2022 Agenda

The project is related to an idea of creating two systems namely “Web Application Security Training Platform” and a deliberately insecure web application called “Vulnerable system”. The aim to work on this project is to help security enthusiasts, developers and students to discover, learn application vulnerabilities and also apply those learning in the provided system. This project helps students and security enthusiasts having no prior knowledge of cyber security to learn and apply the techniques to get hands on experience. The “Vulnerable System” web application code will be vulnerable to major and commonly found real-world vulnerabilities. The ultimate goal of this project is to sum up major vulnerabilities of web application in a single platform where the vulnerabilities could be easily found, exploited and remediation’s would be suggested in order to fix them in the appropriate places. Moreover, the autonomous learning about different types of attacks, their exploitation and…

Telecom network was closed for years but recent advances in open source telecom opens new doors for telecom hacking. SS7 is the core network protocol in 2G and 3G and Diameter is a Core Protocol for 4G. Many people have proved that this network is unsecured, but no proper tool or vulnerable network is available in the information security community. 

This tool will present security loopholes in SS7 and Diameter network and I’ll be covering the SS7 & Diameter Protocol security, also the real telecom security penetration testing in the lab. The lab's demonstration is prepared from real SS7 & Diameter Penetration testing experience. During this track, I will publish my SS7 & Diameter Penetration Testing Lab named The Damn vulnerable Telecom Network. The talk will first present the basics of this vulnerability including information leaks, denial of service, toll and billing fraud, privacy leaks, and SMS fraud. 

Attendees will be able to understand…

PMR (PTVA Management & Reporting) is an open-source collaboration platform that closes the gap between InfoSec Technical teams and Management in all assessment phases, from planning to reporting. Technical folks can focus on assessment methodology planning, test execution ,and engagement collaboration. Whereas management can plan engagements, track progress, assign testers, monitor remediation status, and escalate SLA breaches, this is an All-in-One fancy dashboard.

Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan Community Edition (CE)