Hacker Village DC0471 meet-up - 0x03
11th of May, 2019B-Hub, Mar Ivanios Vidyanagar, Nalanchira, Trivandrum.Scroll down
Hacker Village - DC0471 Meet-up 0x03 - agenda and Talks
Event Date : 11th May, 2019 : 09:00 AM to 06:30 PM Venue : B-Hub, Mar Ivanios Vidyanagar, Nalanchira, Trivandrum. All of our sessions and meet-ups are OPEN and FREE to everyone! But, there is a limitation for the available seats. Please register using the event registration link to book your seat!
Bio: Currently working as Commissioner of Police, Trivandrum City, Kerala. He is cybersecurity analyst and specializes in investigation of Cyber Crimes, especially online crimes affecting Children. He has authored a book “IS YOUR CHILD SAFE? related to online abuses affecting Children. He is closely associated and works with KERALA POLICE CYBERDOME.
Bio: Dane is currently the Group CISO at Nissan. Dane has held senior executive security roles over the last 15 years across many industries (finance, education, government, and telecommunications). He holds a Masters in Business (IT Management) from the University of Technology Sydney. He is frequently invited to speak at international events, and Dane was recognized in 2017 as a top 100 global CISO.
Bio: Lince Lawrence is currently the Cyber Threat Management Leader with EY GDS. He has over 19 years of experience in Enterprise Risk Management and Cyber Security. Lince has served two leading global insurance companies, and an investment bank in CRO and CISO capacity, besides setting-up and running Cyber managed services in leading consulting firms. https://in.linkedin.com/in/lince/
Bio: Rahul Sasi is an Indian entrepreneur, security expert, and white-hat hacker. He is the Founder and CTO of Artificial intelligence based info security company CloudSEK. He has presented his papers in 28 different forums in 18 different countries. Prior to founding CloudSEK, he was a Sr Engineer at Citrix and iSight(FireEye).
Bio: Shobha Jagathpal has spent over 19 years on various information technology disciplines, focusing primarily on enterprise application development and consultation. Over the course of her career, Shobha has held increasingly engineering and management roles. As an information security practitioner, Shobha has extensive experience in Public Key Infrastructure, Web services security, Identity and Access Management, Incident and Event Management, Compliance Assessment, Vulnerability Assessment, Risk Assessment, GRC application customizations and integrating security tools to build enterprise solutions. She has managed all aspects of Software Development Life Cycle delivering world class products.
Abstract: Adoption of Blockchain has increased globally addressing various use cases referred to as Smart Contract apart from the main stream crypto currency use. As a result there has been increase in the Blockchain implementations involving various technologies so are the vulnerabilities introduced by developers from this implementations. Starting from the crypto layer, list of vulnerabilities associated with block chain will be presented with a show case of exploit impacting entire implementation of a Smart contract based Blockchain loose stakeholder trust.
Bio: Chris is the Business Information Security Officer for the Connected Car and Engineering division of Nissan Motor Corporation. As a cybersecurity professional working for one of the largest auto manufacturing companies, he understands the importance of identifying, remediating, and articulating cybersecurity risks for vehicles, applications, and infrastructure used by millions of customers and employees in all corners of the globe. Chris in an expert in reverse engineering cryptographic algorithms, vehicle inter-domain hardware connectivity and radio frequency control systems. His passion and motivation is driven by "real-world" attack methodologies with a focus of demonstrating actual cybersecurity risks within vehicles, for the safety of the industry and most importantly autonomous functions for the greater good. Chris is a Computer Science major with strong emphasis on software defined radios and is a contributor/member of OWASP. A technical leader, backend software engineer and exploit developer who has worked on multiple cybersecurity research projects for various companies in the public and private sectors. Chris is also certified as a GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) issued by SANS.
Abstract: The hour presentation will deliver an overview of various vehicle connected services architectures from a professional cybersecurity researcher's perspective who works for a major automotive OEM. The researcher will take you on a walk down topics of methodology, researching environments and illustrate various industry wide attack vectors.
Bio: Nishit Majithia is currently working as a security penetration tester at Walmart Labs, India. Earlier Nishit was a software developer in InfoSec Walmart Labs India team. Nishit has sound knowledge of java and c, c++, go and python. All fundamentals like operating system, data structures, database, network are very well familiar to Nishit. During the internship time of his B.Tech degree, he contributed one payload in ISRO's IMS-1A satellite. After getting M.Tech degree in Cyber Security area from IIT Kanpur, Nishit developed his curiosity in this security research field and that gave him the opportunity to represent himself in DefCon-2018 India Chapter.
Bio: A Security enthusiast with sound knowledge of Linux binary exploitation and web penetration testing. I love to play with secure systems and always tries to find innovative ways to crack systems. MTech from IIT Kanpur with specialization in System Security. Have experience in Cyber Security Lab IIT Kanpur and System Security team Samsung R&D centre Delhi. Currently working in Infosec team @Walmartlabs India.
Abstract: Many environments deploys database systems which are administered by centralized authority. Theauthority is capable enough to make modifications to database entries that goes unnoticed withmodification of access logs. These kinds of threats are Insider threats where the person having soundknowledge of internal network and administrative access can fiddle with the data. Logging does notproves to be a good way to detect such threats as attacker having access to the host can tamper thelogs accordingly.
In this paper we are going to present a techniques where the unauthorized changes made by attackercan be identified within a database system by minor changes to it. The idea extends the the tamperresistant behaviour of blockchain that adds meta-data (we call this meta-data as token) to each row todetect insider access. The technique have been implemented & tested with dummy HR managementapplication in which access to the entries is restricted with policies.
Bio: Anjana is a security Researcher at Cloudsek. She has over 2 years of experience in the cyber security. She loves painting and travelling.
Abstract: SQL injection is one of the most dangerous attacks existing in modern universe due to its high impact upon successful exploit. Proper input validation and use of parameterized queries help developers mitigate this issue successfully. However, the same injection vulnerability can be exploited using connection strings as well. The fact that a coordinated effort between developers, database vendors and system admins is required to mitigate this vulnerability increases the potential of this attack. The paper will explain the injection attacks that can be performed using connection strings. It will take you through various injection scenarios, injection vectors and a demo showcasing the attack. The paper is concluded with the mitigation strategies for the attack.
Bio: Kajal works as an Associate Security Consultant at Synopsys. She holds a bachelor’s degree in computer science. Currently she is focusing on security research of various languages, frameworks and exploring cybersecurity. She loves trekking, badminton and travelling with no particular purpose.
Bio: Rahul is a Security Consultant at Activbytes technologies with 2 years of experience. He is also a CTF player, a bug bounty hunter and has interest in Redteaming.
Abstract: The talk is about how someone with little to zero knowledge in Information Security can gain a foothold in the Industry , Also a brief intro on different kinds of CTF and how to approach those challenges and how to even get a job from playing CTF's.
Bio: He has a few security hall of fames and a few CTF wins. He has worked on a wide range of topics in security, some of them include Red teaming, Infrastructure Pentest, Purple Teaming, Forensics and Incidence Response, Cyber Threat Intelligence, Cyber Footprint Assessment, Application Penetration testing .He has presented in various international conference including Balccon.
Bio: He has 4 years of experience in the Information Security field. Specialized in Web App, Network and Infra Testing. Good Knowledge in AWS and WAF. Currently working in a Startup called StrongBox IT located in Chennai.
Abstract: The core theme of presentation is all about pwning techniques and how big companies pwning up end users indirectly. The paper going to cover up following topics. Biometric collection of data and how it will be abused. Systematic and nonsystematic collection of data by the companies. How data collection which is done at past will be used for advertisement.
Bio: Adithyan AK is an Independent Security Researcher and a Public Speaker. He is the CEO and Co-Founder of StuxNoid. Adithyan AK has been acknowledged by Intel, Avira, AT&T, IIT Madras, VU University and many other companies for finding security vulnerabilities in their applications. He has delivered Guest Lectures on Ethical Hacking and Penetration Testing at various workshops and conferences including IIT Madras and Hindustan University(Chennai). He is Chapter Lead of Open Web Application Security Project Coimbatore Chapter. He has been into Information Security right from the age of 13 and has worked along with various Security Researchers for securing Web Applications. He has published his research papers on Remote Code Execution in Web Applications and Sniffing HTTPS in LAN by ARP poisoning. He has conducted Workshops on Ethical Hacking in Chennai and Vellore and delivered Guest Lectures for various colleges around Tamilnadu.
Abstract: The firmware of TP-Link router is downloaded from the internet. The reverse engineering of the firmware is done with binwalk and firmware-mod-toolkit. After extraction, a suitable payload is generated via Metasploit based on the firmware in suitable elf format. After payload generation, the payload is binded with /etc/init.d file or with any other scripts in that directory. The modified firmware is finally compiled and put together. After the flashing of the firmware in the router, the msf reverse shell is obtained from the router to the attacker machine and a command shell is opened.
Bio: Aravind is a Security enthusiast working as Security Analyst at HackIT Technology and Advisory Services. He has 1 year experience in InfoSec. He holds a Bachelor’s degree in computer science. He worked in computer networking for 1.5 years. He loves travelling.
Abstract: ELK (Elasticsearch, Logstash, Kibana) Stack traditionally a log monitoring system. It is used for infrastructure monitoring with help of logs from different devices and services that are configured to send logs to the centralized ELK server in the infrastructure. With ELK we can look beyond log monitoring. Since the working of ELK is that, its process any file that is feed into the processing stream. We can filter that file to ours need. Because of this ELK can deal with any file format that is not a necessarily log file. Let’s take example, if we are doing a port scan with nmap and created an output file for the result , this file can be added into ELK and we can visualize the output in kibana for different parameters of the output. Nmap is a single example, any tool that can create an output can be added into ELK. We will go through how easy is to configure ELK and how to configure it for your various scanning tools.
Track 2: CTF
Red Team Village is a community driven combat readiness platform for Red teaming and Cyber security attack simulation. This community is managed by a group of cyber security and red team tactics enthusiasts. We can consider this as a platform to share tactics, techniques, and tools related to various domains of adversarial attack simulation. Red team village will be conducting workshops, talks, demonstrations, open discussions and exercises.
There will be a quick session about CTF competition with real world scenarios. Winners can go home with cool goodies.