• History of mutation
• Basic introduction to code mutation
• Common mutation techniques
• Pros and cons of various techniques
• Writing polymorphic engine
• Writing oligomorphic engine
• Writing metamorphic engine
• Compile time mutation: what and why?
• Programming the programming language
• Compile time evaluation
• Obfuscating data
• Obfuscating code
• Detection and analysis of mutation engines
The series will cover building blocks of EDR, various ways to collect data, analysis and detection methods, and how to evade them.
Session 1: EDR Fundamentals
This paper presents yet another attack vector named Temp-smitter, which uses temperature pattern of CPU dice as transmission medium to leak data covertly. The paper talks about motivation behind the research, design and analysis of covert channel, challenges, and possible countermeasures against it.
It will cover the penetration testing of iOS applications. Start from basic pentesting to advance level. In this session we will cover how to set-up mobile pen testing lab and perform the pentest for iOS applications.
Setup a safe lab environment using open-source tools to perform basic malware analysis. Will include live malware detonation walkthrough in the lab and best practices.
Time based sqli is considered as a difficult one to understand sometimes and since it falls under the category of blind sql injection, it becomes problematic to understand what exists and what does not.
Basics of Cyber Security ~ Abhijit Mohanta, Anoop Saldanha
The topics gives overview of the field of Cyber Security. it talks about both offensive and defensive sides of Cyber Security, job opportunities in the field of Cyber Security and domains. The talk will give you guidance on how to start into Cyber Security and specialize in it.
CI/CD is part of the DevOps, it helps developer to reduce the time to market,
and is currently used by almost every organization.
we are discussing the basics of the CI/CD using gitlab, where we will be creating and using the pipeline,
Owasp api top 10, use case of the api top 10 vulnerabilities ~ Closed door
Recently api top 10 list was released by owasp and there is no clear picture about the vulnerabilities listed in api top 10 as they are pretty new. This session will be about the api top 10 vulnerability details and how to find them.
This workshop will cover the penetration testing of Mobile applications, starting from how to set-up mobile pen testing lab and perform the pentest for mobile applications.
Bug Bounty ~ Pranshu Tiwari
1. Authentication Bypass / 2Factor Authentication / Multi Factor 2. Authentication Broken Authentication 3. Mass Assignment 4. Cross Site Tracing 5. Insecure Direct Object Reference 6. Price Tampering (Business Logic) 7. Application Level DOS 8. Cross Origin Resource Sharing
Web proxies Alternative to burpsuite pro ~ Mukul Kantiwal
“If you can’t find any bugs with the free version to be able to afford the pro version then there isn’t any reason for you to be using the pro version at all”
How organization works on Vulnerability Management using several tools
It’s the integral part of enterprise network it opens up alot of opportunities for the attackers to leverage the features of the active directory and exploit them for fun and profit.