Mutation Engine For Fun And Profit ~ ADHOKSHAJ MISHRA
• History of mutation
• Basic introduction to code mutation
• Common mutation techniques
• Pros and cons of various techniques
• Writing polymorphic engine
• Writing oligomorphic engine
• Writing metamorphic engine
• Compile time mutation: what and why?
• Programming the programming language
• Compile time evaluation
• Obfuscating data
• Obfuscating code
• Detection and analysis of mutation engines
Series: A Journey in EDR-land
The series will cover building blocks of EDR, various ways to collect data, analysis and detection methods, and how to evade them.
Session 1: EDR Fundamentals
Temp Smitter Covert Data Transmission over CPU Temperature
This paper presents yet another attack vector named Temp-smitter, which uses temperature pattern of CPU dice as transmission medium to leak data covertly. The paper talks about motivation behind the research, design and analysis of covert channel, challenges, and possible countermeasures against it.
iOS Application Pentest Series ~ Sateesh Verma
It will cover the penetration testing of iOS applications. Start from basic pentesting to advance level. In this session we will cover how to set-up mobile pen testing lab and perform the pentest for iOS applications.
Behavioural Malware Analysis 101 ~ Adib Nagarajan
Setup a safe lab environment using open-source tools to perform basic malware analysis. Will include live malware detonation walkthrough in the lab and best practices.
Time based sql injection ~ Mukul Kantiwal
Time based sqli is considered as a difficult one to understand sometimes and since it falls under the category of blind sql injection, it becomes problematic to understand what exists and what does not.
Basics of Cyber Security ~ Abhijit Mohanta, Anoop Saldanha
The topics gives overview of the field of Cyber Security. it talks about both offensive and defensive sides of Cyber Security, job opportunities in the field of Cyber Security and domains. The talk will give you guidance on how to start into Cyber Security and specialize in it.
Introduction to CI/CD ~ Vinay Aggarwal
CI/CD is part of the DevOps, it helps developer to reduce the time to market,
and is currently used by almost every organization.
we are discussing the basics of the CI/CD using gitlab, where we will be creating and using the pipeline,
Owasp api top 10, use case of the api top 10 vulnerabilities ~ Closed door
Recently api top 10 list was released by owasp and there is no clear picture about the vulnerabilities listed in api top 10 as they are pretty new. This session will be about the api top 10 vulnerability details and how to find them.
Android Hacking Series ~ Sateesh Verma , Rinku Kumar
This workshop will cover the penetration testing of Mobile applications, starting from how to set-up mobile pen testing lab and perform the pentest for mobile applications.
Bug Bounty ~ Pranshu Tiwari
1. Authentication Bypass / 2Factor Authentication / Multi Factor 2. Authentication Broken Authentication 3. Mass Assignment 4. Cross Site Tracing 5. Insecure Direct Object Reference 6. Price Tampering (Business Logic) 7. Application Level DOS 8. Cross Origin Resource Sharing
Web proxies Alternative to burpsuite pro ~ Mukul Kantiwal
“If you can’t find any bugs with the free version to be able to afford the pro version then there isn’t any reason for you to be using the pro version at all”
Vulnerability Management using Qualys ~ Pranay Verma
How organization works on Vulnerability Management using several tools
Building Active Directory Lab ~ Chirag Savla
It’s the integral part of enterprise network it opens up alot of opportunities for the attackers to leverage the features of the active directory and exploit them for fun and profit.