Category: Bangalore

[Meet][Bangalore]null/OWASP/G4H Bangalore September meet-up on Saturday 20th September 2014

null meets are free for anyone to attend. There are absolutely no fees. Just come with an open mind and willingness to share and learn.

Date: Saturday September 20 2014
Sessions:

  09:30AM OWASP Mobile Security Risk Series  by Anant Shrivastava
10:15AM News Bytes by Apoorva
10:45AM Social Engineering and its importance during Security Audits by Manasdeep
11:30AM Networking
11:45AM Break
12:00PM HTTP Response Splitting  by Sharath
12:45PM ZAP Proxy  by BabuSudhirB
01:30PM Feedback and Topics for next Month

Venue:

InMobi
InMobi Technologies, 7th Floor
Embassy Tech Square
Marathahalli-Sarjapur Outer Ring Road,
Kadubisanahalli,
Bangalore,
Karnataka

1. Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound.
2. Laptops have to be declared with serial numbers at the building security.
3. The parking for cars/motorbikes is available in the basement of the building. Once you enter ‘Embassy Tech Square’ the signs/directions inside will help the participant locate the parking space.

Map URL:
http://goo.gl/maps/dWz6Q

For further details and Registration/RSVP please visit the following URL:
http://swachalit.null.co.in/events/31-bangalore-null-bangalore-meet-20-september-2014-null-owasp-g4h-bangalore

[Meet][Bangalore]null/OWASP/G4H Bangalore August meet-up on Saturday 30th August 2014

Announcing null/OWASP/G4H Bangalore August meet-up on Saturday 30th August 2014.

null meets are free for anyone to attend. There are absolutely no fees. Just come with an open mind and willingness to share and learn.

Date: Saturday August 30 2014

Sessions:

09:00AM OWASP Mobile Security by Anant Shrivastava
10:15AM Introductions by BabuSudhirB
11:20AM XML Injection by AMol NAik
12:05PM Are you a Host for Malware? by Abhijeth
12:50PM Burp Advanced by Harshal jamdade
01:35PM Feedback / Next null Meet Topics by BabuSudhirB

Venue:

1st floor pantry, Block B

EMC2 Outer Ring Road Marrathali Bangalore
EMC Corporation,
Mahadevapura
Bengaluru, Karnataka
India – 560048

Map URL:
https://www.google.com/maps/place/EMC+Corporation/@12.981664,77.693874,17z/data=!3m1!4b1!4m2!3m1!1s0x3bae11798af9124d:0x8a99c000f170374b

[null Bangalore bachaav] | Code Review | 5th July 2014

Hi All,

Announcing null Bachaav session Code Review“. Like all null Bangalore Bachaav sessions, this is free but registration is compulsory. A group of participants will be selected based on the registrations since Bachaav is invite only and with prior registration and approval of the Bachaav champion. Here are the details:

Bachaav Title: Code Review

Bachaav Champion: Sandesh Anand

When: 5th July 2014, 10 AM – 6 PM

Registration Linkhttp://swachalit.null.co.in/events/12-code-review/event_registrations/new

Bachaav Description: This will be a completely hands on session on Code ReviewThe following topics will be covered:

  • Introduction to code review
  • Basics of J2EE
  • Setting up the “test” application in Eclipse
  • Wallkthrough installed Eclipse plugins
  • Manual verification of security controls – Authentication, Authorization, Input handling, Encryption etc.
  • Scripting to help manual review
  • Running a scan using open source tools (e.g.: Findbugs)
  • Primer to data flow analysis – How this effects code review
  • Fixing issues: This includes:
    1. How to provide recommendation advice
    2. How to validate fixes
    3. Applying a couple of fixes from the code reviewed
Note: Please make sure all the pre-requisites are up and running before the session starts. If you are facing any issues with setup, please try to come to the venue 30 mins before the session starts and get them fixed.
Pre-requisites:
  • 6 months-1year minimum coding experience (any OOP will do, preferably J2EE)
  • Basic Application Security knowledge (OWASP Top 10 etc)
  • Basic understanding of Cryptography (e.g.: difference between hashing and encryption)
  • Hardware requirements: Any operating system which can install Eclipse
  • Software requirements: 1. Eclipse IDE 2. Latest version of JDK
Registrations are not transferable. If you have been selected but are unable to attend, please inform the organizers. Your seat would be allotted to someone from the waiting list. Walk-in participants will not be allowed to attend this session.
Short Bio:

[null Bangalore Humla] | Metasploit for Beginners | 28th June 2014

Hi All,

Announcing null Humla session “Metasploit for Beginners”. Like all null Bangalore Humla sessions, this is free but registration is compulsory. A group of participants will be selected based on the registrations since Humla is invite only and with prior registration and approval of the Humla champion. Here are the details:

Humla Title: Metasploit for Beginners

Humla Champion: Ajay Srivastava

When: 28th June 2014, 10 AM – 6 PM

Registration Link: http://swachalit.null.co.in/events/11-metasploit-for-beginners/event_registrations/new

Humla Description: This will be a completely hands on session on Metasploit for Beginners. The following topics will be covered:

•Introduction of Metasploit
•Basics of metasploit
•Information Gathering
•Exploitation
•Meterpreter introduction
•Post exploitation using meterpreter
•Metasploit utilities
•Meterpreter scripts
•Client-side exploitation
•Auxiliary module

Note: Please make sure all the pre-requisites are up and running before the session starts. If you are facing any issues with setup, please try to come to the venue 30 mins before the session starts and get them fixed.

Pre-requisites:
•Working laptop with minimum 4 GB RAM.

•Virtualbox or Vmware player installed on your machine
Can be downloaded from Link: https://www.virtualbox.org/wiki/Downloads
Can be downloaded from Link: https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmware_player/6_0

•Kali Linux vm image
Can be downloaded from Link: http://www.offensive-security.com/kali-linux-vmware-arm-image-download/

•Metsploitable 2
Can be downloaded from Link: http://sourceforge.net/projects/metasploitable/files/Metasploitable2/
•Windows XP-SP2 installed on virtualbox/vmware player.
•Make sure you are have proper network connection and are able to ping between all three machines ( Kali linux , Metasploitable & Windows XP-SP2 )

Registrations are not transferable. If you have been selected but are unable to attend, please inform the organizers. Your seat would be allotted to someone from the waiting list. Walk-in participants will not be allowed to attend this session.

Short Bio:
Ajay Srivastava – http://swachalit.null.co.in/profile/64-ajay-srivastava

[null Bangalore Humla] | Android App Pen-testing for Beginners | 21st June 2014

Hi All,
 
Announcing null Humla session “Android App Pen-testing for Beginners”. Like all null Bangalore Humla sessions, this is free but registration is compulsory. A group of participants will be selected based on the registrations since Humla is invite only and with prior registration and approval of the Humla champion. Here are the details:
 
Humla Title: Android App Pen-testing for Beginners
 
Humla Champion: Asish Agarwalla & Rupam Bhattacharya
 
When: 21st June 2014, 10 AM – 6 PM
 
Registration Link: http://swachalit.null.co.in/events/10-android-app-pen-testing-for-beginners/event_registrations/new
 
Humla Description: This will be a completely hands on session on Android App Pen-testing for Beginners. The following topics will be covered:
  • AppUse setup
  • Creating AVD
  • Running Emulator
  • Setting up Proxy, installing certificate and intercept browser traffic from Android
  • Installing sample application using ADB
  • Dynamic Testing
  • Static Analysis
Note: Please make sure all the pre-requisites are up and running before the session starts. If you are facing any issues with setup, please try to come to the venue 30 mins before the session starts and get them fixed.
 
Pre-requisites:
Registrations are not transferable. If you have been selected but are unable to attend, please inform the organizers. Your seat would be allotted to someone from the waiting list. Walk-in participants will not be allowed to attend this session.
 
Short Bio:
 
Asish Agarwalla: He is currently working at one of the Big 4 firms and has 4+ years of experience in Information Security consulting with focused expertise on Web Application Security, Infrastructure security, Penetration Testing, Vulnerability Assessment, Wireless Security and Mobile Application Pen testing.
 
Rupam Bhattacharya: He is currently working at one of the Big 4 firms and has 4+ years of experience in Web Application Security and Pentesting. He is one of the null Bangalore chapter leads.

Announcing null/OWASP/G4H Bangalore June meet-up on Saturday 14th June 2014

Hi All,
 
Announcing null/OWASP/G4H Bangalore June meet-up on Saturday 14th June 2014.
 
Please note that all Bangalore null meets are free for anyone to attend. There are absolutely no fees. Just come with an open mind and willingness to share and learn.
 
You may optionally RSVP for the event on Swachalit
 
The schedule for this month’s meet is as outlined below:
 
09:30 – 10:15: OWASP Mobile Top 10 – Part 2 – Anant Shrivastava
We will work on OWASP Mobile Risk M2 : Insecure Data Storage (https://www.owasp.org/index.php/Mobile_Top_10_2014-M2), We will use some sample vulnerable application to understand the cause of the issues as well as what kind of protection can be applied.
 
10:15 – 10:30: Introductions
 
10:30 – 11:00: Security NEWS Bytes – Raghavendran
Covers top information security happenings for past one month and also give a glimpse of events happening in upcoming one month.
 
11:00 – 11:45: Flash based XSS – Abir Banerjee
A talk on ignored or common vulnerabilities found in flash applications like XSS, Cross-Site Flashing, Abusing Cross domain policy, de-compiling for sensitive data & vulnerable functions in use.
 
11:45 – 12:15: Networking session followed by a break
 
12:15 – 13:00: BEeF – Prashanth Sivarajan
Will demo some interesting features of BeEF ( browser exploit framework) including the BeEF api and integration with metasploit framework.
 
13:00 – 13:45: ESAPI – Satish
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. The ESAPI libraries also serve as a solid foundation for new development.
 
13:45 – 14:00:  Feedback and Topic discussion for next month meet
 
The meet starts at 9:30 AM. This month’s venue is confirmed. Please note that there has been a slight change in the venue this month. The meet will happen on 3rd floor at the main Thoughtworks building just next to Satya’s.
 
VENUE DETAILS
 
Please note that the meet for this month will happen on the 3rd Floor (Above the Gym).
ThoughtWorks, ACR Mansion,
147/f, 8th Main Road, 3rd Block, Koramangala,
Bangalore – 560034
Google Maps: http://goo.gl/bokSL
Co-ordinates: 12.928715, 77.628897
 
Landmark : Next to Satya’s Bar and Mercure Hotel
+ If you are coming from From Inner Ring road get on to Ooty Chocolates road and after a small crossroad this will be on the right hand side.
+ If you are coming from the Raheja Residency road then take a left turn at the small crossroad and this will be on your right hand side.
+ If you are coming from Koramanagala BDA complex take a right turn at the small crossroad and this will be on your right hand side.
 
Regards,
Rupam Bhattacharya

Combined null/OWASP/G4H Bangalore May 2014 Monthly Meet

What: Bangalore Chapter [null + OWASP + Garage4Hackers] Monthly Meet

When: May 24, 9:30 – 13:45

Venue:

ThoughtWorks, ACR Mansion,
147/f, 8th Main Road, 3rd Block, Koramangala,
Bangalore – 560034
Google Maps: http://goo.gl/bokSL
Co-ordinates: 12.928715, 77.628897

As always, walk-ins are welcome; all chapter meetings are free-of-cost

You may optionally RSVP for the event on Swachalit

http://swachalit.null.co.in/events/6-null-meet-may-2014

Agenda:

    • 09:30 – 10:15: OWASP Mobile Top 10 Part 1 – Pushkar

      This talk as a series, will cover few vulnerabilities from OWASP Mobile Top 10.

    • 10:15 – 10:25: Introductions
    • 11:00 – 11:40: Web-Service (SOAP) Exploitation – Rahul Sasi

      This topic will cover Web services and the approaches to Pen Testing SOAP based services. Testing Techniques and possible tools to use. Hack to Secure SOAP services.

    • 11:40 – 12:00 Networking session followed by a break
    • 12:00 – 12:30: Metasploit Demo – Rupam Bhattacharya

      The demo will include basic command line usage, few auxiliaries and exploiting a Windows box.

    • 12:30 – 13:30: Web App Security – The Good Parts – Akash Mahajan

      Web development is hard. Secure web development is harder. Akash Mahajan talks about Web Security, what to focus on, all the good stuff

[null Bangalore Humla] | Wireless Hacking with Kali | 5th April 2014

Hi All,

Announcing null Humla session “Wireless Hacking with Kali”. Like all null Bangalore Humla sessions, this is free but registration is compulsory. A group of participants will be selected based on the registrations since Humla is invite only and with prior registration and approval of the Humla champion. Here are the details:

Humla Title: Wireless Hacking with Kali
Humla Champion: Asish Agarwalla
When: 5th April 2014, 10 AM – 6 PM
Registration: http://goo.gl/cTh3KQ
Registrations Close: 2nd April 4:00 PM
Humla Description: This will be a completely hands on session on Wireless Hacking using the Kali operating system. The following topics will be covered:

1. Detect Hidden SSID
2. Bypass MAC filtering
3. WEP Cracking
4. WPA/WPA2 Cracking
5. WPA/WPA2 Cracking using PMK
6. Decrypt WEP packets

Note: This session has some hardware level pre-requisites. We will not be supplying spare hardware during the session.

Pre-requisites:
1. Laptop with wireless card
2. Laptop should be able to live boot into Kali – This is required. We will be booting our laptops into Kali linux and doing the entire humla.
3. A bootable USB with Kali. This has to be created and brought to the venue.
Kali 32 bit ISO (http://cdimage.kali.org/kali-latest/i386/kali-linux-1.0.6-i386.iso)
Steps to make a bootable Kali USB (http://docs.kali.org/installation/kali-linux-live-usb-install
4. The laptop should be able to live boot into Kali, and from within Kali, you should be able to access the Internet or your local network. This has to be verified before you come to the session.

Registrations are not transferable. If you have been selected but are unable to attend, please inform the organizers. Your seat would be allotted to someone from the waiting list. Walk-in participants will not be allowed to attend this session.

Short Bio:
Asish Agarwalla: He is currently working at one of the Big 4 firms and has 4+ years of experience in Information Security consulting with focused expertise on Web Application Security, Infrastructure security, Penetration Testing, Vulnerability Assessment, Wireless Security and Mobile Application Pen testing.

[null Bangalore Workshop] | OWASP Top 10 Vulnerabilities | 29th March 2014

Hi All,

Announcing null workshop on “OWASP Top 10 Vulnerabilities”. Like all null Bangalore workshops, this is free but registration is compulsory. A group of participants will be selected based on the registrations since this workshop is invite only and with prior registration and approval of the workshop champion. Here are the details:

Workshop Title: OWASP Top 10 Vulnerabilities
Workshop Champion: Shruthi Kamath
When: 29th March 2014, 10 AM – 6 PM
Registration form: http://goo.gl/up8ht1
Registrations Close: 26th March 2014 02:00 PM
Workshop Description: This workshop is mainly for beginners in web application security and will cover the basics of discovering the OWASP Top 10 vulnerabilities. This will help you identify OWASP top 10 vulnerabilities in a web application, understand the risks associated with these vulnerabilities, create attack vectors and inputs for testing and the methods that are employed by developers to defend web applications from these threats.

The following is the agenda for the workshop:

* Introduction to the OWASP top 10 vulnerabilities: A brief introduction on identifying the most serious risks which can be present in a web application.
* Hands on exercises to test a web application to detect vulnerabilities with reference to the OWASP Top 10.
* Understanding mitigations: Securing your web applications from these vulnerabilities.

Pre-requisites:

* Laptop with WiFi/Ethernet, with minimum 2 GB RAM and minimum 4 GB free disk space.
* Install Damn Vulnerable Web Application(DVWA) over XAMPP. If you are not going to use XAMPP, just make sure DVWA is running without any issues before coming in for the session.
* Download links for DVWA and XAMPP:
*
* DVWA (http://sourceforge.net/projects/dvwa/)
* XAMPP (http://sourceforge.net/projects/xampp/)

Short Bio:
Shruthi Kamath works at Infosys Limited. She is a security enthusiast and is interested in learning new things. She has participated in jailbreak@nullcon 2014 and presented “Secure SDLC” paper at c0c0n.

Announcing null/OWASP Bangalore March meet-up on Saturday 22nd March 2014

Please note that all Bangalore null meets are free for anyone to attend. There are absolutely no fees. Just come with an open mind and willingness to share and learn.

The schedule for this month’s meet is as outlined below:

09:30 – 10:15: Web Application Security for Beginners: XML Injection – Jayesh Singh
This is a multipart series on Web Application Security. This session will cover XML Injection attacks, the identification and concepts behind it. The speaker will also talk about different types of XML data manipulation and the mitigation for this vulnerability.

10:15 – 10:25: Introductions

10:25 – 11:00: OAuth Tokens and their Security – Vindhya Nagaraj
This talk will begin with a description of REST and continue to discuss OAuth Implementation & its security.

11:00 – 11:40: A primer on Manual Source Code review – Sandesh Anand
Sandesh will give us a quick overview of code review in general and demonstrate some interesting instances where reviewing code manually can be useful. In addition, we will “attempt” to answer the following questions with this talk:
1. Why review code when you can find XSS (other common issues) through a pen-test?
2. Are there any instances where manual code review trumps automated (tool-based) review?

He will have a lot of Java code snippets to review for the talk. We can review as many as time permits.

11:40 – 12:00 Networking session followed by a break

12:00 – 12:30: LFI to Remote Code Execution – Sharath Unni
The speaker will demo LFI discovery both manually and using scanners. Various other ways of achieving RCE via LFI also will be covered.

12:30 – 13:00: Getting started with IPtables – Part 2 – Nishanth Kumar
The talk will cover the following:
– Review of Part 1
– Understanding IPTable Rules
– Options available in writing IPTable rules
– Some customized commands and some examples

13:00 – 13:30: (In)Security in E-commerce – Shadab & Ankur
To understand such a growing market and customers, all the companies try to capture the maximum amount of information, helping them to provide a better experience. With integration of third party tools, open source, analytics over the website, there is a huge risk of information leakage/data compromise/User compromise etc. The speakers will talk about security around Information Flow, User Tracking, Public Disclosure, Lifecycle of a security Bug, Traceability/Monitor-ability revolving around E-commerce domain.

13:30 – 13:45: Feedback and Topic discussion for next month meet

VENUE DETAILS
ThoughtWorks, ACR Mansion,
147/f, 8th Main Road, 3rd Block, Koramangala,
Bangalore – 560034
Google Maps: http://goo.gl/bokSL
Co-ordinates: 12.928715, 77.628897

Landmarks : Next to Satya’s Bar, near Mercure Hotel, near Raheja Residency and close to 3rd Block Koramangala BDA