nullcon Goa 2017 - E Hacking News coverage


Nullcon Goa which took place between 3rd and 4th march has successfully brought together Hackers, CXOs, Security researchers, other persons who are interested in Information Security to share their research and discuss critical issues faced in the field.

nullcon Goa 2017 Highlights:

Day 1:

"Increasing your impact on Facebook Bug Bounty" by Jack Whitton explained in detail some of the statistics of their Bug Bounty Program. They also explained the difference between a good bug report and a bad one.Also what does not constitute as a bug.They also pointed out areas of facebook that need more testing.

In his talk about Nearly generic fuzzing of XML-based formats Nicolas Gregoire talked on his new XML fuzzer and how it is works. He also talked about how it was used to find vulnerabilities in Firefox , Adobe and many other popular tools. He also briefly talked about the next levels of testing he is gonna do on SVG. You can follow him here:

Drone Hijacking and other IoT hacking with GNU Radio and SDR by Arthur Garipov was very informative as he explained from the basics and showed the talk attendees on how to get stated with your own SDR setup for hacking. He also demonstrated hacking of a wireless mouse and drone by using a SDR.

Barbarians at the Gate(way) by Dave Lewis he talked about the latest happenings on the Internet and mainly focused on DDOS attack trends over the past year.

Christopher Truncer released 3.0 version of Veil Framework at nullcon- a tool designed to generate metasploit payloads that bypass common anti-virus solutions.

Daniel Bohannon showed how to do obfuscation in Powershell commands and how to detect them.





Day 2:
The keynote by Karsten Nohl titled "When enough is enough: The limits of desirable security." was very intresting to listen to. He talked about the mistakes that the security community is doing and if we are all concentrated on the wrong things when some basic issues have not yet been fixed.

In the talk on "Case study of SS7/Sigtran assessment" Akib Sayyed talked about how his team tested the SS7 networks and the vulnerabilities that were found. He also released a tool called "safeseven" that can be used to test SS7 networks.

Timur Yunusov gave a talk on ATM Security and different logical attacks that can be done against them. He explained how to bypass kiosk screens,boot into safemode's,use hardware attacks and much more.

Ajin Abraham talked on his latest project "Injecting Security into Web apps with Runtime Patching and Context Learning" .He talked about a new concept called RASP and explained its difference from a WAF.He also gave a live demo of the RASP he developed and how it blockes XSS,SQLI and RCE. He also talked about future ideas that he is going to implement to his tool.

Snippets from nullcon:

    * "Cyber security in India is growing rapidly." Josh Armour, Security Program Manager at Google says. "We are happy to be present at the nullcon conference"
   
    * Asif Baig, a Bug hunter who found security bugs in major companies and have been listed in many Hall of fames.
   
    * Yogendra Jaiswal, DIMT Raipur student, in interview with EHN told that he found Cross Site Scripting vulnerability in Linkedin and have participated in Bugcrowd's private hunt. He also said he found 2-Step authentication bypass in wordpress.com
   
    * Sushmil, from tesseract - a startup company, said they are developing a "Cyber Threat Intelligence" product that gathers information from multiple sources and helps client to prevent cyber attacks.
   
    * Vishwaraj Bhattari said he found bugs in top companies including Google, Facebook, twitter.


Presentation Slides:

 

nullcon Information Security Conference 8Bit, Goa 2017




nullcon‍ was founded in 2010 with the idea of providing an integrated platform for exchanging information on the latest attack vectors, zero day vulnerabilities and unknown threats. Our motto - "The neXt security thing!" drives the objective of the conference i.e. to discuss and showcase the future of information security and the next-generation of offensive and defensive security technology. The idea started as a gathering for researchers and organizations to brainstorm and demonstrate why the current technology is not sufficient and what should be the focus for the coming years pertaining to information security. In addition to security, one of the section of the conference called Desi Jugaad (Hindi for "Local Hack") is dedicated to hacking where we invite researchers who come up with innovative security/tech/non-tech solutions for solving real life challenges or taking up new initiatives.

The nullcon conference is a unique platform for security companies/evangelists to showcase their research and technology. Nullcon hosts Prototype, Exhibition, Trainings, Free Workshops, null Job Fair at the conference. It is an integrated and structured platform, which caters to the needs of IT Security industry at large in a comprehensive way.

The event consists of 25 speeches and 11 training sessions, which cover all major topics of IT security industry. The conference is created for security companies/enthusiasts so they can showcase the most up to date research and technology on the topic. The shared knowledge is usually used afterwords within the organizations. Moreover, we host ExhibitionFree WorkshopsCTF Hacking competitionsJob FairBlackShield Awards and other events at the conference.

The Keynote will be addressed by Joshua Pennell, Founder & President, IOActive, following which we would have talks by various international security researchers on topics such as, ATM Hackings, Drone Hijacking, Telecom Protocol Security, Blockchain issues, Cloud Security, Bug Hunting, Social Engineering, Botnets and lots more.

With nullcon 8-bit edition we have made a lot of changes bringing the conference to the next level:
  • We anticipate to have 1000 people,
  • Additional DevOps Security Track,
  • New Trainings on Cloud Security, IoT, Infrastructure, Hardware Security,
  • New CXO Panel session,
  • Larger exhibition vendor area etc.

Nullcon Goa 2017 Dates:
  • Training - 28th Feb to 2nd March 2017
  • Conference - 3rd to 4th March 2017

New Venue:
Holiday Inn Resort, Mobor Beach, Cavelossim, Salcette, Goa - India.
Registartion is still open! Get your pass here: http://nullcon.net/website/register-goa.php

We are happy to announce that we are giving 10% discount for a conference pass if you are E Hacking News Reader! Don’t miss your chance to visit the leading Asia's Information Security Conference!

Visit our website for more information: http://nullcon.net/website/
We are looking forward to seeing you at the conference!

Nullcon international security conference 2014

Recently we all witnessed this season of NULLCON unfold, NULLCON, which is India’s biggest Security Conference that happens in Goa every year, this year it was held on 14th of Feb, and its tagline being ”Spread Love, Not Malware”.

This year’s Nullcon International Conference was filled with speakers from across the Globe with various interesting papers that were presented. This year’s Nullcon did see some of the upcoming talents of Indian Cyber Space.

The event started off with a bang with the Night Talks on 13th night which was followed by a Grand Party. The evening part of the talks even had “Black Shield Award” segment which brought out the eminent personalities being awarded the Black Shield Award. The Achievers List of Black Shield is as follows:


The day talks started on 14th morning and went on till 15th evening. This year’s Nullcon’s talks featured various well known Security Researchers such as Rahul Sasi, Alexander Polyakov, LavaKumar Kuppan, Vivek Ramachandran, Saumil Shah and many more. And as Nullcon always tries to bring out the budding talents from India, this time we did have upcoming talents from Indian Infosec Community such as Yahin Mehboobe, Ankita Gupta, Abhay Rana and many more.

One of the major paparazzi grabber this time was the Ultra Geeky nullcon2014 hardware badge that was developed by Indian researchers “Amay Gat” and “Umesh Jawalikar”.

One of the new things that was seen this time at Nullcon was the NULLCON AMMO which showcased some of the coolest, geekiest opensource tools developed by young Indian Researchers and Developers.

The tools found at Nullcon Ammo were:
  • OWTF (The Offensive Web Testing Framework) – By: Abharam Aranguren & Bhardwaj Machhiraju.
  • NoSQL Exploitation Framework – By: Francis Alexander.
  • XML Chor – By: Harshal Jamdade.
  • Drup Snipe - By: Sukesh Reddy and Ranjeet Senger.
  • OWASP Xenotix XSS Exploitation Framework – By: Ajin Abharam
And there were plenty of other tools too that got featured this time at Nullcon Ammo event.

Overall this season of Nullcon was filled with more geekness , fun, party and awesome feast of Information and Knowledge for Infosec Enthusiasts. It was really more exciting than the previous season of Nullcon. The experience this time the hackers had was the best. For a Hacker , you can’t ask anything better than Nullcon. 

An Interview with Antriksh.D.Shah (one of the key person behind NULLCON 2013)


Recently we witnessed the glory of NULLCON unfold, it is said to be India’s largest security conference. As this was happening in Goa, my friend Nikhil.P.Kulkarni @nikchillz caught up with one of the guy behind NULLCON, it was none other than Antriksh.D.Shah and when asked about NULLCON, this is what he happened to say.

EHN: Hello Antriksh, happy to see NULLCON 2013 starting off with a bang here in Goa.

Antriksh: Yeah, its really good to see that more number of people have registered this year than the previous years, and moreover we’re happy that this happened with just the word that spread from mouth to mouth.

EHN: So, what new do you see this time that you guys never saw in the previous years.

Antriksh: Well, this time we were really happy to see that more number of students are registering themselves than the corporates. That’s what makes us feel proud. And the best part is we’re going to be witnessing the presence of CM Of Goa Mr. Manohar Parrikar.

EHN: Oh cool, I just happened to see the List of Talks at NULLCON 2013, and I was amazed to see more number of youngsters speaking at the conference this time. So what do you have to say about this..?

Antriksh: Yeah, its really happy to know that the young blood here in India are doing such great researches and NULLCON is proudly giving them a platform to showcase their research and we encourage them in all possible ways.

EHN: Oh great to hear that, and what do you have to say about the venue. Any particular reason for choosing Goa.

Antriksh: Well the main reason that we chose Goa was this is the place where people come, relax, enjoy the beach. And when people come down here to Goa, they forget all their worries and just chill out. So that’s the reason we came up with this venue.

EHN: And here’s my last question, NULLCON is also famous for its evening parties, and last year we all saw the Belly Dancing happening. And what’s in store for this year’s NULLCON Networking Party.

Antriksh: Well, this year we have planned for a trip to Casino, and asusual the party is going to be a huge hit. And its gonna be unlimited fun this time.

EHN: Thanks a lot for sharing your time with us Antriksh, our best wishes to NULLCON and to all people associated with NULLCON.

Antriksh:
Thanks buddy…:D

nullcon International Security Conference, Goa ~ 27th Feb - 2nd March, 2013



INTRODUCTION

“Nullcon’s 5th International Security Conference”, on 27th Feb - 2 March 2013 @ Bogmallo Beach Resort, Goa (http://nullcon.net)

Nullcon security conference is well known for its speakers and talks where new vulnerabilities , risks and attacks on systems are responsibly disclosed along with their prevention mechanisms.

The conference ensures of a great learning experience and networking.The conference is attended by the whos who in the security industry and includes various events targeted at different kind of audience from techies to business executives:

Keynote Talks

1. Richard Thieme - Staring into the Abyss

2. Janardhana Swamy (M.P. Karnataka - Lok Sabha) - Security & Politics

Talks @nullcon Goa '13

  •  SamuraiSTFU - Smartgrid Testing Framework for Utilities by Justin Searle
  • Vulnerability elimination by force of a new device platform by Yury Chemerkin
  • Hardware Backdooring is Practical by Jonathan Brossard
  •  BYOD - How will it shape your wireless network security infrastructure by Kiran Deshpande
  • SMS to meterpreter: Fuzzing USB modems by Rahul Sasi
  • HTML 5 –Attack and Defense by Ksenia Dmitrieva
  •  Mozilla Bug Bounty Program - Crowd Sourcing Vulnerability Research by Raymond Forbes
  • Mobile Code, Mining For Discovery & Exploits by Hemil Shah

Trainings @nullcon Goa '13


1. Penetration Testing SmartGrid & SCADA by Justin Searle *New

2. Xtreme Android Hacking by Aseem Jakhar *New

3. Reverse Engineering and Malware Analysis by Abhishek Datta

4. Xtreme Exploitation by Omair

5. Mobile Application Hacking:- Attack & Defense by Hemil Shah

6. Xtreme Web Hacking by Akash Mahajan & Riyaz Walikar

7. Cyber Warfare Intelligence and Intrusion Operations by Atul Agarwal *New

Why Shoud You Attend ?

  • Expert Sharing Knowledge Platform
  • Secure your organization
  • Showcase your company
  • Recruit & get Hired
  • Networking & built long term relations
  • Niche Community Members

Job Fair


nullcon is excited to host a special job fair organized for security professionalsand organizations. Nullcon job fair gives you open access to meet the heads of various security organizations, understand their requirements and offer them your competencies in return. It is an excellent opportunity for organizations to hire the best talent in information security industry and for security professionals to find better job prospects.
nullcon job fair is a platform where prospective employer and employee can meet and interact with each other in an open environment.

Registration


Budget constraints, participants can also opt for Economy Pass (Without Lunch) @INR4999

Attractive Group Discounts Available contact register@nullcon.net

Silver Sponsor : Microsoft | Praxeva
Associate Sponsor : Adobe Systems | Innobuzz | iSight Partners
Cocktail Sponsor: SANS

Exhibitors: Dognaedis | AirTight Networks | Wegilant | eSecForte | Insitute of Information Security | Rapid 7

Community Partner: Garage4Hacker | Hack In Paris | Radio Schizoid | MatesLab















Hackim: Pre-nullcon online hacking challenge will open Tomorrow night


Hello Hackers, here's your chance to win a 3 free VIP pass for nullcon Delhi 2012. All you have to do is run over a few trivial puzzles and challenges and the golden ticket is yours. In case you have already bought the ticket don't worry we will reimburse your ticket if you win.

The first 3 winners for Hackim will be enrolled for JailBreak Challenge in Goa 2013. JailBreak is a Challenge, with a twist, designed and developed by the nullcon team . Jailbreak tests your pwnage skill level under high stress.

Are you ready to accept the challenge?then, you will need to create an account in order to participate in the challenge. Scoreboard for the challenge is available on http://ctf.nullcon.net. Read the rules and guidelines here .

nullcon CTF HackiM will open Tomorrow night (7th September) at 20:12(GMT +5:30).

nullcon security conference Delhi 2012 Highlights/Agenda


We at nullcon feel proud to be at the forefront of the IT Security arena in the Asian IT Industry. With the fourth event in the row, we continue to deliver the latest and responsible vulnerability disclosures and their mitigation solutions which help organizations take proactive and timely protective measures to safeguard their critical data and assets.

nullcon Delhi is being held on 26 - 29 Sept 2012 at The Leela Kempinski, Gurgoan.

Highlights

1. Day one keynote by CEO Natgrid,Mr. Raghu Raman. Talk Title: Battle of the Minds

2. Day two keynote by Global Security Evangelist and renowned speaker. Mr. Richard Thieme. Talk Title: Staring into the Abyss.

3. Security Conclave on Critical Infrastructure Protection: Focused Panel discussion of 90 minutes with participation from Govt. and corporate. Expert panelists from PSUs (Public Sector Undertaking) and large private organizations to create the road map for the protection standard and processes. This year's theme is Critical Infrastructure Protection and will be focused on organizations managing and developing critical infrastructure and organizations offering solutions and risk consulting on the same.

4. Executive Briefing: Exclusive two hours sub-event for senior management and the CIO’s to present summarized content of conference talks/events.

5. Prototype sub-event: An excellent opportunity/platform for organization to speak/showcase/present (30 Min Talk) new innovative security technologies to the conference attendees to attract industry recognition and to promote their brand.

6. 20+ Exhibitors from security industry.

7. 20+ presentations by security experts on ground breaking defensive and offensive security technologies.

8. Seven security Training by industry experts on deep technical and critical security sbjects.

9. Null Job fair for hiring the best in the security industry.

10. Attendees from varied Industry verticals.

11. Supported by Microsoft (MSRC USA), Praxeva, SANS and Hacker5.

12. Some of the exhibitors include WatchGuard, Symantec, Microsoft, Praxeva, SANS, JNR, Search Lab, Innobuzz, ACPL, LFY, Payatu

nullcon Delhi is a must attend for all those who share an interest in IT security. It is our endeavor to be continually delivering the best in IT Security. For more details please visit http://nullcon.net.

Pre-con registration is closing on 31st August. FREE Registration for Exhibition and Job Fair.

Group discount available. For offline registration, kindly drop an email to register@nullcon.net