SecurityXploded Blog

ClubHack 2011 – The Exclusive Coverage

ClubHack 2011 ends in another great show and here is the exclusive coverage of finest moments from 5th edition of India’s first Hacker Con.

.

.
This is my first appearance at ClubHack and I was indeed delighted to be in the mid of hackers.  To start with, Rohit Shrivastava – founder of ClubHack – shared the story of ClubHack since its first show in 2007 and how year after year he is still running the show in spite of losses 🙂 We hope that at least next year he will turn it into ‘zero loss conference’ 😉

.
The Inaugural note was then addressed by Shri. Alok Vijayant, Director, NTRO (National Technical Research Organization), Government of India who has been spotted at every security conference and prime supporter of security community. Then Vivek Ramachandran – founder of SecurityTube.net – launched his new security certificate on Metasploit. He also mentioned about his upcoming book on Metasploit scheduled to be released in early February.
.
First talk of the conference was by Dhruv on Exploitation of Exploit Kits where he shared various insights and explained how one can bypass license restrictions imposed by commercial Exploit kits.  This year’s theme of ClubHack was on Mobile Security and so we had couple of talks around it, mainly Android.  Anant presented on his upcoming Android Tamer – Ubuntu based Pen Testing & Forensic Live CD for Android (on the lines of BackTrack), showing various analysis and testing tools.  His presentation was shorter than Q&A session which went over 30 minutes  🙂
.
Next came the interesting talk on Anand Pandey on ‘One Link Facebook’ where he demonstrated how the single link displayed on SMS notifications can easily be used for getting into FaceBook accounts without the email ID or password. When you register your cellphone number with FB and when someone comments on your link or photo, or tags you, an SMS notification is received on your cell phone, which would display a URL. In case of a comment on an FB photo, the SMS notification will show a secret key of eight alpha-numeric characters string with the URL. In case of a comment on an FaceBook link, a 14-character string will be displayed with shortened URL. If these links are copied and pasted in the internet browser, it directly gives access to your Facebook account, without the need of your email id or password. One can mischievously copy these single links from mobile phones of target individuals and access their FaceBook accounts wihtout entering the password. Last talk of the day was again on Android by Manish who demonstrated Rooting Android Phone and Analyzing image for Forensic evidences.

.

.

In the mid of hacker presentations, there was also launch of December edition of ClubHack Magazine by Alok Vijayant, Director, NTRO. He praised the team wholeheartedly and shared his love for magazine, especially cover designs of each edition.

.
The next day Bishan Singh begin the show with DOM XSS vulnerabilities with lot of live demonstrations. Then Nikhil showed how Teensy  – a USB Micro-controller device – can be effectively used in pen testing. He also showed how you can program your own Teensy device with customized attack vectors.
.
Limelight of this year’s ClubHack was the presentation by ‘Elad Shapira’ from AVG who started it by throwing delicious chocolates around the crowd. I was lucky to get few as I had missed my morning breakfast. Elad demonstrated us various android related attacks, reversing tools, malware analysis on Android. It was most lively presentation I have ever witnessed and received by crowd with great cheers.

.

.
In the afternoon, Bhowmick talked about how email can be used as effective communication for offline exploitation on the system.  Next Prashant presented on ‘Penetration Testing the Mobile applications’ with the focus on Android and iPhone based Mobile phones.
.
Then came the much awaited presentation by Vivek “Scenario Based Hacking in Wi-Fi Enterprise” where he showed insecurity in enterprise Wi-Fi setups that can be misused by attackers. He also showed us how ‘Wi-Fi Hosted Network’ feature on Windows 7 can be abused by malware and hackers to setup stealth man-in-the-middle show in the corporate environment. Finally Aditya Gupata and his partner shared insights on internals of Android OS security, creating Android Malware etc.

.

.

Overall it was amazing Hacker Show put up by ClubHack crew who once again did awesome job in spite of tight budgetary conditions. Hats off to you guys !!!

SecurityXploded is delighted to be associated with ‘ClubHack 2011’ as official media partner !

Leave a Reply