Home | Presentations| Schedule | Contest | News | Speakers |  Register | Sponsor | FAQs  
 

Speakers

 

at ClubHack

   

Amish Shah | Ajit Hatti | Chetan Gupta | David Hulton | Dror Shalev | Gaurav Saha

 Rahul Mohandas | Rohas Nagpal | Rohit Srivastwa | Shreeraj Shah 

  Sunil Arora | Varun Sharma  | Umesh Nagori

   
 
 

 

Amish Shah India

  Amish Shah
Designation: CTO
Organization: Net-Square Solutions Pvt. Ltd
Topic: The future of automated web application testing
Topic Details: Security testing of the web application is most critical and demand of automated web application auditing tools is increasing day by day. From last few years, web applications are getting too complex and rich, and automated web application testing tools are facing many changelings like obfuscation of response code, java script based form submission, custom error pages, etc. In this presentation, we'll talk about how entire web technology evolves from web 1.0 to 2.0, what are the traditional
methods of web application analysis, what techniques web applications developers use to defeat automated tool and what techniques automated tools use to penetrate web applications. We'll also speak about web 2.0 architecture; automated testing methodology for web 2.0 applications, challenges and limitations.
 

Speaker-Bio:  Amish is a Chief Technology officer at Net-Square. He is responsible for product development and research activity. He has over 9 years of experience in design and development of security tools from small scale to large managed vulnerability scanner. He is good at reverse engineering, source code audits. He has written many linux/win32
system programs, kernel level drivers, web server plugins and automated web application scanners. In addition, he recently published advisory on Microsoft research web site and also contributed in "Secure Coding in C/C++" article on SANS.

  ^

 

 

Ajit Hatti India

  Ajit Hatti
Designation: --
Organization: Bluelane Technologies, Pune
Topic: Legiment Techniques of IPS/IDS Evasion
Topic Details: Instead of using classical evasion techniques which uses the limitations of TCP/IP implimentation, Legimency uses newer techniques of Exploitation, which are highly effective, easy to code and tuff for IPS/IDS vendors to stop.
 

Speaker-Bio:  
* MCA from Shivaji University in 2003, Topped the University.
* Joined Indian Air-Force Academy for a short time.
* Working with Bluelane Technologies, as a Team Lead, in the field of Network Security & Vulnerability Research.
* 4 years of experience in Mailing & Network Secuiryt domain.
* Expertise in SMTP/SMB/RPC protocol and OS/Services detection techniques.
* Member of CSI, PLUG and contributing to Nessus, Ubuntu.

  ^

 

 

Chetan Gupta India

  Chetan Gupta
Designation: Senior Incident Response Specialist
Organization: Symantec Corporation
Topic: Mining Digital Evidence in Microsoft Windows – Answering Who, When, Why and How?
Topic Details: Microsoft Windows presents a number of avenues to the Forensic investigator to establish the most critical questions during any investigation - Who, When, Why and How? There is a wealth of information available in the Windows system which can help the investigator establish a chain of events, identify the possible cause of any untoward activity and gather non-refutable evidence to prosecute the perpetrator. Some of the evidentiary avenues that would be highlighted in this presentation are as follows:
1. Windows Registry as a critical avenue of information – MRU Lists, MUI cache, UserAssist and so on
2. NTFS Data structures and MFT analysis
3. Understanding and Cracking EFS
4. Analyzing File System Metadata – the mystery of timestamps
5. Analyzing Windows Memory contents – how to conduct Live Response?
6. Using Event Logs to establish a timeline of events.
7. Web Usage profiling
8. Analyzing Prefetch, Recycle Bin artifacts and shortcut files
9. Analyzing slack space and detecting hidden/formatted partitions.
10. Understanding and analyzing Thumbs.db
 

Speaker-Bio: Chetan Gupta is a Bachelor of Technology in Computer Sciences from AIUMT, USA and has done his Masters of Science in Computer Networks. He has vast experience in the field of Information Security with a focus on the domain of penetration testing and digital forensics. He is well-versed with the Incident response and Computer Forensics standards and methodology, has a good understanding of the Cyber law & has led teams on Computer Forensic assignments for many multinational clients. He has also conducted penetration tests and risk assessment exercises for a multitude of international clients. Chetan Gupta is an Encase Certified Examiner (EnCE), SANS GIAC Certified Forensics Analyst (GCFA), SANS GIAC Certified Intrusion Analyst (GCIA), Master in Computer Forensics (US), Certified Ethical Hacker (CEH), CIW Certified Security Associate and Cisco Certified Network Associate (CCNA). He also has conducted numerous training programs on Cyber Crime and Digital forensics and trained professionals from Oracle, Microsoft, Wipro, Ernst and Young, Franklin Templeton, SBI, and ICICI and so on. He has also created an open source tool for Linux Incident Response called LINReS.

Chetan has also been a speaker at the Cyber Safety Week Mumbai 2005, Bombay Chartered Accountants Society, and many other academic institutes & has presented on topics related to Ethical Hacking, Cyber Crime, Incident Response, and Digital Forensics. Chetan also published an article - Dissecting NTFS hidden streams at www.forensicfocus.com. He was also the principle editor and contributor for India’s first online Incident response and Digital Forensics magazine called ‘Checkmate’ available at http://www.niiconsulting.com/checkmate

  ^

 

 

David Hulton  USA

  David Hulton
Designation: --
Organization: The OpenCiphers Project
Topic: Faster PwninG Assured: Cracking Crypto with FPGAs
Topic Details: This talk will go in-depth into methods for breaking crypto faster using FPGAs. FPGA's are chips that have millions of gates that can be programmed and connected arbitrarily to perform any sort of task. Their inherent structure provides a perfect environment for running a variety of crypto algorithms and do so at speeds much faster than a conventional PC. A handful of new FPGA crypto projects will be presented and will demonstrate how many algorithms can be broken much faster than people really think, and in most cases, extremely inexpensively.
Breaking WPA-PSK is possible with coWPAtty, but trying to do so onsite can be time consuming and boring. All that waiting around for things to be computed each and every time we want to check for dumb and default passwords. Well, we're impatient and like to know the password NOW! Josh Wright has recently added support for pre-computed tables to coWPAtty—but how do you create a good set of tables and not have it take 70 billion years? David Hulton has implemented the time consuming PBKDF2 step of WPA-PSK on FPGA hardware and optimized it to run at blazing speeds specifically for cracking WPA-PSK and generating tables with coWPAtty.
 

Speaker-Bio: David Hulton has been hacking with wireless and embedded devices for the past 5 years and actively involved in the security industry for 10. After helping start and run various security meetings and ToorCon back in the late 90's, he switched focus and became credited with designing open source tools such as bsd-airtools, doing extensive security research with Wireless, Smart Cards, GSM, and most recently with revolutionary high-speed crypto cracking applications for FPGAs.

  ^

 

Dror Shalev   Israel

  Dror Shalev
Designation: Security Expert
Organization: Checkpoint SmartDefense Research Center
Topic: Crazy Toaster: Can Home Devices turn against us?

Topic Details: Home networking devices, wireless equivalents, hardware and technology raise new privacy and trust issues. Can Home Devices turn against us and spy on our home Network? Do we care if our Toaster sees us Naked? This talk will cover a scenario of “Crazy Toaster”. Trojan device under Vista and XP environment, or software with TCP/IP capabilities like Routers, Media Players or Access Points, that joins a Local area network and thus becoming a security hazard. This "Crazy Toaster" presentation will discuss the steps needed to conduct a Trojan device that exploits users trust in technology. Flaws associated with Home networking protocols such as UPnP and SSDP would be presented. The primary goal of the "Crazy Toaster" presentation is to present a new offensive technique by demonstrating the security hazard and design flaws. As Home networking becomes more ubiquitous, the scope of this problem becomes worse.

 

Speaker-Bio: Dror Shalev is working as a Security Expert for Check Point SmartDefense Research Center, focusing on Browser & Windows Security. He has worked as Senior Security Researcher at finjan.com, Malicious Code Research Center, as well as having found several major security vulnerabilities in various major web mails systems such as Hotmail, Yahoo!Mail, and in Microsoft products. SOC Manager at DATA SEC, developed and designed Internet Security Systems, Conducted penetration tests for e-Banking systems in Europe. CTO & Co-Founder at BmyPC, developed R&D methodology and software for virtual Web desktop service, enabling web devices to receive computing services via the internet. Dror has run a Security Workshop that deals with recent Browser Exploits security & privacy, online threats at http://sec.drorshalev.com

  ^

 

Gaurav Saha India

  Gaurav Saha
Designation: Software Engineer
Organization: Sipera System Pvt Ltd
Topic: Vulnerabilities in VoIP Products and Services

Topic Details:We'll explore the Current State of Security Features, Attack Venues, Security Risks and Exploitable bugs of this evolving technology, which is most likely the most concerned thing about VoIP.

 

Speaker-Bio: Gaurav Saha works as a Software Engineer for Sipera Systems Pvt Ltd. He is a B.Tech  from Indian Institute of Technology,Kharagpur.

  ^

 

Rahul Mohandas India

  Rahul Mohandas
Designation: Virus Research Analyst
Organization: McAfee
Topic: Analysis of Adversarial Code: The Role of Malware Kits!
Topic Details: This presentation talks about the recent trend in the emergence of malware kits like Mpack and the roles of various automated Do-It-Yourself kits in the realworld attacks. I would also talk about the various obfuscated exploits involved in these kits.
 

Speaker-Bio: Rahul is a Virus Research Analyst with McAfee working on identifying and writing signatures for various Malwares. His  previous experience has exposed him to vulnerability research, malware research and he has also published a couple of vulnerability advisories.

  ^

 

Rohas Nagpal   India

  Rohas Nagpal
Designation: President
Organization: Asian School of Cyber Law
Topic: 7 years of Indian IT act - Best Cases
Topic Details: The Cyber Law regime was ushered into India 7 years ago. These 7 years have seen path breaking court judgements that have defined the Indian cyber legal framework. My presentation will be on these cases and how they have laid down important principles relating to cyber pornography, computer source code, digital evidence and electronic contracts.
 

Speaker-Bio: Rohas Nagpal is the President of the Asian School of Cyber Laws. He has assisted the Government of India in framing rules and regulations under the Information Technology Act. He advises law enforcement agencies around the world in cyber crime investigation and cyber forensics. He has authored several books, white-papers and articles on these subjects.

  ^

 

Rohit Srivastwa India

 
Designation: Founder
Organization: ClubHack
Topic: --
Topic Details:
 

Speaker-Bio: Rohit Srivastwa has several years experience in providing consultancy and training in the fields of Information security, Cyber Crime Investigation and Penetration Testing.
He is actively involved advising several military agencies, law enforcement personnel, Corporates and Government bodies in these fields. Along with assisting these organizations solving there cases, Rohit is also involved in teaching the related subjects to them.

  ^

 

Shreeraj Shah  India

  Shreeraj Shah
Designation: Founder & Director
Organization: Blueinfy Solutions
Topic: Hacking Web 2.0 Art and Science of Vulnerability Detection
Topic Details:  Web 2.0 applications are on the rise and as Gartner has predicted by end of 2007, 30% of applications would be running with Web 2.0 components embedded in it. This change in scenario would provide various different entry points and security holes for attackers. Hacking Web 2.0 is the most required skill for security professionals to identify vulnerability and associated threat before an attacker exploits it. New attack vectors are on the rise like two way CSRF access, XSS through JSON, JS-
Object, XML and Array streams, Client side eval() exploitations, XPATH injection, WSDL scanning, Web Services payloads through SOAP and REST, XML-RPC method exploitation etc. One needs to do both scientific and artistic analysis of application to identify these vulnerabilities and this talk will cover these emerging attack vectors with plenty of demonstrations and tools. You will take home thorough knowledge about Web 2.0 hacking and would be in position to apply at work immediately.
 

Speaker-Bio: Shreeraj Shah, B.E., MSCS, MBA, is the founder of Blueinfy, a company that provides application security services. Prior to founding Blueinfy, he was founder and board member at Net Square. He also worked with Foundstone (McAfee), Chase Manhattan Bank and IBM in security space. He has performed several security consulting assignments in the area of penetration testing, code reviews, web application assessments and security architecture reviews. He is also the author of popular books like Hacking Web Services (Thomson 06) and Web Hacking: Attacks and Defense (Addison-Wesley 03). In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, Syscan, ISACA etc. His articles are regularly published on Securityfocus, InformIT, DevX, O’reilly, HNS. His work has been quoted on BBC, Dark Reading, Bank Technology as an expert.

  ^

 

Sunil Arora India

  Sunil Arora
Designation: Security researcher
Organization: --
Topic: Backdoor 2.0: Hacking Firefox to steal his web secrets
Topic Details:  Firefox ("Free, Faster and Secure" web browser) is gaining popularity at a very fast rate. I will talk in detail about techniques to write a malware for Firefox to steal a victim's web secrets like username, password, credit card number etc. I will also discuss the recently discovered vulnerabilities in firefox and how one can exploit them to push the malware to victim's Firefox remotely.
At the end of the talk, I will be giving a demonstration of exploiting one of the existing vulnerabilities to install the malware in victim's Firefox to steal his web secrets.
 

Speaker-Bio: Sunil is an enthusiast security researcher with expertise in application, wired & wireless security. He is a linux expert graduated from IIT kharagpur

  ^

 

Varun Sharma India

  Varun Sharma
Designation: Security Engineer
Organization: Application Consulting and Engineering (ACE) Team, Microsoft India
Topic: Subtle Security flaws: Why you must follow the basic principles of software security
Topic Details:  Varun will talk about some interesting and subtle security flaws found while assessing business applications, which principles were not followed that resulted in the flaws and why, no matter how good a developer you are, you should always follow the basic principles of software security.
 

Speaker-Bio: Varun is working as a Security Engineer in the Application Consulting and Engineering (ACE) Team. His team is responsible for application performance, security and privacy engineering at Microsoft. He is also the winner of the Microsoft Security Shootout Contest, a unique Microsoft India initiative to promote the concept of writing secure code amongst Indian developers. You can read his blog at http://blogs.msdn.com/varun_sharma

   ^

 

Umesh Nagori India

  Umesh Nagori
Designation: Vice President
Organization: Net-Square Solutions Pvt. Ltd.
Topic: The future of automated web application testing
Topic Details:  Security testing of the web application is most critical and demand of automated web application auditing tools is increasing day by day. From last few years, web applications are getting too complex and rich, and automated web application testing tools are facing many changelings like obfuscation of response code, java script based form submission, custom error pages, etc. In this presentation, we'll talk about how entire web technology evolves from web 1.0 to 2.0, what are the traditional
methods of web application analysis, what techniques web applications developers use to defeat automated tool and what techniques automated tools use to penetrate web applications. We'll also speak about web 2.0 architecture; automated testing methodology for web 2.0 applications, challenges and limitations.
 

Speaker-Bio:  Umesh is currently, heading Business Development and Professional Services for the IT Security Practices at Net-Square. Umesh also provides information security consulting services and trainings to Net-Square clients, specializing in Web hacking and security. He brings more than 12 years of experience in the Information
Technology. Right from the software development, he has played key roles in various other areas of Information Technologies like system administration and network management, system analysis, training, project management. He has over 9 years of experience with web application development, application and system security architecture, network architecture, security consulting, security training.

 

 
ClubHack | Legal |Contact