Workshops & Villages
Security Analytics Using ELK Stack
Workshop Title: Security Analytics using ELK Stack
Speaker: Wasim Halani
Abstract: The ELK stack is an open-source framework. It compromises of three major components: Elasticsearch: The primary data store where all parsed logs are stored. It’s basically a NoSQL database and a super-fast search-engine. Logstash: This is the log processing component of the stack. It receives logs from different sources, messages, filters and enriches the events to finally send it to Elasticsearch
Kibana: This is the visualization layer that interacts directly with Elasticsearch.
In this workshop, our objective would be to understand the basics of ELK and explore different use cases related to security monitoring and analytics where ELK stack stands apart.
ELK Basics: In this module, we shall explore the different components that make up the ELK stack. We shall also explore the additional components available to ship logs from different sources.
ELK Installation: In this module, we shall work on setting up our ELK stack on Windows. We shall also look at installing some important plugins which help make working with ELK easier as well as provide enrichment of log events
ELK Demo: We’ll walk through a simple demo of using ELK stack for investigating logs from Apache Web server and a SSH Server
From this workshop, the attendees would be able to:
- Understand the ELK stack and installation process
- Use ELK stack for forensic analysis of large log data sets
- Create parsers for standard and custom log events
- Create visualization and dashboards in Kibana
- Perform visual analytics to identify threats
- Understand concepts of ‘Threat Hunting’ and build use-cases for standard data sources
Village Title: IOT/ICS Village
Speakers: Arun Mane, Abhijith Soman
Abstract: New generation malware and attacks have been targeting ICS and IoT systems causing huge monetary and human life losses. Penetration testing on ICS and IoT systems is a very niche field which requires in-¬depth knowledge and has a huge dependency in terms of the Hardware availability. This village will concentrate on methodologies to conduct penetration testing of commercial Hardware devices such as PLCs, home automation, smart sensors as well as simulators. The village will provide an excellent opportunity for attendees to have hands-on experience on Penetration Testing of these devices and systems. The ICS setup will simulate the ICS infrastructure with real time PLCs and SCADA applications. The IoT setup will include home automation devices and sensors which the attendees can try and break into. It will also cover basic briefing of ICS/IoT components, jargons, architecture, various protocols used and need for security.
The ICS & IoT Village is targeted toward Pentesters , hackers, students and enthusiasts who really want to study and want to have experience on Scada (ICS) Hacking.
Village CTF: There will be certain challenges for the attendees and some GOODIES to give away for the winners.
- Modbus communication setup
- Fuel station over Modbus and AST (Above surface Tank) monitoring system
- Building Automation System (BAS) and Building Monitoring system(BMS) over BACnet communication
- Smart Home
- Delta DVPEN01+DVP28SV plc
- SMPS Electric simulator board– Consist of Push buttons, PNP sensors, Indicators, Alarm indicators
- Raspberry Pi
- BAS and BMS systems
- Smart Camera
- Smart Socket
- BLE Bulb
- Smart Hub
- Modbus Network Scanning: – This attack involves sending benign messages to all possible addresses on a Modbus network to obtain information about field devices
- Passive Reconnaissance: – This attack involves passively reading Modbus and other protocols messages or network traffic.
- Reading register values
- Reading coil values
- Writing Register and coil values to toggle the actuators
- Writing status of AST monitoring systems (Changing level of Diesel-petrol tank, Name of the Tank)
- Scanning and enumeration of BACnet communication.
- Toggle BMS actuators over BACnet communication.
- Hijacking home sensors – Hacking mobile application
Android Exploitation 101
Workshop Title: Android Exploitation 101
Speakers: Arun S and Kartik Lalan
Abstract: Android Exploitation 101 is a 3-4 hour fast-paced hands-on session which focus on security implementation for Android Apps & figuring out how to bypass/successfully exploit them.
In this workshop you will learn various topics like Reverse Engineering, Application Sandbox Security & App signing process, Root Detection techniques & bypassing, SSL pinning etc., This workshop will help the participants to get a solid foundation on Android Pentesting.
Hardware Pre-requisites (Mandatory)
- A system capable of running Virtual Box.(You can test this by installing Virtual Box and creating a test VM).
- At least 4 GB of RAM
- At least 20 GB of free space.
Software Pre-requisites (Mandatory)
Please make sure you have android virtual device configured in your machine;
Steps for setting up Android Studio & AVD – http://nestedif.com/android-
environment-tools/creating- new-android-virtual-device- emulator-using-android-studio/ Download 1 AVD image for OS 5.0 and 1 AVD image for OS 7.0. “
- Oracle VirtualBox (Any version higher than 5.1.14 & above) – https://www.virtualbox.org/
wiki/Downloads. Please install this and come before the session. VMWare will not be supported.
- Install Android Studio (https://developer.android.
- All the other required tools for the session is available in the below link, please make sure to have the setup ready for coming for the session;
- Link: https://goo.gl/hYbTcG