21 & 22 February | Bangalore | Conference & Training
* PAST SACON WAS sold out. register for 2 for 1 code for next sacon
Conference & Trainings
Security Architecture Conference started as a simple idea to grow the Information Security builder community. The 5th edition of SACON is organized by CISO Platform, the largest social collaboration platform exclusively for CISOs and senior information security executives with 60,000+ subscribersJoin the largest security architecture conference in the region. | 18 – 19 May | Pune | India. Learn Security Architecture, Application Security Architecture, OSINT, Darkweb & More.
“If I hadn’t come, it would take another 2 to 3 years to learn and understand these tools”
Call For Speakers
Call For Papers Date: Open Now
SACON is the only conference on Security Architecture & the largest security conference in India of Senior Security Executives, Chief Information Security Officers, Security Architects, Developers, Engineers & more The 2 day conference & training will host over 1000+ attendees with the most celebrated global Security professionals along with the top Chief Security officers in India with over 50+ sessions and 30+ International Speakers from different countries sharing their insights and experiences with the CISOs working to secure businesses of all sizes in various innovative ways.
Intrusion Analysis Expert
Adventures in SDN Security
Introduction: Based on a recent talk of mine on SDN and 5G, this will be a deep dive into the Software Defined Network (SDN) side of things. We will hit SDN and hit it hard. After a rundown of recent work in SD-WAN, I will return to where it all started with the Software Defined Data Center (SDDC). Briefly reviewing my previous work with open source controllers and white box switches, we will take a look at my recent work with Cisco’s APIC and Big Switch Network’s Big Switch Fabric. This will be a deeply technical talk where we will cover the risks, the threats, and the attacks useful against SDN. Most importantly, we will talk about how to secure it. Because if your network isn’t safe, neither are you
•Software Defined Networks – Influencers, Market Segments, and Realized Benefits
• SD-WAN (Risks) – Operational and Security
• SD-WAN (Threats) – Vulnerabilities and Attacks
• SD-WAN (Securing) – General Approaches and Case Study
• SDDC (Risks) – Operational and Security
• SDDC (Threats) – Vulnerabilities and Attacks
• SDDC (Securing) – General Approaches and Case Study
Attendee Requirements: Attendees should have a basic understanding of the network, of network protocols especially SSL/TLS, of network architecture, and of common attack vectors such as Cross-Site Scripting (XSS), Command Injection, etc. No special equipment will be required. Most of the workshop will be covered using demonstrations and discussions around the scenarios.
About Speaker: Gregory Pickett CISSP, GCIA, GPEN has a background in intrusion analysis for Fortune 100 companies but now heads up Hellfire Security’s Managed Security Services efforts and participates in their assessment practice as a network security subject matter expert. As a security professional, his primary area of focus and occasional research is networks with an interest in using network traffic to better understand, to better defend, and sometimes to better exploit the hosts that live on them.
Frequent Speaker at DEFCON, BSides
Windows Malware 101: Reverse Engineering and Signature Generation
Introduction: The workshop will cover some key topics of Windows malware reverse engineering, starting from the basics of the Windows executable file format up to the modern techniques and FOSS services to analyze malware samples at scale. Finally, it will cover the basics of malware signatures, and it will present a tool, YaYaGenPE, to automatically generate them. During the workshop, Python notebooks and other FOSS tools will be used to show an interactive analysis of some recent Windows malware samples.
- Basics of Windows malware reverse engineering
The Portable Executable (PE) file format
Dissecting Windows malware PE files with Python.
- Malware analysis at scale:
The role of automation
Function recognition with FIRST
Binary decompilation with Ghidraaas and GhIDA
- Signature generation:
The basics of a malware signature
Automatic signature generation with YaYaGen.
Attendee Requirement : Participants will need a laptop with a recent 64-bit version of Linux, Python 3.7, Jupyter, the freeware version of IDA 7.0, and Docker installed. Internet access may be required to download additional Python packages.
About Speaker : Andrea Marcelli is a Malware Research Engineer at Cisco Talos Intelligence Group and a PhD candidate in Computer and Control Engineering at Politecnico di Torino in Italy. In his PhD, he studied the large-scale processing of Android malware, proposing a semi-automated system to provide fast coverage and detect new malware variants. He presented part of his research at BSidesLV and DEFCON26. Currently his research interests include automated malware analysis, semi-supervised modeling, and graph isomorphism.
Past RSA USA Speaker
On the Wings of Time: Past, Present, and Future of Radio Communication
Introduction: Overview, Ideas, and Prospectus of the attack and defense in the field of wireless security
- Joys of the Past: History of Attack: From hijacking communication in 1903 to cracking the Enigma during WWII, Wireless Attacks have evolved significantly over the years. While these attacks have attempted to cripple cities, they also provide an opportunity for our attendees to learn from such incidents and appropriately build security controls to safeguard against them. We would be discussing what might have possibly gone wrong with a few case studies.
- Current State of Industry & Sutra for Mitigation: Detailed usage guide of wireless security tools. Security issues in various kind of wireless system: RFID/NFC, short distance 433/315MHz communication, ADS-B, BLE, ZigBee, satellite communication, etc. Various Analytical matrices to compare the designed wireless security algorithm
- Glimpse of the Future: Hackers have a new way to profit off our security cameras, smart lighting, and even our fancy new coffee pot: crypto-jacking, we will discuss how can one detect and prevent such crypto-jacking attacks.
Privacy Expert, Founder @Arrka
Privacy Basics Workshop
Introduction: This session first covers the privacy basics followed by handling specific challenges in implementing privacy program
Part A: (Duration- 2-2.5 Hours) A Workshop on Privacy Basics
(Objective is to ensure everyone has clarity on what Data Privacy entails and how it is different from Data Security)
In this, we will also cover basic privacy program implementation frameworks.
Part B: Deep Dive Sessions into specific aspects & challenges of implementing a Privacy Program
Some tentative topics:
Data Mapping & Data Flow Analysis – how it sets the foundation for a Privacy Program, challenges in doing this, etc
Data Privacy by Design & Default
Privacy Breaches: Beyond Data Leakage
GDPR – an Overview
India PDPA – an Overview
Privacy Trackers & Markers in the digital world – and their impact on an organization
About Speaker: She has over 20 years of experience in the domains of information risk & privacy, e-commerce & networks. She has handled multiple roles over the years at Sify and Wipro – which include heading the global application security & identity management practice at Wipro, setting up India’s first licensed certifying authority for digital signatures in collaboration with Verisign at Sify, launched and managed the first enterprise IP network services in India at Sify, etc. She set up Arrka Consulting – her own venture – a few years ago. Arrka provides consulting, advisory and training services in the information risk & privacy domain, Nadkarni has recently authored the first book on Data Privacy in India for DSCI, as part of their new privacy certification program – DCPP.
2019 SACON Speakers
Dr. Phil Polstra
AUTHOR OF ‘LINUX FORENSIC’, FREquent speaker at defcon, blackhat
Workshop : LINUX & windows forensic
(1 Day): This workshop will introduce attendees to Windows & Linux forensics using 100% free and open source software. Python and shell scripting will be used to easily analyze both Windows & Linux systems at deep level.
FREQUENT SPEAKER AT RSA APJ, ISC2 & MORE
My session will show how to design a security architecture that guides an organisation on what safeguards must be implemented in order to address real world risks and threats. Organisations have a limited budget, the question is, how does the security architect determine what to spend their limited time and budget on in order to obtain the best outcome and return on investment.
Frequent Trainer at blackhat usa
In this workshop, we will learn how to defend our cloud infrastructure using Serverless and Elastic Stack. Elastic Stack will collect, analyse logs and triggers alerts based on configured rule-set. Serverless stack drives the defence to perform automated blocking. It will be configured based on the use case and type of attacks. The currently solution works on AWS, Azure and GCP. It can be extended for other providers and custom solutions like in house firewalls, IPS, etc.
Join 600+ SACONites here in Bangalore @ Taj Yeshwantpur