[OWASP-Bangalore] Announcing null/OWASP/Garage4hackers/SecurityXploded Bangalore December meet-up on Saturday 14th December 2013

prashant kv good.best.guy at gmail.com
Wed Dec 4 19:49:06 UTC 2013


---------- Forwarded message ----------
From: "karniv0re" <riyazwalikar at gmail.com>
Date: Dec 4, 2013 7:03 AM
Subject: [null] Announcing null/OWASP/Garage4hackers/SecurityXploded
Bangalore December meet-up on Saturday 14th December 2013
To: <null-co-in at googlegroups.com>
Cc:

*Please note that all null meets are free for anyone to attend. There are
absolutely no fees. Just come with an open mind and willingness to share
and learn.*

The schedule for this month's meet is as outlined below:

09:30 - 10:05:  Web Application Security for Beginners: Cross Site
Scripting - Prasanna K / Jayesh Singh
This is a multipart series on Web Application Security. This session will
cover DOM based XSS, the identification and concept behind it. The session
will also cover filter bypasses and different XSS payloads in that context.

10:05 - 10:15:  Introductions

10:15 - 10:50:  Overview of ISO 27001 - Rupam Bhattacharya
The session will include a brief introduction to standards and ISO 27001.
Moving on to ISO 27001 domains, it's relevance to management, company and
it's benefits. After this, the talk will cover ISO guidelines for asset
management, asset classification, User registration, password management,
clear work environment, operating system, application controls and network
security and other domains of ISO 27001. The talk will end with changes in
2013 version from the 2005 version and Q&A.

10:50 - 11:25:  XSS - From injection to root - Abeer Banerjee
This talk + demo will represent an end to end PoC for XSS and will cover
cookie theft, session hijack and gaining a shell.

11:25 - 11:45:  Networking and Break

11:45 - 12:20:  Struts Validation Framework - Satish

This session will describe what Validation Frameworks are. These are used
to secure information from entering business model in an MVC
architecture. “Struts
Validation framework” is a set of predefined plugin codes which have proven
best practices in Data validation. We will also answer the question of why
such frameworks are used?


A couple of online resources that are recommended for the interested.
1)    Basic understanding of MVC Architecture
http://en.wikipedia.org/wiki/Multitier_architecture#Three-tier_architecture
http://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93controller
2)    Basic understanding Struts framework
http://struts.apache.org/
3)    Basic understanding for Struts-Validation Framework
http://struts.apache.org/release/2.3.x/docs/validation.html


12:20 - 12:40:  Feedback and Topic discussion for next month meet

12:40 - 14:00: Dissecting the APT malware functionalities  - Monappa
This talking is going to be the continuation of Part 1 (Reversing &
Decrypting Communications of HeartBeat RAT), In part 1, the speaker covered
how malware decrypts strings in memory, demonstrated how it collected
system information and encrypted the collected information before sending
it to the C2 server. The speaker also showed how to determine the
encryption alogirthm and showed how to decrypt the intial C2 communication.

In part 2, the speaker will show how to determine
various functionalities supported by HeartBeat RAT and will also cover
various commands supported by the HeartBeat RAT and will also be showing
how to decrypt the various communications between infected machine and the
command and control server.


*VENUE DETAILS*
ThoughtWorks, Ground Floor, ACR Mansion,
147/f, 8th Main Road, 3rd Block, Koramangala,
Bangalore - 560034
Google Maps: http://goo.gl/bokSL

Landmark : Next to Satya's Bar and Mercure Hotel
+ If you are coming from From Inner Ring road get on to Ooty
Chocolates road and after a small crossroad this will be on the right
hand side.
+ If you are coming from the Raheja Residency road then take a left
turn at the small crossroad and this will be on your right hand side.
+ If you are coming from Koramanagala BDA complex take a right turn at
the small crossroad and this will be on your right hand side.

Regards,
karniv0re
http://www.riyazwalikar.com

 --
_______________________________________________________________________________
nullcon goa V - spread love... not malware...
12-15th Feb 2014
_______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter:
http://null.co.in/section/about/null_list_charter/
---
You received this message because you are subscribed to the Google Groups
"null" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to null-co-in+unsubscribe at googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bangalore/attachments/20131204/c1bb8bc1/attachment.html>


More information about the OWASP-Bangalore mailing list