ClubHack when started in 2007, dreamt that people in India will wake up and start thinking information security seriously. We even decided our motto as “Making Security a Common Sense”. After 5 long years, today we witness a lot of action around the country in this field, media as well as working professionals are actually looking towards security seriously.
Waking up to an extent that today we see 5-6 similar events in India on the same line. Hence we have now decided to confer the task of rest of the awakening to them and start a new journey.
ClubHack2012 onwards, we will concentrate our energies in empowering innovation & leadership development. Having loved our domain so much, we’d continue to do this in the domain of information security only.
And that coins our new motto line
“Empowering Innovation & Leadership in Information Security”
Keynote by Alok Vijayant, NTRO, PMO
Director of The National Technical Research Organization (NTRO) – India’s premier apex scientific organization under the National Security Advisor in the Prime Minister’s Office. It was set up in 2004 and also includes the National Institute of Cryptology Research and Development (NICRD), which is first of its kind in Asia.
Come join us in ClubHack2012 to feel the pulse…read more
Ajin Abraham is an Information Security Researcher currently doing his B-Tech in Computer Science. He is the creator of Xenotix XSS Exploit Framework. He had published different whitepapers and tools in the scope of Information Security. He is the administrator of Kerala Cyber Force, a website dedicated to promote free Information Security education (http://www.keralacyberforce.in). He had disclosed vulnerabilities in different websites. He is one among the top 10 in Chakravyuh 2012, India’s Biggest Ethical Hacking Competetion. His area of interest includes web application penetration testing, coding tools, exploit development and fuzzing.Hacking Competetion
Falgun Rathod,21 year old, is one of the countries pioneer Information Security & Cyber Crime Consultant. Falgun has solved number of complex cyber crime cases and has also played an instrumental role in creating awareness about information security and cyber crimes. He has been assisting many agencies & companies and conducted numerous workshops and seminars in the Colleges about Information Security and Ethical Hacking. He is also the member of OWASP (open web application security project), invited member at ICTTF (International Cyber Threat Task Force) and CSFI (Cyber Security Forum Initiative).
Lavakumar is the author of IronWASP, the advanced Web Security Testing Platform. He has also authored multiple other security tools like ‘Shell of the Future’, JS-Recon, Imposter and the HTLM5 based Distributed Computing System – Ravan. As a security researcher he has discovered several novel attacks that include a sandbox bypass on Flash Player, WAF bypass technique using HTTP Parameter Pollution, multiple HTML5 attacks and a CSRF protection bypass technique using CickJacking & HPP which was voted by peers and experts as the 5th best ‘web security hack’ of 2010. His works have been covered by leading media portals including the Forbes. All his research and tools are available at the Attack and Defense Labs website. He also maintains the HTML5 Security Resources Repository website. He has spoken at multiple conferences like BlackHat, OWASP AppSec Asia, SecurityByte, ClubHack, NullCon etc on topics ranging from browser exploitation to HTML5 Security. He is also the recipient of the nullcon Black Shield Luminaire award.
I am working in TCS as Information Security consultant and has 2.9 yr experience. My work area includes vulnerability assessment, penetration testing and Secure configuration of network. I am interested in reverse engineering and exploit writing.
Ritambhara Agrawal is the founder and Managing Partner at Intelligere, an international law firm headquarted in Noida, India, with offshores offices in US and UK. Intelligere specializes in all the domains of legal services, including corporate commercial law, IPR, international trade and technology laws. Ritambhara is having significant & diverse transactional experience including mergers & acquisitions, joint ventures, foreign collaborations, IP protection, cyber law and technology law issues. Ritambhara is working as a legal advisor to reputed multinational companies in negotiating and finalizing various business and commercial arrangements, market entry strategy, IP protection and enforcement strategies and international trade laws.
Ritambhara is also a noted speaker and has addressed various seminars on varied topics, including “Copyright and Open Source Licensing”, “Commercialization of IP for SMEs”, “Legal Issues in Cloud Computing”, “Legal Issues for Start-ups”, “Legal Issues during Funding” and other. She is also actively involved in writing articles and news items and has written on various topics including, Corporate Law, Trademarks, Patents, Copyright, Entrepreneurship, Entry Strategies for Indian Market in various magazines and online publications.
He has responsibly disclosed vulnerabilities/Bugs to Google,Yahoo,Twitter,Dropbox,Cloudflare.
His work could be found at www.garage4hackers.com
Information Security Professional with 6 years of experience in Penetration testing of web applications and mobile applications. Passionate about iPhone hacking and knowledge sharing. Found vulnerabilities in Facebook.
Subodh is a techno-strategist with a unique combination of security technology expertise coupled with critical analytical skillsand business focus. He has a proven track record of 15+ years in Information security strategy, research, consulting, enterprise security products & solutions. Subodh is passionate about empowering individuals and organizations to meet their information security challenges through mentoring, innovative solutions and advisory services. Currently, he is Vice President & Chief Security Evangelist at MIEL e-Security Pvt. Ltd. a leading Indian company specializing in Information Security Education, Consulting, Products & Services. Previously, Subodh held various positions at Enterprise Security Division of Symantec Corporation for 11+ years, where he was responsible for Research, Strategy and Solution Architecture for number of Security products.
Information Security Professional with close to 6 years of experience in Information Security domain. Vishal holds a Master’s degree in Telecommunication from RMIT University, Melbourne Australia and a Bachelor’s degree in Electronics Engineering from Mumbai University. He is a CISSP, CISA, PCI-DSS ISA, and CCSK. As an active contributor to ClubHack he has authored articles on Cloud Computing, Social Engineering, Wireless Security and Measuring WAN Performance.
Vishal is an enthusiastic traveler and tries to make a good use of his time exploring new places and trying local cuisine. He enjoys Badminton and runs to keep himself fit.
As a core member of Mobile Application Security Testing Team at Paladion he has developed Paladion’s Android, iOS and BlackBerry GrayBox and Code review checklists and has trained 70+ engineers to find flaws in Mobile Applications. He has designed and created open source projects including Paladion’s InsecureBank Application and ScriptDroid, which is Advance Android and iOS Source code review tool.
He is a Certified Ethical Hacker, Certified Hacking Forensic Investigator and an IBM Certified AppScan Specialist amongst many of his certifications and has spoken and taken trainings at leading National and International conferences like OWASP AsiaPac2012 –
He also has the working knowledge of many static code analysis tools and has contributed immensely to enhance Paladion’s automated review capabilities by writing various easy-to-use code review scripts. Other than secure code reviews, he possesses extensive knowledge regarding Penetration Tests and Vulnerability Assessment projects, and has conducted various internal and external trainings for Paladion. He had recently presented in OWASP India 2012 on Advanced Code Review.
Tamaghna Basu, OSCP, GCIH, RHCE, CEH, ECSA is a security researcher at heart and has been his main areas of research include Web app security and network pen-testing, exploit development, incident handling and cyber forensic. Being a software developer earlier, he worked in java, .net, ruby etc. and various domains like finance, insurance, gaming etc. He was the winner of NULLCON 2010′s hacking challenge.
He is a SANS certified trainer/mentor for the course – “Sec 504: Hacker Techniques, Exploits and Incident Handling”. He also presented in other security conferences like OWASP, NULLCON, C0C0N, ISACA etc. Being a core member of NULL security community, he facilitates Chennai/Bangalore NULL Chapter, a frequent speaker of NULL and OWASP meets, conducted multiple hacking workshops in NULL HUMLA, Bangalore. He is an active member of security communities like in-honeynet, NAISG, DSCI, Clubhack etc. He also contributed to security magazines like Clubhack and ISACA journal. He has achieved various other certifications like Cyber Crime Investigation, Diploma in Cyber Law etc.
Akash is a Certified Ethical Hacker with more than 8 years of experience in Application and Network Security. Before becoming an expert security consultant he was a technical lead for one of the leading American commercial security software companies specializing in end point security. He started in security working on web infrastructure for the government of India.
Along with his day job Akash is heavily involved in the wider global security community, ranging from contributing signatures for malware detection to Emerging Threats, a US DoD funded group of volunteers, to being one of the founders of null The Open Security Group, India’s foremost non-profit computer security organizations. null is very involved in providing expert security advice to companies, organizations and even the government of India.
When not working or advising you’ll find Akash speaking at industry conferences on all things computer security related. Recently ISRO invited Akash to give a talk at Computing Technology for Space 2011 conference. Forbes India featured him in their ‘Ask The Insider’ column on hackers in August 2010. He won the pre nullcon Hack Challenge in 2010.
Aditya Gupta is the co-founder of XY Securities, an information security firm based in India. He is responsible for leading the penetration testing and application security assessments in his work at XYSEC. His main expertise includes Exploiting Web Applications, Evading Firewalls, Breaking Mobile Security and Exploit Research. He has also discovered much serious vulnerability in websites such as Google, Apple, Microsoft, Skype, Adobe, and a variety of other major software technologies. Aditya has worked on many Android security projects and has been a frequent speaker to many conferences including Clubhack, Nullcon, The Hackers Conference, Defcon India Chapter, ToorCon and many more.
Thomas Kurian Ambattu
Tickets for events of ClubHack 2012 can be registered from links below.
Day 2 & Day 3: 1st & 2nd December 2012
Day 2 and Day 3 will consist of Technical Briefings which are open for all via registrations.
Each Ticket will cost Rs. 3500
Base Price – Rs. 3500
Early Bird Offer – Till November 8th, 2012 – Rs.3000 (Closed)
Bulk discount: 5+ tickets at Rs.2500 each
For students, we have special discount of Rs.1000 for all all technical briefings. ***Please note that student will have to bring their ‘Current Year’s’ college ID proof to participate in event.
Student Price: Rs.2500
Day 1 & Day 4: 30th November & 3rd December 2012
Day1 & 4 of ClubHack 2012 is divided into 5 workshops.
On Day 1, 30th November 2012, pre-conference workshop will contain 2 workshops
- Workshop by Dinesh Shetty & Ahish Rao – Securing Mobile applications – Exploits Demystified and Solutions Simplified
On Day4, 3rd December, post conference workshop will contain 3 workshops
- Workshop by Tamaghna basu & Akash Mahajan – Hackers Vs. Developers
- Workshop by Ketan Vyas – Putting application security maturity models in practice
Each Ticket will cost:- Rs.10000
Early Bird Offer – Till 8th November, 2012 – Rs.9000 (Closed)
3-4 tickets at Rs.8000 each
5+ tickets at Rs.7000 each
IMPORTANT: Workshops will be running in parallel at a time so please see schedule before choosing topics & buying tickets. If registrations for workshop is less than 5, workshop will be cancelled. Register on-line to avail discounts. Discounts will NOT be available for on-spot registrations
* Ticketing agency will charge Rs. 15/- per ticket as the ticketing fees.read more
|Time(in hrs)||Night 0||Day 1 – Nov 30||Day 2 – Dec 1||Day 3 – Dec 2||Day 4 – Dec 3|
|09 -10||Hacknight & Amiworks||Registrations|
|1000-1030||Workshop 1 – Securing Mobile applications – Exploits Demystified and Solutions Simplified||Intro||Delay Due to Marathon||Workshop 2 – Putting application security maturity models in practice||Workshop 3 – Hackers Vs. Developers|
|1030-1100||Keynote – Alok Vijayant||Talk – 5|
|1100-1130||Talk – 6|
|1200-1230||Panel Discussion||Talk – 7|
|1230-1300||Talk – 8|
|1400-1430||Dinesh Shetty & Ashish Rao||Talk – 1||Talk – 9||Ketan Vyas||Tamaghna Basu and Akash Mahajan|
|1430-1500||Talk – 2||Talk – 10|
|1500-1530||Talk – 3||Talk – 11|
|1530-1600||Talk – 4||Talk – 12|
|1630-1700||Surprise Tool Launch||Talk – 13|
|1700-1730||Talk – 14|
|1730-1800||Talk – 15|
Talk 01 – Critical Infrastructure Security (Subodh belgi).
Talk 02 – Infrastructure Security (Sivamurthy Hiremath).
Talk 03 – Smart Grid Security (Falgun Rathod).
Talk 04 – Legal Nuances to the Cloud (Ritambhara Agrawal).
Talk 05 – Hacking and Securing iOS applications (Satish Bommisetty).
Talk 06 – HAWAS – Hybrid Analyzer for Web Application Security (Lavakumar Kuppan).
Talk 07 – The difference between the “Reality” and “Feeling” of Security: Information Security and the Human Being (Thomas Kurian).
Talk 08 – FatCat Web Based SQL Injector (Sandeep Kamble).
Talk 09 – HackNight Report Presentation
Talk 10 – Detecting and Exploiting XSS with Xenotix XSS Exploit Framework (Ajin Ibrahim).
Talk 11 – Anatomy of a Responsible Disclosure – Zero Day Vulnerability in Oracle BI Publisher (Vishal Kalro).
Talk 12 – Stand Close to Me, & You’re pwned! : Owning SmartPhones using NFC (Aditya Gupta & Subho Halder).
Talk 13 – XSSshell (Vandan Joshi).
Talk 14 – Content-Type attack -Dark hole in the secure environment (Raman Gupta).
Talk 15 – Real Time Event Recording System, the tool for Digital Forensics Investigation (Madhav Limaye).
Workshop 1 – Securing Mobile Applications (Dinesh Shetty & Ashish Rao).
Workshop 2 – Putting Application Security Maturity Models in Practice (Ketan Vyas).
Workshop 3 – Hackers Vs. Developer (Tamaghna Basu & Akash Mahajan).