Just wanted to share my experience attending Nullcon, a well-know International Security Conference, happened on Mar 11 to 12th in India’s Las Vega, Goa. Witnessed & impressed by the crowd’s true passion towards InfoSec & their continued community effort to secure the digital life of the world.
The brochure said, the con benefitted 800+ professionals from 150+ companies, and students (Yes, amazing young talents too!!) from all over India and other countries, by the 25+ International Speakers. There were 3-4 tracks running parallel and it was really hard for me to choose which ones to attend. Here’s some quick bytes through my eyes & ears:
The Opening Ceremony Evening – Day Zero
We started early morning by Car and reached the venue on time. Intel 471 Inc sponsored Happy hour welcome beers. San, one of the core team of nullcon, introduced Null community & talked about the communities achievements & statistics. This year Bangalore stole the best chapter award, where Hyderabad was honored with the same last year.
Pre lunch – Day 1
1. Keynote from Jaya Baloo, CISO, KPN Telelcom, Netherlands
Being played such a big position, she was humble and concerned about world’s security. Her talk was about the current crypto fight between Apple and US Govt. She took us into some of the insights of the federal governments needs & she was questioning do they really wanted to break everyone’s phone.
2. Bounty track: A note from Kymberlee & team, Bugcrowd Inc
Bugcrowd is a popular bug bounty platform, where many industry players let the hackers crowd to test, report issues & reward them. Her talk was mainly on how bugcrowd works, recent changes for the betterment of the platform, some of the common mistakes that people in submitting bugs. She also awarded 2 top bug crowd researchers from India.
Then the session was continued by another guy from Bugcrowd, who talked about best practices in bug hunting, security tools. add-ons and shared tips.
Post lunch – Day 1
3. Bounty Track: About VRP, by Security Incidents Response team, Google
This was the best talk on Day 1. The project lead first introduced & talked basics about Google Vulnerability Report Program (VRP) & how it works. Then he explained OWASP Top 10 with respect to security reports submitted through the GVP. One of the interesting facts is Google receives around 150 security reports per week, only 8 – 10% are valid security issues and the team clears each report off in 6 min 11 seconds at an average!!
A typical luxury party in Goa. Yes, lot’s of alcohol & smokes!! But good opportunity for Networking too! I don’t get why hackers “drink like water”!!
Pre lunch – Day 2
4. An abusive relationship with AngularJS by Mario Heiderich
Mario has been playing with AngularJS for a long time. He talked about how he kept escaping the angular sandbox & how Google kept patching them through 1.1.x to 1.2 versions.
5. Making Machines think about security for fun & profit by Rahul Sasi
Rahul is one of known personalties from Bangalore chapter. He talked about his new tool, where he has been trying build an automated intelligent scanner to test like human. All about Python, Selenium, web driver, AI (Article Intelligence) & automations. That was an another awesome idea & talk.
Post Lunch – Day 2
6. The age of Cyber attacks – Anudeep, Ajitesh, Symantec
The group of Symantec employees talked about the worst cyber attacks, the motto behind them, how was constructed & executed. That included attacks like Project Aurora, Operation Shady Rat, Target & Sony’s incident.
7. Privacy Leaks on 4G LTE Networks by Altaf Shaik
Altaf presented his white paper created for MS Studies. He talked how exact 4G device id & exact geographical location can be tracked with the help of USRP receiver, OpenLTE & other programs.
8. Automated Mobile Application Security with MobSF by Ajin Abraham
Another celebrity from Null Bangalore, whose work on open source project – Xenotix XSS Framework was an amazing hit. He talked about & demo’d his latest project MobSF, Open source tool for mobile app sec.
There were multiple stalls at the venue. The ones impressed me are:
- IRONWASP – Commercial version launch of the automated web security scanner.
- Checkmarx – The popular static code scanner tool. They were promoting their new online product Game of Hacks – an online hacking game app.
- Synack – Bug bounty platform
- Bugsbounty.io – Bug bounty platform
- CISCO Security
- Adobe – Careers
One interesting information I heard is, Flipkart is building & wants to launch IaaS Cloud Service. Yes, you read that right. Flipkart and IaaS!!!
Sorry for the so big write-up but it is because of the many learnings!! Attached some of the pics too. Please do share your thoughts.