Category: Humla

null Chennai Humla on 25 April 2015 Android Mobile Application Security

Hey All,

We have scheduled our Humla Meet on 25th April. Please do register for the (Humla)Meet.

Note : This Meet is Invite Only basis. Only selected registered user will be mailed with more details. You will receive mail before 23th April Midnight.

Here is the Agenda :-

• Introduction to Android
• Android Architecture
• Android Security Architecture
• Android Permission model
• Application Sandboxing
• Setting up Android Emulator
• Setting up a Mobile Pentest Environment
• Bypassing Android Permissions
· Application Analysis
· Reverse Engineering
· Introduction to Drozer
· Using Drozer to find and exploit vulnerabilities
· Traffic Interception (Active and Passive) of Android Applications
· OWASP Top 10 for Android

Setting up the Test Environment:

Disclaimer: Training shall be done on Virtual image of device.

List of Software & Hardware Requirements

1 Any operating System

2 Android (Rooted) >= 2.3 (* Android device is optional)

3 Minimum 2 GB RAM and 200 GB free Hard Disk space

4 Administrative Privileges access over the machine

5 External USB Access Allowed

6 Virtual Box

7 Genymotion

8 Android Tamer Virtual box / Appie Box (Provided at session)

Campion Name : Abhinav Sejpal

Time : 09.00 – 05.00 pm

Venue : Details will be sent to selected user via E-Mail.

Registration Link :http://goo.gl/forms/DCQgFTHM1F

Contact No :9941576747/9940012212/9444191918

E-Mail Id : niteshbetala[at]null[dot]co[dot]in, nishanth[at]null[dot]co[dot]in, 1nvalid[at]null[dot]co[dot]in

null Chennai Humla @SETS,Chennai on 9th Nov

Null Chennai Presnts Humla on Metasploit.The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.

World’s most used penetration testing software. Put your network’s defenses to the test.A collaboration of the open source community and Rapid7. Our penetration testing software, Metasploit, helps verify vulnerabilities and manage security assessments.

Requirements:
1.Oracle Virtual/Vmware
2.Windows 7
3.Kali Linux
4.Metasploitable 2

By Arjun Basnet

Registration Details :

This form will help us to know your skill level for attending this hands-on training on Metasploit. Please keep in mind the following:

https://docs.google.com/forms/d/1az4qC5Jgh-c7KvB2zFburt7bUWgF1sj7TRcaG0Lr3Is/viewform?edit_requested=true

&

http://swachalit.null.co.in/events/42-chennai-null-chennai-humla-09-november-2014-metasploit-for-pentester

  1. The number of slots is limited to 20 and successfully filling this form doesn’t guarantee a seat.
  2. This is a completely hands-on session. Participants have to get their own laptops.
  3. Just Google basics about what is Metasploit ?
  4. People selected will receive mail to attend Humla Event.
  5. People Not selected will not receive any mail “Please Try Again For Next Humla”.
  6. Participants please make your own arrangements of your Lunch & Snacks .

Note:
Selection will be done only based on the Google Docs filled …
Time : 10.00am to 5.00 pm

 

Venue :SETS,Mgr Knowledge City,CIT Campus, Taramani, MGR Film City Rd, Tharamani, Chennai, Tamil Nadu 600113
044 6663 2510

Contact Information :

Contact Name Nitesh , Sukesh
Contact Mobile 09941576747,07845794175
Contact Email niteshbetala [at] null [dot] co [dot] in, sukesh [at] null [dot] co [dot] in

 

null Delhi Humla on Malware Techniques Demystified |28th September, 2014

Humla Title – Malware Techniques Demystified

Humla Champion – Adhokshaj Mishra

When – 28th September, 2014 (Sunday) | 10:00 AM IST – 06:00 PM IST (including breaks)

Registration Link – http://swachalit.null.co.in/events/29-delhi-null-delhi-humla-28-september-2014-malware-techniques-demystified/event_registrations/new
Registration Form – http://bit.ly/WYhajI

Note – This is a free but an invite only event. If you are selected you will receive venue and other information via e-mail. (Laptop is mandatory for participation)

About Humla Champion – Adhokshaj Mishra is a hobbyist programmer with some interest in infosec domain. He mostly codes in C, C++, C#, VB .NET and assembly language. His primary domains of interest are cryptography, virology, cryptovirology, kleptography and mutation. He has worked as cyber crime investigator, and trainer of cyber crime investigation for Special Task Force, UP Police. He has also taught hacking (specially malware stuff) in various indian and overseas locations. He can be reached at Facebook (AdhokshajMishra), and Twitter (@adhokshajmishra). He blogs at http://adhokshajmishraonline.in

Details – The workshop is basically about various tactics that are used by malware authors, and how to detect them. All the topics will contain a small proof of concept to reinforce the theory. The following topics will be covered:

1) Monitoring the keyboard and mouse
2) Intro to DLLs
3) DLL Injection Techniques
4) Native Code Injection
5) Anti-Debugging Techniques
6) Anti-Disassembly Techniques
7) Hooking function calls (pre-hooking, post hooking, replacement,parameter poisoning etc)

Prerequisites

Knowledge: Fundamentals of C and C++, structures, classes, pointers, data structures, function pointers
Hardware: Any dual core machine with 4 GB RAM, minimum 20 GB free space.
Software: Windows 7 x64 (some techniques won’t work on 32 bit OS), Visual Studio 2012, Debugging Tools for Windows, Driver Dev Kit for Windows 8, Windows 7 SDK

Note: If you are using Windows 8/8.1, make sure you install DDK and SDK for the same version. Windows 8 DDK is installed on Windows 7 as it integrates WinDBG with Visual Studio. If you are happy with WinDBG as standalone tool, you may use that.

If you prefer some other C/C++ toolchain, you may use that as long as you can tweak the instructions as per your installation.

Useful Links

Visual Studio: http://www.visualstudio.com (You may use Express edition which is available free of cost)
Debugging Tools for Windows: http://msdn.microsoft.com/en-in/library/windows/hardware/ff551063(v=vs.85).aspx
Driver Dev Kit: Same as above
Windows 7 SDK: Same as above

Please reach out to the chapter leaders for any queries

null Delhi June monthly meet – 28/June/2014 – Adobe (Noida) @ 04:00 PM IST

The null Delhi chapter monthly meet will be held on 28th June, 2014 (Saturday) @ 04:00 PM IST. We are pleased to host this month’s meet at a new venue – Adobe Systems (Noida)

Agenda:

04:00 PM – 04:20 PM Introductions and News Bytes

04:20 PM – 05:20 PMSecure Software Development in Agile

Abstract: Agile is an early feedback system. Cycles/sprints (in Scrum) are very short, usually no more than two to four weeks, and for this reason software development teams find it difficult (if not impossible) to comply with a heavy list of security assurance tasks. This problem was addressed by a SAFECode cross-org. practice paper which was led by Vishal. Presenter will be discussing security flaws and secure development practices in an actionable format for Agile software development.

Speaker: Vishal Asthana (in.linkedin.com/in/vishalasthana)

05:20 PM – 05:40 PMTea Break & Networking

05:40 PM – 06:00 PM Reverse Engineering CTF Walkthrough Session

Brief: Adwiteeya will be discussing the solutions to the Reverse Engineering CTF session held during our last month’s meet.

06:00 PM – 06:30 PMStop Pulling the Plug: Memory Forensics

Abstract: The presenter will be talking about Incident Response concepts and will be demonstrating a live case of memory forensics

Speaker: Kamal Rathaur (linkedin.com/pub/kamal-rathaur/19/a6/9a7)

06:30 PM – 06:45 PMFeedback and Topic Discussion for next month

Registration & Fees – All null meets are FREE for anyone to attend. Just come with an open mind and willingness to share and learn. Please fill the form on the below link to register for the meet.

Registration linkhttp://goo.gl/D4pgwO

Date and Time – 28th June, 2014 (Saturday) @ 04:00 PM (Please be on time)

Venue – Adobe Systems
I-1A, City Center, Sector -25A
Noida – 201301
Nearest metro station: Noida Sector-18
Google Maps: http://bit.ly/Tri3Qy

For any queries, please contact the chapter leaders:

Vishal – vast_at_null_dot_co_in
Sandeep – san_at_null_dot_co_in
Vaibhav – reverser_at_null_dot_co_in

[null Bangalore Humla] | Metasploit for Beginners | 28th June 2014

Hi All,

Announcing null Humla session “Metasploit for Beginners”. Like all null Bangalore Humla sessions, this is free but registration is compulsory. A group of participants will be selected based on the registrations since Humla is invite only and with prior registration and approval of the Humla champion. Here are the details:

Humla Title: Metasploit for Beginners

Humla Champion: Ajay Srivastava

When: 28th June 2014, 10 AM – 6 PM

Registration Link: http://swachalit.null.co.in/events/11-metasploit-for-beginners/event_registrations/new

Humla Description: This will be a completely hands on session on Metasploit for Beginners. The following topics will be covered:

•Introduction of Metasploit
•Basics of metasploit
•Information Gathering
•Exploitation
•Meterpreter introduction
•Post exploitation using meterpreter
•Metasploit utilities
•Meterpreter scripts
•Client-side exploitation
•Auxiliary module

Note: Please make sure all the pre-requisites are up and running before the session starts. If you are facing any issues with setup, please try to come to the venue 30 mins before the session starts and get them fixed.

Pre-requisites:
•Working laptop with minimum 4 GB RAM.

•Virtualbox or Vmware player installed on your machine
Can be downloaded from Link: https://www.virtualbox.org/wiki/Downloads
Can be downloaded from Link: https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmware_player/6_0

•Kali Linux vm image
Can be downloaded from Link: http://www.offensive-security.com/kali-linux-vmware-arm-image-download/

•Metsploitable 2
Can be downloaded from Link: http://sourceforge.net/projects/metasploitable/files/Metasploitable2/
•Windows XP-SP2 installed on virtualbox/vmware player.
•Make sure you are have proper network connection and are able to ping between all three machines ( Kali linux , Metasploitable & Windows XP-SP2 )

Registrations are not transferable. If you have been selected but are unable to attend, please inform the organizers. Your seat would be allotted to someone from the waiting list. Walk-in participants will not be allowed to attend this session.

Short Bio:
Ajay Srivastava – http://swachalit.null.co.in/profile/64-ajay-srivastava

[null Bangalore Humla] | Android App Pen-testing for Beginners | 21st June 2014

Hi All,
 
Announcing null Humla session “Android App Pen-testing for Beginners”. Like all null Bangalore Humla sessions, this is free but registration is compulsory. A group of participants will be selected based on the registrations since Humla is invite only and with prior registration and approval of the Humla champion. Here are the details:
 
Humla Title: Android App Pen-testing for Beginners
 
Humla Champion: Asish Agarwalla & Rupam Bhattacharya
 
When: 21st June 2014, 10 AM – 6 PM
 
Registration Link: http://swachalit.null.co.in/events/10-android-app-pen-testing-for-beginners/event_registrations/new
 
Humla Description: This will be a completely hands on session on Android App Pen-testing for Beginners. The following topics will be covered:
  • AppUse setup
  • Creating AVD
  • Running Emulator
  • Setting up Proxy, installing certificate and intercept browser traffic from Android
  • Installing sample application using ADB
  • Dynamic Testing
  • Static Analysis
Note: Please make sure all the pre-requisites are up and running before the session starts. If you are facing any issues with setup, please try to come to the venue 30 mins before the session starts and get them fixed.
 
Pre-requisites:
Registrations are not transferable. If you have been selected but are unable to attend, please inform the organizers. Your seat would be allotted to someone from the waiting list. Walk-in participants will not be allowed to attend this session.
 
Short Bio:
 
Asish Agarwalla: He is currently working at one of the Big 4 firms and has 4+ years of experience in Information Security consulting with focused expertise on Web Application Security, Infrastructure security, Penetration Testing, Vulnerability Assessment, Wireless Security and Mobile Application Pen testing.
 
Rupam Bhattacharya: He is currently working at one of the Big 4 firms and has 4+ years of experience in Web Application Security and Pentesting. He is one of the null Bangalore chapter leads.

Null Humla – How to do well/start Bug Bounty Hunting

This will be a humla session on bug bounty. We shall have a hands on session on bug hunting. Also, we would be providing few tips and techniques by which a security analyst can be a better bug hunter. The speaker would share few of his POC’s and experiences on the various bug disclosed.

Topic:
1. Introduction to various Bug Bounty programs
2. Finding the right domain to start hunting
3. Information Gathering
4. Discovering vulnerabilities
5. Multitasking with various free vulnerability scanners
6. Generating and submitting POCs without violating bug bounty rules
7. Special discussion on how to submit potential RCEs based on various CVEs.
8. Case studies or POCs

Pre-requisite:

  1. Back Track/ Samurai WTF Installed laptop ( VMs will be fine as well )
  2. OWASP Top -10 knowledge
  3. Basic WAPT terminologies
  4. And should be able to differentiate between 0 and o

Humla Champion Bio:

Abhijeth Dugginapeddi:
Abhijeth is a 23 year old security consultant working in Tata Consultancy Services. His interest in this domain started when he was 14 year old, the innate curiosity of his, made him explore many things and share them with his peers. He has found vulnerabilities in 1400 web applications, the top ones being Google, Yahoo, Microsoft, Amazon, at&t, Juniper, HDFC, ICICI ,ETSY. During his B.tech, along with handling freelance projects, he has also trained around 10,000 students by conducting various workshops in Andhra Pradesh.

Interested members can register here: https://bugbounty.eventbrite.com/  before 24th May 2014 12:00PM

[null Pune Humla] Reverse Engineering on 17-May-2014

Dear All,

We the leads of null Pune are pleased to announce that we would be conducting a ‘humla’ session on Reverse Engineering on 17th May 2014 from 10am – 2:00pm.

Kindly register here : http://goo.gl/mXF7rl

Registrations for these workshops are free but it is an invite-only session. All the selected registrants would be notified regarding their selection and venue details by Thursday, 15th May 2014 (23:00hrs).

Humla Session : Reverse Engineeing

The following things will be covered.

1. Basic reversing concept revised

2. Tools introduction

3. Cracking “crackmes” with different techniques

4. Conclusion

What to Expect ?? : Basic reversing technique on windows 32bit platform

Prerequisites: Some knowledge of x86 assembly and C programming

Humla Champion : Krish Patil.

Day & Date : Saturday, 17th May 2014 Time : 10:00 am to 2:00 pm

Kindly register here : http://goo.gl/mXF7rl

[Please note : This is an invite-only session. We will send an invite to all the selected registrants ]

All those who are interested are expected to bring their own laptop (Windows OS) with pre-installed masm32 assembler. Thanks

[null Bangalore Humla] | Wireless Hacking with Kali | 5th April 2014

Hi All,

Announcing null Humla session “Wireless Hacking with Kali”. Like all null Bangalore Humla sessions, this is free but registration is compulsory. A group of participants will be selected based on the registrations since Humla is invite only and with prior registration and approval of the Humla champion. Here are the details:

Humla Title: Wireless Hacking with Kali
Humla Champion: Asish Agarwalla
When: 5th April 2014, 10 AM – 6 PM
Registration: http://goo.gl/cTh3KQ
Registrations Close: 2nd April 4:00 PM
Humla Description: This will be a completely hands on session on Wireless Hacking using the Kali operating system. The following topics will be covered:

1. Detect Hidden SSID
2. Bypass MAC filtering
3. WEP Cracking
4. WPA/WPA2 Cracking
5. WPA/WPA2 Cracking using PMK
6. Decrypt WEP packets

Note: This session has some hardware level pre-requisites. We will not be supplying spare hardware during the session.

Pre-requisites:
1. Laptop with wireless card
2. Laptop should be able to live boot into Kali – This is required. We will be booting our laptops into Kali linux and doing the entire humla.
3. A bootable USB with Kali. This has to be created and brought to the venue.
Kali 32 bit ISO (http://cdimage.kali.org/kali-latest/i386/kali-linux-1.0.6-i386.iso)
Steps to make a bootable Kali USB (http://docs.kali.org/installation/kali-linux-live-usb-install
4. The laptop should be able to live boot into Kali, and from within Kali, you should be able to access the Internet or your local network. This has to be verified before you come to the session.

Registrations are not transferable. If you have been selected but are unable to attend, please inform the organizers. Your seat would be allotted to someone from the waiting list. Walk-in participants will not be allowed to attend this session.

Short Bio:
Asish Agarwalla: He is currently working at one of the Big 4 firms and has 4+ years of experience in Information Security consulting with focused expertise on Web Application Security, Infrastructure security, Penetration Testing, Vulnerability Assessment, Wireless Security and Mobile Application Pen testing.

[null Bangalore Humla] | Memory Forensics with Volatility | 15th March 2014

Hi All,

Announcing null Humla session “Memory Forensics with Volatility”. Like all Bangalore Humla sessions, this is free but registration is compulsory. A group of participants will be selected based on the registrations since Humla is invite only and with prior registration and approval of the Humla champion. Here are the details:

Humla Title: Memory Forensics with Volatility
Humla Champion: Rajesh A
When: 15th March 2014, 10 AM – 6 PM
Registration: http://goo.gl/Y4D918
Registrations Close: 11th March 2014 11:55 PM
Humla Description: This will be a completely hands on session on analyzing memory dumps using Volatility and finding interesting stuff. The following topics will be covered:

1. Introduction to memory forensics
2. A few ways to collect memory dumps
3. What is volatility
4. What can be achieved with Volatility
5. Getting familiar with Volatility options
6. Memory Profiler
7. Windows Registry basics and reading it from memory dumps
8. Diving through options – for getting required information for analysis/action.

Pre-requisites:
1. Laptop with WiFi/Ethernet
2. Windows/Linux/OSX/Other with Volatility 2.3.1 (https://code.google.com/p/volatility/)
3. Atleast 2 GB RAM
4. Atleast 4 GB of free hard disk space
5. diStorm (https://code.google.com/p/distorm/)

Short Bio:
Rajesh A: Rajesh has over 10 years experience in Information Technology and is focusing on information security from last 8 years. His IT experience has been mostly in the realm of Managed Services, Penetration testing and Vulnerability assessments. From last 3 years he is serving IBM India for global delivery services. His hobbies include cycling, touring on bullet, watching movies, etc.