draft:nullcon

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search


nullcon is a series of Information Security Conference and Training. The nullcon motto is 'the neXt security thing!'.

nullcon
Nullcon International Security Conference Logo.png
Haroon meer keynote speaker at nullcon 2018.jpg
Haroon Meer, a keynote speaker at nullcon Goa 2018
StatusActive
GenreInformation Security Conference, Hacker Conference
Date(s)Training: February 26-28, 2019
Conference: March 1-2, 2019
BeginsFebruary 26, 2019 (2019-02-26)
EndsMarch 2, 2019 (2019-03-02)
FrequencySeveral times a year
VenueHoliday Inn Resort, Goa
Location(s)Goa, Bangalore, Hyderabad, Delhi
CountryIndia
Years active9
InauguratedFebruary 6, 2010; 9 years ago (2010-02-06) [1]
FoundersAntriksh Shah
Aseem Jakhar
Murtuja Bharmal[2]
Most recentJune 20, 2018; 14 months ago (2018-06-20)
Previous eventHotel Royal Orchid, Bangalore; June 20-22, 2018
Next eventHoliday Inn Resort, Goa; February 26, 2019; 6 months ago (2019-02-26)
Attendance1500[3]
Organized byPayatu
Websitenullcon.net
Nullcon on Twitter
Nullcon on Facebook

In 2015, Tripwire (company) listed nullcon as one of the top conferences in Information security [Readers’ Choice Edition][4]

Venues, dates and attendance[edit]

nullcon Conferences and Training[edit]

nullcon Conference/Training Location Days Year Attendance
nullcon Goa 2010 Conference The RETREAT by Zuri, Goa, India February 6-7 2010 100
nullcon Goa 2011 Conference The RETREAT by Zuri, Goa, India February 25-26[5] 2011 180
nullcon Goa 2012 Conference and Training The Bogmallo Beach Resort, Goa, India February 15-18[6] 2012 260
nullcon Delhi 2012 Conference and Training The Leela Kempinski, Gurgaon, India[7][8] September 26-29[9] 2012 200
nullcon Goa 2013 Conference and Training The Bogmallo Beach Resort, Goa, India Februry 27-28

March 1-2

2013 350
nullcon Goa 2014 Conference and Training The Bogmallo Beach Resort, Goa, India February 13-15 2014 500
nullcon Goa 2015 Conference and Training The Bogmallo Beach Resort, Goa, India[10] February 4-7 2015 650
nullcon Goa 2016 Conference and Training The Bogmallo Beach Resort, Goa, India March 9-12 2016 850
nullcon Bangalore 2016 Training Hotel Royal Orchid, Bangalore, India October 13-15 2016 90
nullcon Goa 2017 Conference and Training Holiday Inn Resort, Goa, India[11] February 28

March 1-4[12]

2017 1100
nullcon Hyderabad 2017 Training Courtyard by Marriott, Hyderabad, India July 14-15 2017 31
nullcon Goa 2018 Conference and Training Holiday Inn Resort, Goa, India February 27-28

March 1-3[13]

2018 1450[14]
nullcon Bangalore 2018 Training Hotel Royal Orchid, Bangalore, India June 20-22 2018 91
nullcon Goa 2019 Conference and Training Holiday Inn Resort, Goa, India February 26-28

March 1-2

2019 TBD

Notable incidents[edit]

In 2012, Security Researcher Rahul Sasi, exposed vulnerabilities of Interactive Voice Response System (IVRS) of leading banks at nullcon Goa.[15]

In 2013, Chief Minister of Goa at the time, Manohar Parrikar attended nullcon Goa. He promised that government will fully support cyber security initiatives in Goa and highlighted the importance of cyber security to the nation. For first time, Government in India paid bounty prize of Rs. 35,000 to a security researcher for hijacking the command and control server of the attackers.[16]

In 2016, at nullcon Goa, NCC Group Security Consultant Clint Gibler, showcased how automated vulnerability scanners turn up mostly false positives. He discussed insights gained from analyzing the results of running a commercial security scanner on 100 international companies across 10 industry verticals, including Financial Services, IT, and Healthcare, from 2014 through 2015. The result of that effort was some 900,000 security-related red flags, and a false positive rate of 89 per cent in some industries.[17] On other hand, Security Researchers Julien Moinard and Gwénolé Audic, produced a security testing framework to automate vulnerability scans for IoT/Hardware Devices called hardsploit[18]

In 2016, Russian Security Researcher, Timur Yunusov presented critical vulnerabilities in routers and 3G/4G modems from Huawei, ZTE, Gemtek, and Quanta Computer. He demonstrated how most of the modems can be turned into tracking devices remotely due to various vulnerabilities and firmware update processes weaknesses.[19]

In 2016, Facebook Security Team attended nullcon Goa with bug bounty teams from Google, Microsoft, Bugcrowd, and Mozilla Corporation to thank the security researchers in India. Facebook announced that India tops the list of 127 countries whose researchers contribute to its bug bounty program.[20]

In 2016, Security Researcher, Craig Smith released a free tool called UDSim at nullcon Goa, which automatically start “fuzzing” a car at the click of a button.[21]

In 2017, Google announced better payouts at the higher levels in the Google Vulnerability Rewards Program at nullcon Goa event. The reward payout for “Remote code execution” was increased from $20,000 to $31,337. Additionally, the reward for “Unrestricted file system or database access” findings was increased from $10,000 to $13,337.[22][23]

In 2017, CloudSek Founder & CTO Rahul Sasi, revealed his ambitious project Cloud-AI at nullcon Goa. Sasi and his team at CloudSek trained his machine against popular cloud applications including LinkedIn and Facebook, finding 10 dangerous insecure direct object reference vulnerabilities.[24]

In 2018, Director of Indian Computer Emergency Response Team (CERT-In), Sanjay Bahl was keynote speaker at nullcon Goa. Where he urged security researchers to come forward and work with the government.[25]

In 2018, Director of Cybersecurity at Electronic Frontier Foundation, Eva Galperin attended nullcon Goa. She urged Indian digital users to take efforts to protect their online privacy by adopting safe practices as tools designed for spying are increasingly getting cheaper.[26]

See also[edit]

References[edit]

  1. ^ "The story of Nullcon: India's biggest and most popular security conference". 2015-01-05.
  2. ^ "Cyber experts show vulnerability of GSM networks". 2012-02-19.
  3. ^ "Easy to recognise 'state-sponsored' malwares: Researchers at Nullcon". 2018-03-03.
  4. ^ BISSON, DAVID (2015-05-19). "More Top Conferences in Infosec – Readers' Choice". The State of Security. Archived from the original on March 4, 2016. Retrieved 2018-10-23.
  5. ^ "nullcon Goa – International Security Conference | Digit.in". Digit. February 15, 2011. Archived from the original on October 23, 2018. Retrieved 2018-10-23.
  6. ^ indiainfoline.com (February 14, 2012). "nullcon International Conference on Information Security in Goa". India Infoline News Service. Archived from the original on 2018-10-23. Retrieved 2018-10-23.
  7. ^ Haran, Varun (September 28, 2012). "nullcon Delhi 2012 - Day 1 - Live coverage". www.computerweekly.com. Archived from the original on August 13, 2017. Retrieved 2018-10-23.
  8. ^ Haran, Varun (September 29, 2012). "How to develop an insecure product - nullcon Delhi 2012: Day 2's action". www.computerweekly.com. Archived from the original on October 23, 2018. Retrieved 2018-10-23.
  9. ^ Bureau, OSFY (2012-07-26). "Nullcon - Open Source For You". Open Source For You. Archived from the original on August 24, 2016. Retrieved 2018-10-23.
  10. ^ Haran, Varun (February 6, 2015). "Inside nullcon Security Event". Bank Info Security. Archived from the original on December 27, 2017. Retrieved 2018-10-23.
  11. ^ "Base @ Nullcon GOA 2018 - Base Cyber Security". www.basecybersecurity.com. Archived from the original on October 23, 2018. Retrieved October 23, 2018.
  12. ^ Goel, Akash (January 16, 2017). "Nullcon 2017: A Pandora's box for Security? - Reflections Magazine". reflections.scit.edu. Archived from the original on October 23, 2018. Retrieved October 23, 2018.
  13. ^ Prasad, Yogesh (2018-02-22). "Introducing International Cyber Security Conference : Nullcon Goa 2018". Hackers Interview. Archived from the original on 2018-10-23. Retrieved 2018-10-23.
  14. ^ Khaira, Rachna (March 3, 2018). "Easy to recognise 'state-sponsored' malwares: Researchers at Nullcon". The Tribune. Archived from the original on March 3, 2018.
  15. ^ "Interactive response systems vulnerable to hacking: experts". The Hindu. PTI. 2012-02-17. ISSN 0971-751X. Retrieved 2018-10-24.CS1 maint: others (link)
  16. ^ "Will support cyber security initiatives: CM - Times of India". The Times of India. March 11, 2013. Archived from the original on October 24, 2018. Retrieved 2018-10-24.
  17. ^ Pauli, Darren (March 14, 2016). "Auto vulnerability scanners turn up mostly false positives". The Register. Archived from the original on October 31, 2017. Retrieved 2018-10-24.
  18. ^ Pauli, Darren (March 11, 2016). "Hardsploit: The handy hacker help for hapless hopeful hardware hacks". The Register. Archived from the original on July 15, 2016. Retrieved 2018-10-24.
  19. ^ Pauli, Darren (March 11, 2016). "0day remote code exec holes in mobile modems can read SMS and HTTP". The Register. Archived from the original on July 15, 2016. Retrieved 2018-10-24.
  20. ^ "Indian researchers contribute the most to Facebook's bug bounty program | Digit.in". Digit. Archived from the original on May 5, 2016. Retrieved 2018-10-24.
  21. ^ Fox-Brewster, Thomas. "Car Hacking Really Is For Dummies With This Sexy (And Free) Software". Forbes. Archived from the original on August 22, 2016. Retrieved 2018-10-24.
  22. ^ Siddiqui, Aamir (2017-03-07). "Google Announces Better Payouts in Vulnerability Rewards Program at Nullcon India". xda-developers. Archived from the original on 2017-03-09. Retrieved 2018-10-23.
  23. ^ Armour, Josh (March 2, 2017). "VRP news from Nullcon". Google Online Security Blog. Archived from the original on November 12, 2017. Retrieved 2018-10-23.
  24. ^ Pauli, Darren (January 25, 2017). "Human bot hybrid finds LinkedIn email, phone number-filching holes". The Register. Archived from the original on December 3, 2017. Retrieved 2018-10-24.
  25. ^ Shaikh, Shadma (2018-04-03). "Not a single person in the last one month has reported to CERT, including Elliot Alderson, says CERT-In director | FactorDaily". FactorDaily. Archived from the original on 2018-10-23. Retrieved 2018-10-23.
  26. ^ Christopher, Nilesh (2018-04-02). "Spyware is getting cheaper, Indian digital beware says EFF". The Economic Times. Archived from the original on April 3, 2018. Retrieved 2018-10-24.

External links[edit]