In its second year, nullcon 2011 is now an international security conference that witnesses the participation of India’s top whitehat hackers. Organized by the null information security community, nullcon 2011 is being held at The RETREAT by Zuri,
With tracks like Desi Jugaad which includes India-specific hacks, the event promises insights worth exploring for the security enthusiast as well, rather than just pure-play infosec. As part of our detailed nullcon Dwitiya coverage, we have put together some of the hottest topics of Day Zero. These presentations examine some of the hottest challenges—right from exploiting SCADA systems and building intelligence analysis systems to reversing Microsoft patches for analysis of vulnerable code. Here are some of the highlights of nullcon 2011’s Day Zero.
Presenter: Jeremy Brown
During this session of nullcon 2011, Jeremy Brown of Tenable Network Security lays bare the vulnerabilities that surround SCADA software as well as the vendor apathy which makes these systems so vulnerable. Brown also conducts the demo of a live SCADA system exploit as part of this session. With threats like Stuxnet highlighting the need for secure SCADA systems, this is one presentation that you cannot afford to mix.
Presenter: Harsimran Walia
Application Developer Harsimran Walia’s paper details identification of vulnerable code files in Microsoft solutions through reverse engineering of patches and files for these products. The paper puts forward the need to leverage this process for creation of vulnerability signatures, an approach which is superior to the use of exploit signatures for making undisclosed exploit and patch verification.
Presenter: Fyodor Yarochkin
As part of this nullcon 2011 workshop, security analyst Fyodor Yarochkin from Armorize Technologies exhibits how open source tools can be used to mine Internet data, organize and tag it for extraction of meaningful information. This hands-on workshop examines how intelligence analysis systems can be built using various open source solutions such as Nutch, solr, lucene, Soghun (machine learning framework), hadoop and netglub.
This was first published in February 2011