BSides Ahmedabad 0x04: My Take on it
Hola Hackers,
Here I am back again sharing my experience about attending one of the finest Cyber Security Conference. This blog contains details about all the things that happened during the conference and a bit of point of view as a Volunteer at the event. Last year we saw it was Bigger & Better in the poster. This time they raised the bar and held next-level conferences with many CXO Speakers, Expert Technical talks, Villages and most importantly inclusion of Training as a part of the event making it a three-day event. So let’s deep dive into it…
Trainings
The event was scheduled from 4th Oct 2023 to 6th Oct 2023. It kick-started on 4th Oct with people attending 2 days of Training on various topics that happened at Courtyard by Marriott, Ahmedabad.
There were total of 3 trainings.
The first one was on the topic “Deep Dive into Fuzzing” by Dhiraj Mishra and Zubin Devnani. Dhiraj is a Security Threat Assessment Specialist at Emirates NBD and Zubin being a Red Teamer and Penetration Tester brought a lot to the table. Both being Trainers at DEFCON, Blackhat and BruCON added an extra touch to the training. They covered everything from Understanding fuzzing fundamentals, and AFL Internals all the way to an Overview of different fuzzing frameworks, Integrating slack with fuzzing stats and Capturing the crash.
The second training was on the topic “Web3 Hacking” by Shashank. He is CEO and Co-founder at CredShields, where he is spearheading the development of SoldityScan.com, a cloud-based smart contract security scanner for web3. With a background as a former HackerOne analyst and security engineer at Avalanche, Shashank brings a wealth of experience and expertise to the field of web3 security. He covered topics starting from the Basics of Blockchain and understanding Ethereum all the way to Advance Smart Contract Security Vulnerabilities and Hands-On Challenges for each Topic.
The third training was on the topic “Web Application Hacking [Bug Bounty Edition] by Hussein Daher. Hussein is the CEO of Web Immunify which provides pentest services, he has submitted over 1000 vulnerabilities over bug bounty platforms. With enormous experience in Bug bounties and web hacking, he believes that “Hacking is an art”. He touched upon topics such as RECON out of the box, Introduction to the fundamental principles of bug bounty hunting, Responsible disclosure and more.
People coming in from different backgrounds and motives loved their respective training. They were able to gain so many insights on the topics they chose and we can’t wait to see them coming up with something big next year.
Conference Day
This is the day for which everyone waits throughout the year. It is a conference day of 6th Oct 2023.
Volunteers
Please note that there were no “Call for Volunteers” forms rolled out this year as we had enough people putting hands to gather. I reached the event venue a day prior for the preparation and other stuff. Being a volunteer gives a lot to learn apart from what is being seen by the audience. There is a lot of things that are going on in the back end and Volunteers are the one putting their heart and soul into making the event look seamlessly successful. A huge shoutout to my fellow team members for their hard work. Like last time we worked for around 2:30 in the night previous to the event day and this time it was an exciting experience as packing goodies bags for individuals with hand gave so much satisfaction. Something that is packed with love, receives appreciation and love too and we were grateful that participants loved their goodies bag and of course swags.
We were ready to roar on the event day with the same tagline as last year “Hackers Helping Hackers”. Thoroughly loved the event and reuniting with my fellow volunteers. We had fun, laughter and lots of learning to take away from the event.
Being a volunteer at any of the events gives me an opportunity to learn what hard work it takes to manage and execute such a level of events. Attention to detail, Communication, and eagerness to learn are some of the things I feel are important to be a volunteer.
The event happening in October has one significant importance and we all know that October month is celebrated as #cybersecurityawareness Month Internationally. Numerous companies, government organizations and communities try different ways to contribute their way into making this world a digitally safer place to live. I could have not asked for a better start to this awareness month.
Technical Talk Track
Note from the Guest of Honor
It was a pleasure hosting Amit Thaker as Guest of Honor for the Conference, MLA Vejalpur, Govt. Of Gujarat. He addressed the gathering and shared how the government is ready to support young minds in promoting Cyber Security Awareness.
Opening Note
The conference opening note was given by my very good friend and mentor now Saksham Chaudhary, a YouTuber with over 100k subscribers and Ex-Co Founder At LearnCodeOnline. Several people have started to consider pursuing a career in Cyber Security watching his videos. He was accompanied for an Interactive Quiz by Alex Tugatijian, Middle-East Lead CSM-Synack. The enthusiasm with which they started was boosted at the start of the conference. Top 3 winners were given goodies by Synack…for the information, this kind of blasting opening note never happened in any of the cyber security conference I have been or heard about.
The event then was handed over to Deepika Kumari (Offensive Security Engineer at PayPal) for further proceedings. She has been a phenomenal Anchor and seasoned Host for the Conference. Anchored in the first half of the conference.
Opening Key Note
A Hacker Millionaire on HackerOne with over a decade of Bug Bounty experience, The Co-Founder of Assetnote, many of us know him by his Twitter handle “Infosec_au”, Shubham Shah, was our Opening Key Note Speaker. During his talk, he shared about his journey from submitting several informational bugs to PayPal, to submitting first critical bug, to working for some big firms and then finally co-founding Assetnote. He also covered GraphQL, Viable SSRF Candidates and IIS. It was great having a small conversation with him regarding his experience of being a Hacker and Bug Bounty Hunter to Entrepreneur. Had some Gujarati conversations too 😉.
The man himself, I did remember having some spicy conversation about spicy Indian food last year 😂. He was back this year with more enthusiasm and an interesting topic. He was none other than Hussein Daher. Hussein is the CEO of Web Immunify which provides pentest services, he has submitted over 1000 vulnerabilities over bug bounty platforms. With enormous experience in Bug bounties and web hacking, he believes that “Hacking is an art”. It was nice interacting with him and the best part was he remembered our spicy conversations…Last year we discussed his starting of Web Immunify and this year he shared about what challenges he faces as a Cyber Sec Entrepreneur. See you soon…Will teach some more Gujarati words next time we meet 🫡🤝.
A Senior Threat Researcher at TrendMicro, Shared insights on the topic “Uncovering Azure’s Silent Threats: A Journey Into Cloud Vulnerabilities”. He is Nitesh Surana, Nitesh’s journey began with a computer game, “Project IGI,” where he uncovered fascinating ways to outwit enemies using a tool called “Cheat Engine” “ With a wealth of expertise in cloud vulnerabilities and security research, developer security threat hunting, building honeypots targeting container environments, finding abuse vectors for cloud services his groundbreaking research has garnered recognition across prominent platforms such as ZDNet, BleepingComputer, TheHackerNews, Dark Reading, and many others.
A co-leader of the OWASP API Security Project and OWASP’s Go secure coding practices, he has been active in the community. Moreover, he has been a speaker at prestigious conferences such as Defcon AppSec Village and BSides. Paulo Silva he was, holding the role of Principal Security Researcher at Char49. He brought wealth of his experience to the table and spoke about “Web Apps: APIs’ Nightmare” where he shared about his experience working with OWASP API Project for a longer time now and how one can leverage the community to grow.
Lunch Break
This time as I was involved with hosting the event, couldn’t personally meet all the speakers like last time, but had a chance to meet few during the break sessions.
The first one was the Co-Founder of the upcoming conference called BSides Goa (Happening on 25-27th April). Got to discuss his upcoming plans and How I could be able to contribute to the conference 😉(You could see me there also). Thanks to him for giving away such a nicee t-shirt 🤩
Then was blessed to meet two of the incredible people, rocking the industry with their profound knowledge…Rahul Tyagi, Co-Founder At Safe Security (Personally wanted to meet him since long) and Kartik Shinde, Partner, Consulting At EY (Heard a lot about him)(BTW I Loved your tee 😁). It was quite a nice discussion after they had their lunch, very jolly people, haven’t seen people of this level be so chilled and open. Loved the small discussion with them and looking forward to meeting you both someday pitching for my startup 🤗✌️.
Then a long virtual meeting came to an end, finally meeting my long time Mentor and Guide, people popularly know him as D3, Deepak Kumar. Since last 2–3 years I have been in constant touch with him, learning about importance of Digital Forensics, Cyber Safe Environment and much more. Had a nice little time and a fan boy moment 🥳
Anchoring for the Conference
This was the first time I had the privilege of anchoring/hosting a conference of this level. I was quite nervous in the morning with event script yet to be finished, seeing the crowd and how people were enthusiast about listening to each speakers keenly. I did prepared for a while, but then with a bit of courage and self-confidence…started the proceedings after the Lunch, taking over from the Deepika. The experience has been fabulously blasting with so much to learn from this.
After Lunch, the first session was from Parth Malhotra. He is leading the Research Team at ProjectDiscovery.io. His journey began as an independent security researcher, showcasing exceptional expertise when he disclosed critical vulnerabilities in the industry giants like Uber, PayPal, Airbnb and many more that too Ethically. He spoke on the topic “CVEs in the fast lane: How to prioritize and automate what matters most”. He explained about CVEMap API, Different type of filtering options while working with Nuclei, why it is important to automate and prioritize things in this fast-paced digital world and lastly gave us some glimpses of upcoming releases of ProjectDiscovery.io.
Then came a person with a bundle of practical experience, having been team lead and Captain of the xSTF CTF Team of Portugal. He was none other than Andre Baptista , A prominent entrepreneur and skilled Bug Bounty Hunter, André is Co-founder and CTO at Ethiack and Coach for ECSC Portuguese team. He has found several critical Vulnerabilities in Shopify, Yahoo, GitHub and many more. During his talk he shared valuable insights on Bug Bounty, Regex quirks, and some of the Mysterious Bugs with Real world Examples. There were things that turned out to be new for the audience and I think it was nice to learn about his approach regarding bug bounty.
Then was a turn of a person who made a significant progress over last few years, inspiring beginners to take on Cyber Security as a Career option with very limited resources too. He was none other than person who turned out to be people’s favorite…Godfather Orwa. He is a distinguished security researcher and Bug Bounty Hunter, and has earned the prestigious title of a Top 5 P1 warrior on Bugcrowd. He boasts impressive award as a Hack Cup and LevelUpX champion, earning him both the of recognition for 2 consecutive years. During his talk he shared his insights on “The Power of Recon.” and covered topics like IIS, Response Manipulation and Methods & Tips to Bypass WAF, get more SubDomains and endpoints.
The next on the stage was a person who has been my Mentor for few years now, although was unable to meet him in person…this was golden opportunity for me. Famously known as D3 Forensics or D3, Dr. Deepak Kumar was the one who shared valuable lessons about Cyber Intelligence and its role in today’s ever evolving Digital world. He is a Senior Threat Intelligence & Digital Forensics Expert currently engaged with several consulting roles in Law Enforcement. With a rich background in cybersecurity, he has demonstrated exceptional expertise in capacity building for the Cyber Crime and Digital Forensics domains. It was my pleasure listening to his talk and finally meeting him.
Then came Ebrahem Hegazy, he holds the position of Cyber Security Senior Manager at VISA Inc. His wealth of experience and dedication to the field is evident, having been a Bug Bounty Hunter since 2012. Ebrahem’s journey also includes roles at HackerOne as part of the H1 Triage team, and as a Manager for Deloitte Netherlands Pentest/RedTeam, along with other significant roles. He imparted his profound wisdom to us on the topic “Hunting The Hunters”.
Have you ever wondered how Hackers can play around your network to get into your mobile phones, laptops or even work place? Then this talk might be the one you would be interested to hear about…Rajnish Pathak and Hardik Mehta explained it very well on a topic “Hacking into iOS’s VoLTE Implementation”. Rajnish, currently working as a Security Researcher — Engineering OPS at KATIM, and Hardik, working as Lead Security Researcher at KATIM, bring a wealth of experience and dedication to the table. They are enthusiastic contributors to the cybersecurity community.
Last in the queue was our distinguished Closing Key Note Speaker, Ayoub Fathi — Group Vice President of Information Security, CISO at @noon . With his expertise in cybersecurity, he has received awards like the prestigious Top CISO Award 2022. He had covered in-depth discussion on how Cloud vulnerabilities could be exploited and took particular example of GCP. He also shared his journey from a hacker to CISO. It was great to learn about how vulnerabilities could be exploited in the cloud environments too.
That was all from the main stage.
We had several Panel Discussions (CXO, Govt and Women in Security) running at CXO Stage (Confluence 1), which I was unable to take part in, but giving a bit highlights of all. There were also some Villages that were happening, so let’s see a bit about it.
CXO Panel Discussions
The first CXO Panel Discussion was on the topic “CISO’s Evolving Role: From IT Leader To Boardroom Advisor”. This panel was moderated by Dr. Abhilasha Vyas (Business Unit Head, Cloud Security & BI, CloudThat). Speakers for this panel were Dhiraj Ranka (Chief Information Security Officer At Tata AIG), Rahul Tyagi (Co-Founder At Safe Security), Satish Kumar Dwibhashi (Senior Vice-President And Chief Information Security Officer (CISO) At InMobi Group) and Illyas Kooliyankal (Group CEO of CyberShelter).
The second CXO Panel discussion was around “The Role Of AI & ML In Predictive Threat Intelligence”. This was moderated by Gunjan Chhillar (Security Specialist Crowdstrike). Kartik Shinde (Partner, Consulting At EY), Vandana Verma (Security Leader At Snyk), Ashish Shrivastav (Chief Technology Officer — Cogze AI Systems) and Setu Parimi (Co-Founder & CTO Of RiskProfiler.io) were the one who added words of experience related to this topic and how this could be the future concerns with regards to Cyber Security.
Third CXO Panel was a discussion around a topic which is “Third-Party Integrations And Their Implications On Cloud IR”. This one was moderated by Dhruva Goyal (Co-Founder & CEO At BugBase). The member speaker for the panel were Vikram Mehta (Founder & CEO @ Cy5.io), Krishnakumar Govindarajan (CTO At MiQ), Navaneethan M (Vice President- Chief Information Security Officer & Data Privacy Officer, TataPlay Group) and Apurva Dalal (CIO At Adani Green Energy Limited And Adani Solar Manufacturing).
Then we discussed about “Zero Trust Architectures : Moving Beyond Perimeter”. This panel was moderated by Smith Gonsalves (Managing Director & Principal Consultant, CyberSmithSECURE Pvt. Ltd.) and speakers for the discussions were Kishan Kendre (Head — Information Security At Blue Star Ltd), Sreeshankar Gurujalam (General Manager — Cybersecurity At Siemens Healthineers), Kamal Sharma (Vice President & CISO At ASM Technologies)(I had a small discussion with him and would surely remember his words of motivation to get going in the field) and Dilip Panjwani (Global Head — Cybersecurity Technology Office & CoE, LTIMindtree).
“Security Risks In A World Of Connected Devices” was the topic which we discussed upon for the next CXO Panel. This one was moderated by Shreyas Dighe (Co-Founder and CEO of SECASURE) and members speakers were Minatee Mishra (Director Product Security, Philips), Lekshmi Nair (Managing Principal, APAC, Synopsys Inc), Devesh Bhatt (Cyber Security Leader) and Divakar Prayaga (Director — Cyber Engineering, A.P.Moller — Maersk).
We then discussed about “Maximizing The Value Of Your Pentesting Engagement” with Alex Tugatijian (Middle-East Lead CSM-Synack) being Moderator and Dhiraj Sasidharan (Senior Infosec Leader At Large Financial Institution (UAE)), Phoram Mehta (Senior Director And CISO — APAC, PayPal), Celia Rexselin (Global Architecture Risk And Assessments Lead (Vice President)) and Patrick Pitchappa (Vice President, Cybersecurity, First Abu Dhabi Bank) being the panel speakers.
This was the last CXO Panel where we discussed about “Cloud Adoption & PCI DSS Compliance : Strategies And Tools To Ensure Secure Data Storage & Processing In Cloud Environments”. This one was moderated by Vaibhav Mahadik (Global cyber security head), and member speakers were Yazad Khandhadia (Head Of Security Architecture & Engineering, At Emirates NBD), Nitin Bhatnagar (Regional Director, India), Milind G. Mungale (Information Technology & Information Security Advisor To National Securities Depository Limited (NSDL)) and Bharat Panchal (Chief Industry Relation And Regulatory Officer At Discover Financial Services).
Govt. Panel Discussion
We also had a government panel discsussion and had Ram Ganesh (Founder & CEO, CyberEyeAdvisor, Cyber — Defense, Internal Security & Law Enforcement) as Moderator with some highly distinguish government speakers Shri. Ajit Rajian IPS (DCP, Cyber Crime, Ahmedabad City, Gujrat), Dr. Nilay Mistry (Associate Professor National Forensics Science University) and Rao Arvind Mallari (Coordinating Scientist, DRDO, Ministry of Defense, DIA-SVPCoE). They Discussed on the topic “Current state of cross border cyberwarfare and cyber crime”.
Women In Security Panel Discussion
Then we had two Women In Security Panel discussion, featuring female experts in the field, inspiring next generation of people to take cyber security as a career option. The first Panel was Moderated by Aarushi Koolwal (Cyber Security Consultant, CloudSEK) and speakers were Ankita Dhakar (Managing Director (Security Lit New Zealand) and CEO (Capture The Bug)), Deepika Kumari (Offensive Security Engineer At PayPal) and Vandana Verma (Security Leader At Snyk). They discussed about “Generative AI And Data Security :Deepfakes, Generative AI, And Privacy Laws”. Second Panel was moderated by Binal Patel (Senior Specialist At SISA Information Security) and speakers were Dr. Lopa Mudraa Basuu (Executive Director IT & Cyber Security, InfoSec Gurukul Advisor CSA Government Affairs Advisory Council), Neelu Tripathy (Independent Security Consultant & Practitioner For Product Security) and Gunjan Chhillar (Security specialist Crowdstrike). They topic of discussion were around “Strategic Alignment Of DevSecOps With Business Objectives”.
Village Track
There were two village happening, it was “Car Hacking Village” and “Chip-off Village” by Jay Turla (Principal Security Consultant at VikingCloud) and Saurabh Kumar Pandey (Synack Red Team | OSCP | CRTP | Penetration Tester | Azure and AWS Security | | IoT /ICS/OT Penetration Testing EX- EY | Null Banglore Chapter Lead) respectively.
During the conference “The SecOps Group” were the proud Certification Partner and it was great to see a booth of your company being there at the conference. I got to meet my fellow employees and had a company dinner too :)
Loved this audience who stayed in till last and you were the source of motivation for all of the volunteers, organizers, and speakers to give a little extra. Lastly before concluding, just wanted to say please do try to attend next edition of BSides Ahmedabad. I am damn sure that you would experience a next level of security conference happening. As I say “Finest Security Conference in India”. Hope to see you all next year…
Till then Hack, Eat, Sleep, Attend Conferences and Repeat. It’s all for the community, by the community.
Get connected with me here :
LinkedIn: https://www.linkedin.com/in/yash-gorasiya/
Twitter: https://twitter.com/r3v3Ncl4W
Instagram: https://instagram.com/r3v3ncl4w.go
Blog page: https://instagram.com/forensis_digitum
