|
|
|
Amish Shah
 |
|
| |
 |
| Designation:
CTO |
|
Organization: Net-Square Solutions Pvt.
Ltd |
| Topic:
The future of automated web application testing |
Topic Details:
Security testing of
the web application is most critical and demand
of automated web application auditing tools is
increasing day by day. From last few years, web
applications are getting too complex and rich,
and automated web application testing tools are
facing many changelings like obfuscation of
response code, java script based form
submission, custom error pages, etc. In this
presentation, we'll talk about how entire web
technology evolves from web 1.0 to 2.0, what are
the traditional
methods of web application analysis, what
techniques web applications developers use to
defeat automated tool and what techniques
automated tools use to penetrate web
applications. We'll also speak about web 2.0
architecture; automated testing methodology for
web 2.0 applications, challenges and
limitations. |
|
|
|
Speaker-Bio:
Amish
is a Chief Technology officer at Net-Square. He
is responsible for product development and
research activity. He has over 9 years of
experience in design and development of security
tools from small scale to large managed
vulnerability scanner. He is good at reverse
engineering, source code audits. He has written
many linux/win32
system programs, kernel level drivers, web
server plugins and automated web application
scanners. In addition, he recently published
advisory on Microsoft research web site and also
contributed in "Secure Coding in C/C++" article
on SANS. |
|
|
|
^ |
|
|
|
Ajit Hatti
|
|
| |
 |
| Designation: -- |
|
Organization: Bluelane Technologies, Pune |
| Topic:
Legiment Techniques of IPS/IDS Evasion |
|
Topic Details:
Instead of using
classical evasion techniques which uses the
limitations of TCP/IP implimentation, Legimency
uses newer techniques of Exploitation, which are
highly effective, easy to code and tuff for
IPS/IDS vendors to stop. |
|
|
|
Speaker-Bio:
* MCA from Shivaji University in 2003, Topped
the University.
* Joined Indian Air-Force Academy for a short
time.
* Working with Bluelane Technologies, as a Team
Lead, in the field of Network Security &
Vulnerability Research.
* 4 years of experience in Mailing & Network
Secuiryt domain.
* Expertise in SMTP/SMB/RPC protocol and
OS/Services detection techniques.
* Member of CSI, PLUG and contributing to Nessus,
Ubuntu. |
|
|
|
^ |
|
|
|
Chetan Gupta
|
|
| |
 |
| Designation:
Senior Incident Response Specialist |
|
Organization: Symantec Corporation |
| Topic:
Mining Digital Evidence in Microsoft Windows –
Answering Who, When, Why and How? |
Topic Details:
Microsoft Windows
presents a number of avenues to the Forensic
investigator to establish the most critical
questions during any investigation - Who, When,
Why and How? There is a wealth of information
available in the Windows system which can help
the investigator establish a chain of events,
identify the possible cause of any untoward
activity and gather non-refutable evidence to
prosecute the perpetrator. Some of the
evidentiary avenues that would be highlighted in
this presentation are as follows:
1. Windows Registry as a critical avenue of
information – MRU Lists, MUI cache, UserAssist
and so on
2. NTFS Data structures and MFT analysis
3. Understanding and Cracking EFS
4. Analyzing File System Metadata – the mystery
of timestamps
5. Analyzing Windows Memory contents – how to
conduct Live Response?
6. Using Event Logs to establish a timeline of
events.
7. Web Usage profiling
8. Analyzing Prefetch, Recycle Bin artifacts and
shortcut files
9. Analyzing slack space and detecting
hidden/formatted partitions.
10. Understanding and analyzing Thumbs.db |
|
|
|
Speaker-Bio:
Chetan Gupta is a
Bachelor of Technology in Computer Sciences from
AIUMT, USA and has done his Masters of Science
in Computer Networks. He has vast experience in
the field of Information Security with a focus
on the domain of penetration testing and digital
forensics. He is well-versed with the Incident
response and Computer Forensics standards and
methodology, has a good understanding of the
Cyber law & has led teams on Computer Forensic
assignments for many multinational clients. He
has also conducted penetration tests and risk
assessment exercises for a multitude of
international clients. Chetan Gupta is an Encase
Certified Examiner (EnCE), SANS GIAC Certified
Forensics Analyst (GCFA), SANS GIAC Certified
Intrusion Analyst (GCIA), Master in Computer
Forensics (US), Certified Ethical Hacker (CEH),
CIW Certified Security Associate and Cisco
Certified Network Associate (CCNA). He also has
conducted numerous training programs on Cyber
Crime and Digital forensics and trained
professionals from Oracle, Microsoft, Wipro,
Ernst and Young, Franklin Templeton, SBI, and
ICICI and so on. He has also created an open
source tool for Linux Incident Response called
LINReS.
Chetan has also been a speaker at the Cyber
Safety Week Mumbai 2005, Bombay Chartered
Accountants Society, and many other academic
institutes & has presented on topics related to
Ethical Hacking, Cyber Crime, Incident Response,
and Digital Forensics. Chetan also published an
article - Dissecting NTFS hidden streams at
www.forensicfocus.com. He was also the principle
editor and contributor for India’s first online
Incident response and Digital Forensics magazine
called ‘Checkmate’ available at http://www.niiconsulting.com/checkmate |
|
|
|
^ |
|
|
|
David Hulton
 |
|
| |
 |
| Designation: -- |
|
Organization: The OpenCiphers Project |
| Topic: Faster PwninG Assured: Cracking Crypto
with FPGAs |
Topic Details:
This talk will go
in-depth into methods for breaking crypto faster
using FPGAs. FPGA's are chips that have millions
of gates that can be programmed and connected
arbitrarily to perform any sort of task. Their
inherent structure provides a perfect
environment for running a variety of crypto
algorithms and do so at speeds much faster than
a conventional PC. A handful of new FPGA crypto
projects will be presented and will demonstrate
how many algorithms can be broken much faster
than people really think, and in most cases,
extremely inexpensively.
Breaking WPA-PSK is possible with coWPAtty, but
trying to do so onsite can be time consuming and
boring. All that waiting around for things to be
computed each and every time we want to check
for dumb and default passwords. Well, we're
impatient and like to know the password NOW!
Josh Wright has recently added support for
pre-computed tables to coWPAtty—but how do you
create a good set of tables and not have it take
70 billion years? David Hulton has implemented
the time consuming PBKDF2 step of WPA-PSK on
FPGA hardware and optimized it to run at blazing
speeds specifically for cracking WPA-PSK and
generating tables with coWPAtty. |
|
|
|
Speaker-Bio:
David Hulton has
been hacking with wireless and embedded devices
for the past 5 years and actively involved in
the security industry for 10. After helping
start and run various security meetings and
ToorCon
back in the late 90's, he switched focus and
became credited with designing open source tools
such as bsd-airtools, doing extensive security
research with Wireless, Smart Cards, GSM, and
most recently with revolutionary high-speed
crypto cracking applications for FPGAs. |
|
|
|
^ |
|
|
|
Dror Shalev
 |
|
| |
 |
| Designation:
Security Expert |
|
Organization: Checkpoint SmartDefense
Research Center |
| Topic:
Crazy Toaster: Can Home Devices turn against us? |
|
Topic Details:
Home networking
devices, wireless equivalents, hardware and
technology raise new privacy and trust issues.
Can Home Devices turn against us and spy on our
home Network? Do we care if our Toaster sees us
Naked? This talk will cover a scenario of “Crazy
Toaster”. Trojan device under Vista and XP
environment, or software with TCP/IP
capabilities like Routers, Media Players or
Access Points, that joins a Local area network
and thus becoming a security hazard. This "Crazy
Toaster" presentation will discuss the steps
needed to conduct a Trojan device that exploits
users trust in technology. Flaws associated with
Home networking protocols such as UPnP and SSDP
would be presented. The primary goal of the
"Crazy Toaster" presentation is to present a new
offensive technique by demonstrating the
security hazard and design flaws. As Home
networking becomes more ubiquitous, the scope of
this problem becomes worse. |
|
|
|
Speaker-Bio:
Dror Shalev is
working as a Security Expert for Check Point
SmartDefense Research Center, focusing on
Browser & Windows Security.
He has worked as Senior Security Researcher at
finjan.com, Malicious Code Research Center, as
well as having found several major security
vulnerabilities in various major web mails
systems such as Hotmail, Yahoo!Mail, and in
Microsoft products.
SOC Manager at DATA SEC, developed and designed
Internet Security Systems, Conducted penetration
tests for e-Banking systems in Europe. CTO & Co-Founder at BmyPC, developed R&D
methodology and software for virtual Web desktop
service, enabling web devices to receive
computing services via the internet.
Dror has run a Security Workshop that deals with
recent Browser Exploits security & privacy,
online threats at
http://sec.drorshalev.com |
|
|
|
^ |
|
|
|
Gaurav Saha
|
|
| |
 |
| Designation:
Software Engineer |
| Organization:
Sipera System Pvt Ltd |
| Topic:
Vulnerabilities in VoIP Products and Services |
Topic Details:We'll explore the
Current State of Security Features, Attack
Venues, Security Risks and Exploitable bugs of
this evolving technology, which is most likely
the most concerned thing about VoIP. |
|
|
|
Speaker-Bio:
Gaurav Saha
works as a Software Engineer for Sipera Systems
Pvt Ltd. He is a B.Tech from Indian
Institute of Technology,Kharagpur. |
|
|
|
^ |
|
|
|
Rahul Mohandas |
|
| |
 |
| Designation:
Virus Research Analyst |
|
Organization: McAfee |
| Topic:
Analysis of Adversarial Code: The Role of
Malware Kits! |
|
Topic Details:
This presentation
talks about the recent trend in the emergence of
malware kits like Mpack and the roles of various
automated Do-It-Yourself kits in the realworld
attacks. I would also talk about the various
obfuscated exploits involved in these kits. |
|
|
|
Speaker-Bio:
Rahul is a
Virus Research Analyst with McAfee working on
identifying and writing signatures for various
Malwares. His previous experience has
exposed him to vulnerability research, malware
research and he has also published a couple of
vulnerability advisories. |
|
|
|
^ |
|
|
|
Rohas Nagpal |
|
| |
 |
| Designation:
President |
|
Organization: Asian School of Cyber Law |
| Topic: 7
years of Indian IT act - Best Cases |
|
Topic Details:
The Cyber Law
regime was ushered into India 7 years ago. These
7 years have seen path breaking court judgements
that have defined the Indian cyber legal
framework. My presentation will be on these
cases and how they have laid down important
principles relating to cyber pornography,
computer source code, digital evidence and
electronic contracts. |
|
|
|
Speaker-Bio:
Rohas Nagpal is the
President of the Asian School of Cyber Laws. He
has assisted the Government of India in framing
rules and regulations under the Information
Technology Act. He advises law enforcement
agencies around the world in cyber crime
investigation and cyber forensics. He has
authored several books, white-papers and
articles on these subjects. |
|
|
|
^ |
|
|
|
Rohit
Srivastwa |
|
| |
 |
| Designation:
Founder |
|
Organization: ClubHack |
|
Topic: -- |
|
Topic Details: |
|
|
|
Speaker-Bio:
Rohit
Srivastwa has several years experience in
providing consultancy and training in the fields
of Information security, Cyber Crime
Investigation and Penetration Testing.
He is actively involved advising several
military agencies, law enforcement personnel,
Corporates and Government bodies in these
fields. Along with assisting these organizations
solving there cases, Rohit is also involved in
teaching the related subjects to them. |
|
|
|
^ |
|
|
|
Shreeraj Shah
|
|
| |
 |
| Designation:
Founder & Director |
|
Organization: Blueinfy Solutions |
| Topic: Hacking
Web 2.0 Art and Science of Vulnerability
Detection |
Topic Details:
Web 2.0
applications are on the rise and as Gartner has
predicted by end of 2007, 30% of applications
would be running with Web 2.0 components
embedded in it. This change in scenario would
provide various different entry points and
security holes for attackers. Hacking Web 2.0 is
the most required skill for security
professionals to identify vulnerability and
associated threat before an attacker exploits
it. New attack vectors are on the rise like two
way CSRF access, XSS through JSON, JS-
Object, XML and Array streams, Client side eval()
exploitations, XPATH injection, WSDL scanning,
Web Services payloads through SOAP and REST,
XML-RPC method exploitation etc. One needs to do
both scientific and artistic analysis of
application to identify these vulnerabilities
and this talk will cover these emerging attack
vectors with plenty of demonstrations and tools.
You will take home thorough knowledge about Web
2.0 hacking and would be in position to apply at
work immediately. |
|
|
|
Speaker-Bio:
Shreeraj
Shah, B.E., MSCS, MBA, is the founder of
Blueinfy, a company that provides application
security services. Prior to founding Blueinfy,
he was founder and board member at Net Square.
He also worked with Foundstone (McAfee), Chase
Manhattan Bank and IBM in security space. He has
performed several security consulting
assignments in the area of penetration testing,
code reviews, web application assessments and
security architecture reviews.
He is also the author of popular books like
Hacking Web Services (Thomson 06) and Web
Hacking: Attacks and Defense (Addison-Wesley
03). In addition, he has published several
advisories, tools, and whitepapers, and has
presented at numerous conferences including RSA,
AusCERT, InfosecWorld (Misti), HackInTheBox,
Blackhat, OSCON,
Bellua, Syscan, ISACA etc. His articles are
regularly published on Securityfocus, InformIT,
DevX, O’reilly, HNS. His work has been quoted on
BBC, Dark Reading, Bank Technology as an expert. |
|
|
|
^ |
|
|
|
Sunil Arora
|
|
| |
 |
| Designation:
Security researcher |
|
Organization: -- |
| Topic:
Backdoor 2.0: Hacking Firefox to steal his web
secrets |
Topic Details:
Firefox
("Free, Faster and Secure" web browser) is
gaining popularity at a very fast rate. I will
talk in detail about techniques to write a
malware for Firefox to steal a victim's web
secrets like username, password, credit card
number etc. I will also discuss the recently
discovered vulnerabilities in firefox and how
one can exploit them to push the malware to
victim's Firefox remotely.
At the end of the talk, I will be giving a
demonstration of exploiting one of the existing
vulnerabilities to install the malware in
victim's Firefox to steal his web secrets. |
|
|
|
Speaker-Bio:
Sunil is an
enthusiast security researcher with expertise in
application, wired & wireless security. He is a
linux expert graduated from IIT kharagpur |
|
|
|
^ |
|
|
|
Varun Sharma |
|
| |
 |
| Designation:
Security Engineer |
|
Organization: Application Consulting and
Engineering (ACE) Team, Microsoft India |
| Topic:
Subtle Security flaws: Why you must follow the
basic principles of software security |
|
Topic Details:
Varun will talk
about some interesting and subtle security flaws
found while assessing business applications, which principles were not
followed that resulted in the flaws and why, no
matter how good a developer you are, you should
always follow the basic principles of software
security. |
|
|
|
Speaker-Bio:
Varun is
working as a Security Engineer in the
Application Consulting and Engineering (ACE)
Team. His team is responsible for application
performance, security and privacy engineering at
Microsoft. He is also the winner of the
Microsoft Security Shootout Contest, a unique
Microsoft India initiative to promote the
concept of writing secure code amongst Indian
developers. You can read his blog at http://blogs.msdn.com/varun_sharma |
|
|
|
^ |
|
|
|
Umesh Nagori
|
|
| |
|
| Designation:
Vice President |
|
Organization: Net-Square Solutions Pvt.
Ltd. |
| Topic:
The future of automated web application testing |
Topic Details:
Security
testing of the web application is most critical
and demand of automated web application auditing
tools is increasing day by day. From last few
years, web applications are getting too complex
and rich, and automated web application testing
tools are facing many changelings like
obfuscation of response code, java script based
form submission, custom error pages, etc. In
this presentation, we'll talk about how entire
web technology evolves from web 1.0 to 2.0, what
are the traditional
methods of web application analysis, what
techniques web applications developers use to
defeat automated tool and what techniques
automated tools use to penetrate web
applications. We'll also speak about web 2.0
architecture; automated testing methodology for
web 2.0 applications, challenges and
limitations. |
|
|
|
Speaker-Bio:
Umesh
is currently, heading Business Development and
Professional Services for the IT Security
Practices at Net-Square. Umesh also provides
information security consulting services and
trainings to Net-Square clients, specializing in
Web hacking and security. He brings more than 12
years of experience in the Information
Technology. Right from the software development,
he has played key roles in various other areas
of Information Technologies like system
administration and network management, system
analysis, training, project management. He has
over 9 years of experience with web application
development, application and system security
architecture, network architecture, security
consulting, security training. |
|
|
|
|
|
|
