SACON started with a simple idea to grow the security architecture community. We have a lot of competence in hacking but we have a very limited community for the defenders, security architects …etc. So we started SACON – Asia’s 1st Security Architecture Conference, to solve this competency gap. SACON is organized by CISO Platform, the largest social collaboration platform exclusively for CISOs and senior information security executives with 60,000+ subscribers. 

SACON

© Copyright CISO Platform

Visit The Himalayas, Taj Mahal, The Great Indian Dessert & Palaces, The Western Ghats & many more places

SACON sells out very fast, register and book your passes before it's sold out. If you register but do not purchase, that will allow you to get insider content from SACON and you can catch up when we are hosting one near you!

8:30 to 9:00 AM

Registration

9:00 to 11:00 AM

(1 Day Workshop) : Artificial Intelligence & Machine Learning 

Introduction to Machine Learning - demystifying reality from hype and alphabet soup. This will include: 
a. taxonomy of machine learning 
b. model 
c. algorithms 
d. brief introduction to ML mathematics 
e. data 
f. architecture 
g. methodologies, 
h. measurement 
i. deployment   

11:00 to 11:30 AM

Break

11:30 to 1:00 PM

(1 Day Workshop) : Artificial Intelligence & Machine Learning 

Description of the project 
a. problem statement 
b. expected outcome 
c. data description and analysis 
d. challenges 
e. design model 
f. algorithm selecction 
g. technology selection 
h. report design      

Bangalore, India

30 May, 2024

All talks will happen in the main or parallel track, detail of which will be mentioned in detailed agenda

All talks will happen in the main or parallel track, detail of which will be mentioned in emailed agenda

CALL FOR SPEAKERS

SACON 4th edition - International Conference on  Security Architecture. Here are some points to keep in mind while submitting the form:

• We are looking for highly technical talks (demonstrations,code-level examples..etc are always welcome)
• The CXO track can have some high level strategic talks which can include Real Case Studies

Submit asap. Submission may close if enough good papers are received

SACON Vision

WHO's SPOKEN

Who Covered Us ?

You Will Fall In Love With India

Register For SACON 2024

Who Should Attend: CISO, CRO, CIO, Information Security Experts,  IT Risk Professionals, Appsec Professionals ....

AGENDA AT A GLANCE

Mobile - We brought together best of the minds in the Security Industry

2019 SACON SPEAKERS

We brought together best of the minds in the Security Industry

We brought together best of the minds in the Security Industry

Don't Forget The Deadline For Submission Is 30th June

Overview of AI & Machine Learning for CISOs and how they're impacting the security landscape

Summary of Top Talks from prominent security conferences like RSAC, BlackHat, Defcon etc.

Overview of Deception Technology, Architecture & Key Components, Deployment Guidelines

Designing Multiple layers of Security Architecture, from Business Architecture to Technical Security Architecture

AI & Machine Learning for CISOs

Top talks from global conferences

Deception

Cybersecurity Reference Architecture Design 

Understanding Business / Management

 & Communicating with the Board

Understanding key management concepts so that you can align your security program with business priorities & Creating a reference board presentation template which you can use for 2018

Managing insider threats using behavioural analytics

Insider Threats

Security Threats Landscape for 2017

Evolution of Security Threats landscape & top 10 threats that were new in 2017

Top 10 Security Predictions for 2018

Based on our research, we'll be presenting top 10 predictions for 2018 for you to consider when making your plans

SOC

Reference architecture and overview of key components of a SOC, e.g.: SIEM, Honeypots, Data Sources, Integrations, Threat Intelligence, EDR, Forensics Tools etc.

IR - Incident Response

Building a framework & processes for managing cybersecurity incidents

Security  Architecture Workshop

Designing Multiple layers of Security Architecture, from Business Architecture to Technical Security Architecture

Cyber Range Drills

Wargame on responding to various types of security incidents at a strategic and operational level

Threat Hunting

Here we'll discuss the Key Components, Tool Set, Learning "Hunter" Skills and a Case Study

Cloud Security

Overview of Amazon’s approach to cybersecurity

AppSec

Creating a scenario of an organization and then use controls from OpenSAMM and BSIMM to choose the right elements of the AppSec program

Security Tech Landscape

Overview of new & emerging security technologies in the market and how the security tech landscape is shaping up

Overview of the IoT technology architecture and modelling threats & controls against different components (e.g.: Gateway)

Forensics

Workshop on how to do a comprehensive forensics examination post an incident, at endpoint & network level

SecDevOps

Leveraging the opportunity provided by DevOps to embed & automate security in the CI/CD processes

Startup Security

Startup Security Stack: Using 80-20 rule to build effective security strategy for a startup

Who Should Attend: CISO, CRO, Information Security Experts,  IT Risk Professionals, Appsec Professionals ....

AGENDA AT A GLANCE

IOT

SOC

Reference architecture and overview of key components of a SOC, e.g.: SIEM, Honeypots, Data Sources, Integrations, Threat Intelligence, EDR, Forensics Tools etc.

IR - Incident Response

Building a framework & processes for managing cybersecurity incidents

Security  Architecture Workshop

Designing Multiple layers of Security Architecture, from Business Architecture to Technical Security Architecture

Cyber Range Drills

Wargame on responding to various types of security incidents at a strategic and operational level

AGENDA AT A GLANCE

Who Should Attend: CISO, CRO, CIO, Information Security Experts,  IT Risk Professionals, Appsec Professionals ....

Threat Hunting

Here we'll discuss the Key Components, Tool Set, Learning "Hunter" Skills and a Case Study

Cloud Security

Overview of Amazon’s approach to cybersecurity

AppSec

Creating a scenario of an organization and then use controls from OpenSAMM and BSIMM to choose the right elements of the AppSec program

Security Tech Landscape

Overview of new & emerging security technologies in the market and how the security tech landscape is shaping up

Forensics

Workshop on how to do a comprehensive forensics examination post an incident, at endpoint & network level

SecDevOps

Leveraging the opportunity provided by DevOps to embed & automate security in the CI/CD processes

Startup Security

Startup Security Stack: Using 80-20 rule to build effective security strategy for a startup

AI & Machine Learning for CISOs

Overview of AI & Machine Learning for CISOs and how they're impacting the security landscape

Top talks from global conferences

Summary of Top Talks from prominent security conferences like RSAC, BlackHat, Defcon etc.

Deception

Overview of Deception Technology, Architecture & Key Components, Deployment Guidelines

Cybersecurity Reference Architecture Design

Designing Multiple layers of Security Architecture, from Business Architecture to Technical Security Architecture

IOT

Overview of the IoT technology architecture and modelling threats & controls against different components (e.g.: Gateway)

Insider Threats

Managing insider threats using behavioural analytics

Security Threats Landscape for 2017

Evolution of Security Threats landscape & top 10 threats that were new in 2017

Top 10 Security Predictions for 2018

Based on our research, we'll be presenting top 10 predictions for 2018 for you to consider when making your plans

Understanding Business / Management

& Communicating with the Board

Understanding key management concepts so that you can align your security program with business priorities & Creating a reference board presentation template which you can use for 2018

Do You Have An Interesting Security Technology To Showcase?

TECHNOLOGY DEMO ZONE

TECHNOLOGY DEMO ZONE

Do You Have An Interesting Security Technology To Showcase?

MEDIA PARTNERS

WORKSHOP : LINUX & WINDOWS FORENSIC (1 DAY)

TOPIC BRIEF :

Have you ever wanted to investigate a Windows and/or Linux breach but could not justify the 8 lakh rupees in software ? This workshop will introduce attendees to Windows & Linux forensics using 100% free and open source software. Python and shell scripting will be used to easily analyze both Windows & Linux systems at deep level.
 

DETAILED AGENDA :

1. Introduction – what is forensics; what is digital forensics; building a toolkit 

2. Live response – talking to users; collecting data; analyzing collected data; determining if there was an incident 

3. Preparing for dead analysis – shutting down; creating a memory image; creating filesystem images 

4. Basics of FAT Filesystems – how it works; timestamps; deleted files 

5. Basics of NTFS Filesystems – how it works; timestamps; deleted files 

6. File analysis – file signatures – slack space; recovery from page file etc. 

7. Registry – how it is organized – where it is stored; location of important information; tools to make it easy 

8. Windows artifacts – recycle bin; AppData files; prefetch files – misc. 

9. Memory analysis – getting an image; basic Volatility commands
 

Attendee Requirements :

Workshop participants will need a laptop running a recent 64-bit version of Linux and should have at least 8GB of RAM & 200 GB free space. VirtualBox with extension pack preinstalled. Basic Linux knowledge at the user level

*Special Discount May Be Available For Pre-Registrants & Past Event Attendees (Email invite only). All Prices exclusive of taxes

IMMUTABLE ARCHITECTURE WORKSHOP

Speaker : Nilanjan De

About Speaker : Currently CTO at FireCompass. He has multiple patents in IT Security and has discovered multiple well known Zero Day vulnerabilities which are listed in CVE. He’s an alumnus of IIT Kharagpur. He’s well-known in the security community and has published several exploits and advisories for the first time in the world

Agenda : 

1. Immutable Infrastructure - Fundamentals, Immutable Servers, Semi-Immutable Servers, Phoenix Servers etc.

2. Advantages & Drawbacks Of Immutable Infrastructure

3. How To Implement ? Immutable Containers

4. Demo. Tools & Technologies

5. Serverless Architecture

AGENDA

For detailed agenda Click Here

1:00 to 2:00 PM

Lunch

2:00 to 4:30 PM

(1 Day Workshop) : Artificial Intelligence & Machine Learning 

-Setup environment, create low level design, coding          

4:30 to 5:00 PM

Break

5:00 to 5:30 PM

(1 Day Workshop) : Artificial Intelligence & Machine Learning

-Run training, test, measure result, create visual presentation of result, any other discussion        

Day 1 : 18th May

Day 2 : 19th May

9:00 to 11:00 AM

(1 Day Workshop) : Exploring Darkweb For Threat Intelligence  

-Introduction - Learn and understand the difference between Clearnet and Darknet. Darknet, Deepweb , Darkweb - what they mean. 
-Operational security before entering the darker side of internet

11:00 to 11:30 AM

Break

11:30 to 1:00 PM

(1 Day Workshop) : Exploring Darkweb For Threat Intelligence 

-Understand Darknet entry points 
-Setting and configuring the Darknet Entry Points (Tor, Zeronet etc) 
-Tor Hidden Services; Using Tor Web Proxies         

1:00 to 2:00 PM

Lunch

2:00 to 4:30 PM

(1 Day Workshop) : Exploring Darkweb For Threat Intelligence              

-Darknet /Deepweb Search Engines              
-Exploring the Darknet – Darknet Economies (Cyber Crime Markets, Drug and Arms Markets, Counterfeit and Fake Currency Markets,Terrorist and Jihadist Presence)
-Utilizing Darknet as definitive source for Threat Intelligence 9. 
-Q&A        

(Note : Agenda may undergo changes under unavoidable circumstances)

1000+

65+

300+

20+

Attendees

Speakers

CISO/CIO

Trainings

• (1/2 Day) Cloud Pentesting – Anant Srivastava (Blackhat 2018 Speaker) 
• (1 Day) Automated Defense Using Cloud Services for AWS, Azure & GCP – Madhu Akula (Blackhat 2018 Trainer) 
• (1 Day) Active Deception for Red and Blue Team – Sahir Hidayatullah (Blackhat 2018 Trainer) and Sudarshan Pisupati (Blackhat 2018 Trainer) 
• (1/2 Day) Cyber Law Best Practices for Incident Response – Venkatesh Murthy (Director, DSCI) 
• (1 Day) Linux & Windows Forensics – Phil Polstra (Blackhat, Defcon, BSides, Shakacon…)
• (1 Day) Practical Mobile Application Exploitation - Subho Halder (Blackhat USA Trainer)
• (1/2 Day) Practical Security Architecture - Wayne Tufek (Frequent Speaker At RSA Conference)
• (1 Day) Extreme Web Hacking Using Cyber Range - Aditya Kakrania (Industry Expert)
• (1/2 Day) Practical Threat Hunting Using Open Source Tools - Chandra Prakash S (SOC Expert)

TOP SESSIONS

AUTHOR OF ‘LINUX FORENSIC’, FREQUENT SPEAKER AT DEFCON, BLACKHAT, BSIDES, GRRCON, SHAKACON

About Speaker : Dr. Phil Polstra is currently the professor at bloomsburg university of pennsylvania. He is the author of ‘Windows Forensic’ and ‘Linux Forensic’. He is a frequent speaker and trainer at Blackhat, Defcon, BSides, Grrcon, Shakacon and many more. You can check a compiled list of his past talks at some conferences here

WORKSHOP : PRACTICAL SECURITY ARCHITECTURE (1/2 DAY)

TOPIC BRIEF :

My session will show how to design a security architecture that guides an organisation on what safeguards must be implemented in order to address real world risks and threats. Organisations have a limited budget, the question is, how does the security architect determine what to spend their limited time and budget on in order to obtain the best outcome and return on investment. My method of designing a security architecture brings together the following: Sherwood Applied Business Security Architecture (SABSA), Intel’s Threat Agent Risk Assessment (TARA), Lockheed Martin’s Cyber Kill Chain and threat driven approach, Mandiant’s M-Trends report, Verizon’s Data Breach Investigations Report, ASD Essential 8 and Mitre’s Adversarial Tactics, Techniques & Common

Knowledge. The structured use of all of these techniques and methodologies (whole and in parts) will allow security practitioners to design a security architecture that addresses the threat actors and adversaries most likely to launch attacks and mitigate their specific tactics and procedures that will be used.

DETAILED AGENDA :

1.List the tools and techniques available to design a pragmatic and practical security
architecture, their purpose, use and why they’re relevant. What are the core aspects of a
security architecture that must be considered?

2. Not all security controls are created equal. Describe and apply a methodology to select the most effective controls to address an organisation’s key risks. How can you tell if your
security architecture is fit for purpose?

3. Understand the controls that make up basic cyber security hygiene and offer the best return on investment based on industry reports and an analysis of real world cyber-attacks. Have you got the basics covered?

4. Understand the security investment portfolio and how it supports an organisation’s defensive posture. Spread your risk and diversify your security investments.

5. How to effectively reduce an attacker’s dwell time. Simply because your organisation’s
defences have been penetrated does not mean that data loss or system destruction is a
given. Assume breach and put in place effective security measures to restrict your
adversaries from actioning on their objectives.

Theory will be reinforced through the use of practical examples and exercises where you can put the tools and techniques into practice.

ATTENDEE REQUIREMENTS :

Attendees should have a least 1-2 years’ experience in information security architecture or
information security management along with a good understanding of frameworks such as NIST SCF and ISO 27001. No time will be spent explaining information security and risk management basics. No special equipment is required. Session materials will be provided on the day.

FREQUENT SPEAKER AT RSA APJ, ISC2 & MORE

About Speaker : Wayne Tufek is currently a Director of CyberRisk (www.cyber-risk.com.au). For over 20 years he has formulated pragmatic, business driven strategies to establish, execute and improve cyber risk management in ASX listed companies and some of Australia’s largest organisations across the public sector, Big 4, financial services, consumer products, education and retail sectors. Wayne is a member of Chartered Accountants Australia and New Zealand and holds the SABSA SCF, CISSP, CRISC, CISM, CISA, ISO/IEC 27001 Lead Implementer and PCI QSA qualifications. He is frequently asked to present at security conferences and events in Australia and internationally including the Australian Cyber
Security Centre Conference, AusCERT, ISC2 Security Congress, ISACA Oceania CACS, RSA APJ and
CeBit.

WORKSHOP : ADVANCED DECEPTION FOR RED & BLUE TEAMS (1 DAY)

TOPIC BRIEF :

Defending an enterprise network is increasingly challenging. With various components and integrations, implicit trusts, third party applications, various operating systems, backward compatibility and legacy applications present in a network, often an adversary just need to go for a weak default misconfiguration or feature to get a foothold. Once a foothold is available, adversaries can laterally move and abuse features and trusts to gain access to key information and data. This can be done by “living off the land” and using only the built-in tools of an operating system.

The days of reacting to an attack are past. Defenders and Blue Teams must exploit the attacker mind-set of going for “the lowest hanging fruit”. Deception provides capabilities of detecting and shaping the path an adversary with less chances of false positives, increased certainty and reveal what an adversary wants to get from your network. Deception definitely increases the costs for an adversary.

In this training, we will understand, learn, implement and design different types of deceptions and use of decoys, lures, canaries, accounts, tokens and a lot more. We will use built-in OS tools and scripts to quickly deploy deception techniques enterprise-wide with and without agents on computers. We will see some unique deception techniques and also use existing ones.

Deception for Red Teams will also be practiced. Red Teams have been using deception more effectively – Social engineering, phishing, fake documents and more attacks. We will practice some of the attacks but focus more on identifying deception by Blue Team and counter-deception. We will also see case studies of stopping advanced adversaries using deception techniques.

DETAILED AGENDA :

Some of the deception techniques, used in the course:

• Documents – MS Office and others
• Files – Trusted executables, scripts and more
• Active Directory – Groups, SPNs, ACLs and more
• Credentials – Windows, SSH, AD
• Databases – data, credentials and more
• Host and Enterprise applications
• Designing deception
• Wireless Deception
• Identification
• Rapid deployment at scale using WMI and PowerShell

ATTENDEE REQUIREMENTS :

People who should attend include Network administrators, security researchers, red-blue teams, pentesters. Attendee should have basic understanding of Windows domains. Participant should bring system with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes. Attendees will get free one month access to a lab mimicking an Enterprise network, during and after the training & one month subscription to Pentester Academy

About Speaker : 

Sahir Hidayatullah is the CEO of Smokescreen, one of the industry’s leading deception technology companies. He developed one of the first commercial memory forensics solutions for rootkit and stealth malware detection, and has delivered workshops on deception, red-teaming, and digital forensics for numerous premier institutions. He is a regular speaker on cyber deception strategy, including a keynote session at RSA Abu Dhabi 2016. Sahir's past ventures include undertaking red team assessments and performed incident response for multiple data breaches. His work has been a cover story in Fortune Magazine, India, and he’s often quoted on cybersecurity in print and television media.

Sudarshan has been a red-team specialist for 8 years, his previous stint was at Ernst & Young, USA, handling red-team assessments for select Fortune 100 companies. He has been a trainer on offensive security at Black Hat USA, 2018. At Smokescreen, he runs a team of some of the industry’s best redteam and incident response professionals. He has a 99% successful track-record of breaching high-security environments

WORKSHOP : AUTOMATED DEFENCE USING CLOUD SERVICES FOR AWS, AZURE, GCP (1 DAY)

TOPIC BRIEF :

Monitoring for attacks and defending against them in real-time is crucial. Defending our cloud infrastructure during attacks can prove to nightmare even with the currently available solutions in the market. We live in cloud first era where the cloud is our first choice of deployment due to the convenience and scalability. In this workshop, we will learn how to defend our cloud infrastructure using Serverless and Elastic Stack. Elastic Stack will collect, analyse logs and triggers alerts based on configured rule-set. Serverless stack drives the defence to perform automated blocking. It will be configured based on the use case and type of attacks. The currently solution works on AWS, Azure and GCP. It can be extended for other providers and custom solutions like in house firewalls, IPS, etc.

Some of the real-world scenarios we will be covering during the workshop includes

* SSH Brute-force detection & defence
* Content Management System Audit analysis (Azure)
* AWS IAM CloudTrail logs to detect and defend against backdoors (AWS)
* Container logs to defend Kubernetes security attacks(GCP)

DETAILED AGENDA :

We start by setting the stage for automated defence by deploying a centralized monitoring & alerting system. Then we focus on advancing the setup by adding Serverless stack to defend against the cloud infrastructure based on the near real-time alerts to match DevOps speed.

Some of the real-world scenarios we will be covering during the workshop includes

* SSH Brute-force detection & defence
* Content Management System Audit analysis (Azure)
* AWS IAM CloudTrail logs to detect and defend against backdoors (AWS)
* Container logs to defend Kubernetes security attacks(GCP)

High Level Overview:

* Environment setup using automated playbook
* Cloud providers accounts configuration
* Setting up hardened Elastic Stack using Ansible playbooks and Terraform
* Configuring cloud infrastructure to send logs to centralized monitoring system
* Attack patterns analysis and detection
* Building attack monitoring dashboards
* Setting up near real-time alerts (slack, email, etc.)
* SSH brute-force attack against infrastructure
* Building security dashboards for analysis
* Detecting the attack and applying real-time defence
* CMS application service attack simulation
* Attack audit analysis using security dashboards
* Deploying the automated defence
* Setting up monitoring system AWS CloudWatch and AWS CloudTrail logs
* Abusing metadata and gaining access to compromised AWS IAM keys for users and roles
* Identifying compromised IAM keys usage using AWS CloudTrail logs
* Defending against IAM compromised keys using Serverless (AWS Lambda)
* Setting up automated Kubernetes infrastructure with services
* Monitoring Kubernetes security events for attacks
* Attacking containerized applications in Kubernetes
* Near real-time automated defence against Docker container security attacks

ATTENDEE REQUIREMENTS :

• Most of the workshop will be covered using demonstrations and discussions around the scenarios
• Laptop with browser and wireless connectivity would be useful

About Speaker : Madhu Akula is a security ninja, published author and Security Automation Engineer at Appsecco. He is passionate about DevOps and security and is an active member of the international Security and DevOps communities. His research has identified vulnerabilities in over 200 companies and organisations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress and Adobe, etc. He is co-author of Security Automation with Ansible2, which is listed as a technical resource by Red Hat Ansible. Madhu frequently speaks and runs technical sessions at security events and conferences around the world including; DEF CON 24 and 26, Blackhat USA 2018, USENIX LISA 2018, Appsec EU 2018, All Day DevOps 2016, 2017 & 2018, DevSecCon London, Singapore and Boston 2016, 2017 & 2018, DevOpsDays India, c0c0n 2017, 2018, Serverless Summit, null and multiple others.

WORKSHOP : CLOUD PENTESTING (1/2 DAY)

About Speaker : 

Anant Shrivastava is a well known security expert know for his Blackhat Trainings. He is a contributor to Null-the open security community. 

Specialties: Application security, application development, systems & server admins & more

WORKSHOP : PRACTICAL MOBILE APPLICATION EXPLOITATION (1 DAY)

TOPIC BRIEF :

This course is for android and iOS exploitation techniques. These will be practical hands on sessions. It will include Advanced Auditing of iOS and Android Applications, Reverse Engineering, Bypassing Obfuscations, Debugging Android and iOS applications, Runtime manipulation based attacks, Automating security analysis, Exploiting and patching apps, Advanced ARM Exploitation, API Hooking and a lot more.

DETAILED AGENDA :

Module 1 :

• Diving into Android
• Setting up a Mobile Pentest Environment
• Android Security Architecture
• Permission Model Flaws
• Getting familiar with ADB
• Activity and Package Manager Essentials
• API level vulnerabilities
• Rooting for Pentesters Lab
• Android ART and DVM Insecurities

Module 2 :

• Android App for Security Professionals
• Security Analysis of AndroidManifest.xml
• Reverse Engineering for Android Apps
• Smali for Android 101
• Smali Labs for Android
• Cracking and Patching Android apps
• Understanding Dalvik
• Dex Analysis and Obfuscation
• Android Application Hooking
• Dynamic Dalvik Instrumentation for App Analysis
• Creating custom Hooks
  
  

Module 3 :

• Application Specific Vulnerabilities
• Static Analysis of Android Apps
• Attack Surfaces for Android applications
• Exploiting Side Channel Data Leakage
• Exploiting and identifying vulnerable IPCs
• Exploiting Backup and Debuggable apps
• Exploiting Exported Components
• Webview based vulnerabilities
• Dynamic Analysis for Android Apps
• Logging Based Vulnerabilities
• Insecure Data Storage
• Network Traffic Interception
• Analysing Network based weaknesses
• Exploiting Secure applications
• Analysing Proguard, DexGuard and other Obfuscation Techniques
• OWASP Mobile Top 10
• Using Drozer for Exploitation
• Exploiting Android apps using Frida
• Analysing Android apps using Androguard
• Analysing Native Libraries
• Security Issues in Hybrid Apps

Module 4 :

• Getting Started with iOS Pentesting
• iOS security model
• App Signing, Sandboxing and Provisioning
• Setting up XCode
• Changes in iOS 10
• Exploring the iOS filesystem
• Intro to Objective-C and Swift

Module 5 :

• Setting up the pentesting environment
• Jailbreaking your device
• Cydia, Mobile Substrate
• Getting started with Damn Vulnerable iOS app
• Binary analysis
• Finding shared libraries
• Checking for PIE, ARC
• Decrypting ipa files
• Self signing IPA files
  
  

Module 6 :

• Static and Dynamic Analysis of iOS Apps
• Static Analysis of iOS applications
• Dumping class information
• Insecure local data storage
• Dumping Keychain
• Finding url schemes
• Dynamic Analysis of iOS applications
• Cycript basics
• Advanced Runtime Manipulation using Cycript
• Writing patches using Theos
• Frida for iOS
• Method Swizzling
• GDB basic usage
• GDB kung fu with iOS

Module 7 :

• Exploiting iOS Applications
• Broken Cryptography
• Side channel data leakage
• Sensitive information disclosure
• Exploiting URL schemes
• Client side injection
• Bypassing jailbreak, piracy checks
• Inspecting Network traffic
• Traffic interception over HTTP, HTTPs
• Manipulating network traffic
• Bypassing SSL pinning
  Module 8 : Reversing iOS Apps
• Introduction to Hopper
• Disassembling methods
• Modifying assembly instructions
• Patching App Binary
• Logify, Introspy, iNalyzer, Snoopit

Module 9 :

• Securing iOS Apps
• Securing iOS applications
• Where to look for vulnerabilities in code?
• Code obfuscation techniques
• Piracy/Jailbreak checks
• iMAS, Encrypted Core Data

All the above mentioned topics are taught with an extremely hands-on
lab based practical sessions.

ATTENDEE REQUIREMENTS :

• Will be updated soon

About Speaker : 

Subho is the Co-Founder and CTO at Appknox, a mobile security company that helps developers and companies to build secure mobile application. He looks after the security technologies and the product development to ensure we are always ahead in our game.

Subho has previously developed AFE (Android Framework for Exploitation) and has done in-depth research and analysis on mobile platforms. He has been also listed multiple number of times in various Hall Of Fame for finding out critical security vulnerabilities in Google, Apple, Facebook, Microsoft, and many more. He has presented many talks and conducted workshops at conferences like BlackHat, Defcon, ToorCon, SysCan, ClubHack, NullCon, OWASP AppSec, RSA Conference.

His key speaking and training engagements include ‘Mobile Hacking Training’ at Blackhat 2014, ‘Android & iOS hands on exploitation’ at SyScan 2014, Mobile Hacking 2 at Blackhat 2013, ‘Advanced Android & iOS hands on exploitation’ at OWASP AppSecAsia 2013, ‘The Droid Exploitation Saga’ at OWASP Appsec Asia,’Stand Close to Me, & You’re pwned: Owning SmartPhones using NFC’ at Clubhack 2012 & many more

Honorable mentiones include Apple Inc, Google on Goolge Hall Of Fame, Microsoft Security, Facebook

WORKSHOP : EXTREME WEB HACKING USING CYBER RANGE (1 DAY)

About Speaker : Aditya Kakrania is the director at Security Innovation. This session might be taken by other speakers from Security Innovation. Details will be updated soon

WORKSHOP : CYBER LAW PRACTICES FOR INCIDENT RESPONSE (1/2 DAY)

TOPIC BRIEF :

Cybersecurity breach incidents continue to increase in number and frequency that is
compelling the board of directors to focus on the oversight and management of the
cybersecurity incidents. The financial losses and irreparable reputational damage such
incidents inflict cannot be overcome unless there is a clear strategy defined by the board to
deal with it. Many corporations are making wise investments related to security that is
aiding to create a significant difference when cybercriminals try to attack.
Evaluating the impact of any cybersecurity breach incidents cannot be known immediately
post incident as most of the times the corporate do not know what the criminals will be
doing with the data exfiltration. Successful cyber attacks are launched against the
corporations who do not have a strategy to implement safe security practices in protecting
the consumer or employee personal information. Majority of the cyber-attacks on the
corporations are due to the absence of implementation of internal controls to protect the
sensitive information. Fear of negative publicity and undue delay in the legal proceedings
also prevent them from notifying to the law enforcement authorities.
The boards should clearly draw directions on how and when to contact the law enforcement
and other regulatory bodies regarding insider or outsider threats, keeping in view the legal
requirements of notifying any cybersecurity breach incidents. Working with law
enforcement agencies has some significant benefits like compelling the third parties to
disclose data that are required to know the source of the attack and also reconstruct how
the incident took place.
Working closely with the Law enforcement will also be looked favourably by the
shareholders, the public, and other associated parties. The successful prosecution of
cybercriminals will not entirely forestall the further harm but, also deter others from
committing the crimes.

DETAILED AGENDA :

• How Cybercrimes are evolving & how enterprises should gear up to respond?
• What steps do organizations need to choose to draw clean lines of accountability
  and responsibility for cybersecurity efforts to fend off and cut the impact of
  cybercrime?
• What are the benefits of working closely with the Law enforcement agencies, while
  dealing with any cybercrime incidents? What are the best practices for Law
  enforcement interactions?
• Legal aspects of dealing with the cybercrime incidents- Role of corporate legal
  counsel to help draw effective strategies.
• How to bridge the gap in the perception of Cybersecurity governance effectiveness
  between the board and the security team.

ATTENDEE REQUIREMENTS :

• To be updated

About Speaker : 

Venkatesh Murthy has over 13 years’ experience in Cybercrime Investigation training and computer forensics. He is currently managing a program for capacity building of Law Enforcement Officials by training through the Cyber Forensics initiative of DSCI.

Mr. Murthy has conducted exclusive cybercrime training programs for Police, Prosecution and Judiciary officers of India. He has also significantly contributed in the development of International Cyber Forensics credential (ISC) 2 –CCFP in the workshops held at Miami,
Orlando, Washington DC during 2013- 2015.

He is an alumnus of IVLP program of US Department of State on the topic “Linking Digital Policy to Cybercrime Law enforcement” in Feb 2017.
He holds a Bachelor’s of Engineering degree in Telecommunication from Visvesvaraya Technological University, Karnataka

WORKSHOP : PRACTICAL THREAT HUNTING USING OPEN SOURCE TOOLS (1/2 DAY)

TOPIC BRIEF :

Threat hunting can seem intimidating at first. How can you come to grips with threats that
don’t use known malware or indicators of compromise? How can you deduce the
presence of “fileless” attacks that leave no files or malicious tools on a hard drive?
This workshop will uncover the art of threat hunting, looking for what gets missed using
automated tools and use cases leveraging open source hunting tools and techniques, including hunting in memory, hunting on the cheap and hunting for persistence.
We will begin with an overview of threat hunting, then introduce techniques you can use today to stop unknown suspicious activity in your network. You will learn how to find ongoing attacks by proactively searching for signs of fileless attacks, persistence mechanisms, evidence of lateral movement, and credential theft.In this practical session, you will learn how to create your own enterprise-wide hunting platform using ELK with data enrichment feeds. Additionally, creating the means of retrieving the data from the various endpoints and data sources will also be introduced and explained throughout the session. This workshop will teach you how to not only set up an ELK server specifically geared to facilitate powerful hunting, but will also show you how to collect data efficiently from every single endpoint on your network in a very short span of time, thereby enabling you to proactively hunt on a regular basis.

DETAILED AGENDA :

• Threat Hunting Models and Hypothesis Building
• Threat Hunting using input from Threat Intelligence
• Indicators of Compromise
• Knowing how to find bad – Log Analysis, Web Application Logs, Network Forensics and Packet Analysis, DNS and DHCP Log analysis and real time packet sniffing
• Data collection methods
• Logstash
• Elasticsearch basics
• Kibana basics
• Building Visualizations
• Building Dashboards
• Data enrichment
• Real-time data collection
• Machine Learning for Threat Hunting
• Final Exercise – 3 Use Cases to Hunt
  
  

ATTENDEE REQUIREMENTS :

• Attendees must have windows 10 laptop / Mac OS with atleast 16GB RAM and atleast 100gb of free disk space
• Virtualization software capable of running VMDKs and OVA files (Preferred Kali)

About Speaker : Chandra Prakash has completed several MDPs from ISB, Harvard, Stephen Covey institutes.

Specialties: Managed Services – NG-SOC, DLP, DAM, EDR, IR and Forensics, Deployment- SIEM Platform (Security Analytics/ Threat Intelligence/Full packet capture, EDR and IR automation ) Technology Risk Consulting, IT GRC, Data Protection and Cyber Security Strategy Management.

Previous SACON

Click Here For May 2018

Click Here For May 2017

Click Here For November 2016

Click Here For May 2016

Click Here For Nov 2017

1000+ Organizations Attended

AGENDA DAY 1

AGENDA DAY 2

Workshop : IoT Secrity Training 
(1 Day)

Workshop : Computer Networking And Ethical Hacking (2 Day)

Workshop : SBoM Basics (1 Day)

Workshop : Demystifying Neural Networks With Cybersecurity Applications (1 Day)

• *Agenda will be updated as sessions add in. 

SACON sells out very fast, register and book your passes before it's sold out. If you register but do not purchase, that will allow you to get insider content from SACON and you can catch up when we are hosting one near you!

Register For SACON 2024

SACON sells out very fast, register and book your passes before it's sold out. If you register but do not purchase, that will allow you to get insider content from SACON and you can catch up when we are hosting one near you!

Register For SACON 2024

SACON + AICON

30 MAY, 2024   |   Bangalore   |   India 

International Security Architecture Conference, AI Conference & Training

Pre-register now and get access to special discounts

Network With Top CISOs

-Vijaykumar Reddy, Engineer, L&T Infotech

Click Here To See More Testiomonials

SACON Certficate

Registration Passes & Rates

Vijaykumar Reddy

“If I hadn't come, it would take another 2 to 3 years to learn and understand these tools”

Anil Kumar K K

“Very insightful, will definitely help us create a very effective security architecture”

“The principles .. gives a structure to the thought process”

Manoj Kuruvanthody

P.S. SACON Has No Sponsored Talks

Meet top security technology companies, providers at the expo area to help you address your IT Security issues in one place.

• Artificial Intelligence In Cyber Security
  We will discuss on a pressing challenge. AI continues to become more prevalent in organizations, industries, peers. We will discuss on how we can develop security measure to protect from threats and continue hunting for opportunities and innovations in AI
  
  
• Secure Coding Framework
  Here we will discuss and develop a secure coding framework. We will try to incorporate real-life examples, optimize and more. This can become a process for teams to ensure every time we code, it's all covered to some extent promoting reduced risk
  
  
• API Security Vulnerabilities
  This session will discuss the API security vulnerabilities, go through popular vulnerabilities, how to exploit and fix them.
  
  
• Cloud Security With AWS, GCP, Azure
  This will explore cloud security attacks and defense against major cloud providers like AWS, GCP, Azure
  
  
• How An Effective Pentest Report Can Help A CISO ? 
  We will explore how a CISO can map out his security goals and effectively use pentest to mature the organization's security. Pen tests can be highly effective at showing what the business risks are and how to improve.
  
  
• Security Operation Centre (SOC) : Detection & Response
  This session takes up how to effectively plan for and build a SOC (Security Operations Center). We start with some fundamentals on what is a SOC, who needs it, why and some best practices
• Data Driven Zero Trust Privacy Roadmap
  This session will explore building a zero trust privacy roadmap for implementation with visibility to data
  
  
• Technical Architecture: Building Self Defending Applications using RASP Technology
  Architecture of RASP Technology, Deployment Models, How to perform Application Integration for Detection & Response
  
  
• SecDevOps Reference Architecture Stack: How to embed and automate security in DevOps
  Leveraging the opportunity provided by DevOps to embed & automate security in the CI/CD processes
  
  
• Designing Security Stack
  A security technology stack is a combination of technologies that organizations use to manage their IT Security. In this session we will build optimized security stacks based on organization specific requirements (Eg. for Startups, SMBs)

What's New & Exciting ? 

*This is Tentative. Will be updated

(Train Your Team) Trainings From Past Blackhat/Defcon/Nullcon Trainers

Day 1 - Agenda For Workshops

Day 2 - Agenda For Workshops

Meet Our Present Speakers

We brought together best of the minds in the Security Industry

Meet Our Past Speakers

We brought together best of the minds in the Security Industry