image image

CONFERENCE PROGRAM

BSIDES DELHI 2018


TANGOh1

8:30 AM Registration
9:30 AM Opening Remarks
9:45 AM Keynote: Security and the Eternal Return - Dave Lewis (Advisory CISO - Global, Duo Security)
10:15 AM Tea/Coffee Break
10:30 AM SITH Happens: Attack of Malicious WASMs (Kaizhe Huang)
11:20 AM DomGoat - The DOM Security Playground (Lavakumar Kuppan)
12:10 PM Pentesting GraphQL (Neelu Tripathy)
12:55 PM Lunch Break
14:00 PM Self-host like it's 2018 and reclaim your privacy ( Subash SN)
14:50 PM Finding memory bugs with the Address Sanitizer (Siddharth Muralee)
15:35 PM Tea/Coffee Break
15:55 PM Call of Duty: Modern Browser Warfare (Dhiraj Mishra)
16:45 PM Keynote: Politics & Power in Cybersecurity - Pukhraj Singh (Cyber Intelligence Analyst)
17:15 PM Thankyou note

TANGO 2
(Workshops)

10:30 AM Attacking Web Applications using Burp Suite (Riddhi Shree & Vandana Verma)
13:30 PM Break
13:45 PM Discerning High Impact Mobile Apps Vulnerabilities (Abhinav Mishra)

TANGOh3

10:30 AM Headshot: Game Hacking on MacOS (Jai Verma)
11:00 AM Securing the Supply Chain with Risk Based Framework (Prithvinder Singh & Prashanth Sulegaon)
11:30 AM Garbage Collection Internals of Jscript and CVE-2018-8389 (Sudhakar Verma)
12:10 PM Panel Discussion: Cybersecurity Teams as Business Enablers
13:00 PM Lunch Break
14:00 PM Career Village (Talks, Resume Reviews, etc.)

STRATEGY
(Workshops)

10:30 AM BSides Delhi CTF sponsored by HackerOne and hosted by Team bi0s
13:30 PM Break
13:45 PM Active Defense using Honeypots (Rahul Binjve)

AGENDA
(CTF)

10:30 AM BSides Delhi CTF sponsored by HackerOne and hosted by Team bi0s
image

TALKS & WORKSHOPS

Keynote Talks


Security and the Eternal Return by Dave Lewis

Politics & Power in Cybersecurity by Pukhraj Singh

Workshops


Active Defense using Honeypots by Rahul Binjve

Attacking Web Applications using Burp Suite by Riddhi Shree and Vandana Verma

Hunting Malware in Memory by Malla Reddy Donapati

Discerning High Impact Mobile Apps Vulnerabilities by Abhinav Mishra

Technical Talks


Pentesting GraphQL by Neelu Tripathy

DomGoat – the DOM Security Playground by Lavakumar Kuppan

SITH Happens: Attack of Malicious WASMs by Kaizhe Huang

Finding memory bugs with the Address Sanitizer by Siddharth Muralee

Self-host like it’s 2018 and reclaim your privacy by Subash SN Call of Duty: Modern Browser Warfare by Dhiraj Mishra

Lightning Talks


Garbage Collection Internals of Jscript and CVE-2018-8389 by Sudhakar Verma

Headshot:Game Hacking on MacOS by Jai Verma

Securing the Supply Chain with Risk-Based Framework by Prithvinder Singh and Prashanth Sulegaon

Weaponising Raspberry Pi for Red Team Assessments by Sachin S Kamath

CAPTURE THE FLAG

BSides Delhi is coming up with brand new CTF this year sponsored by HackerOne and to be hosted by Team bi0s, the CTF team of Amrita Vishwa Vidyapeetham (India)

Start Time: Thursday, October 25, 2018, 5:00 pm IST


End Time: Friday, October 26, 2018, 5:00 pm IST

Everyone can participate (onsite or remotely) but in order to
be eligible for prizes, your team need to be onsite

Web Security | Binary Exploitation | Reverse Engineering | Cryptography |
Forensics

Exciting Prizes worth INR 35,000 (1st Prize), INR 20,000 (2nd Prize) and INR 15,000
(3rd Prize) to be won!

shield plane

RULES

  • Participation in BSides Delhi CTF 2018 is open to everyone but in order to be eligible for prizes, at least one person from the team should be attending BSides Delhi with a valid conference pass. In order to become a local team, ask your team representative to meet the CTF organisers during the CTF on the day of conference (26th October).

  • Participants should not carry out any attacks on the CTF infrastructure.

  • No DoS, DDoS, bruteforcing, automated scans or generating any large amount of traffic by any other means on any challenges and other contest infrastructure. It is not permitted and is never intended in any question.

  • All updates and announcements will be posted on IRC: #bi0s-ctf on Freenode

  • No collaboration between different teams and flag sharing is not allowed.

  • Participants are NOT allowed to publish solutions during the course of game (blog, GitHub, YouTube, etc)

  • Any participants found violating the above rules will be disqualified from the contest

  • BSides Delhi reserve the right to introduce new rules or modify existing rules during or after the contest. Any such rules will be applicable to all the participants in the contest.

  • The decision of BSides Delhi will be final

  • By participating in the contest, you agree that you have read the above rules and fully agree to adhere to them.

    • SPONSORED BY

    Hackerone

    HOSTED BY


    host-image
    host-image
    host-image
    image

    CAREER VILLAGE

    TIME - 14:00 PM to 15:35 PM | ROOM - TANGO 3


    We are to excited to announce the Career Village at BSides Delhi 2018.

    Join us for a discussion on topics such as breaking into infosec, how to progress your infosec career, learning paths, resume reviews and more.



    RESUME REVIEWS


    It is always good to get a second opinion on your career. If you thinking for your next move or just starting into InfoSec, this “Career Village” may be of great help to you.


    The idea of this village is to give a 15 min slot to individuals with the reviewers from the panel. The reviewers will


    • Review your resume
    • Give tips/suggestions to improve the resume
    • Guidance on the career
    • Conduct mock interviews

    We have selected the reviewers based on their varied and huge experiences in interviewing and assessing candidates. They are more than willing to help the others to grow in their career.


    Sign up for a 15 min session with our volunteer reviewers who are ready to put their years of experience at work to help you improve your resume and provide practical tips and guidance.


    Please bring your updated resume (Physical or in digital form). Prior registration is required as we will have limited time (15min for each interested participant) and volunteers to help candidates. Walk-ins are allowed but only if slots remain unfilled by registered participants


    REVIEWERS


    • Anant Shrivastava (Regional Director, APAC, NotSoSecure)
    • Saurabh Seth (VP, eSec Forte Technologies)
    • Vijay K Sahu (Manager, Adobe Secure Software Engineering Team
    • Mohammed Wasim, Vice President, Publicis.Sapient
    image

    PANEL DISCUSSION

    CYBER SECURITY TEAM AS BUSINESS ENABLERS

    TIME - 14:00 PM to 15:35 PM | ROOM - TANGO 3


    MODERATED BY


    Speaker 1

    Gautam Kapoor

    Partner

    Cyber Security, Deloitte

    PANELISTS

    Speaker 1

    Bhavesh Kumar Pandey

    Threat Researcher

    CISO, Hero finCorp
    Speaker 1

    Himanshu Chugh

    Global operations Director

    Compliance, HCL Tech
    Speaker 2

    Thom Langford

    Security Architect

    CISO, Publicis Groupe
    Speaker 3

    Vikas Singh Yadav

    Information Security Enthusiast

    CISO, Max New York Life Insurance