SACON 2019

International Security Architecture Conference & Training

15-16 February | Bangalore | Conference & Training

Register To  Get Special Discounts, speaker Announcements & more ! *
1 +
Attendees
1 +
Speakers
1 +
CISO/CIO
1 +
Trainings

“If I hadn’t come, it would take another 2 to 3 years to learn and understand these tools”

vijay-kumar-reddy-l-t.original

Vijay Kumar Reddy, Engineer, L&T Infotech

Top Sessions

SACON Vision

We have a lot of competence in hacking but we have a very limited community for the defenders, security architects …etc. So we started SACON – India’s 1st Security Architecture Conference, to solve this competency gap. SACON is organized by CISO Platform, the largest social collaboration platform exclusively for CISOs and senior information security executives with 60,000+ subscribers. 

AGENDA

For detailed agenda scroll down or click here

2019 SACON Speakers

SACON - India's only Security Architecture Conference & training

Pre-Register & Get Access to Special Discount Vouchers! *

Workshop : LINUX & windows forensic
(1 Day)

Topic Brief :

Have you ever wanted to investigate a Windows and/or Linux breach but could not justify the 8 lakh rupees in software ? This workshop will introduce attendees to Windows & Linux forensics using 100% free and open source software. Python and shell scripting will be used to easily analyze both Windows & Linux systems at deep level.
 

Detailed Agenda :

1. Introduction – what is forensics; what is digital forensics; building a toolkit 

2. Live response – talking to users; collecting data; analyzing collected data; determining if there was an incident 

3. Preparing for dead analysis – shutting down; creating a memory image; creating filesystem images 

4. Basics of FAT Filesystems – how it works; timestamps; deleted files 

5. Basics of NTFS Filesystems – how it works; timestamps; deleted files 

6. File analysis – file signatures – slack space; recovery from page file etc. 

7. Registry – how it is organized – where it is stored; location of important information; tools to make it easy 

8. Windows artifacts – recycle bin; AppData files; prefetch files – misc. 

9. Memory analysis – getting an image; basic Volatility commands
 

Attendee Requirements :

Workshop participants will need a laptop running a recent 64-bit version of Linux and should have at least 8GB of RAM & 200 GB free space. VirtualBox with extension pack preinstalled. Basic Linux knowledge at the user level

Dr. Phil Polstra

professor,bloomberg

Author of ‘Linux Forensic’, Frequent speaker at DEFCON, Blackhat, BSides, GrrCON, ShakaCON

Dr. Phil Polstra is currently the professor at bloomsburg university of pennsylvania. He is the author of ‘Windows Forensic’ and ‘Linux Forensic’. He is a frequent speaker and trainer at Blackhat, Defcon, BSides, Grrcon, Shakacon and many more. You can check a compiled list of his past talks at some conferences here

SACON - India's only Security Architecture Conference & training

Pre-Register & Get Access to Special Discount Vouchers! *

Workshop : Practical security architecture (1/2 Day)

Topic Brief :

My session will show how to design a security architecture that guides an organisation on what safeguards must be implemented in order to address real world risks and threats. Organisations have a limited budget, the question is, how does the security architect determine what to spend their limited time and budget on in order to obtain the best outcome and return on investment. My method of designing a security architecture brings together the following: Sherwood Applied Business Security Architecture (SABSA), Intel’s Threat Agent Risk Assessment (TARA), Lockheed Martin’s Cyber Kill Chain and threat driven approach, Mandiant’s M-Trends report, Verizon’s Data Breach Investigations Report, ASD Essential 8 and Mitre’s Adversarial Tactics, Techniques & Common

Knowledge. The structured use of all of these techniques and methodologies (whole and in parts) will allow security practitioners to design a security architecture that addresses the threat actors and adversaries most likely to launch attacks and mitigate their specific tactics and procedures that will be used.

 

Detailed Agenda :

1.List the tools and techniques available to design a pragmatic and practical security
architecture, their purpose, use and why they’re relevant. What are the core aspects of a
security architecture that must be considered?

2. Not all security controls are created equal. Describe and apply a methodology to select the most effective controls to address an organisation’s key risks. How can you tell if your
security architecture is fit for purpose?

3. Understand the controls that make up basic cyber security hygiene and offer the best return on investment based on industry reports and an analysis of real world cyber-attacks. Have you got the basics covered?

4. Understand the security investment portfolio and how it supports an organisation’s defensive posture. Spread your risk and diversify your security investments.

5. How to effectively reduce an attacker’s dwell time. Simply because your organisation’s
defences have been penetrated does not mean that data loss or system destruction is a
given. Assume breach and put in place effective security measures to restrict your
adversaries from actioning on their objectives.

Theory will be reinforced through the use of practical examples and exercises where you can put the tools and techniques into practice.

Attendee Requirements :

Attendees should have a least 1-2 years’ experience in information security architecture or
information security management along with a good understanding of frameworks such as NIST SCF and ISO 27001. No time will be spent explaining information security and risk management basics. No special equipment is required. Session materials will be provided on the day.

Wayne Tufek
Director, CyberRisk

Frequent Speaker at RSA APJ, ISC2 & more

Wayne Tufek is currently a Director of CyberRisk (www.cyber-risk.com.au). For over 20 years he has formulated pragmatic, business driven strategies to establish, execute and improve cyber risk management in ASX listed companies and some of Australia’s largest organisations across the public sector, Big 4, financial services, consumer products, education and retail sectors. Wayne is a member of Chartered Accountants Australia and New Zealand and holds the SABSA SCF, CISSP, CRISC, CISM, CISA, ISO/IEC 27001 Lead Implementer and PCI QSA qualifications. He is frequently asked to present at security conferences and events in Australia and internationally including the Australian Cyber
Security Centre Conference, AusCERT, ISC2 Security Congress, ISACA Oceania CACS, RSA APJ and
CeBit.

SACON - India's only Security Architecture Conference & training

Pre-Register & Get Access to Special Discount Vouchers! *

Workshop : advanced active hunting for red and blue teams using deception (1 Day)

Topic Brief :

Defending an enterprise network is increasingly challenging. With various components and integrations, implicit trusts, third party applications, various operating systems, backward compatibility and legacy applications present in a network, often an adversary just need to go for a weak default misconfiguration or feature to get a foothold. Once a foothold is available, adversaries can laterally move and abuse features and trusts to gain access to key information and data. This can be done by “living off the land” and using only the built-in tools of an operating system.

The days of reacting to an attack are past. Defenders and Blue Teams must exploit the attacker mind-set of going for “the lowest hanging fruit”. Deception provides capabilities of detecting and shaping the path an adversary with less chances of false positives, increased certainty and reveal what an adversary wants to get from your network. Deception definitely increases the costs for an adversary.

In this training, we will understand, learn, implement and design different types of deceptions and use of decoys, lures, canaries, accounts, tokens and a lot more. We will use built-in OS tools and scripts to quickly deploy deception techniques enterprise-wide with and without agents on computers. We will see some unique deception techniques and also use existing ones.

Deception for Red Teams will also be practiced. Red Teams have been using deception more effectively – Social engineering, phishing, fake documents and more attacks. We will practice some of the attacks but focus more on identifying deception by Blue Team and counter-deception. We will also see case studies of stopping advanced adversaries using deception techniques.

 

Detailed Agenda :

Some of the deception techniques, used in the course:

  • Documents – MS Office and others
  • Files – Trusted executables, scripts and more
  • Active Directory – Groups, SPNs, ACLs and more
  • Credentials – Windows, SSH, AD
  • Databases – data, credentials and more
  • Host and Enterprise applications
  • Designing deception
  • Wireless Deception
  • Identification
  • Rapid deployment at scale using WMI and PowerShell


Attendee Requirements :

People who should attend include Network administrators, security researchers, red-blue teams, pentesters. Attendee should have basic understanding of Windows domains. Participant should bring system with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes. Attendees will get free one month access to a lab mimicking an Enterprise network, during and after the training & one month subscription to Pentester Academy

SAhir Hidayatullah
CEO, SMOkescreen

Trainer at blackhat USA

Sudarshan Pisupati
Principal Consultant, SMOkescreen

TRainer at Blackhat usa

Sahir Hidayatullah is the CEO of Smokescreen, one of the industry’s leading deception technology companies. He developed one of the first commercial memory forensics solutions for rootkit and stealth malware detection, and has delivered workshops on deception, red-teaming, and digital forensics for numerous premier institutions. He is a regular speaker on cyber deception strategy, including a keynote session at RSA Abu Dhabi 2016. Sahir is a serial cybersecurity entrepreneur whose past ventures have undertaken red team assessments and performed incident response for multiple data breaches. His work has been a cover story in Fortune Magazine, India, and he’s often quoted on cybersecurity in print and television media.

Sudarshan has been a red-team specialist for 8 years, his previous stint was at Ernst & Young, USA, handling red-team assessments for select Fortune 100 companies. He has been a trainer
on offensive security at Black Hat USA, 2018. At Smokescreen, he runs a team of some of the industry’s best redteam and incident response professionals. He also researches deception defences for our IllusionBLACK product. Sudarshan specialises on Windows domain security, and has a 99% successful track-record of breaching high-security environments (ask him about the 1% where he failed)! In his free time he listens to and plays heavy metal.

SACON - India's only Security Architecture Conference & training

Pre-Register & Get Access to Special Discount Vouchers! *

Workshop : Automated Defence using cloud services for aws, azure & gcp (1 Day)

Topic Brief :

Monitoring for attacks and defending against them in real-time is crucial. Defending our cloud infrastructure during attacks can prove to nightmare even with the currently available solutions in the market. We live in cloud first era where the cloud is our first choice of deployment due to the convenience and scalability. In this workshop, we will learn how to defend our cloud infrastructure using Serverless and Elastic Stack. Elastic Stack will collect, analyse logs and triggers alerts based on configured rule-set. Serverless stack drives the defence to perform automated blocking. It will be configured based on the use case and type of attacks. The currently solution works on AWS, Azure and GCP. It can be extended for other providers and custom solutions like in house firewalls, IPS, etc.

Some of the real-world scenarios we will be covering during the workshop includes

* SSH Brute-force detection & defence
* Content Management System Audit analysis (Azure)
* AWS IAM CloudTrail logs to detect and defend against backdoors (AWS)
* Container logs to defend Kubernetes security attacks(GCP)

 

Detailed Agenda :

We start by setting the stage for automated defence by deploying a centralized monitoring & alerting system. Then we focus on advancing the setup by adding Serverless stack to defend against the cloud infrastructure based on the near real-time alerts to match DevOps speed.

Some of the real-world scenarios we will be covering during the workshop includes

* SSH Brute-force detection & defence
* Content Management System Audit analysis (Azure)
* AWS IAM CloudTrail logs to detect and defend against backdoors (AWS)
* Container logs to defend Kubernetes security attacks(GCP)


High Level Overview:

* Environment setup using automated playbook
* Cloud providers accounts configuration
* Setting up hardened Elastic Stack using Ansible playbooks and Terraform
* Configuring cloud infrastructure to send logs to centralized monitoring system
* Attack patterns analysis and detection
* Building attack monitoring dashboards
* Setting up near real-time alerts (slack, email, etc.)
* SSH brute-force attack against infrastructure
* Building security dashboards for analysis
* Detecting the attack and applying real-time defence
* CMS application service attack simulation
* Attack audit analysis using security dashboards
* Deploying the automated defence
* Setting up monitoring system AWS CloudWatch and AWS CloudTrail logs
* Abusing metadata and gaining access to compromised AWS IAM keys for users and roles
* Identifying compromised IAM keys usage using AWS CloudTrail logs
* Defending against IAM compromised keys using Serverless (AWS Lambda)
* Setting up automated Kubernetes infrastructure with services
* Monitoring Kubernetes security events for attacks
* Attacking containerized applications in Kubernetes
* Near real-time automated defence against Docker container security attacks

 

 

Attendee Requirements :

  • Most of the workshop will be covered using demonstrations and discussions around the scenarios
  • Laptop with browser and wireless connectivity would be useful

MAdhu akula
appsecco

trainer at blackhat usa

Madhu Akula is a security ninja, published author and Security Automation Engineer at Appsecco. He is passionate about DevOps and security and is an active member of the international Security and DevOps communities. His research has identified vulnerabilities in over 200 companies and organisations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress and Adobe, etc. He is co-author of Security Automation with Ansible2, which is listed as a technical resource by Red Hat Ansible. Madhu frequently speaks and runs technical sessions at security events and conferences around the world including; DEF CON 24 and 26, Blackhat USA 2018, USENIX LISA 2018, Appsec EU 2018, All Day DevOps 2016, 2017 & 2018, DevSecCon London, Singapore and Boston 2016, 2017 & 2018, DevOpsDays India, c0c0n 2017, 2018, Serverless Summit, null and multiple others.

SACON - India's only Security Architecture Conference & training

Pre-Register & Get Access to Special Discount Vouchers! *

Workshop : Cloud Pentesting (1/2 Day)

Topic Brief :

This course is for those interested in cloud penetration testing.

Detailed Agenda :

  • Introduction to Cloud Computing (10 minutes)
  • Product Offerings by Major Vendor’s (15 minutes)
    • AWS
    • Azure
    • GCP
    • Openstack
  • How does Cloud Pentesting differs from Conventional Pentesting (10 minutes)
  • Explore Attack Surfaces on  different Cloud environments IaaS, PaaS, SaaS, Serverless (10 minutes)
  • Exploiting Metadata API’s
  • Abusing cloud storage
  • Forensic anaylsis of cloud snapshots
  • Attacking Azure AD
  • Attacking Serverless
  • Understanding and attacking IAM Services
  • Various Case Studies

Attendee Requirements :

  • Will be updated soon

Anant Shrivastava
notsosecure

trainer at blackhat usa

Anant Shrivastava is a well known security expert know for his Blackhat Trainings. He is a contributor to Null-the open security community. 

Specialties: Application security, application development, systems & server admins & more

 

SACON - India's only Security Architecture Conference & training

Pre-Register & Get Access to Special Discount Vouchers! *

Workshop : Practical Mobile Application Exploitation (1 Day)

Topic Brief :

This course is for android and iOS exploitation techniques. These will be practical hands on sessions. It will include Advanced Auditing of iOS and Android Applications, Reverse Engineering, Bypassing Obfuscations, Debugging Android and iOS applications, Runtime manipulation based attacks, Automating security analysis, Exploiting and patching apps, Advanced ARM Exploitation, API Hooking and a lot more.

Detailed Agenda :

Module 1 :

  • Diving into Android
  • Setting up a Mobile Pentest Environment
  • Android Security Architecture
  • Permission Model Flaws
  • Getting familiar with ADB
  • Activity and Package Manager Essentials
  • API level vulnerabilities
  • Rooting for Pentesters Lab
  • Android ART and DVM Insecurities


Module 2 :

  • Android App for Security Professionals
  • Security Analysis of AndroidManifest.xml
  • Reverse Engineering for Android Apps
  • Smali for Android 101
  • Smali Labs for Android
  • Cracking and Patching Android apps
  • Understanding Dalvik
  • Dex Analysis and Obfuscation
  • Android Application Hooking
  • Dynamic Dalvik Instrumentation for App Analysis
  • Creating custom Hooks

 

Module 3 :

  • Application Specific Vulnerabilities
  • Static Analysis of Android Apps
  • Attack Surfaces for Android applications
  • Exploiting Side Channel Data Leakage
  • Exploiting and identifying vulnerable IPCs
  • Exploiting Backup and Debuggable apps
  • Exploiting Exported Components
  • Webview based vulnerabilities
  • Dynamic Analysis for Android Apps
  • Logging Based Vulnerabilities
  • Insecure Data Storage
  • Network Traffic Interception
  • Analysing Network based weaknesses
  • Exploiting Secure applications
  • Analysing Proguard, DexGuard and other Obfuscation Techniques
  • OWASP Mobile Top 10
  • Using Drozer for Exploitation
  • Exploiting Android apps using Frida
  • Analysing Android apps using Androguard
  • Analysing Native Libraries
  • Security Issues in Hybrid Apps

 

Module 4 :

  • Getting Started with iOS Pentesting
  • iOS security model
  • App Signing, Sandboxing and Provisioning
  • Setting up XCode
  • Changes in iOS 10
  • Exploring the iOS filesystem
  • Intro to Objective-C and Swift

 

Module 5 :

  • Setting up the pentesting environment
  • Jailbreaking your device
  • Cydia, Mobile Substrate
  • Getting started with Damn Vulnerable iOS app
  • Binary analysis
  • Finding shared libraries
  • Checking for PIE, ARC
  • Decrypting ipa files
  • Self signing IPA files

Module 6 :

  • Static and Dynamic Analysis of iOS Apps
  • Static Analysis of iOS applications
  • Dumping class information
  • Insecure local data storage
  • Dumping Keychain
  • Finding url schemes
  • Dynamic Analysis of iOS applications
  • Cycript basics
  • Advanced Runtime Manipulation using Cycript
  • Writing patches using Theos
  • Frida for iOS
  • Method Swizzling
  • GDB basic usage
  • GDB kung fu with iOS

 

Module 7 :

  • Exploiting iOS Applications
  • Broken Cryptography
  • Side channel data leakage
  • Sensitive information disclosure
  • Exploiting URL schemes
  • Client side injection
  • Bypassing jailbreak, piracy checks
  • Inspecting Network traffic
  • Traffic interception over HTTP, HTTPs
  • Manipulating network traffic
  • Bypassing SSL pinning
    Module 8 : Reversing iOS Apps
  • Introduction to Hopper
  • Disassembling methods
  • Modifying assembly instructions
  • Patching App Binary
  • Logify, Introspy, iNalyzer, Snoopit

 

Module 9 :

  • Securing iOS Apps
  • Securing iOS applications
  • Where to look for vulnerabilities in code?
  • Code obfuscation techniques
  • Piracy/Jailbreak checks
  • iMAS, Encrypted Core Data

All the above mentioned topics are taught with an extremely hands-on
lab based practical sessions.

 

Attendee Requirements :

  • Will be updated soon

Subho Halder
CTO, APPKNOX

trainer at blackhat usa

Subho is the Co-Founder and CTO at Appknox, a mobile security company that helps developers and companies to build secure mobile application. He looks after the security technologies and the product development to ensure we are always ahead in our game.

Subho has previously developed AFE (Android Framework for Exploitation) and has done in-depth research and analysis on mobile platforms. He has been also listed multiple number of times in various Hall Of Fame for finding out critical security vulnerabilities in Google, Apple, Facebook, Microsoft, and many more. He has presented many talks and conducted workshops at conferences like BlackHat, Defcon, ToorCon, SysCan, ClubHack, NullCon, OWASP AppSec, RSA Conference.

His key speaking and training engagements include ‘Mobile Hacking Training’ at Blackhat 2014, ‘Android & iOS hands on exploitation’ at SyScan 2014, Mobile Hacking 2 at Blackhat 2013, ‘Advanced Android & iOS hands on exploitation’ at OWASP AppSecAsia 2013, ‘The Droid Exploitation Saga’ at OWASP Appsec Asia,’Stand Close to Me, & You’re pwned: Owning SmartPhones using NFC’ at Clubhack 2012 & many more

Honorable mentiones include Apple Inc, Google on Goolge Hall Of Fame, Microsoft Security, Facebook

SACON - India's only Security Architecture Conference & training

Pre-Register & Get Access to Special Discount Vouchers! *

Workshop : Extreme Web Hacking using cyber range (1 Day)

Topic Brief :

Bring out the hacker in you by trying out Security Innovation’s Hacking CyberRange – specially designed web applications with real world vulnerabilities. A parallel class session will also teach novices about how to uncover simple vulnerabilities and evolve into uncovering more complex vulnerabilities. You can simply sit and learn or get straight to hacking our application or follow along and do both. Live scores of participants will be displayed (you can use your hacker name instead of real name) and the top three scorers will get super cool prizes.

Detailed Agenda :

  • Introduction to CyberRange
  • Introduction OWASP top 10
  • Cross-Site Scriting Attacks
  • XML Injection
  • Cross-Site Request Forgery
  • SQL Injection Attacks, error based, time based and data exfiltration using SQL Injection
  • Insecure File Upload Attacks
  • Privilege Escalation
  • XPath Injection

 

Attendee Requirements :

Attendees must have a laptop with min 4 GB RAM.
Software needed:
Any web browser.
Proxy tool such as OWASP Zap (https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) or Burp Proxy Free (https://portswigger.net/burp/communitydownload).

Aditya Kakrania
Director, Security Innovation

Security technology expert

Aditya Kakrania is the director at Security Innovation. This session might be taken by other speakers from Security Innovation. Details will be updated soon

SACON - India's only Security Architecture Conference & training

Pre-Register & Get Access to Special Discount Vouchers! *

Workshop : CyBER LAW PRACTICES FOR incident response (1/2 Day)

Topic Brief :

Cybersecurity breach incidents continue to increase in number and frequency that is
compelling the board of directors to focus on the oversight and management of the
cybersecurity incidents. The financial losses and irreparable reputational damage such
incidents inflict cannot be overcome unless there is a clear strategy defined by the board to
deal with it. Many corporations are making wise investments related to security that is
aiding to create a significant difference when cybercriminals try to attack.
Evaluating the impact of any cybersecurity breach incidents cannot be known immediately
post incident as most of the times the corporate do not know what the criminals will be
doing with the data exfiltration. Successful cyber attacks are launched against the
corporations who do not have a strategy to implement safe security practices in protecting
the consumer or employee personal information. Majority of the cyber-attacks on the
corporations are due to the absence of implementation of internal controls to protect the
sensitive information. Fear of negative publicity and undue delay in the legal proceedings
also prevent them from notifying to the law enforcement authorities.
The boards should clearly draw directions on how and when to contact the law enforcement
and other regulatory bodies regarding insider or outsider threats, keeping in view the legal
requirements of notifying any cybersecurity breach incidents. Working with law
enforcement agencies has some significant benefits like compelling the third parties to
disclose data that are required to know the source of the attack and also reconstruct how
the incident took place.
Working closely with the Law enforcement will also be looked favourably by the
shareholders, the public, and other associated parties. The successful prosecution of
cybercriminals will not entirely forestall the further harm but, also deter others from
committing the crimes.

Detailed Agenda :

  • How Cybercrimes are evolving & how enterprises should gear up to respond?
  • What steps do organizations need to choose to draw clean lines of accountability
    and responsibility for cybersecurity efforts to fend off and cut the impact of
    cybercrime?
  • What are the benefits of working closely with the Law enforcement agencies, while
    dealing with any cybercrime incidents? What are the best practices for Law
    enforcement interactions?
  • Legal aspects of dealing with the cybercrime incidents- Role of corporate legal
    counsel to help draw effective strategies.
  • How to bridge the gap in the perception of Cybersecurity governance effectiveness
    between the board and the security team.

Attendee Requirements :

  • To be updated

Venkatesh murthy k
deputy director
DATA Security Council Of India

Cyber crime expert

Venkatesh Murthy has over 13 years’ experience in Cybercrime Investigation training and computer forensics. He is currently managing a program for capacity building of Law Enforcement Officials by training through the Cyber Forensics initiative of DSCI.

Mr. Murthy has conducted exclusive cybercrime training programs for Police, Prosecution and Judiciary officers of India. He has also significantly contributed in the development of International Cyber Forensics credential (ISC) 2 –CCFP in the workshops held at Miami,
Orlando, Washington DC during 2013- 2015.

He is an alumnus of IVLP program of US Department of State on the topic “Linking Digital Policy to Cybercrime Law enforcement” in Feb 2017.
He holds a Bachelor’s of Engineering degree in Telecommunication from Visvesvaraya Technological University, Karnataka

SACON - India's only Security Architecture Conference & training

Pre-Register & Get Access to Special Discount Vouchers! *

Workshop : Practical threat hunting using open source tools (1/2 Day)

Topic Brief :

Threat hunting can seem intimidating at first. How can you come to grips with threats that
don’t use known malware or indicators of compromise? How can you deduce the
presence of “fileless” attacks that leave no files or malicious tools on a hard drive?
This workshop will uncover the art of threat hunting, looking for what gets missed using
automated tools and use cases leveraging open source hunting tools and techniques, including hunting in memory, hunting on the cheap and hunting for persistence.
We will begin with an overview of threat hunting, then introduce techniques you can use today to stop unknown suspicious activity in your network. You will learn how to find ongoing attacks by proactively searching for signs of fileless attacks, persistence mechanisms, evidence of lateral movement, and credential theft.In this practical session, you will learn how to create your own enterprise-wide hunting platform using ELK with data enrichment feeds. Additionally, creating the means of retrieving the data from the various endpoints and data sources will also be introduced and explained throughout the session. This workshop will teach you how to not only set up an ELK server specifically geared to facilitate powerful hunting, but will also show you how to collect data efficiently from every single endpoint on your network in a very short span of time, thereby enabling you to proactively hunt on a regular basis.

Detailed Agenda :

  • Threat Hunting Models and Hypothesis Building
  • Threat Hunting using input from Threat Intelligence
  • Indicators of Compromise
  • Knowing how to find bad – Log Analysis, Web Application Logs, Network Forensics and Packet Analysis, DNS and DHCP Log analysis and real time packet sniffing
  • Data collection methods
  • Logstash
  • Elasticsearch basics
  • Kibana basics
  • Building Visualizations
  • Building Dashboards
  • Data enrichment
  • Real-time data collection
  • Machine Learning for Threat Hunting
  • Final Exercise – 3 Use Cases to Hunt

Attendee Requirements :

  • Attendees must have windows 10 laptop / Mac OS with atleast 16GB RAM and atleast 100gb of free disk space
  • Virtualization software capable of running VMDKs and OVA files (Preferred Kali)

Chandra Prakash Suryawanshi
SVP, AUjas

SOC, DLP, IR Expert

Chandra Prakash has completed several MDPs from ISB, Harvard, Stephen Covey institutes. 

Specialties: Managed Services – NG-SOC, DLP, DAM, EDR, IR and Forensics, Deployment- SIEM Platform (Security Analytics/ Threat Intelligence/Full packet capture, EDR and IR automation ) Technology Risk Consulting, IT GRC, Data Protection and Cyber Security Strategy Management.

 

SACON - India's only Security Architecture Conference & training

Pre-Register & Get Access to Special Discount Vouchers! *

Call For Speakers

Call For Papers Date: 21st August to 15th October, 2018. (Closed Now)

SACON is the only conference on Security Architecture & the largest security conference in India of Senior Security Executives, Chief Information Security Officers, Security Architects, Developers, Engineers & more The 2 day conference & training will host over 1000+ attendees with the most celebrated global Security professionals along with the top Chief Security officers in India with over 50+ sessions and 30+ International Speakers from different countries sharing their insights and experiences with the CISOs working to secure businesses of all sizes in various innovative ways.

Conference & Training

Deep Dive Training "Hands-on Workshop"

Technical Workshops would be hands on and would be presented by foremost technology experts to help you for deep-diving & informed decision making through live demos and training

Best of the World "Turbo Sessions"

This series shall invite the top speakers & security researchers across the world who made significant contribution in the field of security in recent past who would share knowledge through 18 minute "Turbo Sessions"

CISO Decision Tools "Frameworks"

Tools, Frameworks & Checklists shall be presented to help Senior Security Decision Makers for better & structured decision making (strategy, implementation of successful projects & practical hands-on insights)

What Are Attendees Saying?

If I hadn't come, it would take another 2 to 3 years to learn and understand these tools
SACON
VIJAY KUMAR REDDY​
L&T INFOTECH​
The principles .. gives a structure to the thought process and to the approach .. a very critical element for everything...
Manoj Kuruvanthody
Infosys
Very insightful, will definitely help us create a very effective security architecture
Anil Kumar K K
DTDC

Who Covered US

Meet Our Previous Speakers

SACON - India's only Security Architecture Conference & training

Pre-Register & Get Access to Special Discount Vouchers! *

TOP talks

1000+ Organizations Attended

SACON - India's only Security Architecture Conference & training

Pre-Register & Get Access to Special Discount Vouchers! *

Agenda (DAY1)

This workshop will introduce attendees to Windows & Linux forensics using 100% free and open source software. Python and shell scripting will be used to easily analyze both Windows & Linux systems at deep level

In this training, we will understand, learn, implement and design different types of deceptions and use of decoys, lures, canaries, accounts, tokens and a lot more. We will use built-in OS tools and scripts to quickly deploy deception techniques enterprise-wide with and without agents on computers. We will see some unique deception techniques and also use existing ones.

Deception for Red Teams will also be practiced. Red Teams have been using deception more effectively – Social engineering, phishing, fake documents and more attacks. We will practice some of the attacks but focus more on identifying deception by Blue Team and counter-deception. We will also see case studies of stopping advanced adversaries using deception techniques.

Bring out the hacker in you by trying out Security Innovation’s Hacking CyberRange – specially designed web applications with real world vulnerabilities. A parallel class session will also teach novices about how to uncover simple vulnerabilities and evolve into uncovering more complex vulnerabilities. You can simply sit and learn or get straight to hacking our application or follow along and do both. Live scores of participants will be displayed (you can use your hacker name instead of real name) and the top three scorers will get super cool prizes.

Agenda (DAY2)

My session will show how to design a security architecture that guides an organisation on what safeguards must be implemented in order to address real world risks and threats. Organisations have a limited budget, the question is, how does the security architect determine what to spend their limited time and budget on in order to obtain the best outcome and return on investment. My method of designing a security architecture brings together the following: Sherwood Applied Business Security Architecture (SABSA), Intel’s Threat Agent Risk Assessment (TARA), Lockheed Martin’s Cyber Kill Chain and threat driven approach, Mandiant’s M-Trends report, Verizon’s Data Breach Investigations Report, ASD Essential 8 and Mitre’s Adversarial Tactics, Techniques & Common

Knowledge. The structured use of all of these techniques and methodologies (whole and in parts) will allow security practitioners to design a security architecture that addresses the threat actors and adversaries most likely to launch attacks and mitigate their specific tactics and procedures that will be used.

This workshop will teach you how to not only set up an ELK server specifically geared to facilitate powerful hunting, but will also show you how to collect data efficiently from every single endpoint on your network in a very short span of time, thereby enabling you to proactively hunt on a regular basis.

This workshop includes introduction to cloud computing, product offerings by major vendors (AWS, Azure) etc. , exploring attack surfaces, forensic analysis, exploiting metadata API etc.

Majority of the cyber-attacks on the corporations are due to the absence of implementation of internal controls to protect the sensitive information. Fear of negative publicity and undue delay in the legal proceedings also prevent them from notifying to the law enforcement authorities.
The boards should clearly draw directions on how and when to contact the law enforcement and other regulatory bodies regarding insider or outsider threats, keeping in view the legal requirements of notifying any cybersecurity breach incidents. Working with law
enforcement agencies has some significant benefits like compelling the third parties to
disclose data that are required to know the source of the attack and also reconstruct how the incident took place.

Monitoring for attacks and defending against them in real-time is crucial. Defending our cloud infrastructure during attacks can prove to nightmare even with the currently available solutions in the market. We live in cloud first era where the cloud is our first choice of deployment due to the convenience and scalability. In this workshop, we will learn how to defend our cloud infrastructure using Serverless and Elastic Stack. Elastic Stack will collect, analyse logs and triggers alerts based on configured rule-set. Serverless stack drives the defence to perform automated blocking. It will be configured based on the use case and type of attacks. The currently solution works on AWS, Azure and GCP. It can be extended for other providers and custom solutions like in house firewalls, IPS, etc.

Some of the real-world scenarios we will be covering during the workshop includes

* SSH Brute-force detection & defence
* Content Management System Audit analysis (Azure)
* AWS IAM CloudTrail logs to detect and defend against backdoors (AWS)
* Container logs to defend Kubernetes security attacks(GCP)