(Free Workshop) 
Practical Mobile App Attacks By Example 

© Copyright CISO Platform

By Abraham Aranguren - Blackhat Trainer

Limited passes for the cloud security workshop is available. Sign up fast and book your seat. The detailed agenda as above.

8:30 to 9:00 AM

Registration

9:00 to 11:00 AM

(1 Day Workshop) : Artificial Intelligence & Machine Learning 

Introduction to Machine Learning - demystifying reality from hype and alphabet soup. This will include: 
a. taxonomy of machine learning 
b. model 
c. algorithms 
d. brief introduction to ML mathematics 
e. data 
f. architecture 
g. methodologies, 
h. measurement 
i. deployment   

11:00 to 11:30 AM

Break

11:30 to 1:00 PM

(1 Day Workshop) : Artificial Intelligence & Machine Learning 

Description of the project 
a. problem statement 
b. expected outcome 
c. data description and analysis 
d. challenges 
e. design model 
f. algorithm selecction 
g. technology selection 
h. report design      

Register For Free

CALL FOR SPEAKERS

SACON 4th edition - International Conference on  Security Architecture. Here are some points to keep in mind while submitting the form:


  • We are looking for highly technical talks (demonstrations,code-level examples..etc are always welcome)
  • The CXO track can have some high level strategic talks which can include Real Case Studies


SUBMIT PAPER

Submit asap. Submission may close if enough good papers are received

SPREAD THE WORD

REGISTER FOR FREE WORKSHOP

Who Should Attend: CISO, CRO, CIO, Information Security Experts,  IT Risk Professionals, Appsec Professionals ....

AGENDA AT A GLANCE

REGISTER NOW

Don't Forget The Deadline For Submission Is 30th June

Overview of AI & Machine Learning for CISOs and how they're impacting the security landscape

Summary of Top Talks from prominent security conferences like RSAC, BlackHat, Defcon etc.

Overview of Deception Technology, Architecture & Key Components, Deployment Guidelines

Designing Multiple layers of Security Architecture, from Business Architecture to Technical Security Architecture

AI & Machine Learning for CISOs

Top talks from global conferences

Deception

Cybersecurity Reference Architecture Design 

Understanding Business / Management

 & Communicating with the Board

Understanding key management concepts so that you can align your security program with business priorities & Creating a reference board presentation template which you can use for 2018

Managing insider threats using behavioural analytics

Insider Threats

Security Threats Landscape for 2017

Evolution of Security Threats landscape & top 10 threats that were new in 2017

Top 10 Security Predictions for 2018

Based on our research, we'll be presenting top 10 predictions for 2018 for you to consider when making your plans

SOC

Reference architecture and overview of key components of a SOC, e.g.: SIEM, Honeypots, Data Sources, Integrations, Threat Intelligence, EDR, Forensics Tools etc.

IR - Incident Response

Building a framework & processes for managing cybersecurity incidents

Security  Architecture Workshop

Designing Multiple layers of Security Architecture, from Business Architecture to Technical Security Architecture

Cyber Range Drills

Wargame on responding to various types of security incidents at a strategic and operational level

Threat Hunting

Here we'll discuss the Key Components, Tool Set, Learning "Hunter" Skills and a Case Study

Cloud Security

Overview of Amazon’s approach to cybersecurity

AppSec

Creating a scenario of an organization and then use controls from OpenSAMM and BSIMM to choose the right elements of the AppSec program

Security Tech Landscape

Overview of new & emerging security technologies in the market and how the security tech landscape is shaping up

Overview of the IoT technology architecture and modelling threats & controls against different components (e.g.: Gateway)

Forensics

Workshop on how to do a comprehensive forensics examination post an incident, at endpoint & network level

SecDevOps

Leveraging the opportunity provided by DevOps to embed & automate security in the CI/CD processes

Startup Security

Startup Security Stack: Using 80-20 rule to build effective security strategy for a startup

Who Should Attend: CISO, CRO, Information Security Experts,  IT Risk Professionals, Appsec Professionals ....

AGENDA AT A GLANCE

IOT

PRE- REGISTER NOW

SOC

Reference architecture and overview of key components of a SOC, e.g.: SIEM, Honeypots, Data Sources, Integrations, Threat Intelligence, EDR, Forensics Tools etc.

IR - Incident Response

Building a framework & processes for managing cybersecurity incidents

Security  Architecture Workshop

Designing Multiple layers of Security Architecture, from Business Architecture to Technical Security Architecture

Cyber Range Drills

Wargame on responding to various types of security incidents at a strategic and operational level

AGENDA AT A GLANCE

Who Should Attend: CISO, CRO, CIO, Information Security Experts,  IT Risk Professionals, Appsec Professionals ....

Threat Hunting

Here we'll discuss the Key Components, Tool Set, Learning "Hunter" Skills and a Case Study

Cloud Security

Overview of Amazon’s approach to cybersecurity

AppSec

Creating a scenario of an organization and then use controls from OpenSAMM and BSIMM to choose the right elements of the AppSec program

Security Tech Landscape

Overview of new & emerging security technologies in the market and how the security tech landscape is shaping up

Forensics

Workshop on how to do a comprehensive forensics examination post an incident, at endpoint & network level

SecDevOps

Leveraging the opportunity provided by DevOps to embed & automate security in the CI/CD processes

Startup Security

Startup Security Stack: Using 80-20 rule to build effective security strategy for a startup

AI & Machine Learning for CISOs

Overview of AI & Machine Learning for CISOs and how they're impacting the security landscape

Top talks from global conferences

Summary of Top Talks from prominent security conferences like RSAC, BlackHat, Defcon etc.

Deception

Overview of Deception Technology, Architecture & Key Components, Deployment Guidelines

Cybersecurity Reference Architecture Design

Designing Multiple layers of Security Architecture, from Business Architecture to Technical Security Architecture

IOT

Overview of the IoT technology architecture and modelling threats & controls against different components (e.g.: Gateway)

Insider Threats

Managing insider threats using behavioural analytics

Security Threats Landscape for 2017

Evolution of Security Threats landscape & top 10 threats that were new in 2017

Top 10 Security Predictions for 2018

Based on our research, we'll be presenting top 10 predictions for 2018 for you to consider when making your plans

Understanding Business / Management

& Communicating with the Board

Understanding key management concepts so that you can align your security program with business priorities & Creating a reference board presentation template which you can use for 2018

PRE- REGISTER NOW

Do You Have An Interesting Security Technology To Showcase?

TECHNOLOGY DEMO ZONE

CONTACT FOR OPPORTUNITY

TECHNOLOGY DEMO ZONE

Do You Have An Interesting Security Technology To Showcase?

CONTACT FOR OPPORTUNITY
PRICING TABLE

 

Discount Periods
Time
Price*
Early Bird Discount                
12th Apr to 26th Apr      
INR 6,500
Regular Price                        
27th Apr to 9th May          
INR 10,000
Late Price
10th May onwards
INR 15,000


*Special Discount May Be Available For Pre-Registrants & Past Event Attendees (Email invite only). All Prices exclusive of taxes

IMMUTABLE ARCHITECTURE WORKSHOP

Speaker : Nilanjan De

About Speaker : Currently CTO at FireCompass. He has multiple patents in IT Security and has discovered multiple well known Zero Day vulnerabilities which are listed in CVE. He’s an alumnus of IIT Kharagpur. He’s well-known in the security community and has published several exploits and advisories for the first time in the world

Agenda : 

1. Immutable Infrastructure - Fundamentals, Immutable Servers, Semi-Immutable Servers, Phoenix Servers etc.

2. Advantages & Drawbacks Of Immutable Infrastructure

3. How To Implement ? Immutable Containers

4. Demo. Tools & Technologies

5. Serverless Architecture


REGISTER NOW
REGISTER

1:00 to 2:00 PM

Lunch

2:00 to 4:30 PM

(1 Day Workshop) : Artificial Intelligence & Machine Learning 

-Setup environment, create low level design, coding          

4:30 to 5:00 PM

Break

5:00 to 5:30 PM

(1 Day Workshop) : Artificial Intelligence & Machine Learning

-Run training, test, measure result, create visual presentation of result, any other discussion        

Day 1 : 18th May

Day 2 : 19th May

9:00 to 11:00 AM

(1 Day Workshop) : Exploring Darkweb For Threat Intelligence  

-Introduction - Learn and understand the difference between Clearnet and Darknet. Darknet, Deepweb , Darkweb - what they mean. 
-Operational security before entering the darker side of internet

11:00 to 11:30 AM

Break

11:30 to 1:00 PM

(1 Day Workshop) : Exploring Darkweb For Threat Intelligence 

-Understand Darknet entry points 
-Setting and configuring the Darknet Entry Points (Tor, Zeronet etc) 
-Tor Hidden Services; Using Tor Web Proxies         

1:00 to 2:00 PM

Lunch

2:00 to 4:30 PM

(1 Day Workshop) : Exploring Darkweb For Threat Intelligence              

-Darknet /Deepweb Search Engines              
-Exploring the Darknet – Darknet Economies (Cyber Crime Markets, Drug and Arms Markets, Counterfeit and Fake Currency Markets,Terrorist and Jihadist Presence)
-Utilizing Darknet as definitive source for Threat Intelligence 9. 
-Q&A        

(Note : Agenda may undergo changes under unavoidable circumstances)

If I hadn't come, it would take another 2 to 3 years to learn & understand these tools”

-Vijaykumar ReddyL&T Infotech

Share in FB/LinkedIn & Get Guaranteed Free Access 

AGENDA (1/2 Day Workshop)

A significant amount of confusion exists about what kind of damage is possible when vulnerabilities are found in mobile apps. This workshop aims to solve this problem by providing a broad coverage of Android and iOS app vulnerabilities identified over multiple years of penetration testing. The purpose is to provide a comprehensive repertoire of security anti-patterns that penetration testers can look for and mobile app developers can watch out for to avoid. This workshop is a comprehensive review of interesting security flaws that we have discovered over the years in many Android and iOS mobile apps: An entirely practical walkthrough that covers anonymized juicy findings from reports that we could not make public, interesting vulnerabilities in open source apps with strong security requirements such as password vaults and privacy browsers, security issues in government-mandated apps with considerable media coverage such as Smart Sheriff, apps that report human right abuse where a security flaw could get somebody killed in the real world, and more Examples will include very interesting scenarios of copy-paste attacks, calling premium numbers from the phone, custom URLs, Deep Links, XSS, SQLi, RCE, MitM attacks, path traversals, and data leak examples from real-world mobile apps, Apart from that, many other issues, including interesting scenarios chaining several vulnerabilities, such as achieving RCE via SQLi, persistent XSS, data exfiltration, etc. are also addressed. 



DETAILED AGENDA :

  • Mobile app security
  • Static analysis
  • Dynamic analysis
  • File storage
  • Instrumentation
  • Repackaging
  • Patching
  • Root /Jailbreak detection bypasses
  • Signing
  • Pinning
  • Man-in-the-Middle (MitM)
  • Crypto
  • Mobile app vulnerability patterns
  • XSS
  • SSRF
  • SQLi
  • RCE
  • Data exfiltration



ATTENDEE REQUIREMENTS :

None

Register For Free
Register For Free
Blackhat Trainer

About Speaker : 

After 13 years in itsec and 20 in IT, Abraham is now the CEO of 7ASecurity a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Security Trainer at Blackhat USA, HITB,OWASP Global AppSec and many other events. Former senior penetration tester / team lead at Cure53 and Version 1. Abraham has delivered talks and training at multiple security conferences such as Blackhat USA, HITB, OWASP GlobalAppSec, Troopers, LASCON, AppSec EU, SEC-T, CONFidence, DeepSec, BruCON, Area41, HackPra, BerlinSides, BSides London, BSides Vienna, CureCon and others. 

1000+ Organizations Attended SACON

Abraham Aranguren 
7ASecurity , CEO, Security Trainer, Director of Penetration Testing