Agenda
Workshop Registration
Floor: L8
Attack & Defend Android Applications
Anant Shrivastava , Chief Researcher / Founder, Cyfinoid Research Private Limited
Anant Shrivastava
Chief Researcher / FounderCyfinoid Research Private Limited
Anant Shrivastava is an information security professional with 15+ yrs of corporate experience in Network, Mobile, Application and Linux Security. Anant is an avid opensource supporter and runs multiple opensource projects prominent of them being TamerPlatform and CodeVigilant.
He contributes to multiple Open communities like null and Garage4Hackers. He has also helped establishing local chapter in his hometown null Bhopal
He has been a speaker and a trainer at a multitude of conferences such as Black Hat -USA/ASIA/EU, Defcon, Nullcon, c0c0n, Rootconf and many more).
He also participates in various communities as a cfp reviewer. Notable of them being Blackhat EU, nullcon, Rootconf by Hasgeek, recon village @ Defcon , cloud village @ defcon, Adversary Village @ defcon
His code contributions can be found on Github. He is active on Twitter and Fediverse and his talks and presentations can be found here. He writes about his experiments at his blog.
Sessions
Workshop - 13th & 14th November 2024
Attack & Defend Android Applications
16-Nov-2024 10.30 - 11.15
(PANEL) - Transitioning from CTF to real world VAPT
16-Nov-2024 14.00 - 14.45
(PANEL) - Moderator: Post-Quantum Security: Balancing Opportunities and Overcoming Challenges
16-Nov-2024 16:15 - 16:45
We got the Shiny SBoM; what next?
Floor: Ground Floor
Multi-Cloud (AWS, Azure & GCP) Security [24 Edition]
Manish Gupta , Director, Cyberwarfare Labs
Manish Gupta
DirectorCyberwarfare Labs
Manish Gupta is Director of CyberWarFare Labs having 6.5+ years of expertise in offensive Information Security. Previously he had worked as an operator & team lead at product based companies like Microsoft, Grab & Citrix. He specializes in Red Teaming Activities on enterprise Environment including On-premise & Multi-Cloud. His Research interest includes Real World Cyber Attack Simulation and Advanced persistent Threat (APT). Previously he has presented his research at reputed conferences like Blackhat, DEFCON, cocon, Nullcon, BSIDES Chapters, X33fcon Poland, NorthSec Canada & other corporate training etc
Sessions
Workshop - 13th & 14th November 2024
Multi-Cloud (AWS, Azure & GCP) Security
15-Nov-2024 14.45 - 15.30
[Yodha] RedCloud : A Multi-Cloud Hacking OS
16-Nov-2024 12.15 - 13.00
Serverless Phishing Factory: Automate, Attack, Adapt
Yash Bharadwaj , Co-Founder & Technical architect, Cyberwarfare Labs
Yash Bharadwaj
Co-Founder & Technical architectCyberwarfare Labs
Yash Bharadwaj, Co-Founder & Technical architect at CyberWarFare Labs with over 5.5 Years of Experience as Technologist. Highly attentive towards finding, learning and discovering new TTP's used during offensive engagements. His area of interest includes building Red / Blue team infrastructure, evading AVs & EDRs, Pwning On-Premise & Multi cloud infrastructure. Previously he has delivered hands-on red / blue / purple team trainings / talks / workshops at Blackhat, cocon, Nullcon, X33fCon Poland, NorthSec Canada, BSIDES Chapters (US & Asia Pacific), OWASP Chapters, CISO Platform, YASCON etc.
Sessions
Workshop - 13th & 14th November 2024
Multi-Cloud (AWS, Azure & GCP) Security
15-Nov-2024 14.45 - 15.30
[Yodha] RedCloud : A Multi-Cloud Hacking OS
16-Nov-2024 12.15 - 13.00
Serverless Phishing Factory: Automate, Attack, Adapt
Floor: Ground Floor
Enterprise Purple Teaming: Threat Emulation & Detection
John Sherchan , Red Team Security Researcher, CyberWarFare Labs, Nepal
John Sherchan
Red Team Security ResearcherCyberWarFare Labs
Nepal
John Sherchan is a Red Team Security researcher at CyberWarFare Labs, bringing over 5+ years of experience in Reverse Engineering, Malware Analysis/Development, and Source Code Reviewing, with a specialization in Windows Internals (User and Kernel Modes). Demonstrating an advanced understanding, he has successfully reversed multiple Antivirus (AV) and Endpoint Detection and Response (EDR) systems to comprehend its architecture. Committed to advancing cybersecurity, his additional interests include PWNing Active Directory, conducting Adversary emulation/simulation, writing rootkits, crafting exploits, and strategically overcoming challenges
Sessions
Workshop - 13th & 14th November 2024
Enterprise Purple Teaming: Threat Emulation & Detection
Harisuthan S , Blue Team Security Researcher, CyberWarFare Labs
Harisuthan S
Blue Team Security ResearcherCyberWarFare Labs
Harisuthan is a seasoned Blue Team Security Researcher at CyberWarFare Labs, with over 3 years of dedicated experience in cyber defense. He has a deep understanding of Blue Team methodologies, including adversarial threat detection and investigation, proactive threat hunting, and conducting adversary emulation and simulation for various investigative purposes
Sessions
Workshop - 13th & 14th November 2024
Enterprise Purple Teaming: Threat Emulation & Detection
Floor: L1
Hack the IoT: A practical guide to IoT Security
Hemant Sonkar , Lead Security Consultant, Payatu Security Consulting Pvt. Ltd.
Hemant Sonkar
Lead Security ConsultantPayatu Security Consulting Pvt. Ltd.
Hemant Sonkar presently serves as the Lead Security Consultant at Payatu, demonstrating proficiency in delivering training sessions at prominent events such as NULLCON, NULL, and various internal training programs. With an impressive three-year tenure in the field, he brings extensive expertise to the domain. His professional portfolio includes the examination of a wide range of IoT devices, spanning medical devices, home automation tools, and electric vehicles. Throughout his hardware security research endeavors, he has cultivated invaluable skills in discerning attack surfaces and vulnerabilities within real-world IoT devices.
Sessions
Workshop - 13th & 14th November 2024
Hack the IoT: A practical guide to IoT Security
Pugal Selvan , Associate Security Researcher, Payatu Security Consulting Pvt. Ltd.
Pugal Selvan
Associate Security ResearcherPayatu Security Consulting Pvt. Ltd.
Pugal Selvan began his journey in binary exploitation and reverse engineering through CTFs and is now a Security Researcher at Payatu, where he specializes in firmware analysis and reversing of many IoT and embedded devices. Recently, his curiosity has led him to explore hardware attacks, an area he is passionate about. By day, Pugal serves as a dedicated Security Consultant, and by night, he delves into the world of hardware hacking, continually expanding his knowledge and skills in the field.
Sessions
Workshop - 13th & 14th November 2024
Hack the IoT: A practical guide to IoT Security
Floor: L 8
Hook, Line, and Sinker: Exploring the Phishing Abyss
Giuseppe Trotta , Security Engineer and Trainer, Persistent Security Industries, Italy
Giuseppe Trotta
Security Engineer and TrainerPersistent Security Industries
Italy
Giuseppe Trotta (aka ohpe), is a seasoned security researcher and trainer with deep expertise in phishing, social engineering, and post-exploitation automation. As a core member of the MuraenaTeam, Giuseppe has been at the forefront of developing innovative tools that have significantly advanced the field of phishing exploitation. His groundbreaking work on Muraena and NecroBrowser has revolutionized how security professionals approach session hijacking and post-exploitation tasks.
With a strong commitment to education, Giuseppe has delivered numerous training sessions at private events and organizations, where he is known for his in-depth, hands-on approach. His training methodologies are unique, focusing on practical, real-world scenarios that prepare participants to face modern phishing threats head-on. Giuseppe's sessions are designed to be interactive, providing attendees with the knowledge and skills needed to enhance their red teaming capabilities and fortify their defenses against increasingly sophisticated phishing attacks.
Sessions
Workshop - 13th & 14th November 2024
Hook, Line, and Sinker: Exploring the Phishing Abyss
Floor: L 1
ML for Security and Security for ML
Nikhil Joshi , Data scientist, Brillio
Nikhil Joshi
Data scientistBrillio
Nikhil Joshi is an AI Security Researcher. He is currently working on implementations of ML in offensive and defensive security products. He has orchestrated methodologies to pen-test Machine Learning applications against ML-specific vulnerabilities and loves to explore new ways to hack ML-powered applications. Parallelly Nikhils research is focused on security implications in Deep Learning applications such as Adversarial Learning, Model stealing attacks, Data poisoning, etc. Nikhil is an active member of local Data Science and Security groups and has delivered multiple talks and workshops. He has spoken at HITB Amsterdam, PhDays Russia, and IEEE conferences. And trainer at the nullcon and Troopers. Being an Applied Mathematics enthusiast, recent advances in Machine Learning and its applications in security, behavioral science, and telecom are of major interest to Nikhil.
Sessions
Workshop - 13th & 14th November 2024
ML for Security and Security for ML
Floor: L 1
Bypassing Enterprise Protection Solutions and Windows 11 OS Hardening Controls
Kartik Lalan , Sr. Security Engineer, PIC (Independent)
Kartik Lalan
Sr. Security EngineerPIC (Independent)
Product Security Engineer @ Security Centre of Excellence – Philips Innovation Campus. He is M.Tech. in CS with Specialization in Information & Network Security. He conducts frequent talks and workshops on Info Sec topics @ several places including C0C0N, DEFCON BHV, Bsides Delhi & Bangalore Chapter, OWASP, Null A'bad & Bangalore Chapter, DroidCon-IN. Kartik loves to write technical Blogs in his leisure time.
Sessions
Workshop - 13th & 14th November 2024
Bypassing Enterprise Protection Solutions and Windows 11 OS Hardening Controls
15-Nov-2024 11.00 - 11.30
Hackers highway: Uncovering vulnerabilities hidden behind every car's license plate
Aravind C Ajayan , Sr. Security Engineer, PIC (Independent)
Aravind C Ajayan
Sr. Security EngineerPIC (Independent)
Sr. Security Engineer with Philips and is part of the Security Centre of Excellence team. Aravind's primary areas of expertise are web/thick client application penetration testing, hardened system security, network security, and windows active directory security. He has helped to fix severe issues in IMS(Internet Management Software) solutions through responsible disclosures. Aravind pursued his master's in Cyber Security Systems and Networks from Amrita Vishwa Vidyapeetham, Coimbatore. He is an Offensive Security Certified Professional (OSCP) and has published several research papers on security in IEEE and Springer.
Sessions
Workshop - 13th & 14th November 2024
Bypassing Enterprise Protection Solutions and Windows 11 OS Hardening Controls
Floor: L 1
Exploiting with Precision: Windbg Debugging Essentials for Security Professionals
David Baptiste , IT-Security Analyst & Researcher, ERNW - Ennor Rey Netzwerke GmbH, Germany
David Baptiste
IT-Security Analyst & ResearcherERNW - Ennor Rey Netzwerke GmbH
Germany
Dr. BapƟste David is an IT security specialist at ERNW, specialized in Windows operaƟng system. His research is mainly focused on malware analysis, reverse engineering, security of the Windows operaƟng system plaƞorm, kernel development and vulnerabiliƟes research. He also worked for couple of anƟvirus compagnies. He has given special courses and trainings in different universiƟes in Europe. Also, he gives regularly talks on different conferences including Black Hat USA, Defcon, Troopers, Zero Night, Cocon, EICAR, ECCWS…
Sessions
Workshop - 13th & 14th November 2024
Exploiting with Precision: Windbg Debugging Essentials for Security Professionals
16-Nov-2024 11.30 - 12.00
Kernel Lockdown: Reducing BSOD Risks by Restricting Third-Party Access?talk
Floor: L8
Attack & Defend Android Applications
Anant Shrivastava , Chief Researcher / Founder, Cyfinoid Research Private Limited
Anant Shrivastava
Chief Researcher / FounderCyfinoid Research Private Limited
Anant Shrivastava is an information security professional with 15+ yrs of corporate experience in Network, Mobile, Application and Linux Security. Anant is an avid opensource supporter and runs multiple opensource projects prominent of them being TamerPlatform and CodeVigilant.
He contributes to multiple Open communities like null and Garage4Hackers. He has also helped establishing local chapter in his hometown null Bhopal
He has been a speaker and a trainer at a multitude of conferences such as Black Hat -USA/ASIA/EU, Defcon, Nullcon, c0c0n, Rootconf and many more).
He also participates in various communities as a cfp reviewer. Notable of them being Blackhat EU, nullcon, Rootconf by Hasgeek, recon village @ Defcon , cloud village @ defcon, Adversary Village @ defcon
His code contributions can be found on Github. He is active on Twitter and Fediverse and his talks and presentations can be found here. He writes about his experiments at his blog.
Sessions
Workshop - 13th & 14th November 2024
Attack & Defend Android Applications
16-Nov-2024 10.30 - 11.15
(PANEL) - Transitioning from CTF to real world VAPT
16-Nov-2024 14.00 - 14.45
(PANEL) - Moderator: Post-Quantum Security: Balancing Opportunities and Overcoming Challenges
16-Nov-2024 16:15 - 16:45
We got the Shiny SBoM; what next?
Floor: Ground Floor
Multi-Cloud (AWS, Azure & GCP) Security [24 Edition]
Manish Gupta , Director, Cyberwarfare Labs
Manish Gupta
DirectorCyberwarfare Labs
Manish Gupta is Director of CyberWarFare Labs having 6.5+ years of expertise in offensive Information Security. Previously he had worked as an operator & team lead at product based companies like Microsoft, Grab & Citrix. He specializes in Red Teaming Activities on enterprise Environment including On-premise & Multi-Cloud. His Research interest includes Real World Cyber Attack Simulation and Advanced persistent Threat (APT). Previously he has presented his research at reputed conferences like Blackhat, DEFCON, cocon, Nullcon, BSIDES Chapters, X33fcon Poland, NorthSec Canada & other corporate training etc
Sessions
Workshop - 13th & 14th November 2024
Multi-Cloud (AWS, Azure & GCP) Security
15-Nov-2024 14.45 - 15.30
[Yodha] RedCloud : A Multi-Cloud Hacking OS
16-Nov-2024 12.15 - 13.00
Serverless Phishing Factory: Automate, Attack, Adapt
Yash Bharadwaj , Co-Founder & Technical architect, Cyberwarfare Labs
Yash Bharadwaj
Co-Founder & Technical architectCyberwarfare Labs
Yash Bharadwaj, Co-Founder & Technical architect at CyberWarFare Labs with over 5.5 Years of Experience as Technologist. Highly attentive towards finding, learning and discovering new TTP's used during offensive engagements. His area of interest includes building Red / Blue team infrastructure, evading AVs & EDRs, Pwning On-Premise & Multi cloud infrastructure. Previously he has delivered hands-on red / blue / purple team trainings / talks / workshops at Blackhat, cocon, Nullcon, X33fCon Poland, NorthSec Canada, BSIDES Chapters (US & Asia Pacific), OWASP Chapters, CISO Platform, YASCON etc.
Sessions
Workshop - 13th & 14th November 2024
Multi-Cloud (AWS, Azure & GCP) Security
15-Nov-2024 14.45 - 15.30
[Yodha] RedCloud : A Multi-Cloud Hacking OS
16-Nov-2024 12.15 - 13.00
Serverless Phishing Factory: Automate, Attack, Adapt
Floor: Ground Floor
Enterprise Purple Teaming: Threat Emulation & Detection
John Sherchan , Red Team Security Researcher, CyberWarFare Labs, Nepal
John Sherchan
Red Team Security ResearcherCyberWarFare Labs
Nepal
John Sherchan is a Red Team Security researcher at CyberWarFare Labs, bringing over 5+ years of experience in Reverse Engineering, Malware Analysis/Development, and Source Code Reviewing, with a specialization in Windows Internals (User and Kernel Modes). Demonstrating an advanced understanding, he has successfully reversed multiple Antivirus (AV) and Endpoint Detection and Response (EDR) systems to comprehend its architecture. Committed to advancing cybersecurity, his additional interests include PWNing Active Directory, conducting Adversary emulation/simulation, writing rootkits, crafting exploits, and strategically overcoming challenges
Sessions
Workshop - 13th & 14th November 2024
Enterprise Purple Teaming: Threat Emulation & Detection
Harisuthan S , Blue Team Security Researcher, CyberWarFare Labs
Harisuthan S
Blue Team Security ResearcherCyberWarFare Labs
Harisuthan is a seasoned Blue Team Security Researcher at CyberWarFare Labs, with over 3 years of dedicated experience in cyber defense. He has a deep understanding of Blue Team methodologies, including adversarial threat detection and investigation, proactive threat hunting, and conducting adversary emulation and simulation for various investigative purposes
Sessions
Workshop - 13th & 14th November 2024
Enterprise Purple Teaming: Threat Emulation & Detection
Floor: L1
Hack the IoT: A practical guide to IoT Security
Hemant Sonkar , Lead Security Consultant, Payatu Security Consulting Pvt. Ltd.
Hemant Sonkar
Lead Security ConsultantPayatu Security Consulting Pvt. Ltd.
Hemant Sonkar presently serves as the Lead Security Consultant at Payatu, demonstrating proficiency in delivering training sessions at prominent events such as NULLCON, NULL, and various internal training programs. With an impressive three-year tenure in the field, he brings extensive expertise to the domain. His professional portfolio includes the examination of a wide range of IoT devices, spanning medical devices, home automation tools, and electric vehicles. Throughout his hardware security research endeavors, he has cultivated invaluable skills in discerning attack surfaces and vulnerabilities within real-world IoT devices.
Sessions
Workshop - 13th & 14th November 2024
Hack the IoT: A practical guide to IoT Security
Pugal Selvan , Associate Security Researcher, Payatu Security Consulting Pvt. Ltd.
Pugal Selvan
Associate Security ResearcherPayatu Security Consulting Pvt. Ltd.
Pugal Selvan began his journey in binary exploitation and reverse engineering through CTFs and is now a Security Researcher at Payatu, where he specializes in firmware analysis and reversing of many IoT and embedded devices. Recently, his curiosity has led him to explore hardware attacks, an area he is passionate about. By day, Pugal serves as a dedicated Security Consultant, and by night, he delves into the world of hardware hacking, continually expanding his knowledge and skills in the field.
Sessions
Workshop - 13th & 14th November 2024
Hack the IoT: A practical guide to IoT Security
Floor: L 8
Hook, Line, and Sinker: Exploring the Phishing Abyss
Giuseppe Trotta , Security Engineer and Trainer, Persistent Security Industries, Italy
Giuseppe Trotta
Security Engineer and TrainerPersistent Security Industries
Italy
Giuseppe Trotta (aka ohpe), is a seasoned security researcher and trainer with deep expertise in phishing, social engineering, and post-exploitation automation. As a core member of the MuraenaTeam, Giuseppe has been at the forefront of developing innovative tools that have significantly advanced the field of phishing exploitation. His groundbreaking work on Muraena and NecroBrowser has revolutionized how security professionals approach session hijacking and post-exploitation tasks.
With a strong commitment to education, Giuseppe has delivered numerous training sessions at private events and organizations, where he is known for his in-depth, hands-on approach. His training methodologies are unique, focusing on practical, real-world scenarios that prepare participants to face modern phishing threats head-on. Giuseppe's sessions are designed to be interactive, providing attendees with the knowledge and skills needed to enhance their red teaming capabilities and fortify their defenses against increasingly sophisticated phishing attacks.
Sessions
Workshop - 13th & 14th November 2024
Hook, Line, and Sinker: Exploring the Phishing Abyss
Floor: L 1
ML for Security and Security for ML
Nikhil Joshi , Data scientist, Brillio
Nikhil Joshi
Data scientistBrillio
Nikhil Joshi is an AI Security Researcher. He is currently working on implementations of ML in offensive and defensive security products. He has orchestrated methodologies to pen-test Machine Learning applications against ML-specific vulnerabilities and loves to explore new ways to hack ML-powered applications. Parallelly Nikhils research is focused on security implications in Deep Learning applications such as Adversarial Learning, Model stealing attacks, Data poisoning, etc. Nikhil is an active member of local Data Science and Security groups and has delivered multiple talks and workshops. He has spoken at HITB Amsterdam, PhDays Russia, and IEEE conferences. And trainer at the nullcon and Troopers. Being an Applied Mathematics enthusiast, recent advances in Machine Learning and its applications in security, behavioral science, and telecom are of major interest to Nikhil.
Sessions
Workshop - 13th & 14th November 2024
ML for Security and Security for ML
Floor: L 1
Bypassing Enterprise Protection Solutions and Windows 11 OS Hardening Controls
Kartik Lalan , Sr. Security Engineer, PIC (Independent)
Kartik Lalan
Sr. Security EngineerPIC (Independent)
Product Security Engineer @ Security Centre of Excellence – Philips Innovation Campus. He is M.Tech. in CS with Specialization in Information & Network Security. He conducts frequent talks and workshops on Info Sec topics @ several places including C0C0N, DEFCON BHV, Bsides Delhi & Bangalore Chapter, OWASP, Null A'bad & Bangalore Chapter, DroidCon-IN. Kartik loves to write technical Blogs in his leisure time.
Sessions
Workshop - 13th & 14th November 2024
Bypassing Enterprise Protection Solutions and Windows 11 OS Hardening Controls
15-Nov-2024 11.00 - 11.30
Hackers highway: Uncovering vulnerabilities hidden behind every car's license plate
Aravind C Ajayan , Sr. Security Engineer, PIC (Independent)
Aravind C Ajayan
Sr. Security EngineerPIC (Independent)
Sr. Security Engineer with Philips and is part of the Security Centre of Excellence team. Aravind's primary areas of expertise are web/thick client application penetration testing, hardened system security, network security, and windows active directory security. He has helped to fix severe issues in IMS(Internet Management Software) solutions through responsible disclosures. Aravind pursued his master's in Cyber Security Systems and Networks from Amrita Vishwa Vidyapeetham, Coimbatore. He is an Offensive Security Certified Professional (OSCP) and has published several research papers on security in IEEE and Springer.
Sessions
Workshop - 13th & 14th November 2024
Bypassing Enterprise Protection Solutions and Windows 11 OS Hardening Controls
Floor: L 1
Exploiting with Precision: Windbg Debugging Essentials for Security Professionals
David Baptiste , IT-Security Analyst & Researcher, ERNW - Ennor Rey Netzwerke GmbH, Germany
David Baptiste
IT-Security Analyst & ResearcherERNW - Ennor Rey Netzwerke GmbH
Germany
Dr. BapƟste David is an IT security specialist at ERNW, specialized in Windows operaƟng system. His research is mainly focused on malware analysis, reverse engineering, security of the Windows operaƟng system plaƞorm, kernel development and vulnerabiliƟes research. He also worked for couple of anƟvirus compagnies. He has given special courses and trainings in different universiƟes in Europe. Also, he gives regularly talks on different conferences including Black Hat USA, Defcon, Troopers, Zero Night, Cocon, EICAR, ECCWS…
Sessions
Workshop - 13th & 14th November 2024
Exploiting with Precision: Windbg Debugging Essentials for Security Professionals
16-Nov-2024 11.30 - 12.00
Kernel Lockdown: Reducing BSOD Risks by Restricting Third-Party Access?talk
Registration Counter Opens
All participants to be seated
Opening Note
Sunil Varkey , Cyber Security Thought Leadership, Former CISO Wipro & Idea, Former CTO Symantec & Forescout
Sunil Varkey
Cyber Security Thought LeadershipFormer CISO Wipro & Idea
Former CTO Symantec & Forescout
Sunil Varkey has over 29 years of cybersecurity leadership experience with large global corporations in banking, telecoms, ITES, software, and manufacturing domains in the Middle East, US and India.
Sunil was earlier Global CISO and Fellow at Wipro, CISO of Idea Cellular, MD at HSBC, and he is also CTO for Symantec and Forescout. Currently is engaged as a Cyber consultant and advisor in the Middle East.
Academically, he holds a Bachelor’s degree in Electronics Engineering with an MBA, along with over 10 security certifications. He also holds security patents in US & EU.
He has published and presented various articles and sessions globally related to information security.
Sessions
15-Nov-2024 09:40 - 09:55
Opening Note
15-Nov-2024 09:40 - 09:55
Opening Note
16-Nov-2024 16.30 - 17.00
The subtle art of checkmating CISOs
Lighting the Lamp
Felicitation and Prize Distribution
[KEYNOTE] The tomorrow threats, today
Len Noe , Transhuman | Cyborg Hacker | Technical Evangelist, CyberArk Software, United States
Len Noe
Transhuman | Cyborg Hacker | Technical EvangelistCyberArk Software
United States
Len Noe, a Technical Evangelist, White Hat Hacker, and Transhuman at CyberArk Software, is a dynamic and influential speaker on the international security circuit. With an impressive track record of delivering impactful presentations in over 60 countries and at renowned security conferences worldwide, Noe's expertise leaves a lasting impression. Notably, he has graced the stage at the prestigious World Conference in The Hague, C.E.R.T. EU, and has been invited to address multiple governments.
Len is the author of Human Hacked: My life and lessons as the worlds first augmented ethical hacker. With his first book Len exposes the subculture of Transhumans and the capabilities available to this new breed of human, along with the cyber security risks they pose.
Len is a co-host of the Cyber Cognition Podcast and a thought leader in the field of Transhumanism. With his upcoming book, he shares a captivating narrative of his personal evolution, solidifying his position as one of the world's foremost authorities in this transformative movement. As a futurist, Len's insights and expertise are highly sought after.
Len's passion for the Transhuman/Human+ movement is unparalleled, and he actively employs microchip implants to pioneer advancements in cyber security and enhance the human experience. His groundbreaking research has garnered global recognition, appearing in multiple global news outlets, while his regular appearances on top-tier security podcasts showcase his ongoing contributions to the field.
With a rich history as a Black/Grey Hat Hacker, Noe's extensive practical experience has shaped his skills. Over the course of 30 years, he has honed his expertise in web development, system engineering/administration, architecture, and coding. For the past ten years, Len has devoted his focus to information security from an attacker's perspective Actively engaging with the Texas information security communities and organizations like the Autism Society, Len continuously demonstrates his commitment to making a positive impact beyond the realm of technology.
Sessions
15-Nov-2024 10:15 - 10:45
[KEYNOTE] The tomorrow threats, today
15-Nov-2024 10:15 - 10:45
[KEYNOTE] The tomorrow threats, today
Hackers highway: Uncovering vulnerabilities hidden behind every car's license plate
Kartik Lalan , Sr. Security Engineer, PIC (Independent)
Kartik Lalan
Sr. Security EngineerPIC (Independent)
Product Security Engineer @ Security Centre of Excellence – Philips Innovation Campus. He is M.Tech. in CS with Specialization in Information & Network Security. He conducts frequent talks and workshops on Info Sec topics @ several places including C0C0N, DEFCON BHV, Bsides Delhi & Bangalore Chapter, OWASP, Null A'bad & Bangalore Chapter, DroidCon-IN. Kartik loves to write technical Blogs in his leisure time.
Sessions
Workshop - 13th & 14th November 2024
Bypassing Enterprise Protection Solutions and Windows 11 OS Hardening Controls
15-Nov-2024 11.00 - 11.30
Hackers highway: Uncovering vulnerabilities hidden behind every car's license plate
CISO's take on BYOAI
Venugopal Parameswara , CISO, CSB
Venugopal Parameswara
CISOCSB
15-Nov-2024 11.30 - 11.50
CISO's take on BYOAI
GenAI and Autonomous Security in the Age of Zero Trust
Philip Varughese Vayarakunnil , Global Lead - Platforms, Architecture, Engineering, Automation, Analytics, DXC Security
Philip Varughese Vayarakunnil
Global Lead - Platforms, Architecture, Engineering, Automation, AnalyticsDXC Security
15-Nov-2024 11.50 - 12.00
GenAI and Autonomous Security in the Age of Zero Trust
15-Nov-2024 14.00 - 14.50
(PANEL) - The Pager Attack: A Wake-Up Call for Global Cyber Defense Strategies
[PANEL] Intelligence led security
Midhun Babu
15-Nov-2024 12.10 - 13.00
(PANEL) - Moderator: Intelligence led security
Sameer Ratolikar
CISO -Chief Information Security OfficerHDFC Bank
15-Nov-2024 12.10 - 13.00
(PANEL) - Intelligence led security
Sheshadri MV
15-Nov-2024 12.10 - 13.00
(PANEL) - Intelligence led security
Dr. A Shiju Rawther , Head - Information Technology, SBI MUTUAL FUND
Dr. A Shiju Rawther
Head - Information TechnologySBI MUTUAL FUND
Shiju is a technology leader with strong business acumen with more than two decades of vast experience in major operating tenets of driving digital transformation through thought leadership, innovation, analytics & delivering value to stakeholders.
Shiju is currently working as Head – Information Technology for SBI Mutual Fund spearheading Group IT, Including Technology Strategies, Software Development & Cloud Engineering, IT Infrastructure, Enterprise-wide IT Transformation, Technology Security Operations and Analytics Functions.
Shiju comes with successful and steady career growth in reputed organizations viz., CARE Ratings Limited, Poonawalla Finance, IIFL Finance Limited, TransUnion CIBIL Limited, Fullerton India Credit Company Limited, PCS Technology Limited, Gateway Terminals India, Wipro InfoTech and Primus Telecommunications India Limited.
He is a prominent speaker at many industry conferences. Shiju has been recognized as one of the Most Innovative CIOs of India, Top 100 CISOs consistently over the last years by various media groups & forums. He is also associated with Cyberdome, Public Private Partnership initiative started by Kerala Police to combat Cyber Threats. Shiju was recognized as “Security Leader of the Year - Financial Services” in December 2016 by DSCI, NASSCOM.
Shiju holds a Bachelor of Engineering Degree in Computer Science & Engineering from Bangalore University and a Master in Information Management from Mumbai University. He also holds a PhD in Computer Science & Engineering from Hindustan Institute of Technology & Science, Chennai with research focused on securing networked systems against cyber-attacks using compartment models. An accomplished academic and professional, Dr. Shiju has published many research papers in international journals and also holds three patents registered with Indian Patent Authority. He recently received the prestigious Dr. K.C.G. Verghese Award for Best Researcher 2024.
15-Nov-2024 12.10 - 13.00
(PANEL) - Intelligence led security
16-Nov-2024 12.00 - 12.40
(PANEL) - When Falcon Strikes Back: The Defender's Dilemma
Maya R Nair , Cyber Security Thought Leader,
Maya R Nair
Cyber Security Thought LeaderAn experienced leader of Datacenter Infrastructure and Information security with major operating tenets of implementing defense in depth, acquiring 360 degree view of security, implementing IT infrastructure setups from the scratch, revamping datacenters and designing & implementing Business Continuity plans and Disaster Recovery sites.
Maya has a demonstrated history of working in the diverse industries of Telecommunication, BFSI and Manufacturing. She succeeded in positioning the Technology function as a Business Transformation initiative, with major contributions in IT infrastructure, Security technology implementations focussing on protection, prevention, monitoring and alerting.
Key achievements in the current and earlier stints include setting up of complete IT and datacenter infrastructure from the scratch, setting up of Security technology and framework from the scratch and operationalising it and designing & implementing Business continuity plans and Disaster recovery sites.
She is associated with Cyberdome ranked as Commander, a Public Private Partnership initiative started by Kerala Police to combat Cyber Threats and to spread awareness among masses
Maya has won many industry accolades and awards in recognition to her contribution to technology and security. She is a regular speaker in industry forums and writes technology articles.
She holds an engineering degree in Electronics engineering and post graduate degree in Software systems with specialisation in Network security. She also holds a management degree in Finance management. She also has many certifications including CISA, ISO 27001 LA, DCPLA to her credit.
15-Nov-2024 12.10 - 13.00
(PANEL) - Intelligence led security
16-Nov-2024 16.00 - 16.30
Who is holding the Marauders map?
Balakrishnan A , MD and CEO, Geojit Financial Services Ltd
Balakrishnan A
MD and CEOGeojit Financial Services Ltd
15-Nov-2024 12.10 - 13.00
(PANEL) - Intelligence led security
[PANEL] The Pager Attack: A Wake-Up Call for Global Cyber Defense Strategies
Aseem Jakhar
Co-FounderEXPLIoT, Payatu, Hardwear.io, Nullcon
15-Nov-2024 14.00 - 14.50
(PANEL) - Moderator: The Pager Attack: A Wake-Up Call for Global Cyber Defense Strategies
16-Nov-2024 10.30 - 11.15
(PANEL) - Transitioning from CTF to real world VAPT
M Nagarajan, IAS , Collector and District Magistrate of Mehsana, and Cyber Security Evangelist, Former Executive Director. i-Hub Gujarat
M Nagarajan, IAS
Collector and District Magistrate of Mehsanaand Cyber Security Evangelist
Former Executive Director. i-Hub Gujarat
Shri. M Nagarajan is an IAS Officer of 2009 Batch, Gujarat Cadre. Currently he is working as the Collector and District Magistrate of Mehsana, Gujarat.
He has a working experience of 22 years in various government departments including Indian Railways, Indian Audit and Accounts Department and Reserve Bank of India (RBI) and in the Indian Administrative Service(IAS).
He worked as District Collector in Arvalli District Gujarat. He contributed in bringing services delivery and industrial development of this tribal area. Later he was the District Collector of Kutch District, which is India’s largest district in terms of area, and is a very strategic location for India’s defence.
Prior to that, he was leading the Surat Smartcity Mission as CEO of the Surat Smart City Development SPV. Under his leadership Surat was awarded by Government of India for showing highest momentum in Smartcity implementation. He is a member of Expert Group on IT and Cyber Security by Ministry of Rural Development, Govt. Of India.
He has made major interventions in health, education and rural development. He believes that technology can be a game changer in India’s development. He has conceived and implemented projects in Digital Village, Smart Village, Rural Startups, Rural Broadband, Smart Cities, Smart Urban Transportation, eHealth and mHealth for Rural and Urban communities.
He has a Masters in Public Policy and Masters in Economics. A bureaucrat by profession he believes that technology is a great enabler of social change. He has been awarded by Election Commission of India (ECI) for Innovative use of Technology in Elections in the Gujarat 2012 elections.
His projects have won major awards that include SKOCH Award of Excellence, CSI-Nihilent Award, Manthan Award, Financial Inclusion Payment Systems award . He has been chosen as District Collector Digital Champion – 2014.He is an avid blogger and a Startup mentor.
Sessions
15-Nov-2024 14.00 - 14.50
(PANEL) - The Pager Attack: A Wake-Up Call for Global Cyber Defense Strategies
Tarun Wig , Founder, Innefu Labs
Tarun Wig
FounderInnefu Labs
15-Nov-2024 14.00 - 14.50
(PANEL) - The Pager Attack: A Wake-Up Call for Global Cyber Defense Strategies
Philip Varughese Vayarakunnil , Global Lead - Platforms, Architecture, Engineering, Automation, Analytics, DXC Security
Philip Varughese Vayarakunnil
Global Lead - Platforms, Architecture, Engineering, Automation, AnalyticsDXC Security
15-Nov-2024 11.50 - 12.00
GenAI and Autonomous Security in the Age of Zero Trust
15-Nov-2024 14.00 - 14.50
(PANEL) - The Pager Attack: A Wake-Up Call for Global Cyber Defense Strategies
Nikhil Shrivastava
15-Nov-2024 14.00 - 14.50
(PANEL) - The Pager Attack: A Wake-Up Call for Global Cyber Defense Strategies
Smarter Incident Management
Andreas Arbogast , CIO | Head of DFIR -ME & Europe, mh Service, Germany
Andreas Arbogast
CIO | Head of DFIR -ME & Europemh Service
Germany
With over 2 decades of law enforcement and IT-Forensics experience, Andreas is a seasoned professional specializing in cybercrime prevention and incident response. He began his career with the Police Headquarter in Düsseldorf, serving from Sergeant to Sergeant Major between 2001 and 2010. After earning a Bachelor of Arts in Political Science, Psychology, and Government (IT) Administration from the University of Police Sciences in Hagen, he transitioned into cybercrime prevention and response, focusing on protecting critical infrastructure and industries from advanced cyber threats.
In 2021, Andreas further specialized by earning a government certification as an IT-Forensic Senior Analyst from the University of Applied Sciences in Mittweida. He has since led IT-forensic field teams, delivering cybercrime prevention strategies with a proven track record of protecting assets valued at approximately 300 million euros annually.
As a senior consultant for A Control Ltd. since 2021 and mh Service GmbH since 2022, Andreas provides expertise in defeating advanced persistent threats (APT) and addressing complex cybercrime scenarios worldwide. His work in the field is bolstered by his security clearance at the "secret" level and his role at the State Bureau of Criminal Investigations in North-Rhine Westphalia.
15-Nov-2024 14.50 - 15.20
Smarter Incident Management
PCI 4.0, Javascript Security for product security teams
Anand Kumar Ganesan , Lead Product Security Engineer, Poshmark
Anand Kumar Ganesan
Lead Product Security EngineerPoshmark
Anand Ganesan is the Lead Product Security Engineer at Poshmark, an e-commerce platform. He has a total of 9 years of experience in the security industry. He has been deeply engaged in driving all the product security efforts. This includes conducting threat modeling for various projects, executing penetration tests across diverse platforms, conducting source code analysis, prioritizing vulnerabilities based on severity, establishing content security policies from the ground up, assisting the compliance team during audits, and supporting them in assessing vendors from a product security perspective.
He is deeply passionate about continuously enhancing his skills and finds great satisfaction in overcoming and bypassing security implementations. Additionally, he also finds fulfillment in mentoring junior team members and guiding them to become proficient.
When he's not engaged in application security activities, he enjoys playing and watching cricket, socializing with friends, and catching up on movies.
Sessions
15-Nov-2024 15.40 - 16.30
PCI 4.0, Javascript Security for product security teams
Mohammad Arif , Senior Product Security Engineer, Poshmark
Mohammad Arif
Senior Product Security EngineerPoshmark
Mohd Arif holds the position of Senior Product Security Engineer at Poshmark, a prominent Ecommerce organization. With three years of experience in the security industry, he has established himself as a skilled practitioner in various domains. His expertise encompasses hacking web applications, mobile apps, API security testing, source code review, architecture review, and threat modeling.
His true passion lies in Cloud security, Hardware security, and IoT security. He derives immense satisfaction from discovering novel methods to bypass security mechanisms and enhancing his operational security (OPSEC) techniques.
He remains deeply committed to the field of cybersecurity and actively seeks opportunities to share his knowledge and experiences. As a result, he has been invited to speak at esteemed conferences and summits, including Seasides Conference, C0C0N Conference, and Redteam Summit. Notably, Mohd Arif has been an enthusiastic volunteer at India's beloved Seasides Conference, where he eagerly shares his hacking insights with a receptive audience.
When he's not immersed in breaking code and applications, you can find him taking delight in photography, playing video games, embarking on biking adventures on weekends, and having a knack for creating amusing memes.
Sessions
15-Nov-2024 15.40 - 16.30
PCI 4.0, Javascript Security for product security teams
Know your Enemies: Deep Dive into Ransomware Threat Groups
Niranjan Jayanand
Niranjan has over 16 years experience working on tracking and reporting on eCrime Toolkits, APT campaigns and Ransomware attacks. His research publications were highlighted in multiple journals, conferences, reports, webinars and podcasts. He has reported on over 60 active early attack campaigns ahead of competitors and helped protect global customers.
Sessions
15-Nov-2024 16:30 - 17.15
Know your Enemies: Deep Dive into Ransomware Threat Groups
Registration Counter Opens
All participants to be seated
Opening Note
Lighting the Lamp
Felicitation and Prize Distribution
[KEYNOTE] The tomorrow threats, today
Len Noe , Transhuman | Cyborg Hacker | Technical Evangelist, CyberArk Software, United States
Len Noe
Transhuman | Cyborg Hacker | Technical EvangelistCyberArk Software
United States
Len Noe, a Technical Evangelist, White Hat Hacker, and Transhuman at CyberArk Software, is a dynamic and influential speaker on the international security circuit. With an impressive track record of delivering impactful presentations in over 60 countries and at renowned security conferences worldwide, Noe's expertise leaves a lasting impression. Notably, he has graced the stage at the prestigious World Conference in The Hague, C.E.R.T. EU, and has been invited to address multiple governments.
Len is the author of Human Hacked: My life and lessons as the worlds first augmented ethical hacker. With his first book Len exposes the subculture of Transhumans and the capabilities available to this new breed of human, along with the cyber security risks they pose.
Len is a co-host of the Cyber Cognition Podcast and a thought leader in the field of Transhumanism. With his upcoming book, he shares a captivating narrative of his personal evolution, solidifying his position as one of the world's foremost authorities in this transformative movement. As a futurist, Len's insights and expertise are highly sought after.
Len's passion for the Transhuman/Human+ movement is unparalleled, and he actively employs microchip implants to pioneer advancements in cyber security and enhance the human experience. His groundbreaking research has garnered global recognition, appearing in multiple global news outlets, while his regular appearances on top-tier security podcasts showcase his ongoing contributions to the field.
With a rich history as a Black/Grey Hat Hacker, Noe's extensive practical experience has shaped his skills. Over the course of 30 years, he has honed his expertise in web development, system engineering/administration, architecture, and coding. For the past ten years, Len has devoted his focus to information security from an attacker's perspective Actively engaging with the Texas information security communities and organizations like the Autism Society, Len continuously demonstrates his commitment to making a positive impact beyond the realm of technology.
Sessions
15-Nov-2024 10:15 - 10:45
[KEYNOTE] The tomorrow threats, today
15-Nov-2024 10:15 - 10:45
[KEYNOTE] The tomorrow threats, today
Breaking the Defences: In-Depth Analysis of EDR and AV Tampering Techniques
Vinay Kumar , Sr Principal Threat Researcher, QuickHeal Technology
Vinay Kumar
Sr Principal Threat ResearcherQuickHeal Technology
Vinay is a seasoned Security Researcher with extensive experience in computer and network security. Currently working at Quick Heal, Vinay has a rich professional background, having previously held key roles at McAfee, Trellix, and Trend Micro. His expertise lies in building innovative proofs of concept (PoCs) aimed at detecting and safeguarding systems against vulnerabilities, malware, and conducting in-depth vulnerability research and malware analysis. Vinay has contributed to the security of popular platforms like ImageMagick and WordPress by identifying a few critical vulnerabilities, enhancing their overall safety.
15-Nov-2024 11.00 - 11.45
Breaking the Defences: In-Depth Analysis of EDR and AV Tampering Techniques
Adrip Mukherjee , Security Research Lead, QuickHeal Technology
Adrip Mukherjee
Security Research LeadQuickHeal Technology
Adrip is currently working as Security Research Lead at Seqrite responsible for NonPE engine signature releases targeting endpoint detection for AV, EPS and also for IPS engine for network based detections . He has also worked with Intel Security, McAfee, Trellix in the past where the role involved Cloud based detection based on DNS and Behavioural signature for HIPS and NIPS engine for enterprise segment.
15-Nov-2024 11.00 - 11.45
Breaking the Defences: In-Depth Analysis of EDR and AV Tampering Techniques
Malware and AI detection systems: One array to rule them all
MAILLARD Pierre-François , Security Researcher, TCG CREST/ RMVERI
MAILLARD Pierre-François
Security ResearcherTCG CREST/ RMVERI
Pierre-François Maillard is an engineer in the field of cyber security and operating system. He worked within the CVO laboratory (Operational Cryptology and Virology) in France with a specialization in the UEFI System. He has also worked in various companies in the field of reverse engineering and industrial cybersecurity. In addition, he has contributed to the field through several articles published in MISC, top french cybersecurity magazine, and academic journals based on his research. He has also presented workshops and conferences at C0c0n on his specialties. He is right now finishing his PhD at TCG CREST IAI in the field of adversarial machine learning.
15-Nov-2024 11.45 - 12.15
Malware and AI detection systems: One array to rule them all
Remote Whispers of Mobile Sim
V Kumar , Independent Researcher, & Reverse Engineer
V Kumar
Independent Researcher& Reverse Engineer
V Kumar is a independent researcher & reverse engineer. He has spoken at several international security conferences such as BlackHat/Hack-in-the-Box/NullCon etc. He has more than 2 decades of experience in Reverse Engineering Software and Hardware world, Defeating cryptographic solutions, Developing 0-day exploits, Analyzing RF and SatComs for secure communications and protocols, Aiming for few nano seconds in extremely high performance computing environment. He has been active in the scene since DOS era.
15-Nov-2024 12.15 - 13.00
Remote Whispers of Mobile Sim
[Yodha] Nightingale: Docker for Pentesters
Raja Nagori , Product Security Engineer, Splunk
Raja Nagori
Product Security EngineerSplunk
Specializes in conducting penetration testing for web applications, network applications, and mobile applications (Android and iOS). Proficient in SAST (Checkmarx, Veracode, Sonarqube), DAST (Burpsuite), and Threat Modeling alongside Dev-Sec-Ops
Expertise includes Docker containerization and creating Docker images for Pentesters with Docker Security
Leading the development of an open-source tool called Nightingale: Docker for Pentester listed under the OWASP Open Source project list
Active member of the Hack the Box community, solving new security patches and challenges
Shares insights and knowledge through publications on Medium about security findings, methodologies for identifying vulnerabilities, and mobile application VAPT methodologies
Dedicated to sharing discoveries with the community and providing assistance to those in need
15-Nov-2024 14.00 - 14.45
[Yodha] Nightingale: Docker for Pentesters
[Yodha] RedCloud : A Multi-Cloud Hacking OS
Yash Bharadwaj , Co-Founder & Technical architect, Cyberwarfare Labs
Yash Bharadwaj
Co-Founder & Technical architectCyberwarfare Labs
Yash Bharadwaj, Co-Founder & Technical architect at CyberWarFare Labs with over 5.5 Years of Experience as Technologist. Highly attentive towards finding, learning and discovering new TTP's used during offensive engagements. His area of interest includes building Red / Blue team infrastructure, evading AVs & EDRs, Pwning On-Premise & Multi cloud infrastructure. Previously he has delivered hands-on red / blue / purple team trainings / talks / workshops at Blackhat, cocon, Nullcon, X33fCon Poland, NorthSec Canada, BSIDES Chapters (US & Asia Pacific), OWASP Chapters, CISO Platform, YASCON etc.
Sessions
Workshop - 13th & 14th November 2024
Multi-Cloud (AWS, Azure & GCP) Security
15-Nov-2024 14.45 - 15.30
[Yodha] RedCloud : A Multi-Cloud Hacking OS
16-Nov-2024 12.15 - 13.00
Serverless Phishing Factory: Automate, Attack, Adapt
Manish Gupta , Director, Cyberwarfare Labs
Manish Gupta
DirectorCyberwarfare Labs
Manish Gupta is Director of CyberWarFare Labs having 6.5+ years of expertise in offensive Information Security. Previously he had worked as an operator & team lead at product based companies like Microsoft, Grab & Citrix. He specializes in Red Teaming Activities on enterprise Environment including On-premise & Multi-Cloud. His Research interest includes Real World Cyber Attack Simulation and Advanced persistent Threat (APT). Previously he has presented his research at reputed conferences like Blackhat, DEFCON, cocon, Nullcon, BSIDES Chapters, X33fcon Poland, NorthSec Canada & other corporate training etc
Sessions
Workshop - 13th & 14th November 2024
Multi-Cloud (AWS, Azure & GCP) Security
15-Nov-2024 14.45 - 15.30
[Yodha] RedCloud : A Multi-Cloud Hacking OS
16-Nov-2024 12.15 - 13.00
Serverless Phishing Factory: Automate, Attack, Adapt
[Yodha] SCAGoat - Software Composition Analysis (SCA) Vulnerability Exploration Tool
Hare Krishna Rai , Product Security Engineer, HighRadius
Hare Krishna Rai
Product Security EngineerHighRadius
Hare Krishna Rai is a cybersecurity enthusiast with expertise in secure coding review and penetration testing with about 2 years experience in product security, currently working as Associate Product Security Engineer at a fintech company.
Sessions
15-Nov-2024 15.45 - 16.15
[Yodha] SCAGoat - Software Composition Analysis (SCA) Vulnerability Exploration Tool
Gaurav Joshi , Product Security Engineer, HighRadius
Gaurav Joshi
Product Security EngineerHighRadius
Gaurav Joshi is working extensively with Static Application Security Testing (SAST) as a security professional. His role involved conducting secure code reviews and utilizing SAST techniques to identify and mitigate vulnerabilities in software applications.
Sessions
15-Nov-2024 15.45 - 16.15
[Yodha] SCAGoat - Software Composition Analysis (SCA) Vulnerability Exploration Tool
Automated Security Engineer Co-Pilot: Leveraging Large Language Models for Enhanced Code Security
Ashwath Kumar , Head of Security, Razorpay
Ashwath Kumar
Head of SecurityRazorpay
Ashwath Kumar is currently working as Head of Security at Razorpay. Ashwath is a seasoned Principal engineer with extensive expertise in architecture reviews, cloud security, and red teaming. With a Master of Science in Computer Engineering from Texas A&M University, he has a proven track record of building and leading large teams to address complex security challenges. He has also presented at prestigious conferences such as Blackhat, Owasp, Nullcon & has written research papers with over 800 citations.
15-Nov-2024 16.15 - 16.45
Automated Security Engineer Co-Pilot: Leveraging Large Language Models for Enhanced Code Security
Hariprasad Pujari , Sr Software Development Engineer, Razorpay
Hariprasad Pujari
Sr Software Development EngineerRazorpay
Hariprasad, a graduate of IIT Kharagpur, is a Security Engineer 2 at Razorpay, specializing in building security tooling and developing in-house solutions that safeguard critical data and infrastructure. His key contributions include integrating security tools into CI/CD pipelines with GitHub Actions, advocating for "shifting left" on security to address vulnerabilities early in the development process, and automating vulnerability management. Hari's innovative approach and commitment to cybersecurity have significantly enhanced Razorpay's security posture.
15-Nov-2024 16.15 - 16.45
Automated Security Engineer Co-Pilot: Leveraging Large Language Models for Enhanced Code Security
Adversary Village
Workshop 1: Leveraging Rust for Offensive Security
Ritik Kumar Jain
Security AnalystHackIT Technology & Advisory Services
Anekant Singhai
Security ConsultantHackIT Technology & Advisory Services
Ritik Kumar Jain Security Analyst, HackIT Technology & Advisory Services
Anekant SinghaiSecurity Consultant, HackIT Technology & Advisory Services
The first day will dive into process injection methods, a key technique for stealthy code execution and bypassing security controls. This session will cover the fundamental concepts of process injection and demonstrate how to implement various techniques using Rust. Through guided examples, participants will learn how to inject code into processes.
(Village) Exploring the Unexplored - API Penetration Testing
Foundations of API Security and Lab Setup
In this foundational part, participants will set up the tools and lab environment required for safe and effective API testing, including tools like Postman, Burp Suite, and OWASP ZAP. This part also introduces core API security principles and the OWASP API Top 10, helping participants understand the structure and functionality of APIs and the most common vulnerabilities that can compromise their security. This foundational knowledge is crucial for understanding API attack surfaces and recognizing potential risks in API-driven applications.
- Lab Setup and Environment Configuration
- Introduction to API Security and OWASP API Top 10
- Tools:
- Postman
- Burp Suite
- OWASP ZAP
- Nmap
Reconnaissance, Endpoint Discovery, and Reverse Engineering
This part focuses on techniques for gathering information about APIs, uncovering hidden or undocumented endpoints, and reverse engineering applications to reveal API details. Participants will learn both passive and active reconnaissance methods, using tools like FFUF and Recon-ng to discover endpoints. They will also use reverse engineering techniques, such as analyzing APKs and utilizing browser dev tools, to map out API structures and data flows. These skills are essential for understanding the full scope of an API’s functionality and identifying possible entry points for testing and exploitation.
- Reconnaissance and Endpoint Discovery
- Reverse Engineering of API
- Tools:
- FFUF
- Recon-ng
- Browser DevTools
- APKTool
- Postman
[KEY NOTE]
Navin Kumar Singh IPS , Director General (DG), NCIIPC, A unit of NTRO, Govt. of India
Navin Kumar Singh IPS
Director General (DG)NCIIPC, A unit of NTRO
Govt. of India
Shri Navin Kumar Singh, is a B.Tech in Computer Science and Engineering from IIT Kanpur. He also has a Masters Degree in Anti-Corruption Studies from the International Anti-Corruption Academy, Vienna. He is an NTS Scholar and the recipient of the First prize for academic excellence in core curriculum at IIT, Kanpur. He has also received the award for the best Master Thesis by International Anti-Corruption Academy, Vienna in 2016.
Shri Navin Kumar Singh is an Indian Police Service Officer of 1996 batch, Jharkhand cadre. He is a recipient of the prestigious Police medal for Gallantry by the President of India and twice recipient of the Jharkhand CM’s Medals for Gallantry. For his outstanding contributions to policing, Shri Singh has been awarded the President’s Police Medal for Distinguished Service, Indian Police Medal for Meritorious Service, Jharkhand Police Medal for Meritorious Service and the Jharkhand Governor’s Medal for Distinguished Service.
He was part of the Indian Delegation in the second meeting of Intergovernmental group of UNODC on cyber crime in Vienna, Austria in 2013. He has worked as the Nodal Officer for cyber crime in Jharkhand during 2017- 2020 where he single handedly developed a pro-active response mechanism for tackling cyber crime, for which he was given the FICCI smart policing award. He has also contributed to the establishment of the Crime & Criminal Tracking and Networking System (CCTNS) of Jharkhand police, development of its website, social media policies and citizen centric services. He is credited with improving police delivery using technology. He is a member of many important Cyber Security related Committees at hte National level contributing to policy/strategy formulation.
He is heading the National Critical Information Infrastructure Protection Centre, which is the national nodal body for protection of Critical Information Infrastructure of the country since August 2021.
16-Nov-2024 10:00 - 10:30
[KEY NOTE]
16-Nov-2024 10:00 - 10:30
[KEY NOTE]
[PANEL] Transitioning from CTF to real world VAPT
Akhilesh Variar
DirectorNCIIPC
16-Nov-2024 10.30 - 11.15
(PANEL) - Moderator: Transitioning from CTF to real world VAPT
Aseem Jakhar
Co-FounderEXPLIoT, Payatu, Hardwear.io, Nullcon
15-Nov-2024 14.00 - 14.50
(PANEL) - Moderator: The Pager Attack: A Wake-Up Call for Global Cyber Defense Strategies
16-Nov-2024 10.30 - 11.15
(PANEL) - Transitioning from CTF to real world VAPT
Anant Shrivastava , Chief Researcher / Founder, Cyfinoid Research Private Limited
Anant Shrivastava
Chief Researcher / FounderCyfinoid Research Private Limited
Anant Shrivastava is an information security professional with 15+ yrs of corporate experience in Network, Mobile, Application and Linux Security. Anant is an avid opensource supporter and runs multiple opensource projects prominent of them being TamerPlatform and CodeVigilant.
He contributes to multiple Open communities like null and Garage4Hackers. He has also helped establishing local chapter in his hometown null Bhopal
He has been a speaker and a trainer at a multitude of conferences such as Black Hat -USA/ASIA/EU, Defcon, Nullcon, c0c0n, Rootconf and many more).
He also participates in various communities as a cfp reviewer. Notable of them being Blackhat EU, nullcon, Rootconf by Hasgeek, recon village @ Defcon , cloud village @ defcon, Adversary Village @ defcon
His code contributions can be found on Github. He is active on Twitter and Fediverse and his talks and presentations can be found here. He writes about his experiments at his blog.
Sessions
Workshop - 13th & 14th November 2024
Attack & Defend Android Applications
16-Nov-2024 10.30 - 11.15
(PANEL) - Transitioning from CTF to real world VAPT
16-Nov-2024 14.00 - 14.45
(PANEL) - Moderator: Post-Quantum Security: Balancing Opportunities and Overcoming Challenges
16-Nov-2024 16:15 - 16:45
We got the Shiny SBoM; what next?
Dhruv Bisani , Head of Adversarial Attack Simulations, Starling Bank, United Kingdom
Dhruv Bisani
Head of Adversarial Attack SimulationsStarling Bank
United Kingdom
Dhruv is an experienced cybersecurity expert with 10+ years of experience and a key interest in leading and delivering Adversarial Attack (Red/Purple Team) simulations, along with dealing with audiences at all levels, from IT engineers to executives.
Currently, he is the Head of Adversarial Attack Simulation at Starling Bank, a leading UK Bank, where he developed Red Team capabilities to target novel tech stacks such as macOS and Zero-trust architecture. His role involves delivering both technical attack simulations and working closely with executives.
Prior to that, he founded & led the Red Team at Resillion (previously known as Eurofins Cyber Security) - a global consultancy working with a wide range of clients, and achieved revenue of >1M$ per year.
Over the last few years, Dhruv’s core focus has been on developing the red team capability, while focusing on testing less common environments such as Zero-trust & macOS. He has successfully delivered advanced attack simulations across a range of sectors including finance, healthcare, legal, and retail. He possesses extensive experience in executing projects under the UK CBEST/TBEST schemes. His current role encompasses a wide array of responsibilities such as recruitment, training, overseeing sales/finances, as well as enhancing technical methodologies and processes.
Dhruv has delivered talks at 10+ conferences internationally, such as GISEC Dubai 2024, BSides London 2023 & e-crime Denmark 2023, as well been part of panels such as “Ask the Hacker,” “Getting started in Industry” at several conferences.
Earned several industry leading certificates such as CREST Certified Simulated Attack Specialist, CREST Certified Tester INF & WEB, Certified Red Team Expert , Certified Azure Red Team Professional, Offensive Security Certified Professional, Microsoft AZ 900 & 500.
Sessions
16-Nov-2024 10.30 - 11.15
(PANEL) - Transitioning from CTF to real world VAPT
16-Nov-2024 15.45 - 16.15
Invisible Invaders: Bypassing Email Security with Legitimate Tools
Kernel Lockdown: Reducing BSOD Risks by Restricting Third-Party Access?talk
David Baptiste , IT-Security Analyst & Researcher, ERNW - Ennor Rey Netzwerke GmbH, Germany
David Baptiste
IT-Security Analyst & ResearcherERNW - Ennor Rey Netzwerke GmbH
Germany
Dr. BapƟste David is an IT security specialist at ERNW, specialized in Windows operaƟng system. His research is mainly focused on malware analysis, reverse engineering, security of the Windows operaƟng system plaƞorm, kernel development and vulnerabiliƟes research. He also worked for couple of anƟvirus compagnies. He has given special courses and trainings in different universiƟes in Europe. Also, he gives regularly talks on different conferences including Black Hat USA, Defcon, Troopers, Zero Night, Cocon, EICAR, ECCWS…
Sessions
Workshop - 13th & 14th November 2024
Exploiting with Precision: Windbg Debugging Essentials for Security Professionals
16-Nov-2024 11.30 - 12.00
Kernel Lockdown: Reducing BSOD Risks by Restricting Third-Party Access?talk
[PANEL] When Falcon Strikes Back: The Defender's Dilemma
Burgess Cooper , Deputy Cybersecurity Leader and Partner, Consulting Services, EMEIA Region, EY
Burgess Cooper
Deputy Cybersecurity Leader and PartnerConsulting Services, EMEIA Region, EY
Burgess Cooper is a Deputy Cybersecurity Leader and Partner & Heads Cyber Security Market with a team of 1300+ professionals.
He has 28+ years of experience in securing some of the biggest brands in the world from potential cyber-attacks. He is also leading the Responsible AI campaign for EY India.
Prior to EY he was a CISO with Vodafone and HSBC and responsible for Information Security, Privacy & Compliance across the Telecom and BFSI sector.
He is a regular speaker and a jury member at prominent industry events - BCCI, ASSOCHAM, CII, CISO, E-crime and a qualified EC-Council’s CEI Master Trainer for Industry CISO certification course.
Sessions
16-Nov-2024 12.00 - 12.40
(PANEL) - Moderator: When Falcon Strikes Back: The Defender's Dilemma
Shivkumar Pandey
16-Nov-2024 12.00 - 12.40
(PANEL) - When Falcon Strikes Back: The Defender's Dilemma
Dr. A Shiju Rawther , Head - Information Technology, SBI MUTUAL FUND
Dr. A Shiju Rawther
Head - Information TechnologySBI MUTUAL FUND
Shiju is a technology leader with strong business acumen with more than two decades of vast experience in major operating tenets of driving digital transformation through thought leadership, innovation, analytics & delivering value to stakeholders.
Shiju is currently working as Head – Information Technology for SBI Mutual Fund spearheading Group IT, Including Technology Strategies, Software Development & Cloud Engineering, IT Infrastructure, Enterprise-wide IT Transformation, Technology Security Operations and Analytics Functions.
Shiju comes with successful and steady career growth in reputed organizations viz., CARE Ratings Limited, Poonawalla Finance, IIFL Finance Limited, TransUnion CIBIL Limited, Fullerton India Credit Company Limited, PCS Technology Limited, Gateway Terminals India, Wipro InfoTech and Primus Telecommunications India Limited.
He is a prominent speaker at many industry conferences. Shiju has been recognized as one of the Most Innovative CIOs of India, Top 100 CISOs consistently over the last years by various media groups & forums. He is also associated with Cyberdome, Public Private Partnership initiative started by Kerala Police to combat Cyber Threats. Shiju was recognized as “Security Leader of the Year - Financial Services” in December 2016 by DSCI, NASSCOM.
Shiju holds a Bachelor of Engineering Degree in Computer Science & Engineering from Bangalore University and a Master in Information Management from Mumbai University. He also holds a PhD in Computer Science & Engineering from Hindustan Institute of Technology & Science, Chennai with research focused on securing networked systems against cyber-attacks using compartment models. An accomplished academic and professional, Dr. Shiju has published many research papers in international journals and also holds three patents registered with Indian Patent Authority. He recently received the prestigious Dr. K.C.G. Verghese Award for Best Researcher 2024.
15-Nov-2024 12.10 - 13.00
(PANEL) - Intelligence led security
16-Nov-2024 12.00 - 12.40
(PANEL) - When Falcon Strikes Back: The Defender's Dilemma
Padnya Manwar
16-Nov-2024 12.00 - 12.40
(PANEL) - When Falcon Strikes Back: The Defender's Dilemma
Kishan Kendre
16-Nov-2024 12.00 - 12.40
(PANEL) - When Falcon Strikes Back: The Defender's Dilemma
Old Bugs, New Tricks: How N-Day Vulnerabilities Are Fueling Today's Threat Landscape
Dharani Sanjaiy , Vulnerability Researcher, CloudSEK
Dharani Sanjaiy
Vulnerability ResearcherCloudSEK
16-Nov-2024 12.40 - 13.00
Old Bugs, New Tricks: How N-Day Vulnerabilities Are Fueling Today's Threat Landscape
[PANEL] Post-Quantum Security: Balancing Opportunities and Overcoming Challenges
Anant Shrivastava
Chief Researcher / FounderCyfinoid Research Private Limited
Anant Shrivastava is an information security professional with 15+ yrs of corporate experience in Network, Mobile, Application and Linux Security. Anant is an avid opensource supporter and runs multiple opensource projects prominent of them being TamerPlatform and CodeVigilant.
He contributes to multiple Open communities like null and Garage4Hackers. He has also helped establishing local chapter in his hometown null Bhopal
He has been a speaker and a trainer at a multitude of conferences such as Black Hat -USA/ASIA/EU, Defcon, Nullcon, c0c0n, Rootconf and many more).
He also participates in various communities as a cfp reviewer. Notable of them being Blackhat EU, nullcon, Rootconf by Hasgeek, recon village @ Defcon , cloud village @ defcon, Adversary Village @ defcon
His code contributions can be found on Github. He is active on Twitter and Fediverse and his talks and presentations can be found here. He writes about his experiments at his blog.
Sessions
Workshop - 13th & 14th November 2024
Attack & Defend Android Applications
16-Nov-2024 10.30 - 11.15
(PANEL) - Transitioning from CTF to real world VAPT
16-Nov-2024 14.00 - 14.45
(PANEL) - Moderator: Post-Quantum Security: Balancing Opportunities and Overcoming Challenges
16-Nov-2024 16:15 - 16:45
We got the Shiny SBoM; what next?
Sapan Talwar
16-Nov-2024 14.00 - 14.45
(PANEL) - Post-Quantum Security: Balancing Opportunities and Overcoming Challenges
Ajit Hatti , Founder, Director, Pure ID
Ajit Hatti
Founder, DirectorPure ID
Ajit Hatti is a serial inventor and innovator and founder of PureID. He has been developing enterprise class security products over a decade and a half. Ajit regularly presents his research & tools at conferences like Black Hat, COCON & DEF CON. He is also the co-founder of Null - Open Security Community & is the founder of Blockchain Village which he organizes at DEF CON.
16-Nov-2024 14.00 - 14.45
(PANEL) - Post-Quantum Security: Balancing Opportunities and Overcoming Challenges
Sridhar Govardhan , Senior VP & Head of Information Security, CoinDCX
Sridhar Govardhan
Senior VP & Head of Information SecurityCoinDCX
16-Nov-2024 14.00 - 14.45
(PANEL) - Post-Quantum Security: Balancing Opportunities and Overcoming Challenges
Dr. Abhilasha Vyas , Cloud Security Expert, CloudThat
Dr. Abhilasha Vyas
Cloud Security ExpertCloudThat
Dr. Abhilasha Vyas is Cloud Security Expert at CloudThat, Core team member of Cloud Security Alliance Bangalore, Core team member of OT security professionals community, member of WiCyS India, and an executive council member of Women in Big Data (WiBD) India. A recognized cybersecurity leader, Dr. Vyas has delivered sessions globally, focusing on DDoS attack detection and awareness. She is a Microsoft Certified Trainer, awarded as a Cyber Security Women Influencer at BSides Bangalore 2024, Cyber Acharya 2024 by AuthinticOne, and was listed among India’s Top Women Influencers in Security 2022.
16-Nov-2024 14.00 - 14.45
(PANEL) - Post-Quantum Security: Balancing Opportunities and Overcoming Challenges
Breach of the borderless: Cyber threat actors targeting India's cyberspace
Abhijith B R , Consulting specialist offensive cyber security, Founder of Adversary Village
Abhijith B R
Consulting specialist offensive cyber securityFounder of Adversary Village
Abhijith B R, also known by the pseudonym Abx, has more than a decade of experience in the offensive cyber security industry. He is a professional hacker, offensive cyber security specialist, red team consultant, security researcher, trainer and public speaker.
Currently, he is involved with multiple organizations as a consulting specialist, to help them build offensive security operations programs, improve their current security posture, assess cyber defense systems, bridge the gap between business leadership and security professionals.
Abhijith was responsible for building and managing offensive security operations and adversary simulation for a prominent FinTech company called Envestnet, Inc. In the past, he held the position of Deputy Manager - Cyber Security at Nissan Motor Corporation, and prior to that, he worked as a Senior Security Analyst at EY.
As the founder of Adversary Village (https://adversaryvillage.org/), Abhijith spearheads a community initiative focused on adversary simulation, adversary-tactics, purple teaming, threat actor/ransomware research-emulation, and offensive cyber security. Adversary Village is part of DEF CON Villages and organizes hacking villages at prominent events such as the DEF CON Hacking Conference, RSA Conference etc.
Abx also acts as the Lead of an official DEF CON Group named DC0471. He is actively involved in leading the Tactical Adversary project (https://tacticaladversary.io/) a personal initiative that centers around offensive cyber security, adversary attack simulation and red teaming tradecraft.
Abhijith has spoken at various hacking and cyber security conferences such as, DEF CON hacker convention – Las Vegas, RSA Conference – San Francisco, The Diana Initiative – Las Vegas, DEF CON 28 safemode - DCG Village, Opensource India, Security BSides Las Vegas, BSides San Francisco, Hack Space Con – Kennedy space center Florida, Nullcon – Goa, c0c0n – Kerala, BSides Delhi etc.
16-Nov-2024 14.45 - 15.15
Breach of the borderless: Cyber threat actors targeting India's cyberspace
Access for Sale: Inside the World of Ransomware Affiliates and Initial Access Brokers
Nihar Sawant , Cyber Threat Researcher, Fortinet
Nihar Sawant
Cyber Threat ResearcherFortinet
16-Nov-2024 15.30 - 16.00
Access for Sale: Inside the World of Ransomware Affiliates and Initial Access Brokers
Jaydev Joshi , Cyber Threat Researcher, Fortinet
Jaydev Joshi
Cyber Threat ResearcherFortinet
16-Nov-2024 15.30 - 16.00
Access for Sale: Inside the World of Ransomware Affiliates and Initial Access Brokers
Who is holding the Marauders map?
Maya R Nair , Cyber Security Thought Leader,
Maya R Nair
Cyber Security Thought LeaderAn experienced leader of Datacenter Infrastructure and Information security with major operating tenets of implementing defense in depth, acquiring 360 degree view of security, implementing IT infrastructure setups from the scratch, revamping datacenters and designing & implementing Business Continuity plans and Disaster Recovery sites.
Maya has a demonstrated history of working in the diverse industries of Telecommunication, BFSI and Manufacturing. She succeeded in positioning the Technology function as a Business Transformation initiative, with major contributions in IT infrastructure, Security technology implementations focussing on protection, prevention, monitoring and alerting.
Key achievements in the current and earlier stints include setting up of complete IT and datacenter infrastructure from the scratch, setting up of Security technology and framework from the scratch and operationalising it and designing & implementing Business continuity plans and Disaster recovery sites.
She is associated with Cyberdome ranked as Commander, a Public Private Partnership initiative started by Kerala Police to combat Cyber Threats and to spread awareness among masses
Maya has won many industry accolades and awards in recognition to her contribution to technology and security. She is a regular speaker in industry forums and writes technology articles.
She holds an engineering degree in Electronics engineering and post graduate degree in Software systems with specialisation in Network security. She also holds a management degree in Finance management. She also has many certifications including CISA, ISO 27001 LA, DCPLA to her credit.
15-Nov-2024 12.10 - 13.00
(PANEL) - Intelligence led security
16-Nov-2024 16.00 - 16.30
Who is holding the Marauders map?
The subtle art of checkmating CISOs
Sunil Varkey , Cyber Security Thought Leadership, Former CISO Wipro & Idea, Former CTO Symantec & Forescout
Sunil Varkey
Cyber Security Thought LeadershipFormer CISO Wipro & Idea
Former CTO Symantec & Forescout
Sunil Varkey has over 29 years of cybersecurity leadership experience with large global corporations in banking, telecoms, ITES, software, and manufacturing domains in the Middle East, US and India.
Sunil was earlier Global CISO and Fellow at Wipro, CISO of Idea Cellular, MD at HSBC, and he is also CTO for Symantec and Forescout. Currently is engaged as a Cyber consultant and advisor in the Middle East.
Academically, he holds a Bachelor’s degree in Electronics Engineering with an MBA, along with over 10 security certifications. He also holds security patents in US & EU.
He has published and presented various articles and sessions globally related to information security.
Sessions
15-Nov-2024 09:40 - 09:55
Opening Note
15-Nov-2024 09:40 - 09:55
Opening Note
16-Nov-2024 16.30 - 17.00
The subtle art of checkmating CISOs
Closing Note
[KEY NOTE]
Navin Kumar Singh IPS , Director General (DG), NCIIPC, A unit of NTRO, Govt. of India
Navin Kumar Singh IPS
Director General (DG)NCIIPC, A unit of NTRO
Govt. of India
Shri Navin Kumar Singh, is a B.Tech in Computer Science and Engineering from IIT Kanpur. He also has a Masters Degree in Anti-Corruption Studies from the International Anti-Corruption Academy, Vienna. He is an NTS Scholar and the recipient of the First prize for academic excellence in core curriculum at IIT, Kanpur. He has also received the award for the best Master Thesis by International Anti-Corruption Academy, Vienna in 2016.
Shri Navin Kumar Singh is an Indian Police Service Officer of 1996 batch, Jharkhand cadre. He is a recipient of the prestigious Police medal for Gallantry by the President of India and twice recipient of the Jharkhand CM’s Medals for Gallantry. For his outstanding contributions to policing, Shri Singh has been awarded the President’s Police Medal for Distinguished Service, Indian Police Medal for Meritorious Service, Jharkhand Police Medal for Meritorious Service and the Jharkhand Governor’s Medal for Distinguished Service.
He was part of the Indian Delegation in the second meeting of Intergovernmental group of UNODC on cyber crime in Vienna, Austria in 2013. He has worked as the Nodal Officer for cyber crime in Jharkhand during 2017- 2020 where he single handedly developed a pro-active response mechanism for tackling cyber crime, for which he was given the FICCI smart policing award. He has also contributed to the establishment of the Crime & Criminal Tracking and Networking System (CCTNS) of Jharkhand police, development of its website, social media policies and citizen centric services. He is credited with improving police delivery using technology. He is a member of many important Cyber Security related Committees at hte National level contributing to policy/strategy formulation.
He is heading the National Critical Information Infrastructure Protection Centre, which is the national nodal body for protection of Critical Information Infrastructure of the country since August 2021.
16-Nov-2024 10:00 - 10:30
[KEY NOTE]
16-Nov-2024 10:00 - 10:30
[KEY NOTE]
Ride on the House - Exploiting Public Transport Ticketing Systems for Free Rides
Rakesh Seal
16-Nov-2024 10.45 - 11.15
Ride on the House - Exploiting Public Transport Ticketing Systems for Free Rides
Diptisha Samanta
16-Nov-2024 10.45 - 11.15
Ride on the House - Exploiting Public Transport Ticketing Systems for Free Rides
Active Directory Deception Strategies
Madhukar Raina , Senior Training Developer, Hack The Box Ltd.
Madhukar Raina
Senior Training DeveloperHack The Box Ltd.
Madhukar Raina is a Security Researcher with around 9 years of experience in information security and trainings. He works for Hack The Box, where he contributes to the malware analysis, reverse engineering, and detection engineering related content and labs. He has previously worked for Zscaler & Securonix as a Security Researcher and Threat Hunter, mainly focusing on malware analysis, reverse engineering, deception, threat hunting operations, and adversarial research. In his past roles, he has also worked on digital forensics, incident response and compromise assessment projects.
16-Nov-2024 11.30 - 12.15
Active Directory Deception Strategies
Sayan Mitra , Security Researcher, Zscaler
Sayan Mitra
Security ResearcherZscaler
Sayan is a Security Researcher currently working at Zscaler, part of the Threat Hunting Team. He has around 4+ years of experience in conducting Red Team assessments for Indian banks and providing managed threat hunting services to clients. He has also contributed to research and projects for Zscaler's deception platform, IllusionBlack.
Sessions
16-Nov-2024 11.30 - 12.15
Active Directory Deception Strategies
Serverless Phishing Factory: Automate, Attack, Adapt
Yash Bharadwaj , Co-Founder & Technical architect, Cyberwarfare Labs
Yash Bharadwaj
Co-Founder & Technical architectCyberwarfare Labs
Yash Bharadwaj, Co-Founder & Technical architect at CyberWarFare Labs with over 5.5 Years of Experience as Technologist. Highly attentive towards finding, learning and discovering new TTP's used during offensive engagements. His area of interest includes building Red / Blue team infrastructure, evading AVs & EDRs, Pwning On-Premise & Multi cloud infrastructure. Previously he has delivered hands-on red / blue / purple team trainings / talks / workshops at Blackhat, cocon, Nullcon, X33fCon Poland, NorthSec Canada, BSIDES Chapters (US & Asia Pacific), OWASP Chapters, CISO Platform, YASCON etc.
Sessions
Workshop - 13th & 14th November 2024
Multi-Cloud (AWS, Azure & GCP) Security
15-Nov-2024 14.45 - 15.30
[Yodha] RedCloud : A Multi-Cloud Hacking OS
16-Nov-2024 12.15 - 13.00
Serverless Phishing Factory: Automate, Attack, Adapt
Manish Gupta , Director, Cyberwarfare Labs
Manish Gupta
DirectorCyberwarfare Labs
Manish Gupta is Director of CyberWarFare Labs having 6.5+ years of expertise in offensive Information Security. Previously he had worked as an operator & team lead at product based companies like Microsoft, Grab & Citrix. He specializes in Red Teaming Activities on enterprise Environment including On-premise & Multi-Cloud. His Research interest includes Real World Cyber Attack Simulation and Advanced persistent Threat (APT). Previously he has presented his research at reputed conferences like Blackhat, DEFCON, cocon, Nullcon, BSIDES Chapters, X33fcon Poland, NorthSec Canada & other corporate training etc
Sessions
Workshop - 13th & 14th November 2024
Multi-Cloud (AWS, Azure & GCP) Security
15-Nov-2024 14.45 - 15.30
[Yodha] RedCloud : A Multi-Cloud Hacking OS
16-Nov-2024 12.15 - 13.00
Serverless Phishing Factory: Automate, Attack, Adapt
The Stealth Code Conspiracy: Unmasking Hidden Threats in CI/CD Pipelines
Arpith Rajagopal , Senior Security Engineer, Lendingkart
Arpith Rajagopal
Senior Security EngineerLendingkart
Arpith has presented at Accel Cybersecurity Summit 2024. His interests lie in Application Security, Automation, Red Teaming and CICD Security.
16-Nov-2024 14.45 - 15.30
The Stealth Code Conspiracy: Unmasking Hidden Threats in CI/CD Pipelines
Suchith Narayan , Lead Security Engineer, Razorpay
Suchith Narayan
Lead Security EngineerRazorpay
Suchith has presented at Rootconf, Null, Bsides Delhi, Accel Cybersecurity Summit amongst others. His interests are in CI/CD Security, Red teaming, Application security and Threat Modeling
16-Nov-2024 14.45 - 15.30
The Stealth Code Conspiracy: Unmasking Hidden Threats in CI/CD Pipelines
Invisible Invaders: Bypassing Email Security with Legitimate Tools
Dhruv Bisani , Head of Adversarial Attack Simulations, Starling Bank, United Kingdom
Dhruv Bisani
Head of Adversarial Attack SimulationsStarling Bank
United Kingdom
Dhruv is an experienced cybersecurity expert with 10+ years of experience and a key interest in leading and delivering Adversarial Attack (Red/Purple Team) simulations, along with dealing with audiences at all levels, from IT engineers to executives.
Currently, he is the Head of Adversarial Attack Simulation at Starling Bank, a leading UK Bank, where he developed Red Team capabilities to target novel tech stacks such as macOS and Zero-trust architecture. His role involves delivering both technical attack simulations and working closely with executives.
Prior to that, he founded & led the Red Team at Resillion (previously known as Eurofins Cyber Security) - a global consultancy working with a wide range of clients, and achieved revenue of >1M$ per year.
Over the last few years, Dhruv’s core focus has been on developing the red team capability, while focusing on testing less common environments such as Zero-trust & macOS. He has successfully delivered advanced attack simulations across a range of sectors including finance, healthcare, legal, and retail. He possesses extensive experience in executing projects under the UK CBEST/TBEST schemes. His current role encompasses a wide array of responsibilities such as recruitment, training, overseeing sales/finances, as well as enhancing technical methodologies and processes.
Dhruv has delivered talks at 10+ conferences internationally, such as GISEC Dubai 2024, BSides London 2023 & e-crime Denmark 2023, as well been part of panels such as “Ask the Hacker,” “Getting started in Industry” at several conferences.
Earned several industry leading certificates such as CREST Certified Simulated Attack Specialist, CREST Certified Tester INF & WEB, Certified Red Team Expert , Certified Azure Red Team Professional, Offensive Security Certified Professional, Microsoft AZ 900 & 500.
Sessions
16-Nov-2024 10.30 - 11.15
(PANEL) - Transitioning from CTF to real world VAPT
16-Nov-2024 15.45 - 16.15
Invisible Invaders: Bypassing Email Security with Legitimate Tools
We got the Shiny SBoM; what next?
Anant Shrivastava , Chief Researcher / Founder, Cyfinoid Research Private Limited
Anant Shrivastava
Chief Researcher / FounderCyfinoid Research Private Limited
Anant Shrivastava is an information security professional with 15+ yrs of corporate experience in Network, Mobile, Application and Linux Security. Anant is an avid opensource supporter and runs multiple opensource projects prominent of them being TamerPlatform and CodeVigilant.
He contributes to multiple Open communities like null and Garage4Hackers. He has also helped establishing local chapter in his hometown null Bhopal
He has been a speaker and a trainer at a multitude of conferences such as Black Hat -USA/ASIA/EU, Defcon, Nullcon, c0c0n, Rootconf and many more).
He also participates in various communities as a cfp reviewer. Notable of them being Blackhat EU, nullcon, Rootconf by Hasgeek, recon village @ Defcon , cloud village @ defcon, Adversary Village @ defcon
His code contributions can be found on Github. He is active on Twitter and Fediverse and his talks and presentations can be found here. He writes about his experiments at his blog.
Sessions
Workshop - 13th & 14th November 2024
Attack & Defend Android Applications
16-Nov-2024 10.30 - 11.15
(PANEL) - Transitioning from CTF to real world VAPT
16-Nov-2024 14.00 - 14.45
(PANEL) - Moderator: Post-Quantum Security: Balancing Opportunities and Overcoming Challenges
16-Nov-2024 16:15 - 16:45
We got the Shiny SBoM; what next?
Closing Note
Sponsors
SUPPORTING PARTNER
PLATINUM SPONSORS
GOLD SPONSORS
SILVER SPONSORS
BRONZE SPONSORS
CTF SPONSOR
GOODIE BAG SPONSOR
LANYARD SPONSOR
CERTIFICATION SPONSOR
SWAG SPONSORS
ACADEMIC PARTNER
COMMUNITY PARTNERS
EXHIBITORS
