Showing posts with label null singapore. Show all posts
Showing posts with label null singapore. Show all posts

Tuesday, 8 September 2015

Null Singapore Security Meetup - July

I had the opportunity to present at Null Singapore, a monthly security meetup group here. The last time i presented was about Vulnerability Assessment on SCADA systems but this time, due to a career change (or upgrade), i presented about my exploration into the deep web.

The deep web as most (or some) know it as the part of the internet not indexed by typical search engines like Google or Yahoo. It is a part of the internet where sources say most of the stuffs reside. According to an article, google managed to index up to only 4% of the world wide web...so where are the rest? The answer: Deep Web. 

My journey to the deep web wasn't a fun one. Instead, the deeper i go, the weirder i found. From selling of drugs, abuse of humans, selling of weapons, hackers for hire, assassins for hire and much much more. It is alarming to see the so called criminal activity that resides in there and due to the anonymity of the connection to each site, it is very hard to be monitored, tracked or charged by law enforcers.

In this presentation, i presented about the things i found in the deepweb. You can download the slides here. http://www.slideshare.net/FadliBSidek/red-riding-hood-in-the-deep-dark-woods



Dias presenting about Bitcoin and its role in privacy

Randen presenting about the security newsbytes

Myself presenting about the Deepweb

Posted by at No comments:
Labels: , , , , ,

Tuesday, 16 June 2015

Null Singapore Security Meetup - June



Null Singapore is back for the fifth time and like last month, it was a full house and another record of an attendance! Credits given to NSHC Pte Ltd for providing us a room for us to have our meetup.





We start our meetup by introducing ourselves, what Null Singapore is all about, its aims, its objectives and how does this meetup benefit the audience from networking to potential cooperation with one another. This was presented by Prasanna or PK as Imran, the chapter leader was away.



Randen then presented on the security news bytes, the security events that happened in the last few weeks ranging from malware, phishing and critical infrastructures.



Michael Heinzl, from SEC Consult presented on the topic 'Finding vulnerabilities using Fuzzing'. It was an interesting topic as he demonstrates how fuzzing assist in the finding of unknown vulnerabilities and how such vulnerabilities could be turn into an exploit to further penetrate into the systems/applications. Sharing statistics of his research and end with a cool demo, Michael was able to show the audience not just in a theoretical sense but in a practical way as well.



Vincent Tan, from Vantage Point presented on the topic 'Breaking BYOD in IOS'. This was an extremely interesting talk as he shares his research and how IOS can be broken into with tools that he developed. I would not dive into the contents of his presentations (as agreed), but i'd say the delivery of the presentations, the demonstrations and the key takeaways are properly formatted and presented.



Both presenters ended with a round of applause and it was really great to see people enjoying the presentations and coming up to the speakers to know more about it. Alas, after it was all over, the 'after scene' networking session starts. I see people from different companies shaking each other's hands, getting to know each other despite the 'competition'. This is exactly what security meetups are all about... in conferences, we are never competitors...we are all enthusiasts...






Join us and get informed:
Facebook: https://www.facebook.com/nullsingapore
Twitter: https://twitter.com/nullsingapore
Meetup: http://www.meetup.com/Null-Singapore-The-Open-Security-Community/

Posted by at No comments:
Labels: , , , , , , ,

Wednesday, 20 May 2015

Null Singapore Security Meet Up - May


Null Singapore is back for the fourth time and this month's meetup was by far the best turnout with almost 60 people (it was around 18-20 people for the first one). Just like the previous month's meet up, it was held at ThoughtWorks (thanks to Prasanna K again and again for the location) 




As usual, started with introducing what Null Singapore is all about, the head organizer, Imran, shared with the crowd the objectives, benefits and direction of Null Singapore and how this meetup aims to help people gain knowledge and network with security pros, enthusiasts and professionals, n00b or expert, everyone has something to offer. 




Stefan from Vantage Point presented on an interesting topic 'Why Pentesting Sucks' on which he shared the challenges faced in developers as well as penetration testers on application security and the loopholes that exist in the software development process when it comes to security. I presented a comment and scenario where certain situation, organizations who buy software do not have access to its source code thus its tough to tackle the security assessment in the development stage of the software. This comment however turned out to generate a number of rebuttals and spurned into a mini discussion between the members of the audience providing their points on how that situation can be tackled through procurement processes and trust between the company and the software vendors. Definitely a potential avenue to have panel discussion with the audience in future meetups.





Prasanna K from Thoughtworks, then presented about hacking hypervisor, specifically Xen hypervisor in which he, not only shared the theory of the topic but also the practical demo on how easy it was to gain root access to the virtual machine from a less privileged user through taking advantage to one of the source codes. 




Overall, i believed it was a great turnout and again i had fun especially seeing more people attending the meetup. I can't wait to see what future will it holds for this Null Singapore... who knows it can be as awesome as BSides conferences! Now thats what i wanna see!

Follow and add yourself to Null Singapore. We are Social! Click on the images below to be part of it..

                                                 
                                                                    


#include <iostream>
using namespace std;
int main ( )

cout << "You Guys are Awesome" << endl;
return 0;
}
Posted by at No comments:
Labels: , , ,

Friday, 20 March 2015

Null Singapore Security Meet Up - March

I received a tweet from an Indian friend of mine Ajin Abraham asking me to check out a 'mini-con' called Null Singapore. As i was travelling during the period of the first meet up, i said i'll be attending the one in March instead.



It was pretty interesting to attend this small group of security enthusiasts and i thought i need to check out the atmosphere there as well. So a week before 19th March, i shared this meetup to my Facebook group 'Singapore Cyber Security Enthusiasts' where i share latest security articles, news and conferences in Singapore or overseas. It wasn't a bad response, about 4 signed up for the meetup.

On the 19th March, we set foot for the meetup. Located at Craig Road, and fortunately 5 mins away from my office and 10 mins away from Tanjong Pagar MRT Station, it was quite a convenient location (well at least for me). When we reached the place, we saw an empty office from the front and there were no signs to say 'Go here for Null Singapore' or anything to direct us. Well, it was not a big deal, the entrance was on the side of the building, opposite the street soccer court and it was at level 2. 

When we reached inside, the room was silent and there were already people sitting. My first though was, will there be enough seats. Well fortunately, despite the full house, everyone managed to be seated either at the sofa area or the foldable chairs. 

Started with the newsbytes by Suman Sourav sharing the latest news in the security world, from the Lenovo malware to the Carbanak Cyber gang that infiltrated the banks and stole over $1Bn. 

Suman Sourav sharing the latest news


Next was Randen Rosete who shared about the IoT (Internet of Things) and the mistakes made by developers for not properly securing the APIs that in some or many cases leave the default passwords in clear text giving a hacker the ability to intercept and create exploits easily. 

Randen Rosete and the problems with IoT


Lastly, we had a sharing session about infrastructure security by Sriram Narayanan discussing on the mistakes made, the impact of the mistakes and how it was resolved and finding the root cause of the issue. 

Sriram Narayanan on the mistakes made and lessons learned in Infrastructure security


Another 'last minute' event was the 'ice breaking' event, suggested by Paul Craig from Vantage Point security, a company specializing in Vulnerability Assessment and Penetration Testing where we all gave a brief introduction of ourselves at the end of the meetup. 

I have to say, this is a small but great atmosphere with security enthusiasts from various fields such as software engineering, application security, infrastructure, networking, threat intelligence, VA/PT and others. 

I am definitely looking forward to visit again next month.

For more information on Null Singapore Meetup: 
http://www.meetup.com/Null-Singapore-The-Open-Security-Community/

FB Group 'Singapore Cyber Security Enthusiasts': 
https://www.facebook.com/groups/236102096567858/

Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)