Objective
To impart the fundamentals of ISMS to the candidate
Trainer Name
Vinod Kumar Agrasala, Managing Director & Principal Consultant, Wings2i IT Solutions Pvt Ltd.
Speaker Profile
Vinod is a richly experienced and established professional in the field of IT Service Management, based in Bangalore, India. He is a certified 'ITIL® Expert'. He was engaged by numerous global organizations as expert consultant in the areas of Service management, ITIL®, ISO/IEC 20000 and ISO/IEC 27001. Vinod is distinguished in the industry for his training skills as well, having trained more than 1500 professionals at various levels of ITIL® and ISO/IEC 20000. In his overall career spanning around 15 years, Vinod has worked in different capacities in operations to quality management to consultancy and trainings in global organizations like Wipro Technologies, QAI, IBM Global services, Microland, Modi Xerox and GLOPORE IMS. He can be reached at vagrasala@wings2i.com
Duration
1/2 Day
Topics
Fundamentals of ISMS for ISO 27001
Who Should Attend?
Anybody who need to get an idea on ISMS
Objective
This workshop will provide a highly technical and in-depth treatment of Wi-Fi security. The emphasis will be to provide the participants with a deep understanding of the principles behind various attacks and not just a quick how-to guide on publicly available tools. We will start our journey with the very basics by dissecting WLAN packet headers with Wireshark, then graduate to the next level by cracking WEP, WPA/WPA2 and then move on to real life challenges like orchestrating Man-in-the-Middle attacks, creating Wi-Fi Backdoors and solving some live CTF style challenges together!
Speaker Details
Vivek Ramachandran started working on Wi-Fi Security since 2003. He has spoken at conferences such as Blackhat,
Defcon and Toorcon on Wireless Security and is the discoverer of the Caffe Latte attack. He also broke WEP Cloaking, a WEP protection
schema in 2007 publically at Defcon. Vivek is the author of the book "Wireless Penetration Testing using BackTrack 5" due for release
in August 2011. He was one of the programmers of the 802.1x protocol and Port Security in Cisco's 6500 Catalyst series of switches.
He was one of the winners of Microsoft Security Shootout contest held in India among a reported 65,000 participants. He is best known
in the hacker community as the founder of SecurityTube.net where he routinely posts videos on Wi-Fi Security, Assembly Language,
Exploitation Techniques etc. SecurityTube.net gets over 100,000 unique visitors a month. Vivek's work on wireless security has been
quoted in BBC online, InfoWorld, MacWorld, The Register, IT World Canada etc. places. This year he is either speaking or training at
Blackhat, Defcon, 44con, Hacktivity, HITB-ML, Brucon, Derbycon, HashDays, SecurityByte and MIT, Boston.
Duration
4 hrs
Topics
- WLAN Protocol Basics using Wireshark
- Bypassing WLAN Authentication - Shared Key, MAC Filtering, Hidden SSIDs
- Cracking WLAN Encryption - WEP, WPA/WPA2 Personal and Enterprise, Understanding encryption based flaws (WEP,TKIP,CCMP)
- Attacking the WLAN Infrastructure - Rogues Devices, Evil Twins, DoS Attacks, MITM
- Advanced Enterprise Attacks - 802.1x, EAP, LEAP, PEAP, IPSec over WLAN
- Attacking the Wireless Client - Honeypots and Hotspot attacks, Caffe-Latte, Hirte, Ad-Hoc Networks and Viral SSIDs, WiFishing
- Breaking into the Client - Metasploit, SET, Social Engineering
- Enterprise Wi-Fi Worms, Backdoors and Botnets
- Wireshark as a Wireless Forensics Tool
- Programming and Scripting Wireless packet sniffers and Injectors for fun and profit
Pre-requisite
Basics of Wi-Fi. Should at least know how to setup Wi-Fi :)
Pre-requisite
Who should attend?
Hackers, Penetration Testers, Managers who are curious about the challenges in Wi-Fi security and want to see the latest and best hacking tools and techniques for Wi-Fi live!
Objective
Metasploit is one the most popular vulnerability assessment and exploit research frameworks available today. It is a
community driven open source project and hundreds of security researchers contribute their know how to it regularly.
In this workshop, we will take you through an in-depth tutorial on using Metasploit for vulnerability assessment and
exploit research.
Duration
4 hrs
Topics
- Introduction to Exploitation and need for Metasploit
- Metasploit Basics and Framework Architecture and Organization
- Server Side Exploitation
- Client Side Exploitation
- Meterpreter Basics
- Exploring Meterpreter Extensions
- Database Integration and Automated Exploitation
- Post Exploitation Kung-Fu
- Exploring the system
- Privilege escalation
- Log deletion and AV / Firewall bypass
- Token stealing and impersonation
- Backdoors and Rootkits
- Pivoting and Port forwarding
- Railgun and Custom Scripting
- Backdoor an Executable
- Pass the Hash Attack
- Basic Scripting in Ruby
- Writing Metasploit Modules
- Exploit research with Metasploit
- Meterpreter Scripting
- Social Engineering Toolkit (SET) and Metasploit
- Armitage and Metasploit
- Scenario Based Hacking using Metasploit
- Roadmap for further learning
Pre-requisite
Should know what exploit and vulnerabilities are at a basic level at least.
Who should attend?
Hacker and Penetration Testers, and anyone interested in understanding how to use the Metasploit framework to its full glory!
Who Should attend?
Security Professionals, Security/Network monitoring professionals, system administrator, incident handler.
Prerequisite
- Bring Your Own Laptop (with vmplayer)
- Knowledge of TCP/IP stack and Networking
- Basic knowledge of application protocol/attack vectors
- Basic knowledge of Security Solution/Product (Firewall/IPS/Proxy/SIEM)
Objective
This course will address the problems faced by security operations team to identify hacking attempts in there network by looking at various logs and alerts generated by security devices/SIEM. The biggest hurdle of any security professional is to identify the whether an alert generated by a security software/device is really a hack attempt/policy violation or a false positive. As a security professional once needs to be well versed with the different attack scenarios, logging formats and semantics and quick decision making during an attack outbreak. The objective of this course to make the attendees understand how to identify attacks and false positives, the technical details of different security software/devices logs and how to analyse them, understanding ones own network architecture and the relevant attack vectors for their network.
The attendess will get to learn the following during the workshop:
- Understanding what you are protecting?
- Steps performed by an attacker
- Application/Network attack vectors
- Network architectures
- Windows and Linux logging.
- Configuration of security devices.
- Traffic/Packet analysis
- Manual and automated log filtering and analysis (Time filter, Action Filter, IP/Port Filter)
- Firewall/IPS Log analysis
- Application Log analysis
- Log parsing/co-relation
- System state (Load, process) analysis, file intergrity checker.
- SIEM (Security Incident Event Management) Solutions.
- Case studies
Duration
1 Day
Aseem's Profile
Aseem "@" Jakhar is the chief researcher at Payatu Technologies , a startup in information security trainings and consulting and founder of null - The open security community (registered not-for-profit organization, http://null.co.in). He has extensive experience in system programming, security research and consulting. He has worked on various security products and tools. He is also the author of Jugaad, an open source thread injection kit for Linux. He has been a speaker at various security conferences including Defcon, Xcon, Blackhat EU, Clubhack, IBM Security & Privacy Bangalore, Cocon, ISACA Bangalore, Bangalore Cyber secuity summit, National Police Academy Cyber crime seminar Hyderabad. At null he manages the overall operations and null initiatives like Keeda project, nullcon security conference.
Murtuja's profile
Murtuja is Co-Founder of null(Open security community) and Co-Founder, Payatu Technologies Pvt. Ltd. He has worked on IBM-ISS (Internet Security System) project as Senior System Engineer. He has worked on Securegate UTM (Unified Threat Management) product and design and developed various features such as Firewall, IPS, VPN, Application Proxies, and Authentication Modules.
A true open source enthusiast at heart he has expertise in Linux based product development/ customization, security-patching/hardening, penetration testing and integration of open source solutions. He is actively involved in security practices, development, consultancy, VA/PT with prestigious financials organizations and banks. Murtuja has conducted various security trainings for reputed organizations including Cognizant and Wipro.
Speaker Profiles
Gokul C Gopinath
Professional life as an Information security consultant. Provided services for several organizations in both private and government sectors. Has completed several security assignments for his clients and has a keen interest in solving cyber crime issues.
Abhi M Balakrishnan
- Electronics hobbyist turned Hacktivist
- Working as Information Security Consultant to put food on his table and roof over his head
- Performed several security consulting assignments in the area of penetration testing, code reviews, web application assessments, security architecture reviews etc.
Topic Coverage
- Injection
- Cross-Site Scripting (XSS)
- Broken Authentication and Session Management
- Insecure Direct Object References
- Cross-Site Request Forgery (CSRF)
- Security Misconfiguration
- Insecure Cryptographic Storage
- Failure to Restrict URL Access
- Insufficient Transport Layer Protection
- Unvalidated Redirects and Forwards
Pre-requisite
- Basic knowledge of TCP/IP protocols,
- Web Architecture & Web technologies
Tools Used / Covered
- Matriux,
- Mantra,
- OWASP BWA / WebGoat
Trainers profile
Rohit Sharma - Independent computer security researcher, active member of null delhi chapter and social engineering evangelist, currently working as software Engineer at Infogain India Pvt Ltd.Trainers profile
Table of Contents
- Starting from basic shellcode
- To null free shellcode
- Encoders
- Portable shellcode
- Portable nullfree shellcode
- Some techniques to make smaller shellcodes
Duration
1 Day
Pre-requisites
- Definitely knowledge of x86 Assembly , C/C++, some prior debugging knowledge/experience
Training requirements for attendees (should be carried by the attendees)
- Laptop with WinXP installed in vmware/virtualbox
Topic Difficulty Level
Trainers profile
Harsimran Walia - An IIT Delhi alumni, currently working as Research Scientist in McAfee Labs and passionate about computer security.
Table of Contents
- Assembly Refresher
- PE file format important for reversing
- Basics of Win32
- Reversing Basics
- Crackme
- Breaking Software protection
Duration
1 Day
Pre-requisites
- Definitely knowledge of x86 Assembly , C/C++, some prior debugging knowledge/experience
Training requirements for attendees (should be carried by the attendees)
- Laptop with WinXP installed in vmware/virtualbox
Topic Difficulty Level
Trainers profile
Ajit Hatti - is a Security Researcher. Co-founded Null & is employed with Emerson India. Currently working on security of Critical Infrastructures.
Conducted by
Prashant Mahajan, Ajit Hatti, Pardhasaradhi a.k.a babloo
Information Security is a vast subject one of the interesting subject in it is Digital Forensics. In this workshop we will cover the basics of forensics. Workshop will emphasise on use of open source tools which are freely available and part of Matriux Distribution.This workshop will be covered with Imaging a Windows disks in various formats, analyzing the images with different tools to extract evidences,recovering the data from the images and documenting the evidences found with the procedure, concluded with how to Report the artifacts.
By the end of the session user will come to know
- What is Digital Forensics
- Why is it important
- Stages involved in it
- How to conduct a forensics investigation
- Basic techniques of preservation
- acquisition,analysis
- recovery and Documentation
- Hands on with Open source tools which are included in Matriux Krypton.
Pre-requisites
Every participants must have the following
- Laptop with minimum of 2 GB RAM
CD/DVD ROM to Support Booting from live media
Security in the .Net world.
Table of Contents
- DotNet framework Security Features
- security tips for developers
- best practices
- Securing ASP.Net web applications
- Security Development Lifecycle [SDL]
- Threats
It will cover common attacks [cross site,sql etc] and how to handle them too....
Objective
To encurage a culture of including security into each phase of SDLC and ensure that architects, developers and testers undertand reviewing of security before hand.
Trainer Name
K.V. Prashantn and Akash Mahaja.
Duration
6 hours
Topics
- Security requirement gathering:
- case study to show case how security requirements is gathered.
-
- hands on case study for each participant
-
- Security Architecture definition :- taking the participant case study to build a security architecture around it.
- Secure coding Java/ .Net/php :- tips on secure coding in java, .net and PHP
- Security code review:- manually and tool based, show case tools like CAT.net, findbugs, codescan from blueinfy and Armorize code secure. Hands practice for each participant on code secure.
- Security Testing:- manually and tool based, will show tools like paros, webscarab and acunetix and some tricks and tips
Pre-requisite
Anyone with software development/ Quality/ IT knowledge
Tools covered / used
Armorize code secure, Acunetix, Paros, Weg scarab, codescan, etc..
Who should attend?
IT professionals, developers, testing, quality professionals, anyone wants to know what application security is all about
Trainers profile
Mr. Vishnu Tiwari, MVP Microsoft BizTalk Server and Member of Developer Group Advisory Council at Microsoft, is an experienced solution architect and seasoned speaker. He has spoken on various Technical Summits and Organizations. He is working as Account Technology Specialist with one of the leading organization in the country.
Audience
WCF/Web Services Developers and managers, SOAP Testers and managers, SOA, ESB Architects
Prerequisites
WCF Service development/SOAP Principles knowledge
Contents
- SOA, ESB and WCF Basics
- Understanding SOAP and Restful services
- Creating proxies to consume WCF/Web services
- Introduction to Web services and WCF services Security
- Top 10 WCF Services/SOA Application Security Vulnerabilities
- Attacks and Solutions - Fixing Common WCF Services/SOA Application Vulnerabilities
- Secure Coding Principles from Patterns and Practices Security guide-multiple compilations
- Threat Modeling
- SOAP Security Testing
Demo
Takeaways
- Upon completion of the course, participants will be able to:
- Describe the Web/WCF Services Security problem
- Describe the SOA top 10 vulnerabilities
- Describe the WCF services threat classifications
- Apply coding principles from Patterns and Practices – WCF Security Guide that will help secure their SOA based applications i.e. SecurityBindingElement, Detection of replay attacks etc.
- Implement solutions to SQL Injection, Cross-site scripting and several other critical vulnerabilities
- Describe best practices for integrating security in the Software Development Life-Cycle (SDLC)
Duration
1 Day
FREEQUENTLY ASKED QUESTIONS
- What are the pre-conference workshop dates for c0c0n 2011?
- Where will the pre-conference workshop be held?
- How much does it cost to attend?
- Can I register for both workshop and the conference and get some discount?
- How can I register?
- Can I attend all the workshops after registration?
- I have registered, but have not received a confirmation. What should I do?
-
What are the pre-conference workshop dates for c0c0n 2011?
06 Oct 2011 (Thursday)
-
Where will the pre-conference workshop be held?
Cochin, Kerala. However, the venue will be declared on 03 Oct 2011 (Monday).
-
How much does it cost to attend?
The rates for attending the workshops (does not include conference fees) are follows:
- Early Bird Offer (till 26 Sep 2011) Rs. 5279/-
- Regular Rate Rs. 5805/-
- Students Rs. 4226/-
-
Can I register for both workshop and the conference and get some discount?
The rates for combo pack (workshops + conference) are follows:
- Early Bird Offer (till 26 Sep 2011) Rs. 11,595/-
- Regular Rate Rs. 12,647/-
- Students Rs. 7,384/-
-
How can I register?
Registrations can be done through two ways:
- On-line Mode, and
- Off-line mode.
Online mode – Visit http://conference.ayojak.com/event/c0c0n-2011-international-information-security-and-hacking-conference to register online for c0c0n 2011 pre-conference workshop.
Offline mode – Send a DD / Cheque Favoring “Information Security Research Association” or do a money transfer to the following bank account:
Bank - Bank of India
Account Name: Information Security Research Association
Account Number: 850420110000065
Branch: Ernakulam Housing Finance and Personal Banking
IFSC Code: BKID0008504 (used for RTGS and NEFT transactions)
PAN # - AAAA14718G
After registration, if you are not getting a confirmation mail, kindly mail to cocon@informationsecurityday.com or m@matriux.com
-
Can I attend all the workshops after registration?
A single registration is valid for one workshop (workshop code WS1 to WS10). All the workshops will be running parallel on 06 Oct 2011.
-
I have registered, but have not received a confirmation. What should I do?
After registration, if you are not getting a confirmation mail, kindly mail to cocon@informationsecurityday.com or m@matriux.com
For information about the c0c0n 2011 Workshops and Conference including Exhibition, Sponsorship, Registration, discounts and general conference enquiries please contact:
Manu Zacharia
Conference Manager – c0c0n 2011
Phone: (+91) 98470-96355
Email: m@matriux.com
Website: http://www.informationsecurityday.com/c0c0n/