BRIEFING - c0c0n @16
Welcome to the Biggest
Security Conference in India
                        
                            c0c0n is a 15 years old platform that is aimed at providing opportunities to showcase, educate, understand and spread awareness on Information Security, data protection, and privacy. It also aims to provide a hand-shaking platform for various Corporate, Government organizations including the various investigation agencies, academia, research organizations, industry leaders and players, for better coordination in making the cyber world a better and safe place to be. Various technical, non-technical, legal and community events as part of the conferences.
SPEAKERS c0c0n @16 
                                 
                                 
                            Why you should Join c0c0n@16
Security briefings..
Hands on Training & Capacity Building Workshops
Exhibition & Display Stalls
Hardware & Hacking Villages
Capture the Flag Hacking contests
CCSE Track
CCSE Track
Kerala Police to Organise CCSE Track to Counter Online Child Sexual Exploitation
Kerala Police will be organising a two-days programme titled "CCSE Track" on 06-07 October 2023 with the goal of continuing a policy of zero tolerance towards online child sexual exploitation and crimes against children. The CCSE (Counter Child Sexual Exploitation) Track will feature talks, panel discussions and deliberations with a special emphasis on prevention, detection and investigation of online crimes targeting children.
Law enforcement agencies, non-governmental organisations and other relevant groups from around the world will come together this time in such a large scale in India to address challenges faced by investigators globally in dealing with this issue (CoCon 2022 had an one day event on CCSE Track for the first time). Through this important initiative, we would want representatives from police forces across India to participate with an objective to proactively start acting against Online Child Sexual Abuse, on which awareness is still lacking. The event also aims to build cooperation among various stakeholders to more effectively counter the serious crime of child sexual exploitation.
Protecting children from online harm and abuse is a humanitarian responsibility. Through open discussions and partnership between leaders, the CCSE Track hopes to strengthen collaborative efforts against those who prey on the most vulnerable in society.
CCSE TRACKE X A M S
WORKSHOPS
 
                                                                                                                    Ashwin Shenoi
Lead Security Engineer
CRED
India
 Ashwin Shenoi is a Lead Security Engineer at CRED with an avid passion for application security. He is highly skilled in application penetration testing and automation. Ashwin is a core member of team bi0s, a top-ranked Capture The Flag (CTF) team according to CTFTime. In his role as head of the Web Security team at team bi0s, he also serves as the core challenge setter and organizer for various editions of InCTF and other CTFs organised by team bi0s. Ashwin is also a Security Trainer with 7ASecurity, and has presented talks and security trainings in various security conferences such as BlackHat Asia, BlackHat USA, BlackHat Europe, Nullcon, and ThreatCon. Ashwin has a strong background in identifying and exploiting vulnerabilities in open source applications, and he has been awarded multiple CVEs for his contributions to the security community.		
			
 
                                                                                                                    Aswin M Guptha
Senior Security Engineer
Traboda CyberLabs
India
 Aswin M Guptha is a Security Researcher at Traboda who has over 8 years of expertise in Web Application Security. He has extensively participated in various penetration testing activities on infrastructure ranging from CMSs to hospitals over the past few years. He is also involved in testing various mobile applications. He has also delivered talks and training for students, working professionals and government authorities on various advanced topics.
			
WS-01 - Fortify APIs Mastering Penetration Testing for Robust Application Security
The objective of this course is to empower penetration testers and security professionals with the knowledge and skills needed to ..
 
                                                                                                                    Divyanshu Shukla
Senior Security Engineer
Meesho
India
 Senior security engineer with more than 5 years of experience in Cloud Security, DevSecops, Web Application Pentesting, Mobile Pentesting, Automation, and Secure Code Review. He has reported multiple vulnerabilities to companies like Airbnb, Google, Microsoft, AWS, Apple, Amazon, Samsung, Zomato, Xiaomi, Alibaba, Opera, Protonmail, Mobikwik, etc, and received CVE-2019-8727 CVE-2019-16918, CVE-2019-12278, CVE-2019-14962 for reporting issues. Author Burp-o-mation and very vulnerable serverless application. Also part of AWS Community Builder for security and Defcon Cloud Village crew member. He has also given training and seminars in events like Nullcon, Parsec IIT Dharwad, GirlScript Chandigarh University, and Null community.
 	
 
                                                                                                                    Ravi Mishra
Lead Devops
Groww
India
 7+ years of experience in DevSecops & DevOps. Currently working as Lead DevOps @ Groww Highly Skilled in IAC Security, AWS & GCP Security, SRE, Container Security, K8s (EKS & GKE) Security. Experienced In deploying EKS & GKE Cluster. Previously worked with DevOps Engineering Teams in OLX Group, Paytm Bank, and Opstree. He has also given training and seminars in events like Null Community & Bsides Bangalore
			
WS-02 - The Kubernetes Crusade: Workshop on Defending & Attacking Kubernetes
This workshop aims to deliver a comprehensive understanding of Kubernetes attack and defense strategies through hands-on labs and ..
WS-03 - ARM Reverse Engineering & Exploitation Primer
These days, due to relatively large amount of prerequisites, intrinsically subtle nature of memory corruption bugs and decades of ..
 
                                                                                                                    Kartik Lalan
Sr. Security Engineer
PIC (Independent)
India
 Product Security Engineer @ Security Centre of Excellence – Philips Innovation Campus. He is M.Tech. in CS with Specialization in Information & Network Security. He conducts frequent talks and workshops on Info Sec topics @ several places including C0C0N, Bsides Delhi & Bangalore Chapter, OWASP, Null A'bad & Bangalore Chapter, DroidCon-IN. Kartik loves to write technical Blogs in his leisure time 	
 
                                                                                                                    Aravind C Ajayan
Sr. Security Engineer
PIC (Independent)
India
 Sr. Security Engineer with Philips and is part of the Security Centre of Excellence team. Aravind's primary areas of expertise are web/thick client application penetration testing, hardened system security, network security, and windows active directory security. He has helped to fix severe issues in IMS(Internet Management Software) solutions through responsible disclosures. Aravind pursued his master's in Cyber Security Systems and Networks from Amrita Vishwa Vidyapeetham, Coimbatore. He is an Offensive Security Certified Professional (OSCP) and has published several research papers on security in IEEE and Springer 	
WS-04 - Bypassing Windows OS Hardening & end-point protection apps
With growing usage of desktop applications in various segments like aviation, healthcare, public infrastructure, logistics, financ..
 
                                                                                                                    Anant Shrivastava
Information Scurity Professional
India
 Anant Shrivastava is an information security professional with 15+ yrs of corporate experience in Network, Mobile, Application and Linux Security. Anant is an avid opensource supporter and runs multiple opensource projects prominent of them being TamerPlatform and CodeVigilant.
		
		He contributes to multiple Open communities like null and Garage4Hackers. He has also helped establishing local chapter in his hometown null Bhopal
		
		He has been a speaker and a trainer at a multitude of conferences such as Black Hat -USA/ASIA/EU, Defcon, Nullcon, c0c0n, Rootconf and many more).
		
		He also participates in various communities as a cfp reviewer. Notable of them being Blackhat EU, nullcon, Rootconf by Hasgeek, recon village @ Defcon , cloud village @ defcon, Adversary Village @ defcon
		His code contributions can be found on Github. He is active on Twitter and Fediverse and his talks and presentations can be found here. He writes about his experiments at his blog. 
		
WS-05 - Beyond the Code: Securing Your Software Supply Chain
In an era where up to 80% of your code can come from third parties, the security of your software supply chain is more critical th..
 
                                                                                                                    Manish Gupta
CEO & Director
Cyberwarfare Labs
India
 Manish Gupta is Director of CyberWarFare Labs having 6.5+ years of expertise in offensive Information Security. Where he specializes in Red Teaming Activities on enterprise Environment. His Research interest includes Real World Cyber Attack Simulation and Advanced persistent Threat (APT). Previously he has presented his research at reputed conferences like Blackhat USA, DEFCON, Nullcon, BSIDES Chapters, X33fcon, NorthSec & other corporate trainings etc. 
			
 
                                                                                                                    Yash Bharadwaj
Co-Founder & Technical architect
Cyberwarfare Labs
India
 Yash Bharadwaj, Co-Founder & Technical architect at CyberWarFare Labs with over 4.5 Years of Experience as Technologist Highly attentive towards finding, learning and discovering new TTP's used during offensive engagements. His area of interest includes building Red / Blue team infrastructure, evading AVs & EDFts, Pwning Active Directory infrastructure, stealth enterprise networks & Multi cloud attacks. Previously he has delivered hands-on red / blue / purple team tninings / talks / workshops at Nullcon, X33fCon, NorthSec, BSIDES Chapters, OWASP, CISO Platform, YASCON.
			
WS-06 - Multi-Cloud Security
Enterprises across the globe are moving to the Cloud Technology. The technical understanding and enormous cost of rewriting infras..
 
                                                                                                                    David Baptiste
IT-Security Analyst & Researcher
ERNW - Ennor Rey Netzwerke GmbH
Germany
 Dr. BapƟste David is an IT security specialist at ERNW, specialized in Windows operaƟng system. His research is mainly focused on malware analysis, reverse engineering, security of the Windows operaƟng system plaƞorm, kernel development and vulnerabiliƟes research. He also worked for couple of anƟvirus compagnies. He has given special courses and trainings in different universiƟes in Europe. Also, he gives regularly talks on different conferences including Black Hat USA, Defcon, Troopers, Zero Night, Cocon, EICAR, ECCWS…
			
WS-07 - Reversing & Attacking Drivers and Other Techniques To Attack Windows Kernel
One of the best ways to defend a system is to know how to attack it. This is the spirit of this workshop based on Windows operatin..
 
                                                                                                                    Samarth Bhaskar Bhat
Technical Director
Reinfosec
India
 ▪ Security Architect
		▪ Over six years of experience in Information Security, design and development of Application
		▪ Software.
		▪ Audited 50+ business Web-Applications in the areas of Banking, Finance, Insurance, Trading and eCommerce.
		▪ Conducted security audit of Payment Gateway.
		▪ Expertise in handling various Application security Assessments, Penetration Tests and Vulnerability Assessment
		▪ Good work exposure on implementation of SOC (Security Operation Centre) and Data Loss Prevention
		▪ Proficient in understanding application level vulnerabilities like XSS, SQL injection, response splitting attacks, session hijacking, authorization bypass, weak cryptography, authentication flaws & design level vulnerabilities along with the defence mechanisms.
		▪ Expert in web security testing tools like Proxy Editors, Network Sniffing tools, Web Vulnerability scanners, flash de-compilers.
		▪ Well versed with OWASP Top 10
		▪ Proficiency in creating Threat profile for different types of applications
		▪ Knowledge of different phases, methodologies, concepts and procedures involved in the PT/VA.
		▪ Good understanding of vulnerability scanners like Nessus, QualysGuard, Rapid7 and Symantec CCSVM.
		▪ Expertise in implementation and configuration disk encryption and email encryption (PGP)
		▪ Sound knowledge on remediation process for the vulnerabilities identified during the assessment
		▪ Proficient in Information security reporting for executive management
		▪ Trained in secure code review of .NET applications.
		▪ Trained in web services testing methodology.
		▪ Sound knowledge of T-SQL, Crystal Reports, VBA, C# (Winforms), Visual Basic.NET
		▪ Expertise in database programming
		▪ Experienced with exposure and experience in understanding, reversing and
		▪ fuzzing wireless protocols in the RF-Layer of systems.
		▪ Experienced in reversing hardware protocols and implementing hardware attacks and threat-modelling of Wireless and Signals Systems. Have previous exposure and experience in Signal Design and Offensive Signal Tactics. Presently working on application of EW and SIGINT techniques in the Aerospace and Defence domain. Personal projects include machine learning and deep learning methods of recognition and deepfaking signals that can cause signal cant impact on the physical domain/layer of systems and OpenWRT for mesh networking.
		▪ Signal Detection meta information extraction of signals using Commercially available SDR platforms.
		▪ Protocol decomposition ofsignal of interest.
		▪ Baseline formulation of minimum jamming requirements for RADAR and datalink.
		▪ Utilization of SDR for SIGINT and ELINT in drones.
		▪ Proof of Concept development of DRFM systems using commercially available SDR.
		▪ Telecom signal (LTE) reconnaissance using commercially available SDR/
		▪ Radio Direction Finding (RDF) and aggregation using commercially avaialble SDR.
		▪ Establishment of CEMA guidelines for EW and Cross layer protocol research.
		▪ Bechmarking of default DSP algorithms in GP-CPU's using python (adopted from BDTI guidelines).
		▪ Network metrics computation of IQ data transfer metrics on mesh networks for SIGINT and ELINT operations.
		▪ Wideband FHSS interception techniques using aliasing and FFT shot detection.
		▪ Development of PoC of Automatic Modulation Recognition techniques using function models in python.
		▪ 3D cyclostationary analysis ofsignalsfor operator visulalization.
		▪ IQ signal generator and interference generator using SDR for RDF testing.
		▪ Information security baseline for CEMA and ELINT operations
 	
WS-08 - Hands on in Signal intelligence, Electronic Warfare, CEMA for Security applications
1. Understanding the history of Electronic warfare, 2. How Electronic warfare can, 3. Categories and sub categories in ELINT and S..
 
                                                                                                                    Abraham Aranguren
CEO, Security Trainer, Director of Penetration Testing
7ASecurity
Spain
 After 15 years in itsec and 22 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Co-Author of the Mobile, Web and Desktop (Electron) app 7ASecurity courses. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. Former senior penetration tester / team lead at Cure53 and Version 1. Creator of “Practical Web Defense”, a hands-on eLearnSecurity attack / defense course, OWASP OWTF project leader, an OWASP flagship project (owtf.org), Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity @7a_ @owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications
 	
 
                                                                                                                    Anirudh Anand
Security Trainer@7ASecurity
Security Engineer at CRED
India
 Anirudh Anand is a security researcher with a primary focus on Web and Mobile Application Security. He is currently working as a Principal Security Engineer at CRED and also Security Trainer at 7asecurity. He has been submitting bugs and contributing to security tools for over 9 years. In his free time, he participates in CTF competitions along with Team bi0s (#1 security team in India according to CTFtime). His bounties involve vulnerabilities in Google, Microsoft, LinkedIn, Zendesk, Sendgrid, Gitlab, Gratipay and Flipboard.
Anirudh is an open source enthusiast and has contributed to several OWASP projects with notable contributions being in OWTF and Hackademic Challenges Project. He has presented/trained in a multitude of conferences including BlackHat US 2020, OWASP NZ 2021, HackFest CA 2021, c0c0n 2019, BlackHat Arsenal 2019, BlackHat Europe Arsenal 2018, HITB Dubai 2018, Offzone Moscow 2018, Ground Zero Summit Delhi 2015 and Xorconf 2015.
 	
WS-09 - Hacking Modern Web apps: Master the Future of Attack Vectors
This course is the culmination of years of experience gained via practical penetration testing of Modern Web applications as well ..
 
                                                                                                                    Ajit Hatti
Founder, Director - Pure ID
 Ajit Hatti is a serial inventor and innovator and founder of PureID. He has been developing enterprise class security products over a decade and a half. Ajit regularly presents his research & tools at conferences like Black Hat, COCON & DEF CON. He is also the co-founder of Null - Open Security Community & is the founder of Blockchain Village which he organizes at DEF CON.
			
WS-10 - Blockchain & Cryptocurrency - Build, Secure, Apply & Analyse
Blockchains have a large number of un-explored use cases and Cryptocurrency is fast becoming a new platform for designing modern f..
 
                                                                                                                    Arun Nair
Independent Security Researcher
India
 Arun is a skilled Red Teamer with extensive malware development and evasion expertise. With a strong background in offensive security, Arun possesses a range of certifications, including the Offensive Security Certified Professional (OSCP), CodeMachine Malware Techniques, and Malware on Steroids. These certifications demonstrate Arun's deep understanding of advanced strategies and techniques involved in malware development. Arun has honed this knowledge through practical experience from working with renowned organizations such as Google and Mandiant. These engagements have provided Arun with invaluable insights into the tactics employed by real-world adversaries. With his comprehensive skill set and hands-on experience, Arun is well-equipped to tackle the most sophisticated cybersecurity and red teaming challenges.
			
 
                                                                                                                    Aravind Prakash
Red Team Operator
Resillion
India
 Aravind is an experienced Red Teamer working in Resillion with a strong background in offensive security and a passion for malware development. With multiple certifications, including CRTP, CRTE and CRTO. Having conducted numerous engagements, Aravind has gained valuable insights into the tactics used by real-world adversaries. Their expertise allows them to simulate attacks and identify system and network vulnerabilities.
			
WS-11 - Offensive Tradecraft Development
This comprehensive training program aims to equip participants with the knowledge and skills to develop evasive malware for respon..
Capture The Flag
DomeCTF
RF Village Capture the Flag
c0c0n @16 Speakers
 
                                                                                                            Shri. Arif Mohammed Khan
The Hon'ble Governor
Kerala State
India
 
		 
		
 
                                                                                                            Shri. P. Rajeev
Minister for Law, Industries and Coir
Kerala State
India
 
		 
		
 
                                                                                                            Mamta Mohandas
Actress and Film producer
India
 
		 
		
 
                                                                                                            Arun Kumar Sinha IPS
Chairman
National Technical Research Organisation (NTRO)
New Delhi
 
		 
		
 
                                                                                                            S. Somanath
Chairman
Indian Space Research Organisation (ISRO)
India
 
		 
		
 
                                                                                                            Lt General MU Nair, AVSM, SM
National Cyber Security Coordinator
Government Of India
 
		 Lt General MU Nair, Ati Vishisht Seva Medal, Sena Medal  is an internationally recognised Cybersecurity mentor, who has recently tenanted the prestigious appointment of National Cyber Security Coordinator in the National Security Council Secretariat, Government of India.  In this capacity he was responsible for coordinating all activities across multiple sectors to ensure a secure and resilient cyberspace within the nation.
		General Nair was commissioned into the Corps of Signals of the Indian Army on 15 December 1984.  He is a graduate of the National Defence Academy, Pune and a post graduate from the Defence Services Staff College, Wellington, India.  He holds a degree in Bachelor of Technology in Electronics and Telecommunication Engineering from the Jawaharlal Nehru University and two Master of Philosophy degrees on Defence and Strategic Studies from Indore University and the Madras University.
		He has extensive experience in operational planning at tactical and strategic levels and has attended the Army Higher Command Course from the Army War College, Mhow, and the prestigious National Defence College, New Delhi.  He has held multiple command and staff assignments and has served along India’s Northern and Western borders.  As a Colonel, he has managed operational logistics for an Infantry Division along the Western borders, and was responsible for planning of operations in Network and Electro Magnetic Spectrum domain as a Director at the Military Operations, Directorate of the Indian Army.
		His area of specialisation includes development of information and communication technology, cyber, space, cryptology and intelligence, reconnaissance and surveillance applications.  He has been the Chief Information Security Officer of the Ministry of Defence and of the Indian Armed Forces, and has been responsible for protection of critical information infrastructure in defence domain, as part of one of his responsibilities.  He has represented the Indian Armed Forces at several meetings at National and International levels, and has been part of working groups on Cyber Security and Technology related issues.  He was instrumental in raising of the Indian Defence Cyber Agency, and subsequently headed the Signal Intelligence Directorate of the Indian Armed Forces.  He has the rare distinction of being a Chief of Staff of an Operation Corps along Indian Northern borders, besides being a Chief of Staff of the Indian Army’s Central Command at Lucknow.  He has been the Commandant of the Military College of Telecommunication Engineering at Mhow from December 2020 to June 2022, during which time he was instrumental in establishment of the 5G Test Bed and the Centre of Excellence for AI at the College.
		During his last assignment as the Signal Officer in Chief he was responsible for induction of new technologies in ICT domain for the Armed Forces and over saw the fructification of a large number of projects. He was the technical advisor on niche technology domains for Armed Forces and responsible for conduct of Network Centric Operations.
		He took over as India’s third National Cyber Security Coordinator, on 01 July 2023.
		He has also held the post of Government Director on the Board for M/s ITI Ltd and has been a member of the National Level Apex Committee on Development of 6G Communication constituted by the Government of India. 
		
 
                                                                                                            Maria Vildavskaya
COO
Gravity Industries Ltd
UK
 
		 Maria Vildavskaya has an extensive work experience, beginning in 2007. Maria was an Investor Relations Associate at Gazpromneft- NTC from 2007 to 2013. From 2013 to 2021, they worked at bp in various roles, including CEF Trader, European Gas and Power, Middle Distillate Trading Operator, WAF Marketing & Origination, Ship Operator, and Foreign Exchange, Corporate Risk Analyst. Maria is currently the Chief Operating Officer at Gravity Industries.
		
 
                                                                                                            T K Rajan
Chief General Manager
Department of Supervision, RBI
India
 
		 Mr T K Rajan currently works as Chief General Manager (CGM) in the Department of Supervision (DoS), in RBI. A career central banker, he completed his academic qualifications as Bachelor of Technology (B Tech) in Civil Engineering and Master of Business Administration (MBA). He is also a Chartered Financial Analyst (CFA) and Certified Associate of Indian Institute of Bankers (CAIIB).
He has over 30 years’ experience in Central Banking covering areas relating to Banking Supervision, Information Technology and Financial Markets.
Mr Rajan has attended training and delivered lectures in the above areas in training institutes and in central banking forums both in India and abroad
		
Previous Speakers
 
								GENERAL BIPIN RAWAT
Pvsm,Uysm,Avsm,Ysm,Sm,Vsm,Adc
Ex. Chief of Defence Staff
Ministry of Defence, India
 
								Dr. Mohamed Al-Kuwaiti
Head of cyber Security
United Arab Emirates Government
 
								Dr. Kailasavadivoo Sivan
Chairman
Indian Space Research Organisation
 
								CP GURNANI
Managing Director
and Chief Executive Officer
Tech Mahindra
 
                             
                         
                         
                                     
                                     
                                 
                                                 
                                                 
                                                 
                                                                                                                     
                                                 
                                                 
                                                 
                                             
                                             
                                             
                                             
                                             
                                             
                                                 
                                                 
                                                 
                                                 
                                     
                                     
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                         
                                        