ClubHack2012

ClubHack when started in 2007, dreamt that people in India will wake up and start thinking information security seriously. We even decided our motto as “Making Security a Common Sense”. After 5 long years, today we witness a lot of action around the country in this field, media as well as working professionals are actually looking towards security seriously.

Waking up to an extent that today we see 5-6 similar events in India on the same line. Hence we have now decided to confer the task of rest of the awakening to them and start a new journey.

ClubHack2012 onwards, we will concentrate our energies in empowering innovation & leadership development. Having loved our domain so much, we’d continue to do this in the domain of information security only.

And that coins our new motto line

“Empowering Innovation & Leadership in Information Security”

Keynote by Alok Vijayant, NTRO, PMO

Director of The National Technical Research Organization (NTRO) – India’s premier apex scientific organization under the National Security Advisor in the Prime Minister’s Office. It was set up in 2004 and also includes the National Institute of Cryptology Research and Development (NICRD), which is first of its kind in Asia.

 

 

 

 

 

Come join us in ClubHack2012 to feel the pulse…

read more

Speakers

Ajin Abraham

Ajin Abraham is an Information Security Researcher currently doing his B-Tech in Computer Science. He is the creator of Xenotix XSS Exploit Framework. He had published different whitepapers and tools in the scope of Information Security. He is the administrator of Kerala Cyber Force, a website dedicated to promote free Information Security education (http://www.keralacyberforce.in). He had disclosed vulnerabilities in different websites. He is one among the top 10 in Chakravyuh 2012, India’s Biggest Ethical Hacking Competetion. His area of interest includes web application penetration testing, coding tools, exploit development and fuzzing.Hacking Competetion

Falgun Rathod

Falgun Rathod,21 year old, is one of the countries pioneer Information Security & Cyber Crime Consultant. Falgun has solved number of complex cyber crime cases and has also played an instrumental role in creating awareness about information security and cyber crimes. He has been assisting many agencies & companies and conducted numerous workshops and seminars in the Colleges about Information Security and Ethical Hacking. He is also the member of OWASP (open web application security project), invited member at ICTTF (International Cyber Threat Task Force) and CSFI (Cyber Security Forum Initiative).
He has also given his dedication and research work to the Entrepreneurship and Management field also consulted many of the companies for Successful Business Plan, Business and competitive Intelligence as well Marketing Strategies. Falgun is also the Founder & Managing Director of Cyber Octet Pvt. Ltd. Training and Consultancy based in Ahmadabad.

Lavakumar Kuppan

Lavakumar is the author of IronWASP, the advanced Web Security Testing Platform. He has also authored multiple other security tools like ‘Shell of the Future’, JS-Recon, Imposter and the HTLM5 based Distributed Computing System – Ravan. As a security researcher he has discovered several novel attacks that include a sandbox bypass on Flash Player, WAF bypass technique using HTTP Parameter Pollution, multiple HTML5 attacks and a CSRF protection bypass technique using CickJacking & HPP which was voted by peers and experts as the 5th best ‘web security hack’ of 2010. His works have been covered by leading media portals including the Forbes. All his research and tools are available at the Attack and Defense Labs website. He also maintains the HTML5 Security Resources Repository website. He has spoken at multiple conferences like BlackHat, OWASP AppSec Asia, SecurityByte, ClubHack, NullCon etc on topics ranging from browser exploitation to HTML5 Security. He is also the recipient of the nullcon Black Shield Luminaire award.

Madhav Limaye


Currently Madhav is working as Senior Technical Specialist with one of the leading software company. Earlier to this, he had been in the Technical Leader capacity for the product reporting on Network Vulnerability for all type of IP Devices and Operating Systems; while working with one of the leading security company. During this period, Madhav has analyzed many Microsoft Security Bulletins to generate data input points for the product.

Raman Gupta

I am working in TCS as Information Security consultant and has 2.9 yr experience. My work area includes vulnerability assessment, penetration testing and Secure configuration of network. I am interested in reverse engineering and exploit writing.

Ritambhara Agrawal

Ritambhara Agrawal is the founder and Managing Partner at Intelligere, an international law firm headquarted in Noida, India, with offshores offices in US and UK. Intelligere specializes in all the domains of legal services, including corporate commercial law, IPR, international trade and technology laws. Ritambhara is having significant & diverse transactional experience including mergers & acquisitions, joint ventures, foreign collaborations, IP protection, cyber law and technology law issues. 
Ritambhara is working as a legal advisor to reputed multinational companies in negotiating and finalizing various business and commercial arrangements, market entry strategy, IP protection and enforcement strategies and international trade laws.

Ritambhara is also a noted speaker and has addressed various seminars on varied topics, including “Copyright and Open Source Licensing”, “Commercialization of IP for SMEs”, “Legal Issues in Cloud Computing”, “Legal Issues for Start-ups”, “Legal Issues during Funding” and other. She is also actively involved in writing articles and news items and has written on various topics including, Corporate Law, Trademarks, Patents, Copyright, Entrepreneurship, Entry Strategies for Indian Market in various magazines and online publications.

Sandeep Kamble


Sandeep Kamble ( [S] ) is working as an information security researcher for Parason INC.

He has responsibly disclosed vulnerabilities/Bugs to Google,Yahoo,Twitter,Dropbox,Cloudflare.

His work could be found at www.garage4hackers.com

Satish Bommisetty

Information Security Professional with 6 years of experience in Penetration testing of web applications and mobile applications. Passionate about iPhone hacking and knowledge sharing. Found vulnerabilities in Facebook.

Sivamurthy Hiremath


I received BE(computer Science & Engineering) from PDA College of Engineering Gulbarga in Karnataka State and ME(computer Engineering) from PICT Pune affiliated to Pune University in Maharastra State. I am having total academic and research experiences of 15 years and taught for the Graduate (BE/B.Tech) and Post Graduate degree (ME/MTech) courses in Engineering and External examiners of BE/B.Tech/ME/M.Tech at Pune University, Defence Institute of Advanced Technology (Deemed University under DRDO, Govt. of India) etc. and Resource Person for ISTE/AICTE STTP/Faculty Development Programme/Guest of Honour at Various Engineering colleges. I am presently serving as a Asst.Professor in Department of Computer Science at National Defence Academy and Ex-Visiting Professor at Defence Institute of Advanced Technology (DRDO, Govt. of India ), Girinagar, Pune (MS) India for teaching to Armed Forces Officers, DRDO Scientist and Civilians for MTech(computer Engineering),MTech(Signal Processing and Communication)  programme. Handling various Board Proceedings in the level of Presiding Officer, Technical Members, Academic Syllabus revision, Passing out Parade duties(POP),Scrutiny Team  of JNU Results as a Member ,OICs of Educational Tours and Organiser of National Conference   etc.  I chaired as Judge IEEE Bombay Chapter for National Conference/Projects of Engineering Students and Technical Events.

Subodh Belgi

Subodh is a techno-strategist with a unique combination of security technology expertise coupled with critical analytical skillsand business focus. He has a proven track record of 15+ years in Information security strategy, research, consulting, enterprise security products & solutions. Subodh is passionate about empowering individuals and organizations to meet their information security challenges through mentoring, innovative solutions and advisory services. Currently, he is Vice President & Chief Security Evangelist at MIEL e-Security Pvt. Ltd. a leading Indian company specializing in Information Security Education, Consulting, Products & Services.  Previously, Subodh held various positions at Enterprise Security Division of Symantec Corporation for 11+ years, where he was responsible for Research, Strategy and Solution Architecture for number of Security products.
Subodh has extensive experience interacting with enterprise security clients including Fortune 500 companies and government agencies. He is regarded as trusted partner and advisor by CxO’s of several multi-national companies. In his advisory role he closely interacts with many medium and large enterprise customers from Chemical, Manufacturing, Pharmaceutical, Energy, Banking & Finance, Retail, Telecom, Automobile industries. Subodh holds Bachelor’s Degree in Industrial Control Systems and Masters in Electrical Engineering. He also has to his credit several reputed industry certifications including CISSP, CISA, CISM, CRISC, CSSLP and ISO27001.  He is active member of several international industry associations and a regular speaker at national/international conferences. He is also part of international committee (ISO/IEC) drafting cyber-security standards for Industrial Automation & Control Systems.

Vandan Joshi

  • Associate consultant at SecurEyes Techno Services Ltd
  • MBA in Networks and IT Infrastructure
  • Interested in all n solve of Information Security

Vishal Kalro

Information Security Professional with close to 6 years of experience in Information Security domain. Vishal holds a Master’s degree in Telecommunication from RMIT University, Melbourne Australia and a Bachelor’s degree in Electronics Engineering from Mumbai University. He is a CISSP, CISA, PCI-DSS ISA, and CCSK. As an active contributor to ClubHack he has authored articles on Cloud Computing, Social Engineering, Wireless Security and Measuring WAN Performance.

Vishal is an enthusiastic traveler and tries to make a good use of his time exploring new places and trying local cuisine. He enjoys Badminton and runs to keep himself fit.

Dinesh Shetty


Dinesh Shetty is currently working as a Principle researcher in the Code review and Mobile Security Services team at Paladion Networks, and has performed Web & Mobile Application Audits, Penetration Testing and Vulnerability Assessments for many high profiled clients and wrote many articles for multiple InfoSec Magazines and international journals with Packet Storm, Exploit-DB, and PenTest Magazine among others. He has found flaws in leading Web and Mobile-based financial applications and helped the respective organizations fix those vulnerabilities.

As a core member of Mobile Application Security Testing Team at Paladion he has developed Paladion’s Android, iOS and BlackBerry GrayBox and Code review checklists and has trained 70+ engineers to find flaws in Mobile Applications. He has designed and created open source projects including Paladion’s InsecureBank Application and ScriptDroid, which is Advance Android and iOS Source code review tool.

He is a Certified Ethical Hacker, Certified Hacking Forensic Investigator and an IBM Certified AppScan Specialist amongst many of his certifications and has spoken and taken trainings at leading National and International conferences like OWASP AsiaPac2012 -
Sydney, National Institute of Bank Management – India, Quest Knowledge center and multiple organizations among others.

Ashish Rao


Ashish Rao is a Senior Security Consultant at Paladion Networks Pvt. Ltd. He has a good application development background and is an expert in performing secure code reviews for J2EE and ASP.Net applications. He has reviewed many complex multi-tiered web and standalone applications of different frameworks and programming languages. He has authored articles and blogs about secure coding and security best practices. He has also worked closely with development teams across the globe and has helped them to secure applications at the design and architecture level.

He also has the working knowledge of many static code analysis tools and has contributed immensely to enhance Paladion’s automated review capabilities by writing various easy-to-use code review scripts. Other than secure code reviews, he possesses extensive knowledge regarding Penetration Tests and Vulnerability Assessment projects, and has conducted various internal and external trainings for Paladion. He had recently presented in OWASP India 2012 on Advanced Code Review.

Ketan Vyas


Ketan is working with Tata Consultancy Services

Tamaghna Basu

Tamaghna Basu, OSCP, GCIH, RHCE, CEH, ECSA is a security researcher at heart and has been his main areas of research include Web app security and network pen-testing, exploit development, incident handling and cyber forensic. Being a software developer earlier, he worked in java, .net, ruby etc. and various domains like finance, insurance, gaming etc. He was the winner of NULLCON 2010′s hacking challenge.

He is a SANS certified trainer/mentor for the course – “Sec 504: Hacker Techniques, Exploits and Incident Handling”. He also presented in other security conferences like OWASP, NULLCON, C0C0N, ISACA etc. Being a core member of NULL security community, he facilitates Chennai/Bangalore NULL Chapter, a frequent speaker of NULL and OWASP meets, conducted multiple hacking workshops in NULL HUMLA, Bangalore. He is an active member of security communities like in-honeynet, NAISG, DSCI, Clubhack etc. He also contributed to security magazines like Clubhack and ISACA journal. He has achieved various other certifications like Cyber Crime Investigation, Diploma in Cyber Law etc.

Akash Mahajan

Akash is a Certified Ethical Hacker with more than 8 years of experience in Application and Network Security. Before becoming an expert security consultant he was a technical lead for one of the leading American commercial security software companies specializing in end point security. He started in security working on web infrastructure for the government of India.

Along with his day job Akash is heavily involved in the wider global security community, ranging from contributing signatures for malware detection to Emerging Threats, a US DoD funded group of volunteers, to being one of the founders of null The Open Security Group, India’s foremost non-profit computer security organizations. null is very involved in providing expert security advice to companies, organizations and even the government of India.

When not working or advising you’ll find Akash speaking at industry conferences on all things computer security related. Recently ISRO invited Akash to give a talk at Computing Technology for Space 2011 conference. Forbes India featured him in their ‘Ask The Insider’ column on hackers in August 2010. He won the pre nullcon Hack Challenge in 2010.

Aditya Gupta

Aditya Gupta is the co-founder of XY Securities, an information security firm based in India. He is responsible for leading the penetration testing and application security assessments in his work at XYSEC. His main expertise includes Exploiting Web Applications, Evading Firewalls, Breaking Mobile Security and Exploit Research. He has also discovered much serious vulnerability in websites such as Google, Apple, Microsoft, Skype, Adobe, and a variety of other major software technologies. Aditya has worked on many Android security projects and has been a frequent speaker to many conferences including Clubhack, Nullcon, The Hackers Conference, Defcon India Chapter, ToorCon and many more.

Subho Halder


Subho Halder is Programmer, Security Researcher and Penetration Tester. He is well equipped with programming in PHP, Java and Python. He is well equipped and has a deep understanding of Android and Blackberry frameworks.

Thomas Kurian Ambattu


Thomas Kurian Ambattu CRISC, ISLA – 2011 (ISC) ² is an information security consultant with Wings2i IT Solutions.Thomas is passionate about information security and his areas of interest include Human Impact Management, information security awareness and behavior. He is based in Bangalore India. Thomas was honored with the prestigious ISLA (Information Security Leadership Achievement) award by (ISC) ² for 2011.

read more

Registrations

Tickets for events of ClubHack 2012 can be registered from links below.

Day 2 & Day 3: 1st & 2nd December 2012

Day 2 and Day 3 will consist of  Technical Briefings which are open for all via registrations.

Each Ticket will cost Rs. 3500

Base Price – Rs. 3500
Early Bird Offer – Till November 8th, 2012 – Rs.3000 (Closed)

Bulk discount: 5+ tickets at Rs.2500 each

For students, we have special discount of Rs.1000 for all all technical briefings. ***Please note that student will have to bring their ‘Current Year’s’ college ID proof to participate in event.

Student Price: Rs.2500

Click here to register for Technical Briefings

 

Day 1 & Day 4: 30th November & 3rd December 2012

Day1 & 4 of ClubHack 2012 is divided into 5 workshops.

On Day 1, 30th November 2012, pre-conference workshop will contain 2 workshops

  1. Workshop by Dinesh Shetty & Ahish Rao – Securing Mobile applications – Exploits Demystified and Solutions Simplified

On Day4, 3rd December, post conference workshop will contain 3 workshops

  1. Workshop by Tamaghna basu & Akash Mahajan – Hackers Vs. Developers
  2. Workshop by Ketan Vyas – Putting application security maturity models in practice

Each Ticket will cost:- Rs.10000
Early Bird Offer – Till 8th November, 2012 – Rs.9000 (Closed)

Bulk discount:

3-4 tickets at Rs.8000 each

5+ tickets at Rs.7000 each

Click here to register for Workshops

 

 

IMPORTANT: Workshops will be running in parallel at a time so please see schedule before choosing topics & buying tickets. If registrations for workshop is less than 5, workshop will be cancelled. Register on-line to avail discounts. Discounts will NOT be available for on-spot registrations

——————————————————————————————————————

* Ticketing agency will charge Rs. 15/- per ticket as the ticketing fees.

read more

Schedule

Time(in hrs) Night 0 Day 1 – Nov 30 Day 2 – Dec 1 Day 3 – Dec 2 Day 4 – Dec 3
09 -10 Hacknight & Amiworks Registrations
1000-1030 Workshop 1 – Securing Mobile applications – Exploits Demystified and Solutions Simplified Intro Delay Due to Marathon Workshop 2 – Putting application security maturity models in practice Workshop 3 – Hackers Vs. Developers
1030-1100 Keynote – Alok Vijayant Talk – 5
1100-1130 Talk – 6
1130-1200 BREAK
1200-1230 Panel Discussion Talk – 7
1230-1300 Talk – 8
1300-1330 LUNCH
1330-1400
1400-1430 Dinesh Shetty & Ashish Rao Talk – 1 Talk – 9 Ketan Vyas Tamaghna Basu and Akash Mahajan
1430-1500 Talk – 2 Talk – 10
1500-1530 Talk – 3 Talk – 11
1530-1600 Talk – 4 Talk – 12
1600-1630 BREAK
1630-1700 Surprise Tool Launch Talk – 13
1700-1730 Talk – 14
1730-1800 Talk – 15


Talk 01 – Critical Infrastructure Security (Subodh belgi).

Talk 02 – Infrastructure Security (Sivamurthy Hiremath).

Talk 03 – Smart Grid Security (Falgun Rathod).

Talk 04 – Legal Nuances to the Cloud (Ritambhara Agrawal).

Talk 05 – Hacking and Securing iOS applications (Satish Bommisetty).

Talk 06 – HAWAS – Hybrid Analyzer for Web Application Security (Lavakumar Kuppan).

Talk 07 – The difference between the “Reality” and “Feeling” of Security: Information Security and the Human Being (Thomas Kurian).

Talk 08 – FatCat Web Based SQL Injector (Sandeep Kamble).

Talk 09 – HackNight Report Presentation

Talk 10 – Detecting and Exploiting XSS with Xenotix XSS Exploit Framework (Ajin Ibrahim).

Talk 11 – Anatomy of a Responsible Disclosure – Zero Day Vulnerability in Oracle BI Publisher (Vishal Kalro).

Talk 12 – Stand Close to Me, & You’re pwned! : Owning SmartPhones using NFC (Aditya Gupta & Subho Halder).

Talk 13 – XSSshell (Vandan Joshi).

Talk 14 – Content-Type attack -Dark hole in the secure environment (Raman Gupta).

Talk 15 – Real Time Event Recording System, the tool for Digital Forensics Investigation (Madhav Limaye).


Workshop 1 – Securing Mobile Applications (Dinesh Shetty & Ashish Rao).

Workshop 2 – Putting Application Security Maturity Models in Practice (Ketan Vyas).

Workshop 3 – Hackers Vs. Developer (Tamaghna Basu & Akash Mahajan).

read more