Tag Archives: null

SOAP Security; Linux Security Gateway – Nov 13

'null' the "open" security community presents an event on Nov 13, 4:30pm at SICSR Model Colony.

Details are as follows:

Talk: SOA architecture and SOAP protocol architecture detail and attack Vector by Nabarun sengupta

Brief Description of Talk:
Will discuss on what are web services? How SOA architecture came into existence? The SOA architecture came forth with the concept of SOAP protocol and WSDL files. We will see the communication between them. Then some aspects on attacker’s approach will be highlighted. Eventually it will end with a video demonstration of an web service attack on WSDigger through WSKnight open source tool.

Talk: How to convert your linux box into Security Gateway – Part 1 by Murtuja Bharamal

Brief Description of Talk:
In this talk I will cover various security feature/daemon of Linux OS either comes by default of with OS or available for downloads, like Firrewall, Proxy, IDS/IPS, VPN, Antivirus How to configure and use this feature to convert linux box into Security Gateway as per requirement.
In part-1 I will start-with Basic Linux Hardening and IPTables Firewall.

About null

null is an open security community for ethical hackers, security professionals and security enthusiasts. It is free, and anybody can join.

null was born out of a need for:

  • Promoting advanced security research.
  • Spreading security awareness among the netizens.
  • A Centralized knowledge base for security related information.

It was founded by Aseem Jakhar in Jan 2008.

Vision

Move towards immunity from security.

Mission

  • Advanced security research.
  • Create a disclosure platform.
  • Design/Develop innovative solutions to combat current/emerging threats.
  • Define a “Must-Have” security knowledge-base for different roles (programmer, QA, admin, end user).
  • Spread security awareness.
  • Organize Meetings/Conferences/Trainings/Awareness camps.

2 Security Conferences Call for Papers: ClubHack (with Bruce Schneier!) & nullcon (Goa!)

The call for papers for two interesting security conferences has just been announced, and as usual, PuneTech is trying to encourage its readers to make submissions to the conferences. As indicated in an earlier post, PuneTech does not promote paid conferences, but we’re happy to promote the call for speakers for these conferences, because, for selected speakers, the conferences is free :-).

Bruce Schneier at CFP 2007: Open panel on Net ...
World famous security researcher Bruce Schneier is expected in Pune for ClubHack2010 in December. Image via Wikipedia

The first of these conferences is ClubHack 2010, which will be in December 2010, and will feature world famous security expert Bruce Schneier, and the second one is the nullcon dwitiya which is actually in Goa (but is featured in PuneTech because null started in Pune, and is still a largely Pune-driven group).

ClubHack 2010

ClubHack2010 is expecting a deep knowledge technical presentations/demonstrations on topics from the world of Information Security. These presentations are expected to be of 40 minutes each. The schedule time for each presenter would be 50 minutes out of which 40 minutes are for the presentation & 10 for the question-answer sessions.

Indicative list of Topics for ClubHack2010

The following list of topics is made keeping in mind the most interesting topics in hacking & security. This is more of an indicative list, the papers submission can be on other topics also but have to be close to this & the theme of the event.

  • Protocol / Application based vulnerability in networks and computers
  • Firewall Evasion techniques
  • Cloud Application Security
  • Data Recovery and Incident Response
  • Mobile Security (cellular technologies)
  • WLAN and Bluetooth Security
  • Analysis of malicious code
  • Cryptography and Cryptanalysis
  • Computer forensics
  • Cyber warfare
  • Open source hacking toolkit
  • Cyber Crime & law
  • Hardware mods

Important dates for ClubHack2010

Click on logo for PuneTech wiki page on ClubHack
Click on logo see all PuneTech articles about ClubHack
  • Abstract Submission: 30th October 2010
  • Announcement of selected papers: 5th November 2010
  • Full Paper Submission: 15th November 2010

Speaker Benefits for ClubHack2010

  • Economic Return Ticket â from your nearest international airport to Pune
  • Accommodation (upto 4 days)
  • Local Tourism package (in Sahyadri Ranges, Western Ghat)
  • One extra ticket for the event
  • No other expenses as ClubHack is a not-for-profit group & finding sponsors in India is tough 🙂

More details for ClubHack2010

See the ClubHack2010 call for papers for more details

nullcon dwitiya

Click on the NULL logo to see all PuneTech articles about NULL
Click on the NULL logo to see all PuneTech articles about NULL

null is a security community that started in Pune, and is now very active in a number of cities in India, including Bangalore, Delhi, Bhopal, etc. They have monthly meets and regular security awareness camps in various Institutions and Organizations, and they also hold an security conference in Goa every year. null describes itself as

We are a bunch of security phreaks who like to share our technical expertise and hacking skills with each other and spread awareness among the common people about the good, the bad and the ugly side of computers and technology. We believe that sharing the right technical knowledge leads to expertise and innovation and that is what we strive to do in our meets and events.

nullcon dwitiya is the second annual null conference, and will be in Goa in Feb 2011. They are soliciting research done by the community as paper submissions for nullcon. Submissions are expected in 4 tracks:

  • Bakkar: 1 Hr Talks
  • Tez: 5-30 min Talks
  • Karyashala: 2-4 Hrs Workshop
  • Desi Jugaad (Local Hack): 1 Hr

Submission Topics for nullcon dwitiya

For “Desi Jugaad” (Local Hack) nullcon is looking for submissions of any kind of local hacks that you have worked on (hints: electronic/mechanical meters, automobile hacking, hardware, mobile phones, lock-picking, bypassing procedures and processes, etc, Be creative :-D)

For the more traditional papers, the indicative domains are:

  • Hardware (ex: RFID, Magnetic Strips, Card Readers, Mobile Devices, Electronic Devices)
  • Tools (non-commercial)
  • Programming/Software Development
  • Networks
  • Information Warfare
  • Botnets, Malware
  • Web
  • New attack vectors
  • Mobile, VOIP and Telecom
  • VM
  • Cloud
  • Critical Infrastructure
  • Satellite
  • Wireless
  • Forensics

Important dates for nullcon dwitiya

  • CFP End Date: 30th November 2010
  • Speakers List Online: 10th December 2010
  • Conference Dates: 25th â 26th February 2011

Speaker Benefits for nullcon dwitiya

Speaker benefits are available for selected speakers in the “Bakkar”, “Desi Jugaad” and “Karyashala” tracks:

  • Free Accommodation for 3 nights
  • Travel (One way or Return depending on the Sponsorships 🙂 )
  • Free access to the conference.
  • Invitation to Mehfil-E-Mausiqi (null party)

More details for nullcon dwitiya

See the nullcon dwitiya call for papers for more details.

Enhanced by Zemanta

NULL security forum meeting on “Malware Analysis” and “Bypassing Catpcha/Crpyto”

What: Meeting of the NULL security usergroup featuring talks on Malware analysis and an Open mail relay bypassing captcha and crypto
When: Saturday, 31 Oct, 5pm
Where: SICSR, Model Colony
Registration and Fees: This event is free for all to attend. No registration required
Link: Null Blog

Click on the NULL logo to see all PuneTech articles about NULL
Click on the NULL logo to see all PuneTech articles about NULL

Introduction to Malware Analysis

By DaH4cker

A short presentation on the techniques & tools used for malware analysis followed by a live example. I will be showing behavioral analysis approach which includes setting up a inexpensive, flexible environment & tools required for understanding inner-workings of malware.

Automated open mail relay, bypassing Captcha and Crypto

By Aseem Jakhar

Case study of an ironic web implementation.

Reblog this post [with Zemanta]

“wh[0x01] WildHack Contest” for articles/video/code related to cyber security by null.co.in

null-logoNull.co.in, Pune’s network security community for hackers, security professionals, security enthusiasts, and in fact anyone related to IT for whom security matters (ahem: if you are in IT, and security does not matter to you, you should really not be in IT, should you?) is holding a month long contest for the best security related content. Content means anything that you can produce: article, blog post, whitepaper, advisory, disclosure, tutorial, video/audio, source code, tool, proof-of-concept. Pretty much anything that you created on your own, and relates to cyber security, and would be educational for other people to see/read/consume.

The contest runs from 15th June to 15th July, and winners get cool “????” T-shirts (there will be at least 10 winners). It’s OK to submit content that you’ve previously published elsewhere (e.g. bugtraq, or your blog), but it must be your original content. So get cracking (or is it “hacking”) and email your submission to submit _at_ null.co.in

Contest Details

1. The contest starts on 15th June 2009 and ends on 15th July 2009. Winners will be announced on the null mailing list on 20th July 2009.
2. The submissions can be anything related to security/hacking.

3. Submission Categories expected(but not limited to):

  • – L2-L4 security/hacking.
  • Web 2.0 vulnerabilites and countermeasures.
  • .NET Malware/security.
  • – Code injection (Binary/XSS/SQL/Command etc).
  • – Spam mitigation and antispam evasion techniques.
  • – Malware detection and antimalware evasion techniques.
  • – Protocol vulnerabilities.
  • – Voip.
  • – Mobile networks GSM/CDMA/3G.
  • – Wireless.
  • – Cryptography.
  • – OS/Kernel and Virtualization security/hacking.
  • Bluetooth.
  • – Hardware based security/hacking.
  • – Cyber Forensics.
  • – Cyber Warfare.
  • – Social Engineering.

4. Research work in Progress will also be accepted.
5. The submissions can be in the form of:

  • White papers.
  • – Advisories/Disclosures.
  • – Best Practices.
  • – Video/Audio Demos.
  • – Tutorials.
  • – Hacks, tricks & tweaks.
  • – PoCs.
  • – Source code/Tools.

6. The submission should be original work of the author/submitter.
7. Your submissions* should be emailed to (submit _at_ null.co.in).
8. It is ok to submit your work already published on the net like advisories already posted on FD/Bugtraq, paper presented at a conference etc.
9. Submissions will be judged by core group members of null. Criteria for judgement:

  • – More technical the submission, more chances it has for winning.
  • – Innovation/Some thing new and never heard of before.
  • – Age of the work. Newer work will get more preference.

10. NULL will be giving away atleast 10 T-shirts.
11. For any further queries/details please write to (dhiraj _at_ null.co.in).

*Disclaimer: By submitting your work to null you are giving null the right to publish and redistrubute it in any form.

See the contest website for more details.

Reblog this post [with Zemanta]

NULL.co.in Monthly Meeting on Computer Security: Saturday Jan 10

What: Monthly meeting on Network Security by security awareness group “Null
When: Saturday, 10st January, 6pm
Where: IMED, More Vidyalaya, Paud Road, Pune
Registration and Fees: This event is free for all. No registration required.

Details:
Agenda of the meet:
1. Discuss the AntiPhishing Project.
2. Discuss the Clubhack IAS project.
3. Presentation on Stack Smashing/Shellcoding.
4. Planning for our next Event.
5. What to and how to of our meets.

For the other 4 tech events happening this weekend, check the PuneTech calendar.

Reblog this post [with Zemanta]