Agenda -c0c0n @16October 4-7, 2023
Grand Hyatt, Kochi, India
Day 4 - ( 07 Oct, 2023 )
Management, GRC, Policy, Strategy, Legal
Technology | Innovation | Research
Activity Villages and Capture the Flag Competitions
Arun Kumar Sinha IPS
National Technical Research Organisation (NTRO)
Putting a leash on AI
Sr. Principal Product Security
Aditya Vasekar is a Principal Product Security Engineer working with Microsoft with a 10+ years of experience in security. He mostly works on architecture reviews, threat modeling for the cloud hosted products.
Guardians of the Galactic Gateways: Securing Space Systems
Societe Generale Global Solutions
I am a Penetration Tester and Application Security Engineer with over 11 years of experience in the field of cybersecurity. I have a strong passion for space and avionics, and my work has allowed me to combine these interests and specialize in space security.
As a Penetration Tester, I am constantly looking for vulnerabilities in software and systems that could be exploited by malicious actors. My knowledge and experience in avionics have been particularly valuable in securing space vehicles, satellites, and other critical components used in space exploration.
I take pride in my work, and I am committed to ensuring the safety and security of space missions by identifying and mitigating potential threats to critical space infrastructure. My expertise in space security has become increasingly important in an evolving threat landscape, where the need for robust cybersecurity measures is critical.
Overall, I am thrilled to bring my unique perspective and expertise to the field of space security, and I am passionate about contributing to the advancement of space technology.
Evasion Tactics of SideCopy & APT36: Persistently targeting Indian Defense Orgs
Sathwik Ram Prakki
Security Researcher II
Sathwik Ram Prakki is working as a Security Researcher in Security Labs at Quick Heal. His focus areas are Threat Intelligence, Threat Hunting, and writing detections. He has a background in Offensive Security & Windows Internals and is keen on exploring new detection techniques through Reverse Engineering and Malware Research. He was a speaker at the AVAR 2022 conference presenting on 'Indian Power Sector targeted with latest LockBit 3.0 variant'.
His previous experience at C-DAC under the Ministry of Electronics & IT gave a jumpstart in his cybersecurity career. He graduated from Osmania University in 2019 with a degree in Electronics & Communication and has also completed his Post Graduate Diploma in Embedded Systems & Design at C-DAC in 2020.
The DPDPA Effect: Jubilation, Twinge and Reticence that followed
The Digital Personal Data Protection Act got enacted on 11th August 2023 after more than a decade of efforts to adopt a comprehensive privacy/ data protection regime for India. The bill covers substantive requirement of a horizontal framework with specific rules and timelines for enforcement waiting to be notified. The text underwent significant updates since the first draft, with addition, eliminiation, reversal and upholding of fundamentals and some key provisions. What does the Bill do to India's digital economy? How does it impact our lives? Does it provide a balance between theory and pragmatism? Will Privacy community thrive? Are organizations ready to demonstrate compliance? This and more around the subject will be covered in the session.
The Perspective & Grade Ace
Rahul is founder – The PerspectiveTM & Grade AceTM with more than fourteen years experience working in Technology, Public Policy, Cyber Security & Privacy space, engaging with a range of stakeholder locally and globally to address the challenges in the evolving cyber ecosystem & value add as a Trusted Advisor. He recently worked as Cyber Security Liaison – Partner in International Business, Hague Security Delta, Netherlands in India & as Country Leader- India for International Association of Privacy Professionals (IAPP). Rahul also worked as ‘Senior non key Expert’ on 'International Digital Cooperation-Enhanced Data Protection and Data Flows' project with Directorate – General for Justice and Consumers (DG JUST) European Commission.
Rahul is member of Working Group (WG) on “Anonymization of Data" set forth by the Ministry of Electronics and Information Technology (MeitY), Government of India and member of Bureau of Indian Standards (BIS) WG that developed Indian Standard on Data Privacy (IS 17428). In his past role, Rahul has worked with Data Security Council of India (DSCI) anchored its policy, privacy, standards, government and international relations functions. Rahul undertakes various sessions for corporates and govt agencies such as iCISA (CAG of India), NLU and NLIU, Sardar Vallabhbhai Patel National Police Academy, CBI Academy on Cyber Security, Data Protection, Cyber Laws, Internet Governance etc. He has authored various articles and talks frequently on the subject.
Previously, he worked as a senior security analyst with HCL Technologies and as a telecom engineer with Nokia Siemens Network. He holds Engineering degree in Electronics and Communication from Indraprastha University in New Delhi.
Rahul has been fellow:
a) International Visitor Leadership Program (IVLP)- Dept. of State, US Govt, 2018
b) Global Governance Futures - Data Governance (GGF 2027) – Global Public Policy Institute (GPPi), Berlin, Germany, 2017
c) Internet Corporation for Assigned Names and Numbers (ICANN) – 2013 and 2014
Trust Resiliency - A Lesson Learned from Russia Ukraine War
Founder, Director - Pure ID
Ajit Hatti is a serial inventor and innovator and founder of PureID. He has been developing enterprise class security products over a decade and a half. Ajit regularly presents his research & tools at conferences like Black Hat, COCON & DEF CON. He is also the co-founder of Null - Open Security Community & is the founder of Blockchain Village which he organizes at DEF CON.
[PANEL DISCUSSION] ELITE CISO
Global Startup Expansion Via Digital Asset Building
Chinese APT against Government officials using G7 summit lure
Senior Manager, WatchTower Threat Hunting
Experienced Principal Threat Intel Analyst with a demonstrated history of Threat group hunting , malware reversing, yara, Anti virus signature creation , Threat report writing for customers etc. 60 plus proactive hunting and reporting of MENA origin threat attacks and PRC origin attacks ahead of competitors. Sound knowledge on leveraging and pivoting through internal telemetry data.
Cryptocurrencies and challenges to Law Enforcement Agencies
With more than 9250 Cryptocurrencies, 670 crypto exchanges and total market capitalization of 1 trillion USD, cryptocurrencies have marked their presence in every conventional crime that had component of fiat currencies. According to many surveys, our country figures among the countries with highest number of cryptocurrency users. This talk covers the types of cryptocurrency frauds that are happening in the country, various tools for detection of crypto crimes and need for capacity building in this area. Talk will also cover the issues like need of wallets and crypto repositories for government organizations and need of general awareness among public to safeguard them from crypto frauds. This talk will highlight the most prominent cryptocurrencies and exchanges that are getting used in the crimes in our country. Talk will also cover about the wallets and challenges in their use.
Bhushan Gulabrao Borase
Deputy Director (I.T.)
Sardar Vallabhbhai Patel National Police Academy
Batch – 2009, Karnataka Cadre
Education – BE, M Tech, Masters Degree in Police Management
- Served as - SP of two districts in Karnataka
- SP Cyber Crime, CID Karnataka
- DCP, Bengaluru City Police.
Awards & Recognitions –
- Union Home Minister’s Medal for Excellence in Police Training – 2021
- Director's Commendation and Insignia (Gold Plated)) – 2021 at SVP NPA
- National Award for e-Governance in 2015 for Citizen Centric Services.
- Best Probationer in co-curricular activities in SVP NPA in 2009 Batch
Interests - He is a keen learner in the field of blockchain technology and cryptocurrencies
Publications -He has published five papers in various journals on topics of cryptocurrency, effective database management and other policing issues.
Workshops/ Conferences/ Seminars – He has delivered talks in two international and six national level workshops / Conferences on the topic of cryptocurrency Investigation.
Lt General MU Nair, AVSM, SM
National Cyber Security Coordinator
Government Of India
Lt General MU Nair, Ati Vishisht Seva Medal, Sena Medal is an internationally recognised Cybersecurity mentor, who has recently tenanted the prestigious appointment of National Cyber Security Coordinator in the National Security Council Secretariat, Government of India. In this capacity he was responsible for coordinating all activities across multiple sectors to ensure a secure and resilient cyberspace within the nation.
General Nair was commissioned into the Corps of Signals of the Indian Army on 15 December 1984. He is a graduate of the National Defence Academy, Pune and a post graduate from the Defence Services Staff College, Wellington, India. He holds a degree in Bachelor of Technology in Electronics and Telecommunication Engineering from the Jawaharlal Nehru University and two Master of Philosophy degrees on Defence and Strategic Studies from Indore University and the Madras University.
He has extensive experience in operational planning at tactical and strategic levels and has attended the Army Higher Command Course from the Army War College, Mhow, and the prestigious National Defence College, New Delhi. He has held multiple command and staff assignments and has served along India’s Northern and Western borders. As a Colonel, he has managed operational logistics for an Infantry Division along the Western borders, and was responsible for planning of operations in Network and Electro Magnetic Spectrum domain as a Director at the Military Operations, Directorate of the Indian Army.
His area of specialisation includes development of information and communication technology, cyber, space, cryptology and intelligence, reconnaissance and surveillance applications. He has been the Chief Information Security Officer of the Ministry of Defence and of the Indian Armed Forces, and has been responsible for protection of critical information infrastructure in defence domain, as part of one of his responsibilities. He has represented the Indian Armed Forces at several meetings at National and International levels, and has been part of working groups on Cyber Security and Technology related issues. He was instrumental in raising of the Indian Defence Cyber Agency, and subsequently headed the Signal Intelligence Directorate of the Indian Armed Forces. He has the rare distinction of being a Chief of Staff of an Operation Corps along Indian Northern borders, besides being a Chief of Staff of the Indian Army’s Central Command at Lucknow. He has been the Commandant of the Military College of Telecommunication Engineering at Mhow from December 2020 to June 2022, during which time he was instrumental in establishment of the 5G Test Bed and the Centre of Excellence for AI at the College.
During his last assignment as the Signal Officer in Chief he was responsible for induction of new technologies in ICT domain for the Armed Forces and over saw the fructification of a large number of projects. He was the technical advisor on niche technology domains for Armed Forces and responsible for conduct of Network Centric Operations.
He took over as India’s third National Cyber Security Coordinator, on 01 July 2023.
He has also held the post of Government Director on the Board for M/s ITI Ltd and has been a member of the National Level Apex Committee on Development of 6G Communication constituted by the Government of India.
Cloud Security and Compliance
Sandeep Agarwal is a Security Specialist at Google Cloud and comes with an extensive background in security, risk, and compliance, particularly in the Financial Services domain. He was the CISO for Max Life Insurance and Moody's Analytics in India.
Most recently he was VP, InfoSec, and Data Protection Officer for OakNorth - a cloud-based fintech in the UK. In this role, he was in charge of managing the security, privacy, resiliency, and compliance posture for the OakNorth SaaS offering successfully adopted by several global banks in North America and Europe. Before OakNorth, he was leading security conversations with Government and Education customers at Amazon Web Services in India.
Sandeep is passionate about evangelizing the security, risk and compliance benefits that cloud computing brings to organizations of all shapes and sizes.
I am a security researcher, blogger currently specialized in DevSecOps and Cloud Security. I have 3 years of experience in Cyber Security Domain.
I am exploring new areas in DevSecOps and Cloud Security which is gaining a lot of momentum in the current industry due to the rise of Supply Chain Attacks. Hope our research paper can help organizations struggling to get security integrated into the SDLC.
I am a weekend traveler, I play carroms and capture photos.
Deputy Manager - Application Security Assurance
I have been working in the Cyber Security domain for the last 6 years. Have extensive experience in Web application pen testing, API, Mobile, DevSecOps and Threat Modelling.
I play Badminton, which is my favorite game.
Anjali Shukla is a security consultant with over 6+ years of experience in the cybersecurity and DevOps field. Her areas of expertise include pentesting, DevSecops, AWS, GCP, CI/CD, Kubernetes, and IAC security. Anjali joined NotSoSecure in 2021 as a DevSecops and infrastructure security specialist. She is involved in various DevSecops integrations for training and infrastructure lab setups, and she ensures that all components in the pipeline are functioning as expected. Anjali is also part of the Infosec Girls mentorship program and loves to publish her research on various DevOps security topics.
Anjali has worked with Opstree as a DevOps engineer and worked with clients like Paytm, and Blackbox & gained experience as a Linux admin, and Cloud engineer. Also, she has interned in the Cyber Security Cell of Gurugram Police.
She has actively participated in various training programs for RHCSA, RHCE, CEH, and ECHSA to enhance her knowledge in the field of cybersecurity and DevOps. Anjali is comfortable writing code in Python and bash and writing Ansible and Terraform scripts for automation purposes. She is also part of the Defcon Cloud Village.
Senior Security Engineer
Senior security engineer with more than 5 years of experience in Cloud Security, DevSecops, Web Application Pentesting, Mobile Pentesting, Automation, and Secure Code Review. He has reported multiple vulnerabilities to companies like Airbnb, Google, Microsoft, AWS, Apple, Amazon, Samsung, Zomato, Xiaomi, Alibaba, Opera, Protonmail, Mobikwik, etc, and received CVE-2019-8727 CVE-2019-16918, CVE-2019-12278, CVE-2019-14962 for reporting issues. Author Burp-o-mation and very vulnerable serverless application. Also part of AWS Community Builder for security and Defcon Cloud Village crew member. He has also given training and seminars in events like Nullcon, Parsec IIT Dharwad, GirlScript Chandigarh University, and Null community.
Uncovering Azure's Silent Threats: A Story of Cloud Vulnerabilities
Nitesh Surana works as a Senior Threat Researcher with Trend Micro. His passion revolves around Cloud Vulnerability & Security Research, Developer Security, Threat Hunting, building honeypots targeting container environments and finding abuse vectors for cloud services. Previously, Nitesh has been credited for reporting security issues to various companies, startups, and governments. His findings have been recognized by the US Department of Defense, the Zero Day Initiative and his research has been mentioned across ZDNet, BleepingComputer, TheHackerNews, Dark Reading, The Register amongst others. In addition to his previous work in a Managed Security Operations Center and Purple Teaming, he has presented on existing and new research in communities and conferences such as Null/OWASP Bangalore, DecodePH, c0c0n, Security BSides, NDC. Apart from playing with packets and syscalls, Nitesh is found attending concerts and playing music.
Beyond the Surface: A Comprehensive Look at Windows Driver Security Analysis
IT-Security Analyst & Researcher
ERNW - Ennor Rey Netzwerke GmbH
Dr. BapƟste David is an IT security specialist at ERNW, specialized in Windows operaƟng system. His research is mainly focused on malware analysis, reverse engineering, security of the Windows operaƟng system plaƞorm, kernel development and vulnerabiliƟes research. He also worked for couple of anƟvirus compagnies. He has given special courses and trainings in different universiƟes in Europe. Also, he gives regularly talks on different conferences including Black Hat USA, Defcon, Troopers, Zero Night, Cocon, EICAR, ECCWS…
The planning behind successful Ransomware attacks
Manager, Threat Research
Shayak Tarafdar works as an engineering manager in Quick Heal Security Labs,. He has more than 12 years of experience in this domain. He is responsible for the threat research and detection which happens as part of Quick Heal Security Labs . This includes Emerging threats, APT research using Dark Web, and analysing all the attack and infection vectors of the latest malwares.His passion lies in identifying the new techniques used by attackers to infect enterprises and research on innovating ways to prevent such attacks in the future.
Enhancing Red Team OPSEC: Abusing Stealthy In-Memory Binary Execution Techniques in Linux
Security Auditor & Researcher
Security Auditor and Researcher @ Consensys Diligence, Creator/Founder 1- CipherShastra : A Platform to help everyone learn smart contract/ blockchain security by solving CTF challenges, 2- RazzorSec: A structured library of resources and community to help everyone learn blockchain security in an organized manner, 3- Unchained: A blockchain security conference to promote security awareness in the field of blocksec
Attack & Red Team Lead
Dhanith leads Attack & Red Team services for EY Global Delivery Services, leading a global team of 250+ ethical hackers. He is a hardcore practitioner with rich experience working with the world’s leading financial institutions helping them to secure their digital presence. Dhanith is a member of OWASP and has contributed to several open source infosec projects, including OWASP WSTG. Dhanith is passionate about educating the community on cybersecurity and makes use of every opportunity to share his knowledge and expertise on the topic.
Vice President - Information Security Risk Officer
Standard Chartered GBS
A creative adventurer with extensive experience in the field of Information & Cyber Security, Risk Management, Regulatory Compliance, Business Continuity, Quality Compliance and Service Delivery roles; governing both the Cloud and On-Premises applications & infrastructure in the Banking and Financial Domain.
Have been involved in strategizing and governing transformational Information & Cyber Security programs and proficient experience in risk management and regulatory and global financial requirements and standards such as Singapore MAS, Hong Kong MA, UAE NESA, SOX, PCI DSS, NIST, IT Act India, UK PRA etc. Has vast expertise in performing risk assessment especially pertaining to cyber security risks across various domains.
Has been involved with various organizations and educational institutes with an immense desire to cultivate a risk awareness culture and pass on a legacy of cyber security risks to the next generation.
Am a gourmet, sportsman, Liverpool FC fan, a traveller and enjoys associating with multi ethnic groups.
Have presented papers in C0c0n XV (2022) conference and also at ISACA Chennai Chapter.