(Free Workshop)
Practical Mobile App Attacks By Example
© Copyright CISO Platform
By Abraham Aranguren - Blackhat Trainer
Limited passes for the cloud security workshop is available. Sign up fast and book your seat. The detailed agenda as above.
8:30 to 9:00 AM
Registration
9:00 to 11:00 AM
(1 Day Workshop) : Artificial Intelligence & Machine Learning
Introduction to Machine Learning - demystifying reality from hype and alphabet soup. This will include:
a. taxonomy of machine learning
b. model
c. algorithms
d. brief introduction to ML mathematics
e. data
f. architecture
g. methodologies,
h. measurement
i. deployment
11:00 to 11:30 AM
Break
11:30 to 1:00 PM
(1 Day Workshop) : Artificial Intelligence & Machine Learning
Description of the project
a. problem statement
b. expected outcome
c. data description and analysis
d. challenges
e. design model
f. algorithm selecction
g. technology selection
h. report design
CALL FOR SPEAKERS
SACON 4th edition - International Conference on Security Architecture. Here are some points to keep in mind while submitting the form:
- We are looking for highly technical talks (demonstrations,code-level examples..etc are always welcome)
- The CXO track can have some high level strategic talks which can include Real Case Studies
Submit asap. Submission may close if enough good papers are received
REGISTER FOR FREE WORKSHOP
Who Should Attend: CISO, CRO, CIO, Information Security Experts, IT Risk Professionals, Appsec Professionals ....
AGENDA AT A GLANCE
Don't Forget The Deadline For Submission Is 30th June
Overview of AI & Machine Learning for CISOs and how they're impacting the security landscape
Summary of Top Talks from prominent security conferences like RSAC, BlackHat, Defcon etc.
Overview of Deception Technology, Architecture & Key Components, Deployment Guidelines
Designing Multiple layers of Security Architecture, from Business Architecture to Technical Security Architecture
AI & Machine Learning for CISOs
Top talks from global conferences
Deception
Cybersecurity Reference Architecture Design
Understanding Business / Management
& Communicating with the Board
Understanding key management concepts so that you can align your security program with business priorities & Creating a reference board presentation template which you can use for 2018
Managing insider threats using behavioural analytics
Insider Threats
Security Threats Landscape for 2017
Evolution of Security Threats landscape & top 10 threats that were new in 2017
Top 10 Security Predictions for 2018
Based on our research, we'll be presenting top 10 predictions for 2018 for you to consider when making your plans
SOC
Reference architecture and overview of key components of a SOC, e.g.: SIEM, Honeypots, Data Sources, Integrations, Threat Intelligence, EDR, Forensics Tools etc.
IR - Incident Response
Building a framework & processes for managing cybersecurity incidents
Security Architecture Workshop
Designing Multiple layers of Security Architecture, from Business Architecture to Technical Security Architecture
Cyber Range Drills
Wargame on responding to various types of security incidents at a strategic and operational level
Threat Hunting
Here we'll discuss the Key Components, Tool Set, Learning "Hunter" Skills and a Case Study
Cloud Security
Overview of Amazon’s approach to cybersecurity
AppSec
Creating a scenario of an organization and then use controls from OpenSAMM and BSIMM to choose the right elements of the AppSec program
Security Tech Landscape
Overview of new & emerging security technologies in the market and how the security tech landscape is shaping up
Overview of the IoT technology architecture and modelling threats & controls against different components (e.g.: Gateway)
Forensics
Workshop on how to do a comprehensive forensics examination post an incident, at endpoint & network level
SecDevOps
Leveraging the opportunity provided by DevOps to embed & automate security in the CI/CD processes
Startup Security
Startup Security Stack: Using 80-20 rule to build effective security strategy for a startup
Who Should Attend: CISO, CRO, Information Security Experts, IT Risk Professionals, Appsec Professionals ....
AGENDA AT A GLANCE
IOT
SOC
Reference architecture and overview of key components of a SOC, e.g.: SIEM, Honeypots, Data Sources, Integrations, Threat Intelligence, EDR, Forensics Tools etc.
IR - Incident Response
Building a framework & processes for managing cybersecurity incidents
Security Architecture Workshop
Designing Multiple layers of Security Architecture, from Business Architecture to Technical Security Architecture
Cyber Range Drills
Wargame on responding to various types of security incidents at a strategic and operational level
AGENDA AT A GLANCE
Who Should Attend: CISO, CRO, CIO, Information Security Experts, IT Risk Professionals, Appsec Professionals ....
Threat Hunting
Here we'll discuss the Key Components, Tool Set, Learning "Hunter" Skills and a Case Study
Cloud Security
Overview of Amazon’s approach to cybersecurity
AppSec
Creating a scenario of an organization and then use controls from OpenSAMM and BSIMM to choose the right elements of the AppSec program
Security Tech Landscape
Overview of new & emerging security technologies in the market and how the security tech landscape is shaping up
Forensics
Workshop on how to do a comprehensive forensics examination post an incident, at endpoint & network level
SecDevOps
Leveraging the opportunity provided by DevOps to embed & automate security in the CI/CD processes
Startup Security
Startup Security Stack: Using 80-20 rule to build effective security strategy for a startup
AI & Machine Learning for CISOs
Overview of AI & Machine Learning for CISOs and how they're impacting the security landscape
Top talks from global conferences
Summary of Top Talks from prominent security conferences like RSAC, BlackHat, Defcon etc.
Deception
Overview of Deception Technology, Architecture & Key Components, Deployment Guidelines
Cybersecurity Reference Architecture Design
Designing Multiple layers of Security Architecture, from Business Architecture to Technical Security Architecture
IOT
Overview of the IoT technology architecture and modelling threats & controls against different components (e.g.: Gateway)
Insider Threats
Managing insider threats using behavioural analytics
Security Threats Landscape for 2017
Evolution of Security Threats landscape & top 10 threats that were new in 2017
Top 10 Security Predictions for 2018
Based on our research, we'll be presenting top 10 predictions for 2018 for you to consider when making your plans
Understanding Business / Management
& Communicating with the Board
Understanding key management concepts so that you can align your security program with business priorities & Creating a reference board presentation template which you can use for 2018
Do You Have An Interesting Security Technology To Showcase?
TECHNOLOGY DEMO ZONE
TECHNOLOGY DEMO ZONE
Do You Have An Interesting Security Technology To Showcase?
Discount Periods | Time | Price* |
Early Bird Discount | 12th Apr to 26th Apr | INR 6,500 |
Regular Price | 27th Apr to 9th May | INR 10,000 |
Late Price | 10th May onwards | INR 15,000 |
*Special Discount May Be Available For Pre-Registrants & Past Event Attendees (Email invite only). All Prices exclusive of taxes
IMMUTABLE ARCHITECTURE WORKSHOP
Speaker : Nilanjan De
About Speaker : Currently CTO at FireCompass. He has multiple patents in IT Security and has discovered multiple well known Zero Day vulnerabilities which are listed in CVE. He’s an alumnus of IIT Kharagpur. He’s well-known in the security community and has published several exploits and advisories for the first time in the world
Agenda :
1. Immutable Infrastructure - Fundamentals, Immutable Servers, Semi-Immutable Servers, Phoenix Servers etc.
2. Advantages & Drawbacks Of Immutable Infrastructure
3. How To Implement ? Immutable Containers
4. Demo. Tools & Technologies
5. Serverless Architecture
1:00 to 2:00 PM
Lunch
2:00 to 4:30 PM
(1 Day Workshop) : Artificial Intelligence & Machine Learning
-Setup environment, create low level design, coding
4:30 to 5:00 PM
Break
5:00 to 5:30 PM
(1 Day Workshop) : Artificial Intelligence & Machine Learning
-Run training, test, measure result, create visual presentation of result, any other discussion
Day 1 : 18th May
Day 2 : 19th May
9:00 to 11:00 AM
(1 Day Workshop) : Exploring Darkweb For Threat Intelligence
-Introduction - Learn and understand the difference between Clearnet and Darknet. Darknet, Deepweb , Darkweb - what they mean.
-Operational security before entering the darker side of internet
11:00 to 11:30 AM
Break
11:30 to 1:00 PM
(1 Day Workshop) : Exploring Darkweb For Threat Intelligence
-Understand Darknet entry points
-Setting and configuring the Darknet Entry Points (Tor, Zeronet etc)
-Tor Hidden Services; Using Tor Web Proxies
1:00 to 2:00 PM
Lunch
2:00 to 4:30 PM
(1 Day Workshop) : Exploring Darkweb For Threat Intelligence
-Darknet /Deepweb Search Engines
-Exploring the Darknet – Darknet Economies (Cyber Crime Markets, Drug and Arms Markets, Counterfeit and Fake Currency Markets,Terrorist and Jihadist Presence)
-Utilizing Darknet as definitive source for Threat Intelligence
9.
-Q&A
(Note : Agenda may undergo changes under unavoidable circumstances)
-Vijaykumar Reddy, L&T Infotech
Share in FB/LinkedIn & Get Guaranteed Free Access
AGENDA (1/2 Day Workshop)
A significant amount of confusion exists about what kind of damage is possible when vulnerabilities are found in mobile apps. This workshop aims to solve this problem by providing a broad coverage of Android and iOS app vulnerabilities identified over multiple years of penetration testing. The purpose is to provide a comprehensive repertoire of security anti-patterns that penetration testers can look for and mobile app developers can watch out for to avoid. This workshop is a comprehensive review of interesting security flaws that we have discovered over the years in many Android and iOS mobile apps: An entirely practical walkthrough that covers anonymized juicy findings from reports that we could not make public, interesting vulnerabilities in open source apps with strong security requirements such as password vaults and privacy browsers, security issues in government-mandated apps with considerable media coverage such as Smart Sheriff, apps that report human right abuse where a security flaw could get somebody killed in the real world, and more Examples will include very interesting scenarios of copy-paste attacks, calling premium numbers from the phone, custom URLs, Deep Links, XSS, SQLi, RCE, MitM attacks, path traversals, and data leak examples from real-world mobile apps, Apart from that, many other issues, including interesting scenarios chaining several vulnerabilities, such as achieving RCE via SQLi, persistent XSS, data exfiltration, etc. are also addressed.
DETAILED AGENDA :
- Mobile app security
- Static analysis
- Dynamic analysis
- File storage
- Instrumentation
- Repackaging
- Patching
- Root /Jailbreak detection bypasses
- Signing
- Pinning
- Man-in-the-Middle (MitM)
- Crypto
- Mobile app vulnerability patterns
- XSS
- SSRF
- SQLi
- RCE
- Data exfiltration
ATTENDEE REQUIREMENTS :
None
Blackhat Trainer
About Speaker :
After 13 years in itsec and 20 in IT, Abraham is now the CEO of 7ASecurity a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Security Trainer at Blackhat USA, HITB,OWASP Global AppSec and many other events. Former senior penetration tester / team lead at Cure53 and Version 1. Abraham has delivered talks and training at multiple security conferences such as Blackhat USA, HITB, OWASP GlobalAppSec, Troopers, LASCON, AppSec EU, SEC-T, CONFidence, DeepSec, BruCON, Area41, HackPra, BerlinSides, BSides London, BSides Vienna, CureCon and others.
1000+ Organizations Attended SACON
Abraham Aranguren
7ASecurity , CEO, Security Trainer, Director of Penetration Testing