Workshops


Track 1

Scenario Based Hacking a.k.a How Professional Hackers really Hack
(Vivek Ramachandran)

Most of corporate and enterprise security is driven by compliance and checklists, rather than a desire to truly secure their network and applications. Unfortunately, for most companies hackers don’t follow these checklists and continue to break in with an “anything goes” mantra In recent times, we have seen large multinational companies, government agencies etc. all being hacked and defamed ruthlessly by hackers around the globe including prominent groups like Anonymous and Lulzsec among others. This workshop will demystify the different tools and techniques used by these professional hackers to break into organizations and steal data. We will take up numerous case studies of different hacks in the recent past and show you how the actual attack was done – not just on slides but with actual practical demos.

This workshop aims to bridge the gap between conventional pentesting techniques and blackhat hacking techniques. We will force you to think like a malicious hacker and teaches you how to pentest and break into secure environments, which have fully patched operating systems and programs. We will focus on a “scenario centric” approach rather than relying on a “tool centric” one.

If you are a CIO or CISO, this workshop will help you understand real world threats out there and how even the best firewalls, AVs and other solutions may not be able to protect you from harm’s way.

Only attend if you are prepared to “Free your Mind” 🙂

A non-exhaustive list of topics include:

  • Breaking into Enterprises using Client side attacks
  • Bypassing network based IDS/IPS
  • Bypassing host based Anti-Viruses
  • Browser Attacks – DNS, Rogue CAs, SSL attacks
  • Custom Trojans and Malware
  • Rooting Web, Database and Storage servers via the web
  • Post Exploitation and Local/Network wide Privilege escalation
  • Breaking in via DMZ – Pivoting, Pass-the-Hash and Port Forwarding
  • Automated and Custom USB attacks
  • Advanced wireless attacks – SSL MITM, Windows 7 Rogue APs, Local Bridging
  • Exploit research with Fuzzing
  • Write exploits for Windows and Linux
  • Reverse engineering binaries to find attack vectors
  • Anti-Forensics techniques – network and host
  • Wiping Logs and obfuscating origin of attack

Track 2

Hacker vs. Developer (Fighting the good fight)  (K.V.Prashant) (Akash Mahajan)

Topics:

1. Security requirement gathering:

  • Case study to show case how security requirements is gathered.
  • Hands on case study for each participant.

2.  Security Architecture definition: – Building security architecture around security requirement
case study.

3.  Threat modeling: Building a threat model around above developed architecture using Microsoft
threat modeling methodology and tools

4.  Secure coding Java/ .Net/PHP: – tips on secure coding in Java, .Net and PHP. Candidates will be
provided secure coding guidelines/checklist for Java, .Net and PHP.

5.  Security code review: – Hands-on manual and tool based secure code review, show casing tools
like CAT.net, codescan from Blueinfy and Armorize code secure. A sample application will be
used for hands practice for each participant on code secure.

6.  Security Testing: – Hands on manual and tool based security testing. A sample application will
used for hands-on. Tools like Paros, Webscarab, SSLDigger and Acunetix will be used for hands-
on. Participant will get testing cheat sheets for major vulnerabilities.

Note: Commercial tools will be used for demo purposes only and we will not be promoting any tool.

Pre-requisite: Anyone with software development/ Quality/ IT knowledge

Tools covered:  Armorize code secure, Acunetix, Paros, Web scarab, codescan, etc..

Who should attend?
IT professionals, developers, testing, quality professionals and anyone who wants to know what
application security is all about.

 

 

Comments are closed.