Category: Events

null Chennai Humla on 25 April 2015 Android Mobile Application Security

Hey All,

We have scheduled our Humla Meet on 25th April. Please do register for the (Humla)Meet.

Note : This Meet is Invite Only basis. Only selected registered user will be mailed with more details. You will receive mail before 23th April Midnight.

Here is the Agenda :-

• Introduction to Android
• Android Architecture
• Android Security Architecture
• Android Permission model
• Application Sandboxing
• Setting up Android Emulator
• Setting up a Mobile Pentest Environment
• Bypassing Android Permissions
· Application Analysis
· Reverse Engineering
· Introduction to Drozer
· Using Drozer to find and exploit vulnerabilities
· Traffic Interception (Active and Passive) of Android Applications
· OWASP Top 10 for Android

Setting up the Test Environment:

Disclaimer: Training shall be done on Virtual image of device.

List of Software & Hardware Requirements

1 Any operating System

2 Android (Rooted) >= 2.3 (* Android device is optional)

3 Minimum 2 GB RAM and 200 GB free Hard Disk space

4 Administrative Privileges access over the machine

5 External USB Access Allowed

6 Virtual Box

7 Genymotion

8 Android Tamer Virtual box / Appie Box (Provided at session)

Campion Name : Abhinav Sejpal

Time : 09.00 – 05.00 pm

Venue : Details will be sent to selected user via E-Mail.

Registration Link :http://goo.gl/forms/DCQgFTHM1F

Contact No :9941576747/9940012212/9444191918

E-Mail Id : niteshbetala[at]null[dot]co[dot]in, nishanth[at]null[dot]co[dot]in, 1nvalid[at]null[dot]co[dot]in

null Chennai Meet on 18th April @ThoughtWorks

Hey All,

We have scheduled our Monthly Meet on 18th April. Please do register for the Meet.

Note: Please carry original ID Card along with you to enter the premises.

1)DDoS using various protocols by Arul Selva Lakshmi

2)Android App PenTesting using SDK and proxies by PradeepKumar

3)Pentesting million lines of code by Lavakumar Kuppan

4)CSRF by Adarsh

5)Newsbytes by Hariessh Kumar B

Registration Link :http://swachalit.null.co.in/events/85-chennai-null-chennai-meet-18-april-2015-monthly-meet

Date : 18th April,2015

Time :03.00 – 05.30pm

Venue :
Thought Works
Ascendas International Tech Park
Zenith – 9th Floor, Tharamani Road,
Taramani, Chennai,
Tamil Nadu 600113

Contact No :9941576747/9940012212/9444191918

E-Mail Id : niteshbetala[at]null[dot]co[dot]in, nishanth[at]null[dot]co[dot]in, 1nvalid[at]null[dot]co[dot]in

null Chennai Meet on 21st March @ThoughtWorks

Hey Guys,

Null Monthly Meet on 21th March,2015. We request you to register for the Meet. Make sure you bring your Original Id Card along to the Venue. Only registered user are allowed for the Meet.

1) Basic Of OWASP – Rajesh

2) SIEM – Raghavendra

3) Analyzing Of APT- Part 2– Inbasundar

4) DDOS Attack using SSDP- Lakshmi

5) NewsBytes – Shubam

Time : 3.30 Pm – 7.00 Pm

Date : 21st March,2015

Registration Link :http://swachalit.null.co.in/events/75-chennai-null-chennai-meet-21-march-2015-monthly-meet

Venue :
Ascendas International Tech Park
Zenith – 9th Floor, Tharamani Road,
Taramani, Chennai,
Tamil Nadu 600113

Contact : niteshbetala[at]null[dot]co[dot]in, nishanth[at]null[dot]co[dot]in, 1nvalid[at]null[dot]co[dot]in

Mobile : 9941576747/9940012212/9444191918

null Chennai Monthly Meet @Zapota on 28th Feb,2015

Hey Guys,

Null Monthly Meet on 28th Feb,2015. We request you to register for the Meet. Make sure you bring your Original Id Card along to the Venue. Only registered user are allowed for the Meet.

1) Security Management – Vinoth SivaSubramanian

2) Analyzing the Million lines of Code- Lava Kumar

3) APT- Part 2– Inbasundar

4) Overview on botnets – Dhayalan

Time : 4.30 Pm – 7.30 Pm

Date : 28th February,2014

Registration Link :http://swachalit.null.co.in/events/65-chennai-null-chennai-meet-28-february-2015-monthly-meet

Venue :
ZAPOTA ONLINE SERVICES Pvt Ltd,
No.6, Casa Major Road,
Egmore,
Chennai-600008

Contact : niteshbetala[at]null[dot]co[dot]in, nishanth[at]null[dot]co[dot]in, sukesh[at]null[dot]co[dot]in

Mobile : 9941576747/9940012212/7845794175

Winners for #nullkaunjayega

Ladies and Gentlemen, the winner of #nullkaunjayega – ARE TWO! That’s right, we are giving away TWO FREE VIP passes to NULLCON, Goa. And you thought The Twist was just a dance from the 50’s! So here they are, the winners for #nullkaunjayega (drumroll)

@abhinav_sejpal a.k.a Abhinav Sejpal. You can view the tweet here.

Abhinav-Sejpal-nullkaunjayega

@pranay80 a.k.a pranay. You can view the tweet here.

pranay-nullkaunjayega

Congratulations to the winners! The entries made the judges ROFL!! Well done, and you win A FREE VIP pass to NULLCON each. Thank you for participating.

Honourable Mentions for #nullkaunjayega

The results of #nullkaunjayega are out!

Before we announce the winner, here are the honourable mentions. While these entries didn’t win the contest, they gave the winner some much deserved competition. So here they are, in no particular order:

@alxdotnet a.k.a Alex James – You can view the tweet here.

Alex-James-nullkaunjayega

@naveen967638868 a.k.a Google Naveen – You can view the tweet here.

Google-Naveen-nullkaunjayega

Thank you all so much for participating  :)

Win a FREE VIP Pass to NULLCON, Goa 2015!

Yes, you read that right! You can win a FREE VIP Pass to NULLCON 2015 at Goa on 06 – 07 Feb, 2015.

How do I participate?

To participate in the contest, you just need to follow 3 simple steps:

instructions

  1. Take a photo of what security means to you and caption it.
  2. Tag the photos with the hashtag #nullkaunjayega (Entries without the hashtag will not be considered)
  3. Post it on Facebook and/or Twitter

And that’s it. It’s that simple.

The wildest, funniest, smartest and cleverest photo will win the prize.
The people picking the winning photo may not be the wildest, funniest, smartest and cleverest – but ah, well, that’s life for you! The judge’s decision is final.

When do I start?
Now! The contest ends on Feb 1st midnight (IST). The winners will be announced on Feb 2nd. You can tag as many pictures as you want. So hurry along and get clicking.

What happens if I win?
On Feb 2nd, the names of the winners will be announced on our Facebook and Twitter accounts. We’ll get in touch with the winner directly to give away the grand prize – a VIP Pass to NULLCON.

What am I up against?
You can see the real time entries here (twitter) and here (facebook).

I have more questions. Where can I get an answer?
You can tweet to us directly @null0x00 or write on our Facebook wall with the hashtag #nullkaunjayega and we’ll answer your questions.

Go on then, we’ll see you in Goa!

P.S: It’s always a good idea to get permission from the people you’re taking a photo of before you put them on any social media channel

EDIT – The contest end date has been moved from Jan 30th midnight to  Feb 1st midnight, 2015. We’ll announce the winners on Feb 2nd.

null Volunteer T-shirts are here!

So, yesterday was a day full of subtle surprises! We received our consignment of null volunteer t-shirts in the evening. These t-shirts will be given to all the awesome null volunteers who have won themselves a free VIP pass for nullcon 2015 for being awesome and volunteering for null activities in 2014.

Here’s a preview. No animals or models were hurt during this photoshoot:

nullvolunteers

See you all at nullcon 2015! Be awesome!

Looking back: nullcon 2014

Nullcon 2014 happened at an interesting time for me. I had moved back to Bengaluru (from the US) 3 months ago and was trying to understand the Information Security scene in India. After attending a couple of null Meets in Bengaluru, I was excited about the variety of areas folks were working on. One of the volunteers in Bengaluru told me about nullcon and encouraged me to attend. While I had heard of nullcon (my colleague Ksenia had presented in 2013), I did not know much about the conference. After a little bit of research about the conference and looking at the lineup of speakers, I decided to give it a shot. The fact that it was being held at a sea-side resort in Goa, certainly made the decision easier.

The conference made a great first impression with the cool hardware badge they provided. From students to seasoned professionals, private firm employees to government representatives (defense included), entrepreneurs to  consultants, it was an interesting mix of people to interact with. Luckily, the scheduling of the conference, with sufficient breaks between talks, provided ample time to interact with the crowd. But even if you missed out on the interactions during the day, the wild (some would say too wild :) ) after-party made up for all the lost time.

While the warm breeze, beautiful sunset and the cool people are great perks of nullcon, the prime attraction are the talks. I was quite impressed with the variety of talks presented during the two conference days. There also seemed to be a conscious effort from the organizers to provide a platform for different stakeholders from InfoSec. There were government officials talking about the necessities of “arming” ourselves in the area of cyber security and there were folks trying to hack into our TVs. There were talks on how our tiny (in terms of revenue) industry has grown over the last decade and how security folks can make it easy for QA (Quality Assurance) teams to do application security. There were some new tools introduced, and there were some new tricks with old tools demonstrated. Overall, it was fair to say that there something in for everyone and then there was a little more. You can find the list of talks here.

Apart from the talks, there was a lot going on in the conference. From hacking competitions to tool demos by its developers, there was hustle-bustle at all times during the conference which I enjoyed the most.Back from the conference, I decided to spend more time with null and hence started volunteering. I am now one of the chapter leads for null Bengaluru and will also help organize nullcon 2015.

View from the Bogmallo beach resort - The venue of nullcon 2014. Image courtesy Riyaz Walikar

Here’s hoping to a lot more sunshine, warm breeze, feni and great talks @ nullcon 2015. See you there!

 This blog was written by Sandesh Anand, who is a software security professional and a chapter lead at null Bangalore. 

null Chennai Meet on 25th Jan @Zapota

Hey Guys,

Null Monthly Meet on 25th Jan,2015. We request you to register for the Meet. Make sure you bring your Original Id Card along to the Venue. Only registered user are allowed for the Meet.

1) SIEM tools – Raghavendra

2) Analysing Testing and Fuzzing WebSocket Implementations with IronWASP- Lava Kumar

3) APTs – Inbasundar

4) News bytes – Sameer

Time : 4.30 Pm – 7.00 Pm

Date : 25th January,2014

Registration Link :http://swachalit.null.co.in/events/61-chennai-null-chennai-meet-25-january-2015-null-chennai-monthly-meet

Venue :
ZAPOTA ONLINE SERVICES Pvt Ltd,
No.6, Casa Major Road,
Egmore,
Chennai-600008

Contact : niteshbetala[at]null[dot]co[dot]in, nishanth[at]null[dot]co[dot]in, sukesh[at]null[dot]co[dot]in

Mobile : 9941576747/9940012212/7845794175