ClubHack 2009: Day 1

Recently, I attended this Hacking and Security conference ClubHack. It was an awesome 3 day experience listening to seminars, workshops and round table conferences by various eminent speakers and hackers from all over the world. The speakers flocked in from various domains: Telecom, US DoD (Department of Defence), Royal Bank of Scotland, McAfee and even from Pune Police, NASSCOM, CID and other eminent law enforcement agencies! I reached the venue at 8:30 AM, leaving from my institute at 715 AM. The venue was 30 kilometres from my institute!!

What: ClubHack 2009, a meeting place for hackers, security professionals, law enforcement agencies, students and all other security enthusiasts.
Where: The Corinthians Club, Pune (The venue was awesome!)
When: Saturday 5th and Sunday 6th December, 2009

ClubHack 2009: Day 1
5th December, 2009 was Day 1 for ClubHack. The registrations started at around 10 AM (an hour late due to setting up of the venue). There were 3 halls, 2 for the simultaneous talks and the 3rd one for networking, meals and snacks. The day started with the introduction of ClubHack, by Rohit Srivastwa, the founder of ClubHack. This was followed by a small talk by the Chief Guest of the day, Mr. Alok Vijayant, Director Information Group, MHA, Govt. of India. After the keynote speech, the Indian version of BackTrack, Matriux, was launched. A copy of the same distribution was also distributed to all the audience.

Chief Guest at ClubHack 2009

Matriux Launch

After a small round of snacks and networking, the attendees split up in two halls, according to their interest in the talk. The schedule for the same was:

from	to	Room1	Room 2
1000	1100	Registration
1100	1200	Keynote & Matriux Launch by Mr. Alok Vijayant. Director Information Dominance Group, MHA, Govt of India
1200	1300	Rohas Nagpal – Indian IT Act 2000 vs 2009	Manindra Kishore – Incident Handling and Log Analysis for Web Based Incidents
1300	1400	Anant Kochar – Revealing the Secrets: Source Code Disclosure, Techniques and Impacts	Abhijit Tannu – Facilitate Collaboration with Information Rights Management
1400	1530	Lunch
1530	1630	Nikhil Wagholikar in abstentia of K K Mookhey – Risk Based Penetration Testing	Suhas Desai – Open source for securing data with advanced Crypto-Steganography technology
1630	1730	Vinoo Thomas & Rahul Mohandas – India Cyber Crime Scene – Caught in the Crossfire	Lavakumar Kuppan - Lust 2.0 – Desire for free WiFi and the threat of the Imposter
1730	1830	Kush Wadhwa – Advance Computer Forensic concepts (windows)	Gursev Singh Kalra – Mobile Application Security Testing

Another superb thing was the “Internet Bakra”. Running sslstrip and dsniff on the free internet which was provided for the day, all the passwords were sniffed and later at the end of the talks, were shown to people (just the 1st two characters of the password) to explain them that entering personal information in free connections can be harmful. While this did

After all the talks, ClubHack threw a party (on invitation) for the speakers, the volunteers and a few attendees. The party was in Dolally, the only microbrewery in Pune. Dolally is an awesome place (for people who drink beer). It has a wide variety of beers which they brew in house. They also showed us how beer was brewed from around 10 different wheat types. It takes around 20 days to brew beer!! It also has a DJ which plays on-demand music for free!! It was fun discussing informal things with the people whom you saw in formals the whole day! At one particular incident, I couldn’t recognize Mr. Nikhil Wagholikar (from NII Consulting) in the party. He was totally in formals in the day time, and in the evening, total informals!! Dinner was in the same hotel, having a buffet with all the speakers, the volunteers and other guests.

ClubHack Day 1 Party at Doolally

The day ended at around 11 PM (for me, since had to reach my institute before the gates closed for us!!).

The Volunteering Team

• Pankit Thakkar
• Abhijeet Patil
• Murtuja Bharmal
• Aseem Jakhar (founder www.null.co.in)
• Tushar Dalvi
• Pradnya
• Antariksh Shah
• Prashant Mahajan
• Anish
• Ajit Hatti
• and a few more … Kudos to them for a successful Day 1 (and simultaneously, Day 2 and 3!!)

Finally, saying goodbye to everyone, we left for our college at around 11:30 PM (the gate closing ceremony of Symbiosis Infotech Campus, Hinjewadi takes place at 11:30 PM!! we were late!!). Thanks a lot to Mr. Dinesh O’Bareja for giving us a lift till Wakad. We finally reached the campus at around 12:30 AM, went to sleep, just to wake up in another 4 hours for the fully informative, knowledge filled next day of ClubHack: the workshops.

BarCamp: What is it and Why to attend?

What: BarCampPune 6
When: 14 November, 2009
Where: Symbiosis Centre for Information Technology, Hinjewadi, Pune
MAP

Registration: http://barcamp-pune.eventbrite.com/

Pune will have a “BarCamp” free conference this Saturday, 14th November, in SCIT Hinjewadi (bus pickup/dropoff provided from Model Colony). We believe that all technology professionals, and all computer science students should take this opportunity to get exposure to some of the most interesting people and technologies in Industry. To register (free) for barcamp, and for details of venue, timing etc, click here.

BarCampPune6 Logo (Created by Kriti Deb)

A Barcamp is a “democratic” conference. It is not a normal / traditional conference. A normal / traditional conference is usually put together by a committee of professors, or industry veterans, and the speakers selected by the committee and invited to speak. Who can attend is also constrained by money (conferences fees are high), or by other means (only members may attend). And often, talks tend to be boring “lectures” or “speeches” that you fall asleep in.

Anybody who’s been to a traditional conference will tell you that the tea-breaks and the corridor-conversations are the most interesting and important part of a conference. Think of a barcamp as an entire conference that consists only of tea-breaks and corridor-conversations. Well, it’s a little more structured than that… Anybody can attend a barcamp. Anybody can speak on any topic that they are passionate about. A whiteboard is put up in the morning with the available rooms and timeslots. People can write down their name and the title of their talk in any available slot. Based on this, the others can decide which talks they want to attend. Democracy.

You’ll wonder, if anybody can speak, how to ensure quality of speakers and presentations? By the “law of two feet”. The audience in a Barcamp is encouraged to use their two feet and walk away from a talk if it turns out to be boring. People are encouraged to find and create subgroups interested in specific topics, find a room or a corridor, and start discussing – and they often do.

This ensures that everybody finds something interesting, and often something unexpected at a Barcamp. Maybe you might find the 15-year-old kid who knows more about Search-Engine-Optimization than all the “industry veterans” you’ve met. Maybe you’ll go there to learn new technology and instead find some really interesting NGO or other social work organization and join that. Maybe you’ll just land up there, not knowing what to expect, and end up finding not just your first job, but a great career. Maybe you have an idea for a company, but don’t know how to implement it, and you’ll find someone at Barcamp who’s willing to handle the technology for you.

I’m not just making all of that up. Each one of the sentences in the previous paragraph that started with “Maybe” is actually a real-life story that I’ve seen happen during some of the Barcamps in the last couple of years in Pune. And there are a lot more such stories.

Over the next few days, we’ll be writing short articles on why you should attend Barcamp. If you’re a student looking for projects, internships, or recos. Or you are an entrepreneur with an idea, but don’t know enough about technology to implement it. Or you’re an employee of a big company and are looking to hire some really smart people … or you’re looking to be hired by some really smart people. Or you’re a startup looking for collaboration, business development, or simply mentors/advisors.

Thanks to PuneTech for this post:
Orginal Link: http://punetech.com/what-is-a-barcamp-and-why-you-should-attend/

BarCamp

ClubHack 2009!

ClubHack 2009

ClubHack is back! India’s own International Hacker’s Convention is back with its 3rd version with the aim to enable the dissemination, discussion and sharing of deep knowledge in the field of information security and cyber crime investigation.

What: ClubHack 2009, a meeting place for hackers, security professionals, law enforcement agencies, students and all other security enthusiats.
When: Saturday 5th and Sunday 6th December, 2009
Where: ICC or Estique
Registration: Opens in October, 2009. http://clubhack.com/2009/Registration

Rohit Srivastwa

Founder: Rohit Srivastwa
Rohit Srivastwa is a well known security evangelist. He has an expertise in cyber crime investigation and IT infrastructure management. Rohit is actively involved advising several military agencies, law enforcement personnel, media, corporate and Government bodies in these fields. Along with assisting these organizations solving there cases, Rohit is also involved in teaching the related subjects to them. Rohit has trained the police departments of Pune, Mauritius and Malaysia. Rohit Srivastwa is also the founder of ClubHack, a member driven community to spread the security awareness. As his last assignment Rohit was Director Technology at Commonwealth Games Pune (2008) where he delivered the complete technology of games and managed everything which comes under the umbrella of technology.
Currently he is Director Technology and Network Operations for Commonwealth Games to be held in Delhi in year 2010.

ClubHack, India’s Own Hacker’s Convention enters its 3rd version on the 5th and 6th of December, 2009. Previously, it was held successfully in December 2007 and 2008.

ClubHack 2009: Call for Papers
SUBMISSION: ClubHack2009 is expecting a good deep knowledge technical presentations/demonstrations on topics from the world of Information Security. These presentations are expected to be of 40 minutes each. The schedule time for each presenter would be 50 minutes out of which 40 minutes are for the presentation & 10 for the question-answer sessions. We’d request you to submit the papers keeping the time constraint in mind.

TOPICS: The following list is made keeping in mind the most interesting topics in hacking & security. This is more of an indicative list, the papers submission can be on other topics also but have to be close to this & the theme of the event.

• Protocol / Application based vulnerability in networks and computers
• Firewall Evasion techniques
• Intrusion detection/prevention
• SPAM fighting
• Data Recovery and Incident Response
• Mobile Security (cellular technologies)
• Virus and Worms
• WLAN and Bluetooth Security
• Analysis of malicious code
• Cryptography and Cryptanalysis
• Computer forensics
• File system security
• Secure coding & code analysis
• Hardware modification
• Patch writing for vulnerabilities
• Open source hacking toolkit
• Cyber Crime & law

Dates:
Opening: 15th August 2009
Closing: 15th October 2009

For more information, check out http://www.clubhack.com/2009

Me in ClubHack Workshop

ClubHack session in progress

Cop-Tech Forum

Recently, a few months ago, on the 30th of June, 2009, Cop-Tech Forum was launched. It is a joint initiative of Pune Police, NASSCOM (The National Association of Software and Services Companies) and the DSCI (Digital Security Council of India).

Purpose:
The main objective behind this forum was to increase sharing of ideas and knowledge on cyber security between the Police and the IT Industry. As Commissioner of Police, Dr. Satya Pal Singh, phrased it: “Cop-Tech is solemnization of the marriage between the Police and the IT Industry“. It is an initiative which calls for contribution of the IT professionals to help develop the Police force to serve the people better.

Pratap Reddy, an IPS officer who was an advisor (cyber security) to NASSCOM, listed down the things which Cop-Tech has to take care of:

• Develop the Control Room of Pune Police to make it state-of-art which can cater to all those who dial 100 in a proper, structured way. This would also involve Fleet Management to keep track of police vehicles on the field
• Cyber crime, computer security awareness among the students, non-IT professionals and the citizens in general
• Usage of CCTVs from different locations. This would also involve Video and Image Analysis. For this, IT professionals who work in this area were called for help.
• Training the Police staff in Cyber Security, Cyber Crime Investigation, Forensic Investigation, Computer Security in general, trainings on using of different tools (like GPS). This is to ensure that the state-of-art devices which would be used in the Control Rooms would be used efficiently and effectively by the policemen
• Forensic Investigation. There are many cases which are shutdown since Police do not have proper evidence or direction to work on. Here, the IT professionals can help (voluntarily) in Forensic Investigation

After this, the discussion was thrown out to the audience who are ready to contribute to this CopTech Forum. It was good to see a number of professionals from Infosys, Delloit, IBM, Null Security Community, Press, etc, who were ready to help in their own way. An Infosys guy was ready to design, develop, code and implement a database system for Cyber Crime cell and Control Room. As is going on for many months now, Null Security Community is already into spreading security awareness among the citizens of Pune, which has now extended to Banglore. They were also interested in helping for Cyber Crime Investigations and Forensics.

Pic:
Pratap Reddy (2nd from Right)
Dr. Satya Pal Singh (Lighting the lamp)

There was a good suggestion from one of the attendees. What he suggested was to look at the whole Cyber Crime as a business. A business which would involve 3 steps, including the actual crime and the monetization of that crime (like selling the data/information, selling the method to perform the crime in form of exploits, etc). If in some way, one of the 3 steps could be interfered and cause hamper, the whole cyber crime process would fall. But, since this Cop-Tech forum has a narrow scope (as of now) to those listed above, this suggestion was left for future scope. There were many other inputs from the audience volunteering for Image and Video Analysis, Forensics, etc.

In short, it was good to see a bunch of around 60-70 individuals as well as a few groups like Null to have participated in this and who are ready to contribute. But, looking at the facts of Pune being the “IT hub of India” or the Silicon Valley of the East, 60 – 70 was a very small number. Till date, people have always questioned the government for not doing a good job, but when it comes to helping/contribution/volunteering, only a bunch of people are there at the disposal of the government, even when the government has taken the first step. This is a humble request to all IT Professionals to help the Police and the Cyber Cell to make it better so that they are able to serve us in a better way.

To get in touch with CopTech and Cyber Cell Pune, you can pay a visit to Cyber Cell branch at Sadhu Vasvani Road, Camp, Pune-1.

Dr. Satya Pal Singh’s Blog: http://drsatyapalsingh.blogspot.com/

ClubHack

It was 8:30 in the morning of 7th day of December when I, as usual, woke up and went down to the mess for my breakfast. After picking up my plate and taking bread-butter-tea, I reached the table where my class mates were sitting. It was a normal day for all! Then came up Utkarsh’s question, “We have a workshop on hacking, are you interested to join me?” I could not believe what he just said, and so I asked him to repeat what he said … “Are you interested to attend a hacking workshop with me?” “Of course I am! I am all ready for it, just tell me the time and the place.” … “Be ready by 11am, we will leave by the 11:15 bus” … “sure! “.

While going back to my room, I just pondered over the thing I have always wanted. I wanted a group, a group with whom I could learn new things (related to hacking and security, of course). A group with whom I could sit all day and night sitting in front of the laptop and doing “geeky” stuff, with whom I could share all my hacks and “cracks”. Well, seems here is a start for me.

(hey ClubHack people, dont read this part):
On the way to the destination, I was told that we are going in for free, thanks to one volunteer, Amit Tripathi, my senior. I attended around 4 lectures that day (where each cost Rs. 1000!), whereas Utkarsh seemed to be bored of just one. Believe me, it was great to attend the workshop, it was ultimate to be around those superb people of whom I had only dreamt! The same day, I met Mr. Rohit Srivastwa. Asked him how to join ClubHack. I was surprised to hear the reply, “… there is no “membership” here. Its just like a friend circle, without any boundary. If you want to join a security and hacking community, theres Null, a Network Security group …”. He introduced me to Mr. Aseem Jakhar, the founder of Null. I decided to attend the Null meet the next day, after listening to him.

The workshop spanned 2 days, first day was for theoretical knowledge, the 2nd for practical things. After reaching home the first night, I called up my dad to get Rs. 1000 for the next day (of course you cant expect them to allow me free entry 2 days!!) Getting dad’s green signal (thanks a lot ) I went into the workshop the next day full excited (well, I did skip my breakfast that day). Got my registration done, got a T Shirt, and went into the first practical seminar. This was followed by the Null meet. There were quite a few people, around 10.

After that workshop, I attended a lot many workshops by different groups, OpenSocial Developer Garage, Null Event (i was a volunteer) …. etc, etc, etc.

In short, these two days have been the best of my life. I got to know a lot many people here, Vipul Kalia, Tushar Dalvi, Tara, Aseem, Murtuja, Rohit, Ajit, Priyank, Vishal…. many, many … and got to know about many groups of Pune too, PLUG, POCC, etc, etc, etc. This “friend group” without a boundary seems to be a superb one. Everyone seems to be getting along with each other pretty well! (Except for Vishal, he robbed me of my Google Cap!!! I will kill you, Vishal)

Thanks a lot Utkarsh …

Null

The very first event of Null was a huge success. It was well appreciated by everyone.

The event was held on the 21st of December at I2IT. The clerks (the volunteers) were already there at 830. The most amazing thing was that the group founder and the co-founder, Mr. Aseem Jakhar and Mr. Murtuja were already there before 830!! Cheers to them … make the way …

Ok, then started the lectures … we never expected such a huge crowd of around a 100 people! On the very first event, Null made a century! cheers, once again

First, came up Aseem to give an intro on Null and Network Security. The presentation was well appreciated.

Next came up Mr. Rohit Srivastwa What to say about him! The very first paragraph contained the keywords on how vulnerable WEP is, and how to go about getting the key! The whole crowd was excited to see this, since till date the students have only been taught theory stuff!! Hey guys, you have clubhack and null for this only, come and join it (marketing learnt from tara )

Ok, so high from the previous lecture, the crowd gathers around Rohit to clear their doubts and grab a copy of BackTrack, their saviour for future WEP endevours!! A break follows.

Next in line comes Mr. Ajit Hatti to talk on Application Security. A pretty good presentation, hitting directly on the developers who write code which is fast and not complex, but dont focus on the security part. Worth watching, worth listening, and ofcourse, worth implementing what he said.

The last topic for the day, NMAP and TCP/IP was taken up by Mr. Murtuja. He did a pretty good job, increasing the excitement level of the audience by getting access to a gmail account through ARP poisoning, all practically and in front of the audience.

Then comes the lunch part. Well, in short, it was a mouth watering food

All this time, the clerks were just having fun!! cracking jokes, clapping to cheer the presenters, clicking pics, preparing the stickers, tshirts, etc, etc, etc …

As a whole, the first event of Null was pretty good success. Cheers to all

The hospitality of I2IT was beyond par! The escorts, the food, the hall, resources … nothing lacking from anywhere.

For registration, visit the site www.null.co.in

People behind all this
- Mr. Aseem Jakhar (Founder)
- Mr. Murtuja (Co-founder)
- Mr. Rohit Srivastwa (Founder – ClubHack)
- Mr. Ajit Hatti

Special Thanks to:
- Mr. Tara Lodh
- Mr. Vipul Kalia
- Mr. Abhishek Nagar – he got an audience of 15 people himself!! cool enough

oh ya, dont forget me … special thanks to me too

cheers