Null Bangalore Humla Meetup

February 25, 2015  |  Meetups

Null Bangalore Humla Meetup is on 28th February, 2015. This meetup has two sessions. Following are the details:

1. Detecting & Exploiting SQL Injection in Restful Webservices

Time: 10 AM to 1 PM

Null offensive hacking hands-on training.

Proposed sessions for this event:

  • Riyaz Walikar by Riyaz Walikar

Agenda -

Injection vulnerabilities exist within web services as well although seldom detected and exploited. Session will look at a simple RESTful web service, discuss various web methods it support and understand data flow.Session will then take a look at detecting and exploiting a SQL injection vulnerability, accessing the backend datastore and exfiltrating it using the browser.

Humla Champion -
Riyaz Walikar - http://swachalit.null.co.in/profile/10-riyaz-wali...

Hardware & Software Requirement - This will be a hands on session. Participants are required to bring their laptops with a browser to attend this session.

Link: http://swachalit.null.co.in/events/70-bangalore-nu...

2. Let's Start Volatility

Time: 2:30 PM to 6:00 PM

Null offensive hacking hands-on training.

Proposed sessions for this event:

  • Rajesh A. by Rajesh

Overview - We are conducting a n|u Humla session at Bangalore on Volatility. This will be a complete hands-on session where attendees will be introduced to Volatility memory forensics tool. We invite people who are really interested in memory forensics using volatility. This is a pre-invite based session and will be sending out invites only to 30 people.

Humla Champion - Rajesh A. Works as a Sr. Security Analyst at IBM India Pvt. Ltd. He has about 9+ years of experience in information security domain. Major part of his work experience goes in to VAPT. Associated with Bangalore NULL from more than 5 years. Interested in sharing knowledge, learning forensics and mobile security. Likes riding bicycles and motor cycles.

Agenda -
# how to start volatility - Hands on-Get ready with system
# Profiles (default)- talk/demo
# Plugins (default) - talk/demo
# Methods of acquiring memory dumps - talk/demo
# dump live memory of a VM - talk/demo
# Working on memory dump samples - Hands-on

Prerequisites -
Own Laptop or a computer with full privileged access (Avoid Company provided laptops with limited access).
Basic knowledge of Linux/Windows command line
Basic knowledge about networking, computer memory, Operating systems.

Hardware & Software Requirement -
A Laptop with an operating system that can run volatility and having 5Gb hard disk free space. It will good if volatility installed and working perfectly.
Installation (Expected version 2.4)
1. instructions and download links are available at http://www.volatilityfoundation.org/#!24/c12wa
OR
2. You can have KALI Linux as a virtual machine or Live running.

Links -
https://code.google.com/p/volatility/

What to Expect?
1. Basics of volatility
2. How to fetch information from memory using volatility and plugins
3. Profiles
4. Hands on with volatility

What NOT to Expect?
1. Advanced memory forensics
2. Advanced malware hunting
3. Deep drive in to memory

4. Detailed troubleshooting of installation problems.

Link: http://swachalit.null.co.in/events/69-bangalore-null-bangalore-humla-28-february-2015-let-s-start-volatility


Event Details

Location

InMobi Technologies, 7th Floor, Delta Block, Embassy Tech Square, Marathahalli-Sarjapur Outer Ring Rd, Bengaluru, Karnataka 560103, India

Google Map

Time & Date

Start: February 28, 2015 at 10:00 AM IST
End: February 28, 2015 at 6:00 PM IST