There are total 4 workshops planned

  1. Cloud Security, Forensic & Investigation – Manu Zacharia

    Cloud is loud. It is the omnipresent topic that is widely covered and discussed in every sphere of digital world. Information and services that were once local and in-house are now going cloud. Cloud revolution has taken over the digital industry and we see a large number of critical and sensitive information migrating to the new cloud horizon.

    Most of the users are migrating to cloud without taking into consideration the attached risk. Unfortunately, anecdotal evidence suggests that most of the cloud customers and users are cloud-novice and are unaware of the threats associated with their critical information assets. Apart from the attack on cloud infrastructure, a large number of cyber attacks are originated and launched from cloud based systems.

    This paper attempts to look into some the security challenges associated with cloud based services. The paper also describes some of the challenges associated with cloud forensics and concludes by highlighting some of the standards, guidelines and best practices for cloud security.

  2. Web application security testing, beyond XSS & SQLi – Karmendra Kohli Co-founder, SecurEyes

    A. Revisiting ABC’s of applications, architectures and more (30 minutes)
    – HTTP basics
    – Session Management Basics
    – Client & Server side scripting languages – where do they fit in?
    – HTTP basics
    – Session Management Basics
    – Myth Busters
    – Building and Application Security Mindset
    – Arms and Ammunition – Tools & Attacks

    B. The disease, root-cause and vaccination – Attacks in 24 minutes (2 Hours)
    – SQL Injection
    – Cross Site Scripting
    – Cross Site Request Forgery
    – Insecure Direct Object Reference
    – Session based attacks
    – HTTP Verb Tampering
    – Privilege Escalation
    – HTTP Response Splitting
    – SSL based attacks
    – HTTP Parameter Pollution

    C. Protection Measures – Preventive Dose of application security (30 minutes)
    – Penetration Testing for the uninitiated

  3. Metaplsoit-tation – NULL Pune

    Overview
    The Metasploit is very popular is open-source exploitation framework designed to help research, development, and testing of exploits. This course will start from basic of Metasploit , dive into the some important features and end with exploit development using Metasploit framework. Attendees will learn how use this framework in every aspect of penetration testing.

    Course outline for workshop.
    1. Metasploit Basics
    2. Metasploit Auxiliary
    3. Exploit automation
    4. Client side exploit
    5. Post exploitation fun
    6. Exploit development

    Prerequisites
    # Basic understanding of exploitation techniques i.e. Buffer overflows.
    # Basic knowledge of at least one programming language and networking.

    Attendees must bring
    # One laptop with at least 2GB Ram with vmplayer/vmware server/workstation installed

  4. Malcon Workshop – Symbian malware creation & Analysis – Atul Alex

    Module 1: Reverse Engineering Walkthrough

    * Assembly Language Introduction
    * Processor-Architecture.
    * Registers
    * Memory Layout.
    * Stack & its operations.
    * Assembly language Syntax.
    * Concept of Functions, loops in Assembly.
    * Flag register & Flow-control Instructions.

    Module 2 – Introduction to WIN32 Programming.

    * What is Win32 Programming?
    * Concept of PE File-Format.
    * Concept of Dynamic Linking.
    * Windows Flat-Memory Model.
    * Common Dll’s & Win32 functions.
    * Introduction to Debugging.

    Module 3 – Malware “Concept” Introduction

    * Introduction to Malwares
    * Various types of malwares & the differences between them.
    * Introduction to Infection Concepts.
    * Common malware Coding Techniques.
    * Introduction to Exe Packers/Protectors.

    Module 4 – Malware Analysis

    * Introduction to Malware Analysis
    * Setting up the System for Malware Analysis.
    * Passive Analysis through Disassembly.
    * Step-by-Step Live analysis of Malware.
    * Reversing the Code.

Register for workshops here