nullcon Dwitiya - The inside gyan on nullcon 2011

Join us as we catch up with the who’s who of elite Indian whitehats at nullcon 2011 in Goa. Here’s an exclusive view of nullcon Day Zero’s top sessions.

In its second year, nullcon 2011 is now an international security conference that witnesses the participation of India’s top whitehat hackers. Organized by the null information security community, nullcon 2011 is being held at The RETREAT by Zuri, Goa. With twin parallel tracks that cover various aspects such as technical tracks, security trend debates, research papers and CXO sessions , this is an event that sees participation from hackers— desi as well as international.

With tracks like Desi Jugaad which includes India-specific hacks, the event promises insights worth exploring for the security enthusiast as well, rather than just pure-play infosec. As part of our detailed nullcon Dwitiya coverage, we have put together some of the hottest topics of Day Zero. These presentations examine some of the hottest challenges—right from exploiting SCADA systems and building intelligence analysis systems to reversing Microsoft patches for analysis of vulnerable code. Here are some of the highlights of nullcon 2011’s Day Zero.


Session: Exploiting SCADA systems

Presenter: Jeremy Brown

During this session of nullcon 2011, Jeremy Brown of Tenable Network Security lays bare the vulnerabilities that surround SCADA software as well as the vendor apathy which makes these systems so vulnerable. Brown also conducts the demo of a live SCADA system exploit as part of this session. With threats like Stuxnet highlighting the need for secure SCADA systems, this is one presentation that you cannot afford to mix.



Paper: Reversing Microsoft patches to reveal vulnerable code

Presenter: Harsimran Walia

Application Developer Harsimran Walia’s paper details identification of vulnerable code files in Microsoft solutions through reverse engineering of patches and files for these products. The paper puts forward the need to leverage this process for creation of vulnerability signatures, an approach which is superior to the use of exploit signatures for making undisclosed exploit and patch verification.


Workshop: Building an intelligence analysis systems using open source tools

 Presenter: Fyodor Yarochkin

As part of this nullcon 2011 workshop, security analyst Fyodor Yarochkin from Armorize Technologies exhibits how open source tools can be used to mine Internet data, organize and tag it for extraction of meaningful information. This hands-on workshop examines how intelligence analysis systems can be built using various open source solutions such as Nutch, solr, lucene, Soghun (machine learning framework), hadoop and netglub.

Read more on Hackers and cybercrime prevention