Nullcon international security conference 2014

Recently we all witnessed this season of NULLCON unfold, NULLCON, which is India’s biggest Security Conference that happens in Goa every year, this year it was held on 14th of Feb, and its tagline being ”Spread Love, Not Malware”.

This year’s Nullcon International Conference was filled with speakers from across the Globe with various interesting papers that were presented. This year’s Nullcon did see some of the upcoming talents of Indian Cyber Space.

The event started off with a bang with the Night Talks on 13th night which was followed by a Grand Party. The evening part of the talks even had “Black Shield Award” segment which brought out the eminent personalities being awarded the Black Shield Award. The Achievers List of Black Shield is as follows:


The day talks started on 14th morning and went on till 15th evening. This year’s Nullcon’s talks featured various well known Security Researchers such as Rahul Sasi, Alexander Polyakov, LavaKumar Kuppan, Vivek Ramachandran, Saumil Shah and many more. And as Nullcon always tries to bring out the budding talents from India, this time we did have upcoming talents from Indian Infosec Community such as Yahin Mehboobe, Ankita Gupta, Abhay Rana and many more.

One of the major paparazzi grabber this time was the Ultra Geeky nullcon2014 hardware badge that was developed by Indian researchers “Amay Gat” and “Umesh Jawalikar”.

One of the new things that was seen this time at Nullcon was the NULLCON AMMO which showcased some of the coolest, geekiest opensource tools developed by young Indian Researchers and Developers.

The tools found at Nullcon Ammo were:
  • OWTF (The Offensive Web Testing Framework) – By: Abharam Aranguren & Bhardwaj Machhiraju.
  • NoSQL Exploitation Framework – By: Francis Alexander.
  • XML Chor – By: Harshal Jamdade.
  • Drup Snipe - By: Sukesh Reddy and Ranjeet Senger.
  • OWASP Xenotix XSS Exploitation Framework – By: Ajin Abharam
And there were plenty of other tools too that got featured this time at Nullcon Ammo event.

Overall this season of Nullcon was filled with more geekness , fun, party and awesome feast of Information and Knowledge for Infosec Enthusiasts. It was really more exciting than the previous season of Nullcon. The experience this time the hackers had was the best. For a Hacker , you can’t ask anything better than Nullcon. 

Defcon Kerala Information Security Meet 2014


DEFCON KERALA chapter is pleased to announce that the second edition of DEFCON Kerala 2014 will be held on March 8th at Hotel Travancore Court, Kochi. DEFCON Kerala (DC0497) is the first DEFCON Chapter in Kerala and is a DEFCON USA Registered group for promoting and demonstrating research and development in the field of Information Security. We are a group of Information Security Enthusiasts actively interested in promoting information security.

Whether you are an information security expert, researcher or newbie in the field of information security, we have the right events to satisfy your appetite. This year DEFCON Kerala bring you a host of events which include.

KEYNOTE SESSION
N. Vinayakumaran Nair, Assistant Commissioner, Hi-Tech Cell, Kerala Police

TECHNICAL TALKS
Be there with us to hear from the experts who are at the forefront of information security research. This year we have about 12 Technical Talks that demonstrate Information Security Research in various fields.

  • WI-Hawk - Anamika Singh, Product Specialist
  • Android Security and Mobile OS Security in General - Anto Joseph, Technical Consultant
  • Compromising a DB via the XSS Vulnerability. XSS + Metasploit + Social Engineering -Fadli B. Sidek&VikneshwaranVeeran, Security Consultants
  • Security through Obscurity No More Alive - Gaurav Raj Anand, Independent Researcher
  • XMLChor-XPATH Injection exploitation - HarshalJaiprakashJamdade, Security Researcher
  • Interactive Web Security Testing with IronWASP- Lavakumar, Founder IronWASP
  • Windows 8 Forensics - Nikhalesh Singh Bhadoria, Information Security Researcher
  • DrupSnipe: Vulnerability Scanner for live Drupal powered website - Ranjeet Singh Sengar and Sukesh Reddy, Security Researchers
  • Securing the Web-Native Bridge in Hybrid Mobile Apps - Sachinraj Shetty, Application Security Manager
  • Android Forensics and Security Analysis - Santhosh Kumar, Independent Security Researcher.
  • To be announced - Francis Alexander, Security Researcher, OpenSecurity
  • HackSpace Workshop - YashinMehaboobe, Security Researcher, OpenSecurity

HACKSPACE-Free Hardware hacking workshop


HackSpace is a free and interactive hands on workshop on hardware hacking. It'll cover everything from basic microcontroller programming to hardware based attacks. Workshop will start with basic programming fundamentals. This will serve as a base for the rest of the class. Attendees will be introduced to various boards such as the Raspberry Pi, various Arduino boards as well as boards such as the MSP430 Launchpad.

The course will include fundamentals of bus protocols such as UART,I2C and SPI and how they are used. This will all be covered from an HackSpace is a free and interactive hands on workshop on hardware hacking. It'll cover everything from basic microcontroller programming to hardware based attacks. Workshop will start with basic programming fundamentals. This will serve as a base for the rest of the class. Attendees will be introduced to various boards such as the Raspberry Pi, various Arduino boards as well as boards such as the MSP430 Launchpad. The course will include fundamentals of bus protocols such as UART,I2C and SPI and how they are used. This will all be covered from an InfoSec perspective. Attendees will learn how to utilize the boards for penetration testing and security research.

DEFKTHON CTF
DEFKTHON CTF is DEFCON Kerala's trademark CTF. This is a jeopardy style CTF with challenges categorized into Recon, Reversing, Web, Crypto and Miscellaneous. The CTF is open to all and will be online on March 3rd 9.00 IST and will run till March 4th 21.00 IST. Stay tuned to http://ctf.defconkerala.com/


BEST SPEAKER AWARD

Cyber Security and Privacy Foundation(CSPF) will award the best speaker a grant of Rs.10,000. The Speakers will be judged by a Committee including Team DEFCON Kerala and an honorable member form CSPF. Delegates can contribute 50% to this selection process.

Top 5 reasons to attend DEFCON KERALA 2014
Access to cutting edge Technical Talks.
Access to Hack Space, the Hardware Hacking workshop.
Certificate of Participation.
Slides, Tools or Materials provided by the Speaker.
A niche networking platform.


Entry Pass: Rs.1100
Student Pass: Rs.800 (with discount code)
DISCOUNT CODE: STUDENT_14
Complimentary food coupons for all attendees.

Visit: www.defconkerala.com
Register Here: http://defconkerala.com/registration.html

DEFCON Kerala 2014: Call For Papers is Open Now


DEFCON Kerala (DC0497) is a DEFCON USA Registered group for promoting information Security Research. We arrange up an environment of Hackers, Developers, Security Analysts, Security Enthusiasts, and the Corporate Security Stake holders before you.

Defcon Kerala is a platform for Security Researchers, both professionals and students to present their technical research papers and their creativity related to “Computer Security”. Defcon Kerala will be a stepping stone for professionals, beginners, and students by providing a starting point to advance their knowledge and skillsets.

Topic of Interest
  • New Security Tools
  • New Exploits Vulnerabilities and Zero Days
  • Cyber Forensics
  • Lock Picking & Physical Security exploitation
  • Web Application & Network Security
  • Antivirus/IDS/Firewall/filter evasion techniques
  • Social Engineering
  • Browser Exploitation
  • Mobile Application Security and Exploitation
  • Wireless Security
  • Denial of Service Attacks
  • Hardware Hacking/ SCADA Hacking
  • Honeypots
  • Encryption and Cryptography 
  • Fuzzing and Exploitation 
  • Open Source Security 
  • Anonymity in Internet
  • Carding and Black Market Analysis

NOTE: These are just some sample topics. You can send any topics related to Information Security.

Submission Format
Send your papers to cfp@defconkerala.com

Follow the format given below:
Name:
Designation:
Mobile:
Twitter Handle:
Brief Biography:
Paper Title:
Paper Abstract:
Publishing any Tools/Vulnerabilities/Zero Days (YES/NO, If Yes Specify the details):
Any Additional Requirements:
Attach a face photo shot to be published in the website.

IMPORTANT
Presentation Time: 30 mins

Speaker Benefits
  • Complimentary Pass to the Event
  • Certificate of Speaking
  • Food Coupons

Important Dates
CFP is open: 25th December 2013
CFP Submission Deadline: 10th February 2014
Complete set of Speakers will be published: 20th February 2014
Defcon Kerala Meet 2014 Scheduled on: 8th March 2014

Frequently visit our website for notifications and changes.
Stay tuned to www.defconkerala.com

DefCamp 2013 : International hacking and information security conference in Romania

 

Between 29-30th of November, Crystal Palace Ballroom, Bucharest is hosting the fourth edition of one of the most hypnotizing events on hacking & INFOSEC in Romania and South-Eastern Europe - DefCamp. The list of special guests contains big names, such as Raoul Chiesa, founder and president of The Security Brokers and Carsten Eiram, Chief Research Officer at Risk Base Security.

The conference that will take place this fall will engage participants in discussions about how to travel for free with Bucharest Public Transit (RATB and Metrorex), hijacking control of your car, hacker profiling, 0days, PRISM, mobile security problems, DDOS, networking, P2P networks, D&D APT’s, social engineering, camera surveillance, metasploit, header analysis, application security research, NSA, Snowden, privacy concerns, credit cards, Romanian Internet scanning, networking, P2P networks, SSL ripper lock picking, copyrights, Romanian laws, secure system administration with key industry specialists from Romania and abroad holding presentations.
 
The conference will also include a series of hands-on activities such as DCTF (DefCamp Capture the Flag), App2Own, Hack The Machine and Spot The Cop, rewarded with prizes.

Keynote presentations will be held by our special guests:
  •  Raoul "Nobody" Chiesa, president of The Security Brokers
  •  Carsten Eiram, Chief Research Officer at Risk Base Security.
  • The awesomeness is powered up by:
  •   Kizz MyAnthia, Senior Penetration Tester – Shadowlabs at HP Enterprise Security
  •  Nathan LaFollette “httphacker”, Senior Security Consultant – Shadowlabs at HP Fortify
  •  Nir Valtman, R&D Chief Security Officer at Retalix
  •  Robert Knapp, Co-Founder & CEO CyberGhost SRL
  •  Milan Gabor, CEO at Viris
  •  Adrian Furtuna, Security Consultant at KPMG Romania
  •  Bogdan Alecu, System Administrator at Levi9 and one of DefCamp's traditional speakers
  •  Alex Negrea, Co-founder at docTrackr.com
  •  Andrei Costin, PhD student with EURECOM & Co-Founder/Lead-Researcher at Firmware.RE
  •  Ionut Popescu, Security Consultant at KPMG
  •  Dan Catalin Vasile, Board Member of OWASP Romania
  •  Brindusa Stefan Cristian, Lead-Developer at RogentOS GNU/Linux
  •  Radu Stanescu, IT Security Consultant & Trainer Sandline
  •  Bogdan Manolea, legi-internet.ro
  •  Bogdan-Ioan Şuta, Independent Security Researcher.

“We have awaited the 48 hours of DefCamp 2013 since the closing moment of the last edition. It is hypnotizing to exchange ideas, to compete, to expand your knowledge and to meet people who you know only from the virtual world. I wish I could also participate to fully enjoy these moments!", said Andrei Avădănei, founder and coordinator of the Defcamp conference in a press release.

DefCamp managed, in just 4 editions, to be the most awaited conference in the entire information security and hacking scene in Eastern Europe. It's the perfect time to join and feel the vibes.

For more details you can access our website or contact us directly at contact@defcamp.ro.  Don't forget to sign up! European students pay only 50% of the ticket!

Defcon Kerala 2013 - Call for papers


Defcon Kerala (DC0497) is a Defcon USA Registered group for promoting and demonstrating research and development in the field of Information Security. We are a group of Information Security Enthusiasts. Defcon Kerala is a platform for students, professionals, geeks, and nerds to present there technical research papers and show case their skills. Speakers are invited to present papers on various information security related research topics before the delegates and interact them.

Some Topics of Interest:

Disclosure of new Hacking Tools

New Vulnerabilities and Zero Day Exploits

Cyber Forensics

Lock picking & physical security exploitation

Web Application & Network Security

Antivirus/IDS/Firewall/filter evasion techniques

Social Engineering

Metasploit Framework

Web Browser Exploitation

Mobile Application Security and Exploitation

Wireless Security

Denial of Service Attacks

Hardware Hacking/ SCADA Hacking

Honeypots

Fuzzing Techniques

Open Source Security

Cyber Laws, Cyber warfare, Cyber Ethics

Anonymity in Internet

Carding and Black Market Analysis

NOTE: These are just some sample topics. You can send any topics related to Information Security.

Paper Submission Details

Please send your papers to this email


Follow the format given below:

=========================================================

Author Name:

Mobile:

Brief Biography:

Paper Title:

Paper Abstract:

Paper Outline:

Publishing/Disclosing any Tools/Vulnerabilities/Zero Days (YES/NO):

Any Additional Requirements:

=========================================================

NOTE: Paper should be submitted in PDF, DOC, DOCX, or ODF Format. Presentation should not exceed 25mins. If your paper is selected then you will be notified soon and you should register for a Speaker Pass.

Register

Buy your speaker pass for Defcon Kerala 2013 Meet

Please Register only after you get a notification by email that your paper is selected.

Click here => REGISTER

Important Dates

Call For Papers is open: 13th January 2013

Call For Paper submission Deadline: 1st April 2013

Defcon Kerala Meet 2013 Scheduled on: 21st April 2013


Hacking & Security Conference ClubHack 2012 to start from November 30, 2012


India’s first & renowned hacking conference ClubHack 2012 is going to start from November 30th, 2012 in Pune. Venue for the ClubHack 2012 is The Hotel O which is located on north main road in Koregaon Park in Pune.

ClubHack 2012 is four day conference which will be featuring 15 technical briefings, 4 workshops & Hacknight. Workshops are divided as pre conference & post conference which will allow geeks 7 professionals to attend more than one workshop.

On first day of event (November 30) pre conference workshops & Hacknight are scheduled. Powershell for hackers by Nikhil Mittal & Securing Mobile applications – Exploits Demystified and Solutions Simplified by Dinesh Shetty & Ashish Rao are scheduled as pre conference workshops. Hacknight will be conducted at Amiworks Pvt. Ltd. on Senapati Bapat road at Pune. It will be start from 7pm of Nov 30th to 8am of Dec 1st. Hacknight is a complete night-out of making new products/plugins/modules/scripts, etc. With Hacknight hackers, developers will get a chance to work on project they always wanted to.

Event will be inaugurated on December 1st & ClubHack will launch a surprise tool. Later on technical briefings will start till December 2nd evening. Topics for technical briefings containing infrastructure security, smart grid security, legal nuances to cloud, hacking & securing iOS apps, information security, hacking using NFC into smart phones, content type attacks, demonstration of tools like Hybrid Analyzer for Web Application Security (HAWAS), XSS Shell, FatCat & real time recording system.

On last day of ClubHack 2012, post conference workshops will be conducted. Workshops are Putting application security maturity models in practice by Ketan Vyas & Hackers vs. Developers by K.V.Prashant & Akash Mahajan.

ClubHack 2012 is powered by leading IT security Solutions Company - Quick Heal, global cyber intelligence firm – iSight Partners & Computer Society of India. Media partners for event are The Hacker News (internationally recognized news source), ISACA (Information Systems Audit and Control Association) & eHacking News (Information Security News portal).

Registrations for event are open till midnight before the workshops & technical briefings scheduled dates. On the spot registration facility is also provided. You can register to event by visiting this link
 http://www.clubhack.com/2012/registrations

Detailed Schedule:

Day 1, November 30th, 2012:
  • Pre conference workshops - Powershell for hackers by Nikhil Mittal & Securing Mobile applications – Exploits Demystified and Solutions Simplified by Dinesh Shetty & Ashish Rao
  • Hacknight at Amiworks, Pune
Day 2, December 1st, 2012:
  • Inauguration, Keynote
  • Special tool Launch by ClubHack team
  • Technical Briefings
Day 3, December 2nd, 2012:
  • Technical Briefings
Day 4, December 3rd, 2012: 
  • Post conference workshop - Putting application security maturity models in practice by Ketan Vyas & Hackers vs. Developers by K.V.Prashant & Akash Mahajan.

Venue:
The Hotel O.
North Main Road, Koregaon Park,
Pune, India

Registrations open for India's Pioneer Hackers Conference - ClubHack 2012

Carrying reputation of being India's first and best hacking & network security event, Team ClubHack proudly bringing the 6th edition of ClubHack Hacking and Security Conference with more exciting activities. Registrations for technical briefings, Hacknight & workshops have been opened on 1st November 2012 & also announced the early bird discount for registrations upto November 8th, 2012. ClubHack 2012 will be featuring secure development thought 12 technical briefings & 5 workshops.

ClubHack 2012 is highly technical conference with 2 days of Technical Briefings and 2 days of hand-on training workshops. Event includes a specialized hands-on training workshop for Network Admins, DBAs, Developers, Researchers, Architects, Govt. Agencies, Auditors and Students. ClubHack2012 is loaded with more number of talks, more workshops and a special event HackNight. ClubHack has always thought of the community and is still the most cost effective yet biggest security event of the country.

For the first time ClubHack have introduced new event for hackers & developers - HackNight in ClubHack2012 which is a complete night-out of making new products/plugins/modules/scripts, etc. With HackNight hackers, developers will get a chance to work on project they always wanted to. It will be a night where actual hackers spend time not to “break” into someone but to “make” something interesting and the best part, get a chance to present the same to the audience of ClubHack. You will get detailed information about HackNight here

http://www.clubhack.com/2012/event/hacknight

There are benefits of attending the 4 days conference: Attendees can meet directly with people from industry, geeks, entrepreneurs etc. & talk with them. Businessmen can achieve multiple lead generations from opportunities from corporate & government. People can do business development and partner recruitment while sharing thoughts and opinions about market. Meet with other vendors as well as open source projects to generate business development and product innovation opportunities. Also another good advantage is that people working in industry can earn lot of CPE credits!

ClubHack2012 has 4 specialized workshops:-
  • Hackers vs. Developers by K.V.Prashant & Akash Mahajan
  • Securing Mobile applications by Dinesh Shetty & Ashish Rao
  • Managing Application Security by Ketan Vyas
  • PowerShell for Hackers by Nikhil Mittal
You will get detailed information about workshops here http://www.clubhack.com/2012/event/workshops

Topics for technical briefings are listed below:
  • Detecting and Exploiting XSS with Xenotix XSS Exploit Framework by Ajin Abraham
  • Smart Grid Security by Falgun Rathod
  • HAWAS – Hybrid Analyzer for Web Application Security by Lavakumar Kuppan
  • Real Time Event Recording System, the tool for Digital Forensics Investigation by Madhav Limaye
  • Content-Type attack -Dark hole in the secure environment by Raman Gupta
  • Legal Nuances to the Cloud by Ritambhara Agrawal
  • FatCat Web Based SQL Injector by Sandeep Kamble
  • Hacking and Securing iOS applications by Satish Bommisetty
  • Infrastructure Security by Sivamurthy Hiremath
  • Critical Infrastructure Security by Subodh Belgi
  • XSSshell by Vandan Joshi
  • Anatomy of a Responsible Disclosure – Zero Day Vulnerability in Oracle BI Publisher by Vishal Kalro
  • Stand Close to Me, & You’re pwned! : Owning SmartPhones using NFC by Aditya Gupta & Subho Halder
  • The difference between the “Reality” and “Feeling” of Security: Information Security and the Human Being by Anup Narayanan & Thomas Kurian
Who should attend:-
  • Chief Technology Officers,
  • Chief Security Officers,
  • Network Administrators, DBAs,
  • Security Researchers and Practitioners,
  • System and network architects and designers,
  • Business analysts, auditors & technical educations students and
  • Anyone who is interested in information security.

You can get detailed information about technical briefings here
http://www.clubhack.com/2012/event/technical-briefings/

To register for event please click here




ClubHack 2012 scheduled to happen on 30th Nov, 1st, 2nd & 3rd of December


clubhack 2012

The 6th edition of ClubHack has been scheduled to happen on 30th Nov, 1st, 2nd & 3rd of December 2012. The list of events includes Hack Night, Keynote sessions, Technical talks, Workshops, CTF.

Hack Night: A night where actual hackers spend time not to “break” into someone but to “make” something interesting.

ClubHack2012 presents 5 separate workshops that includes 'Securing Mobile applications – Exploits Demystified and Solutions Simplified', 'Managing Application Security', 'PowerShell for Hackers', 'Hackers vs. Developers', 'Advanced Pentesting Techniques'.

There is 12 technical briefings.
  • Detecting and Exploiting XSS with Xenotix XSS Exploit Framework (Ajin Abraham)
  • Smart Grid Security (Falgun Rathod)
  • HAWAS – Hybrid Analyzer for Web Application Security (Lavakumar Kuppan)
  • Real Time Event Recording System, the tool for Digital Forensics Investigation (Madhav Limaye)
  • Content-Type attack -Dark hole in the secure environment (Raman Gupta)
  • Legal Nuances to the Cloud (Ritambhara Agrawal)
  • FatCat Web Based SQL Injector (Sandeep Kamble)
  • Hacking and Securing iOS applications (Satish Bommisetty)
  • Infrastructure Security (Sivamurthy Hiremath)
  • Critical Infrastructure Security (Subodh Belgi)
  • XSSshell (Vandan Joshi)
  • Anatomy of a Responsible Disclosure – Zero Day Vulnerability in Oracle BI Publisher (Vishal Kalro)
If you register before November 8, you will get early bird discount. The registration details can be found here.

nullcon security conference Delhi 2012 Highlights/Agenda


We at nullcon feel proud to be at the forefront of the IT Security arena in the Asian IT Industry. With the fourth event in the row, we continue to deliver the latest and responsible vulnerability disclosures and their mitigation solutions which help organizations take proactive and timely protective measures to safeguard their critical data and assets.

nullcon Delhi is being held on 26 - 29 Sept 2012 at The Leela Kempinski, Gurgoan.

Highlights

1. Day one keynote by CEO Natgrid,Mr. Raghu Raman. Talk Title: Battle of the Minds

2. Day two keynote by Global Security Evangelist and renowned speaker. Mr. Richard Thieme. Talk Title: Staring into the Abyss.

3. Security Conclave on Critical Infrastructure Protection: Focused Panel discussion of 90 minutes with participation from Govt. and corporate. Expert panelists from PSUs (Public Sector Undertaking) and large private organizations to create the road map for the protection standard and processes. This year's theme is Critical Infrastructure Protection and will be focused on organizations managing and developing critical infrastructure and organizations offering solutions and risk consulting on the same.

4. Executive Briefing: Exclusive two hours sub-event for senior management and the CIO’s to present summarized content of conference talks/events.

5. Prototype sub-event: An excellent opportunity/platform for organization to speak/showcase/present (30 Min Talk) new innovative security technologies to the conference attendees to attract industry recognition and to promote their brand.

6. 20+ Exhibitors from security industry.

7. 20+ presentations by security experts on ground breaking defensive and offensive security technologies.

8. Seven security Training by industry experts on deep technical and critical security sbjects.

9. Null Job fair for hiring the best in the security industry.

10. Attendees from varied Industry verticals.

11. Supported by Microsoft (MSRC USA), Praxeva, SANS and Hacker5.

12. Some of the exhibitors include WatchGuard, Symantec, Microsoft, Praxeva, SANS, JNR, Search Lab, Innobuzz, ACPL, LFY, Payatu

nullcon Delhi is a must attend for all those who share an interest in IT security. It is our endeavor to be continually delivering the best in IT Security. For more details please visit http://nullcon.net.

Pre-con registration is closing on 31st August. FREE Registration for Exhibition and Job Fair.

Group discount available. For offline registration, kindly drop an email to register@nullcon.net

Tools released at Defcon can crack widely used PPTP encryption in under a day

Security researchers released two tools at the Defcon security conference which can be used to crack the encryption of any PPTP (Point-to-Point Tunneling Protocol) as well as WPA2-Enterprise (Wireless Protected Access) sessions which use MS-CHAPv2 for authentication.


MS-CHAPv2 is an authentication protocol created by Microsoft and introduced in Windows NT 4.0 SP4. Despite its age, it is still used as the primary authentication mechanism by most PPTP virtual private network (VPN) clients.

ChapCrack can take captured network traffic that contains a MS-CHAPv2 network handshake (PPTP VPN or WPA2 Enterprise handshake) and reduce the handshake's security to a single DES (Data Encryption Standard) key.


This DES key can then be submitted to CloudCracker.com -- a commercial online password cracking service that runs on a special FPGA cracking box developed by David Hulton of Pico Computing -- where it will be decrypted in under a day.


The CloudCracker output can then be used with ChapCrack to decrypt an entire session captured with WireShark or other similar network sniffing tools.


PPTP is commonly used by small and medium-size businesses -- large corporations use other VPN technologies like those provided by Cisco -- and it's also widely used by personal VPN service providers, Marlinspike said.


The researcher gave the example of IPredator, a VPN service from the creators of The Pirate Bay, which is marketed as a solution to evade ISP tracking, but only supports PPTP.


Marlinspike's advice to businesses and VPN providers was to stop using PPTP and switch to other technologies like IPsec or OpenVPN. Companies with wireless network deployments that use WPA2 Enterprise security with MS-CHAPv2 authentication should also switch to an alternative.

Keith Alexander, NSA Chief, asks hackers to make internet more secure

National Security Agency Director Gen. Keith Alexander, also the head of the U.S. Cyber Command, took the unprecedented step on Friday of asking a convention of unruly hackers to join him in an effort to make the Internet more secure.

In a speech to the 20th annual Def Con gathering in Las Vegas, four-star General Keith Alexander stressed common ground between U.S. officials and hackers, telling them privacy must be preserved and that they could help by developing new tools.

"You're going to have to come in and help us," Alexander told thousands of attendees.

The conference founder, Jeff Moss, known in hacking circles as the Dark Tangent, told the conference he had invited Alexander, who rarely gives speeches, because he wanted them to learn about one of the world's "spookiest, least known" organisations.

Attendees were respectful and gave modest applause, though several said they were concerned about secret government snooping and the failure of authorities thus far to stop foreign-backed attacks.

"Americans pay taxes so that federal agencies can defend them," said a researcher who asked not to be named. "I see it as a hard sell asking a business entity to spend money for the common good."

Alexander won points by wearing the hacker "uniform" of jeans and a tee shirt, wandering the halls and praising specific hacking efforts, including intrusion detection tools and advances in cryptology.

He also confronted civil liberties concerns that are a major issue for many researchers devoted to the internet.

Taking questions screened by Moss, Alexander denied that the NSA had dossiers on millions of Americans, as some former employees have suggested.

"The people who would say we are doing that should know better," he said. "That is absolute nonsense."

Alexander used the speech to lobby for a cyber security bill moving through the Senate that would make it easier for companies under attack to share information with the government and each other as well as give critical infrastructure owners some reward for adhering to future security standards.

"Both parties see this as a significant problem," he said, adding that the experts like those at Def Con should help in the process. "What are the standards that we should jointly set that critical networks should have?"

In addition to conducting electronic intelligence gathering, primarily overseas, the defence-department-controlled NSA is charged with protecting the American army from cyber-attacks.

Increasingly, it has been sharing its findings with the FBI to aid in criminal cases and with the department of homeland security, which warns specific industries of new threats.

Displaying a slide with the logos of several dozen of companies breached by criminals or spies in the past two years, Alexander said only the most competent even knew they had been hacked.

"There are 10 times, almost 100 times more companies that don't know they have been hacked," he said.

14th July 2012 null Bangalore Monthly Meetup

null meetup on Saturday 14th July 2012 starting at 09:30 AM. No registrations, no fees, just come with
an open mind :)

The Bangalore meet, as usual, is divided into 2 parts, the monthly
talks and the Training on Reverse Engineering. The Reverse Engineering
training will start at 12:30 PM by the SecurityXploded/Garage4Hackers
team.

The schedule for this months meet is as outlined below:

  • 09:30 - 10:10: Hands on Web Application Security: Mutillidae -
  • Vulnerable Web App - Satish
  • 10:10 - 10:25: Introductions
  • 10:25 - 11:05: Burpsuite for Beginners - Saran
  • 11:05 - 11:20: Networking
  • 11:20 - 12:00: Basics of IDS/IPS - Pravin
  • 12:00 - 12:20: Feedback & Topic discussion for next monthly meet
  • 12:20 - 12:30: Break
  • 12:30 - 01:50: Advanced Malware Analysis - Monnappa

VENUE DETAILS
Kieon, 3rd Floor, 302 Prestige Sigma,
3 Vittal Mallya Road,
Bangalore 560001
Opposite Bishop Cottons Girls School, Above Emirates Airlines office.
Map Location: http://g.co/maps/dahhv
Parking is available in the building. See you there.

Null Bangalore Meet Scheduled on 21st April 2012


Hi All,

We will have this month's null/OWASP/Garage4hackers/SecurityXploded Bangalore meetup on Saturday 21st April 2012 starting at 10.00 AM. No registrations, no fees, just come with an open mind :)

The Bangalore meet, as usual, is divided into 2 parts, the monthly talks and Training on Reverse Engineering. The Reverse Engineering training will start at 12:45 PM by the SecurityXploded/ Garage4Hackers team. The RE training for this month is completely hands-on and everyone is required to get their laptops fully charged for the exercises.

Also, we have a guest speaker from the US, Mr. Arshad Noor, who is also a speaker at the ongoing OWASP AppSec AsiaPac 2012, Sydney - Australia, who will be talking about RC3 - Regulatory Compliant Cloud Computing.

TALKS
1. Believe it or not SSL Attacks - Akash Mahajan
2. News Bytes - Satyendra
3. RC3 - Regulatory Compliant Cloud Computing - Arshad Noor

4. Practical Reversing & Unpacking Part 1 - Harsimran & Nagershwar


VENUE DETAILS
Kieon, 3rd Floor, 302 Prestige Sigma,
3 Vittal Mallya Road,
Bangalore 560001
Opposite Bishop Cottons Girls School, Above Emirates Airlines office.

Map Location: http://g.co/maps/dahhv

Parking is available in the building.

NB: As discussed in the last month's meet, we will have a basic 30 minute primer on Cross Site Request Forgery by Satish at 9:30 AM, before the main talks begin at 10:00 AM. All those who would be interested to learn, understand the basics of CSRF and to watch some cool demos are requested to be present at 9:30 AM.

Regards,
karniv0re

c0c0n 2012 - Call For Papers and Call For Workshops


c0c0n announced the Call for Papers and Call for Workshops for c0c0n 2012, a 3-day Security and Hacking Conference (1 day pre-conference workshop and 2 day conference), full of interesting presentations, talks and of course filled with fun!

The conference topics are divided into four domains as follows:
  • Info Sec - Technical
  • Info Sec - Management
  • Digital Forensics and Investigations
  • Cyber Laws and Governance.

We are expecting conference and workshop submissions on the following topics, but are not limited to:
  • New Vulnerabilities and Exploits/0-days
  • Open Source Security&Hacking Tools
  • Antivirus/Firewall/UTM Evasion Techniques
  •  Software Testing/Fuzzing
  •  Network and Router Hacking
  •  Malware analysis & Reverse Engineering
  •  Mobile Application Security-Threats and Exploits
  •  Advanced Penetration testing techniques
  •  Web Application Security & Hacking
  •  Browser Security
  •  Hacking virtualized environment
  •  WLAN and Bluetooth Security
  •  Lockpicking & physical security
  •  Honeypots/Honeynets
  •  Exploiting Layer 8/Social Engineering
  •  Cloud Security
  •  Critical Infrastructure & SCADA networks Security
  •  National Security & Cyber Warfare
  •  Cyber Forensics, Cyber Crime & Law Enforcement
  •  IT Auditing/Risk management and ISO 27001


CFP Review Committee:

0x01 - Armando Romeo
0x02 - Dinesh O Bareja
0x03 - Peter Giannoulis
0x04 - Simon Bennetts (a.k.a. Psiinon)
0x05 - Vahan Markarov

For more details about the Review Committee, visit - http://is-ra.org/c0c0n/cfp.html


Submission Guidelines:

Email your submission to: cfp [at] is-ra [dot]org
Email subject should be: CFP c0c0n2012 - <Paper Title>
Email Body:

Personal Information:


>> Speaker Name:
>> Job Role/Handle:
>> Company/Organization:
>> Country:
>> Email ID:
>> Contact Number:
>> Speaker Profile: (max 1000 words)

>> If there is additional speaker please mention it here following the above format.

Presentation Details:

>> Name/Title of the presentation:
>> Paper Abstract: (max 3000 words)
>> Presentation Time Required (20, 30, 50 Minutes)
>> Is there any demonstration? Yes or No
>> Are you releasing any new tool? Yes or No
>> Are you releasing any new exploit? Yes or No

Other Needs & Requirements:

>> Do you need any special equipment?
>> We will be providing 1 LCD projector feed, 2 screens, microphones, wired and/or wireless Internet.
>> If you have any other requirement, Please mention it here and the reason.

Remember these Dates!


>> CFP Opens: 16th Mar 2012
>> CFP Closing Date: 30th Apr 2012
>> Speakers list online: 21th May 2012
>> Workshop Dates: 02nd Aug 2012
>> Conference Dates: 03rd and 4th Aug 2012

*NOTE:* We should not promote vendor/product oriented submissions hence it will be rejected.


Speaker Benefits:


>> Complimentary Conference registration.
>> Complementary Accommodation for 2 nights.
>> Complementary conference passes.
>> Invitation to c0c0n-Blast (The Networking Lungi party).
>> Travel Reimbursement - The selected speaker will receive travel reimbursement, to the extent available with existing ISRA /conference funds.
>> Only one speaker will be eligible for the benefits in case there are two or more speakers for a talk.

Thanks and Regards,
-c0c0n Team-

Null Bangalore meeting scheduled on 10th March 2012


Null ,The Open Security Community scheduled the next Bangalore meeting on 10th March 2012 starting at 10.00AM.  As usual, there is no registrations ,no fees.

They divided the meeting into two parts , the first one is monthly talks and second one is Training on Reverse Engineering.  The Reverse Engineering training will start at 12:45 PM by the SecurityXploded/Garage4Hackers team.

Monthly talk covers News Bytes(Riyaz),Hack IM CTF part 2(Himanshu),Computer image acquistion(Nithin),Belive it or not SSL attacks(Akash), Reversing tools guide( swapnil).


VENUE DETAILS
Kieon, 3rd Floor, 302 Prestige Sigma,
3 Vittal Mallya Road,
Bangalore 560001
Opposite Bishop Cottons Girls School, Above Emirates Airlines office.

Map Location: http://g.co/maps/dahhv

Parking is available in the building.

Defcon Rajasthan(DC91141) - Invitation for the March 2012 Meet

Defcon Rajasthan invite all of you for our first meet which is going to held on 25th March 2012.

Defcon Rajasthan (DC91141) is a Defcon Registered group of people interested in exploring technology and it implications in security. It mostly consists of information assurance professionals and enthusiasts.

The main purpose of this group is to organize technical talks and hands on experience on topics of interest. While seasoned speakers will be invited to present for the initial several presentations. Our intention is to have local people with less experience present as well. This will allow younger professionals and researchers to get used to preparing a technical presentation and sharing it with an audience.

Why this meet ??

The main motivation behind this group is to have a place where technical people can discuss technical topics and problems and hopefully find solutions to them. There are multiple social groups of security professionals in the India but none of them seams to stick outside of the pub... so as a result, during one of those meetings, the idea was born and here it is...



[ Tickets for the Meet]

For General Public : 700 INR (Lunch Included)

For Students: 600 INR (Lunch Included)

Hotel Reservation is also available.

To book the tickets mail to rajasthan@defcon.co.in
or you can call us on +91-7597113236


[ Time of the Meet ]

On 25th March 2012

From 10 AM to 6 PM

Do make sure that your at the venue by 9:45 AM


[ Venue of the Meet ]

Royal Seminar Hall,

Near Bus Stand & Railway Station (Only 5 min walking distance from both Bus Stand and Railway Station)

Opposite Pink City Petrol Pump, Khasa Kothi Flyover,

M.I. Road, Jaipur, Rajasthan - 302001

Call for Paper - DEF CON Rajasthan March 2012 Meet

DEFCON Rajasthan invites unique and fresh research papers for March 2012 Jaipur Meet.

Defcon Rajasthan (DC91141) is a Defcon Registered group of people interested in exploring technology and it implications in security. It mostly consists of information assurance professionals and enthusiasts.

The main purpose of this group is to organize technical talks and hands on experience on topics of interest. While seasoned speakers will be invited to present for the initial several presentations. Our intention is to have local people with less experience present as well. This will allow younger professionals and researchers to get used to preparing a technical presentation and sharing it with an audience.



Paper shold be..
-> Paper should be of current subject and not more than 1 year old.
-> Papers can be on your own research with proof of concept.
-> Topics of interest includes everything related to Security.
-> Topics related to mobile security or any mobile operating system.
-> Any new methods of hacking or any 0day/tool disclosure.


Some of Example Topics are :-
  •  Wireless Security
  • Network Security
  •  Web Application Vulnerability
  •  Mobile Security
  • Cloud Computing
  •  Computer Forensics
  •  Cyber Laws
  •  Buffer Overflow
  • Reverse Engineering
  •  Exploits and 0day Vulnerability etc etc

** The above are just sample, the Paper can be of any topic related to security.

Your submission must contain the following information.
Please send your paper to rajasthan@defcon.co.in

1. Author name
2. Title of the Paper
3. Email Address
4. Mobile Number
5. Provide Supporting Materials for your paper in form of PDF or Links
6. Presentation Format must be in PDF for submission.

PS: Presentation should not exceed more than 20 minutes

—————————–
Further Information on Dates:
—————————–
Paper submission last date : 10 March 2012
Notification of paper Acceptance : 12 March 2012
Paper Presentation : 25 March 2012
Please send your paper to rajasthan@defcon.co.in

null Mumbai Meet on 26th, January, 2012 : Ethical Hackers Conference


null, an open security community for ethical hackers, scheduled Mumbai meet on 26th January,2012. There are NO FEES to attend the meet. Participation is OPEN TO ALL.

The agenda is as below:
  1. NTFS Forensics – Yogesh Khatri
  2. Threat Modelling – Shrikant Antre

Venue:
Sauron meeting room, First floor, Directiplex, Old Nagardas Road, Next to Andheri Subway, Andheri East
(Google Map Link: http://g.co/maps/5gt23)

Time:
11:00 AM – 1:00 PM

If you have any queries, then reach them at the following number: +91-9819643034

About null:
null is an open security community for ethical hackers, security professionals and security enthusiasts, born out of the need for:

Promoting advanced security research.
  • Spreading security awareness among the netizens.
  • A Centralized knowledge base for security related information.

It was founded by Aseem Jakhar in Jan 2008.

official site: http://null.co.in/

CarolinaCon-8 Scheduled on May 11th-13th 2012 , Call for Papers



CarolinaCon-8 Scheduled on May 11th-13th 2012 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions for the event.

If you are somewhat knowledgeable in any interesting field of hacking, technology, robotics, science, global thermonuclear war, etc. (but mostly hacking), and are interested in presenting at CarolinaCon-8, we cordially invite
you to submit your proposal. Please send;

- your name or handle/alias
- the presentation name/title
- a brief topic abstract (1-2 paragraphs)
- the estimated time-length of your presentation
- a brief bio (100% optional item, but if your talk is chosen it saves the time and trouble of asking for it later)

....via e-mail to:
speakers [at] carolinacon.org

The presentation submission coordinator is Zip. He will send you a receipt confirmation email at his first convenience.

*NOTE: All submissions are due BY March 1st, 2012. However...we may be making some early selections this year from
amongst the submissions, so please be timely in submission if you're committed to being part of the elite cadre of
chosen presenters. We value diversity so please don't hesitate to propose your ideas no matter how outlandish.

If you present at the Con, you will receive;

- free CarolinaCon admission for you and one guest
- one free CarolinaCon-8 t-shirt
- minimal fame, glory, and possibly even notoriety
- mad props and much love from our staff and attendees

SPONSORS and/or VENDORS:
We don't accept any, so please don't bother asking. Capitalism and philanthropic knowledge-sharing don't mix in our opinion. We keep our admission price to the bare minimum to cover our venue and equipment expenses. All of our staff
are volunteers who generously donate their time and energy. All of our presenters generously donate their time and talent. The only items sold at CarolinaCon are a limited quantity of single-design CarolinaCon t-shirts....and we only make and sell those because attendees and staff want them (and because they're cool).

ATTENDEES:
If you are interested in attending, watch this space for more details:
www.carolinacon.org
...and don't forget to mark the May 2012 dates on your calendar.

If you have any important (as in not-dumb and not-spam) inquiries about the event you can send email to:
info[at]carolinacon.org

We look forward to seeing you at our 2012 chill event.

Peace,
Vic

International Cyber Security Conference in London


An Internation cyber Security Conference has begun in London, 60 countries gathered to discuss about the Cyber Crime and Security. 

Experts attending the conference included EU digital supremo Neelie Kroes, Cisco's vice-president Brad Boston and Joanna Shields, a senior executive at Facebook.

Mr Hague led the opening session.

"The biggest threat to the internet is not cybercriminals, but misguided or overreaching government policy," Mr Hague said.

Ross Anderson, professor of security engineering at Cambridge University, said there had been a "great growth" in cybercrime over the past six years.

"As many as 5% of PCs are infected with malware - short for malicious software -  and there was a one in 20 risk that any given computer was sending spam without the owner's knowledge." Prof Anderson added.

UK Prime Minister David Cameron said, "We have to come together to tackle cyber crime... This costs the United Kingdom an estimated 27 billion pounds a year."