October, 2020 : 07:00 PM to 08:00 PM
Virtual event : Live on Facebook and Discord

Nimna Sreedharan, Cyber Security Analyst

Bio: Nimna has more than 9 years of experience in the field of Cybersecurity, Incident triaging and Incident response (IR). She is currently part of the Internal Security Team working as a Digital Forensics Analyst with one of the Big Four companies. She has a deep understanding of latest security threats, vulnerabilities, and Incident Response. She possesses multiple professional certifications like GIAC certified Forensic Examiner (GCFE), ISO27001 Lead Auditor, etc. Nimna has been associated with DEFCON group Trivandrum since past 2 years. She was part of the winning team at the Red team Village - CTF competition organized at C0c0n 2019.

Abstract: When it comes to endpoint security, a handful of threats make up the bulk of the most serious attack tools and tactics. According to a recent study, the most common critical-severity cybersecurity threat to endpoints was fileless malware. Fileless malware has been rapidly evolving. This is because digital threats have evolved far beyond signatures. Most threats we see today are polymorphic. They are able to create a whole new version or variant of themselves upon every new infection in order to fool basic AV. Through this session, I would describe the emerging fileless malware and the techniques they employ to evade detection.

[Slides]


Session #1: Active Directory : where exploit ends (Kind of)

Event Date : 18th October, 2020 : 07:00 PM to 08:00 PM
Virtual event : Live on Facebook and Discord

Aravind Prakash, Lucideus Tech

Bio: Aravind is working as a Security Analyst at Lucideus Tech. Primarily working as a part of internal security team. He has been working in the cyber security industry for the past 2 years. Aravind has been volunteering for the c0c0n organization team from 2018, a proud member of DEFCON Group Trivandrum and part-time volunteer at the Red Team Village community.

Abstract: All the fortune 500 are using active directory. Are we sure all these teams Configuring it properly. I will be talking about common Active directory configuration mistakes. What it can lead to, and how to fix it?

Download the slides from [Here]. Watch the talk from [Here].


Shout-out to the event Sponsors