September 27-28, 2013
Trivandrum, India

 International Cyber Security and Policing Conference

ARM Android Xploitation Primer

Smart-phones, tablets and portable gadgets have become a must-have for everyone for personal as well as official use. As people have started utilizing these devices to frequently access the Internet, read important documents, carry out financial transactions and so on and so forth, the bad guys have realized the shift and have started to focus on exploiting these platforms for their gains. There has been a lot of advancement in mobile malware and exploitation research.

These devices are computers running various operating systems on ARM processors with hardware for telephony, wifi etc.

ARM Android Xploitation Primer takes up one of the finest operating system used for these devices I.e. Android as the ARM based platform for the training and takes a deep dive into ARM assembly, Android Native development components, buffer overflows and shellcoding. The training introduces the attendees to the ARM Android platform including the intrinsic technical details and security issues using a balanced proportion of theory and extensive hands-on and exercises. It provides a base for the attendees to develop security research expertise on the ARM based platforms beyond the conventional Android application security testing skills.

Course Content
  • Introduction to Android
    • What is Android?
    • The architecture
    • Getting the Android source
    • Setting up the environment
  • Android Native Dev primer
    • ADB
    • NDK
    • Compiling C code
    • Assembly code
    • Execution
    • Debugging
  • Android ARM Assembly primer
    • ARM overview
    • Processor Modes
    • Registers
    • Instruction set
    • Stack implementation
    • System call convention
    • Procedure call convention
    • Exercises
  • ARM Shellcoding Primer
    • Introduction
    • System interaction
    • Relative addressing
    • Four byte Hell!
    • Null byte Hell!
    • ARM THUMB and the finger
    • Exercises
  • Indroid - Code Injection
    • Introduction
    • Borrowing from Windows
    • Linux Ptrace
    • Library Injection
    • Indroid
    • Memory Allocation and Execution
    • Threadification
    • Payload
    • The API
    • Putting it all together i.e. DIY injection
  • ARM buffer overflow primer
    • Buffer overflow 101
    • The ARM/Linux stack
    • Stack overflow
    • Controlling the flow of execution
    • Ret2Libc
    • Exercises

Speaker Details

Aseem Jakhar
is the Director, research at Payatu Technologies Pvt Ltd a boutique security testing company. He has extensive experience in system programming, security research, consulting and managing security software development projects. He has worked on various security software including IBM ISS Proventia UTM appliance, Mirapoint messaging/security appliance, anti-spam engine, anti-virus software, multicast packet reflector, Transparent HTTPS proxy with captive portal, bayesian spam filter to name a few. He is an active speaker at security and open source conferences; some of the conferences he has spoken at include AusCERT, Defcon,, Blackhat, Xcon, Cyber security summit, Cocon, OSI Days, Clubhack, Gnunify. His research includes Linux remote thread injection, automated web application detection and dynamic web filter. He is the author of open source Linux thread injection kit - Jugaad and Indroid which demonstrate a stealthy malware infection technique. He is well known in the hacking and security community as the founder of null - The open security community, registered not-for-profit organization , the largest security community in India and the founder of nullcon security conference

1 day (8 hrs)

Participants Requirements
  • Bring your own laptop
  • 15+ GB free hard disk space
  • 2+ GB RAM
  • VirtualBox installed on the system

  • Basic Linux knowledge
  • Programming, assembly knowledge will be a plus although not specifically required
  • Passion to learn new security stuff

Who should attend?
  • Information security professionals
  • Security researchers and penetration testers
  • Anyone with interest in Android security
  • Android developers/QA
What to Expect
  • Interactive hands-on training session
  • Code analysis, trial and errors
  • Getting familiar with the Android platform
What not to Expect
Becoming an ARM or Android hacker overnight. Use the knowledge gained and research further to master the platform. This training acts as a base to quickly kick start your research into ARM/Android security.

Network Forensics: Practical Packet Analysis for Suspicious Network Traffic

Course Description
The knowledge of computer and network forensics has become essential in securing today's network-centric computing environment. This workshop is developed to provide an introduction to the exciting and growing field of digital investigations and network forensics.

Upon completing this course, the participants are expected to:

  • Gain a set of investigative techniques focused on the use of vendor-neutral, open source tools, Develop the skills to capture suspicious data,
  • Discern unusual patterns hidden within seemingly normal network traffic
  • Understand the basics of computer and network forensics
  • Get well-trained as next-generation computer crime investigators and
  • Get prepared for active research at the forefront of these areas.

Throughout the course, real-world examples in conjunction with numerous hands-on exercises will provide practical forensics analysis skills.

Course Content
  • Introduction to Network Forensic
  • Setting up The Environment/Testing Lab
  • Basic Protocol Analysis
  • Forensic Analysis of Network Attacks
  • Forensic Analysis of Web Attacks
  • Forensic Analysis of Malwares
  • Data extraction from packets
  • Network Forensic Using Xplico

Speaker Details

Tamaghna Basu, OSCP, GCIH, RHCE, CEH, ECSA
is a security researcher at heart and has been his main areas of research include Web app security and network pen-testing, exploit development, incident handling and cyber forensic. Being a software developer earlier, he worked in java, .net, ruby etc. and various domains like finance, insurance, gaming etc. He was the winner of NULLCON 2010's hacking challenge.

He is a SANS certified trainer/mentor for the course – “Sec 504: Hacker Techniques, Exploits and Incident Handling”. He also presented in other security conferences like NULLCON, C0C0N, OWASP, ISACA etc. Being a core member of NULL security community, he facilitates Chennai/Bangalore NULL Chapter, a frequent speaker of NULL and OWASP meets, conducted multiple hacking workshops in NULL HUMLA, Bangalore. He is an active member of security communities like in-honeynet, NAISG, DSCI, Clubhack etc. He also contributed to security magazines like Clubhack and ISACA journal. He has achieved various other certifications like Cyber Crime Investigation, Diploma in Cyber Law etc.



1 day (8 hrs)

Participants Requirements
You are required to bring your own laptop

Familiarity with TCP/IP networking and basic network infrastructure devices such as switches, routers, etc.

OR Basic Cyber Security Course

Who should attend
This course is designed for law enforcement, corporate, government and Military.

This workshop is essential to information security, risk management, loss prevention, corporate security and law enforcement personnel who encounter digital evidence "on the wire" while conducting an investigation e.g. Network engineers, network security professionals, who possess basic- to intermediate-level general security and networking knowledge.

Personnel who have working knowledge of host-based forensics analysis and want to gain expertise in the end-to-end digital forensics process can attend this training.

What you will learn
  • Principles of network forensics analysis and how to apply them
  • Configure various open source tools for network forensics analysis
  • Utilize tools to recognize traffic patterns associated with suspicious network behavior
  • Reconstruct suspicious activities such as e-mails, file transfers, or web browsing for detailed analysis and evidentiary purposes
  • Recognize potential network security infrastructure misconfigurations

Follow on course
Advance Network Forensic

  • Training material with numerous reference Wireshark trace files
  • DVD of networking and forensics tools
  • Library of network forensics analysis reference documents
  • Investigation Cheat sheets

ISO/IEC 27001 Certification - How to get the job done (from scratch).

How to build, operate, monitor and improve a fully compliant ISO/IEC 27001 security program in pretty much any type of organization. The training will focus on real-life experiences, simple tools, tricks, shortcuts and do and don'ts.

Is expected that by the end of this training, you will have the required knowledge in order to develop a ISO/IEC 27001 compliant program at your own organization (or at least have a very clear view on what is required to get the job done).

The workshop takes many basic components from the official ISO/IEC Lead Auditor / Implementer Training provided by organizations such as BSI, Veritas, Etc.

Course Content
  • ISO Introduction, Why it matters.
  • Certification Process & Dealing with Auditors
  • Scope, Program Definition
  • Asset & Risk Management
  • Statement Of Applicability
  • BCM
  • Program Monitoring & Improvements
  • Internal Audits
  • ISO/IEC 27002 - Security Controls

Speaker Details

Esteban Ribicic
Argentine born, Esteban Ribicic, has been working on Security for over a decade. With a strong technical background and a clear specialization on Security Governance Esteban has helped many organizations in building and improving their Security Programs. He has a strong focus on getting the job done, keeping it as simple as possible without compromising effectiveness and efficiency. Esteban has an engineering background and holds several Security and Service Management certifications.
Esteban leads, an open-source IT Governance, Risk and Compliance tool.

1 day (8 hrs)

Participants Requirements
  • Patience
  • Good listening skills!

  • General Information Security Knowledge
  • Some technical background will greatly simplify the understanding of some of the topics discussed on the training.

Who should attend?
  • Anyone interested on Security Governance, Management, Leadership, ISO Standards and Auditing.
  • Anyone involved, one way or another, into Security Compliance (SOX, ISO/IEC 27001, Etc.)

Deep Dive Android.

Android needs no introduction; it’s one of the fastest growing Smartphone / Tablet OS. Future plans to just include telecommunication equipment but also entertainment equipment like TV, Music Players and other house hold items. When the World is moving towards Android subsequently there is a rise in threat's and potential risk's in the same. This Workshop is geared towards Security professionals who want to remain on the edge of the fast paced technology and possess in-depth understanding of Android. This workshop will not only focus on Application Pen Testing but will also be looking at the overall OS as a platform and potential pitfalls around it. Besides just dissecting Android to analyse it we will also be looking at leveraging android platform and its mobility to perform conventional penetration testing tasks. The workshop will be conducted with live applications / targets (test authorized) as well as self-developed Demo in order to quickly understand the targets.

Course Content
  • Android Architecture
    • Operating System Overview
    • File system Overview
    • Security Model
  • Developer Overview
    • Application Components
    • Application Structure
    • The SDK and Android Tools
    • Developing a basic application
  • Intro to Pen Testing
    • Introduction to Android Tamer
    • Setting up the environment
    • Black Box PT
    • Reverse Engineering
    • Rooting basics
    • Understanding Pentesting Frameworks
      • Mercury
      • Smartphone Pentest Framework
      • Android Framework for Exploitation.
  • Using android for Pentest
    • Setting up the environment
    • Various tool usage
    • Writing custom tool in android

Speaker Details

Ankur works for a MNC and has a area of interest realted to Web Application Security and Mobile Security. He has been speaker at various conferences like Nullcon, C0C0N for different years where he has presented on topics like PDF exploits, Android Security. Ankur is an active member on Null/OWASP Bangalore Chapter.
Anant Shrivastava works as a Consultant Analyst with 7Safe a part of PA consulting Group. He holds a GWAPT, CEH, CSTP and RHCE. He has been speaker at various conferences like Nullcon, c0c0n, Clubhack, his talks are focused on android. He is the creator of Android Tamer – VM for android security professionals. Active member of Null, Garage4Hackers. His expertise remains in Linux, Web Applications (Dev and security testing) and Mobile devices (OS and Application) Security.

1 day (8 hrs)

Participants Requirements
Bring in your own Laptop and if an android device is available. (otherwise simulator will also work)

Anyone Interested to Learn and Deep dive in Android.

Who should attend?
Mobile Security Enthusiast, Web Application Penetration Tester, Android Enthusiast, IT professionals, developers, testing, quality professionals and anyone who wants to get their hands dirty in Android.

Home   |    Venue  |    Speakers  |   Agenda  |   Workshops  |   Contact

© Information Security Day. All Rights Reserved.