This year’s Nullcon – an annual Information Security conference held in Goa, India – was the largest yet, with a record number of InfoSec practitioners, Government ministers, C-suite executives, vendors, and students convening to learn, connect and share cutting edge research and technology. Adobe was an associate sponsor again this year, and a number of representatives from our security team were in attendance to demonstrate our support for the conference. With prime booth positioning in the air-conditioned vendor tent and excellent swag, we had no trouble attracting attention and interest from the deep pool of InfoSec talent. We all came away impressed with the level of intensity from the Null chapters and the broader InfoSec community in attendance.
Several team members took advantage of training opportunities, including such courses as “Offensive HTML, SVG, CSS and other Browser-Evil”, “Machine Learning for Pen-Testers and Security Researchers” and “Pentesting the Modern Application Stack”. Offense has and always will have unique advantages over “Team Blue”, and exposure to the latest attacker techniques and methodologies continues to inform our threat modeling and the defensive mitigation strategies pursued by our product engineering teams. The conference talk tracks were wide-ranging, from technical research on low-level boot loading technology, to the latest techniques on hacking container orchestrators to policy-oriented boardroom panels on cybersecurity regulation and the economics of data breaches. We were impressed by the quality of the speakers, especially keynote speaker and thought-leader Haroon Meer. Haroon made a compelling pitch to young practitioners and aspiring entrepreneurs to ignore the siren call of the bug hunter, and instead go out and build stuff. He argued persuasively that identifying and solving real-world problems that help “Team Blue” should be the focus of the next generation of practitioners. As defenders, we wholeheartedly echo his call to action!
On the sidelines of the conference, a Social Engineering Village (a first of its kind Infosec event in India) offered attendees an opportunity to learn and apply the art of social engineering. Shobhit Gautam, an Adobe security researcher, co-organized the event and spoke about common techniques used in social engineering, including case studies on fraud perpetrated via social engineering. An Adobe team entered and took second place overall in the Social Engineering Village CTF challenge. Finally, our female team members took part in the Winja competition, a CTF-style challenge open to Women and comprised of a series of simulated hacking challenges targeting all layers from high level web applications all the way down to bypassing physical barriers by picking a physical lock!
Attending Winja was a novel experience. It was a well-defined set of carefully crafted questions with a mix of trick coding pitfalls. The Social Engineering Village challenge was not only fun to work out, but also an eye-opener regarding the possibility of digging sensitive information from an organization using public tools and freely available information.
Bhumika Singhal, Security Researcher, ASSET
This year’s Nullcon was an overwhelming success, and we look forward to continuing our support for the large and actively growing Infosec community in India.
Sr. Security Program Manager, ASSET