XOR Conference 2015, an International Security conference was held from 17th Oct. to 18th Oct in Kochi, was sponsored by Cyber security and Privacy Foundation(CSPF).
The event started with the two training sessions. One was on Web App Security and Exploitation by Ajin Abraham, Francis Alexander, and another one on Hardware\IOT security and Exploitation by Yashin Mehaboobe. Both the training session aimed at educating the attendees about the possible threats and how to deal with them.
The next day is followed by numerous talks and discussion session by various security researchers.
Santhosh Kumar, a Security researcher tabled a talk on the topic “Windows Management Instrumentation – A Frontdoor For Malwares!”. It was an introduction to WMI and demonstrate the various ways that WMI can be used as an attacker’s swiss army knife, how malware authors are using this to leverage their exploits, how the present day tools can be used and how to protect against these type of attacks.
Arjun T.Unnikrishnan, an Undergraduate from Amritha University talked on Radare2, which provides a framework to effectively perform binary tasks with least amount of busy work.
Kunal Relan, a Security Researcher from Aarvee Idealabs discussed on Pentest Ninja, an extension for Firefox Desktop Browse, which is a semi-automated SQLi injection Takeover Tool. It turns on like a sidebar and can test web applications on the go with live view.
Rahul Sasi, Founder & CTO of CloudSek, talked on anonymous topics, whereas security researcher from Citrix Systems, Riyaz Walikar, talked about various methods of obtaining administrator privileges in a Windows environment, and another researcher Rakesh Paruchuri presented his presentation on Return Oriented Programming.
Abhinav Mishra, a Senior Security Consultant in To The New Digital, presented his paper which deals with the security mechanism that some of the newest online retailers apply, the technology they rely upon and obviously the ways to hack all this. This research paper focus on understanding the whole online payment process and the vulnerabilities associated with them.
Anto Joseph, a Security Engineer in Citrix R&D, focused on various attacks/attack vectors and how to exploit vulnerabilities in Android based devices.