Workshops & Villages

Security Analytics Using ELK Stack

Wasim Halani

Head – InfoSec Innovations and Research, NII Consulting

Workshop Title: Security Analytics using ELK Stack

Speaker: Wasim Halani

Abstract: The ELK stack is an open-source framework. It compromises of three major components: Elasticsearch: The primary data store where all parsed logs are stored. It’s basically a NoSQL database and a super-fast search-engine. Logstash: This is the log processing component of the stack. It receives logs from different sources, messages, filters and enriches the events to finally send it to Elasticsearch

Kibana: This is the visualization layer that interacts directly with Elasticsearch.

In this workshop, our objective would be to understand the basics of ELK and explore different use cases related to security monitoring and analytics where ELK stack stands apart.

ELK Basics: In this module, we shall explore the different components that make up the ELK stack. We shall also explore the additional components available to ship logs from different sources.

ELK Installation: In this module, we shall work on setting up our ELK stack on Windows. We shall also look at installing some important plugins which help make working with ELK easier as well as provide enrichment of log events

ELK Demo: We’ll walk through a simple demo of using ELK stack for investigating logs from Apache Web server and a SSH Server

From this workshop, the attendees would be able to:

  • Understand the ELK stack and installation process
  • Use ELK stack for forensic analysis of large log data sets
  • Create parsers for standard and custom log events
  • Create visualization and dashboards in Kibana
  • Perform visual analytics to identify threats
  • Understand concepts of ‘Threat Hunting’ and build use-cases for standard data sources

ICS/IOT Village

Arun Mane

Sr. Security Researcher, Payatu Labs

Abhijith Soman

Security Researcher, Payatu Labs

Village Title: IOT/ICS Village

Speakers: Arun Mane, Abhijith Soman

Abstract: New generation malware and attacks have been targeting ICS and IoT systems causing huge monetary and human life losses. Penetration testing on ICS and IoT systems is a very niche field which requires in-¬depth knowledge and has a huge dependency in terms of the Hardware availability. This village will concentrate on methodologies to conduct penetration testing of commercial Hardware devices such as PLCs, home automation, smart sensors as well as simulators. The village will provide an excellent opportunity for attendees to have hands-on experience on Penetration Testing of these devices and systems. The ICS setup will simulate the ICS infrastructure with real time PLCs and SCADA applications. The IoT setup will include home automation devices and sensors which the attendees can try and break into. It will also cover basic briefing of ICS/IoT components, jargons, architecture, various protocols used and need for security.

The ICS & IoT Village is targeted toward Pentesters , hackers, students and enthusiasts who really want to study and want to have experience on Scada (ICS) Hacking.

Village CTF: There will be certain challenges for the attendees and some GOODIES to give away for the winners.

 

Setup:

  • Modbus communication setup
  • Fuel station over Modbus and AST (Above surface Tank) monitoring system
  • Building Automation System (BAS) and Building Monitoring system(BMS) over BACnet communication
  • Smart Home

Equipment:

  • Delta DVPEN01+DVP28SV plc
  • SMPS Electric simulator board– Consist of Push buttons, PNP sensors, Indicators, Alarm indicators
  • Raspberry Pi
  • BAS and BMS systems
  • Router
  • Smart Camera
  • Smart Socket
  • BLE Bulb
  • Smart Hub

Village CTF:

  • Modbus Network Scanning: – This attack involves sending benign messages to all possible addresses on a Modbus network to obtain information about field devices
  • Passive Reconnaissance: – This attack involves passively reading Modbus and other protocols messages or network traffic.
  • Reading register values
  • Reading coil values
  • Writing Register and coil values to toggle the actuators
  • Writing status of AST monitoring systems (Changing level of Diesel-petrol tank, Name of the Tank)
  • Scanning and enumeration of BACnet communication.
  • Toggle BMS actuators over BACnet communication.
  • Hijacking home sensors – Hacking mobile application

Android Exploitation 101

ARUN S

Security Consultant, IBM India Software Labs.

Kartik Lalan

Security Engineer, Philips Innovation Campus

Workshop Title: Android Exploitation 101

Speakers: Arun S and Kartik Lalan

Abstract: Android Exploitation 101 is a 3-4 hour fast-paced hands-on session which focus on security implementation for Android Apps & figuring out how to bypass/successfully exploit them.

In this workshop you will learn various topics like Reverse Engineering, Application Sandbox Security & App signing process, Root Detection techniques & bypassing, SSL pinning etc., This workshop will help the participants to get a solid foundation on Android Pentesting.

Hardware Pre-requisites (Mandatory)

  •  A system capable of running Virtual Box.(You can test this by installing Virtual Box and creating a test VM).
  • At least 4 GB of RAM
  • At least 20 GB of free space.

Software Pre-requisites (Mandatory)