F
FOSSMeet

FOSSMeet 2017

FOSSMeet is an annual event at NIT Calicut that brings together the Free and Open Source Community from around the country.

All submissions

Siddharth Muralee

@tr3x

Your weaknesses are my strengths ( The Tale of a Hacker )

Submitted Nov 27, 2016

Technical level: Beginner

Today, the necessity of strong cybersecurity measures is self evident. A proliferation of cyber attacks is causing increasing damage to companies, governments and individuals.. Organizations need to respond to this increased threat by adopting strict cybersecurity measures. And the awareness should begin with programmers.
Learn how your mistakes get exploited by Hackers and how to take necessary precautions to prevent your organisation getting compromised.

Outline

Should I really learn how to code safe? How big of a mistake must I make to get hacked?
It is the small parts of the code that a programmer doesn’t notice or ignores that in the end leads to the program/site getting exploited. The mistake you made which we call as a vulnerablity would be so small that any amateur programmer may ignore while writing or reviewing the code.

How much destruction can a vulnerablity cause ?
The StuxNet a malware which used four vulnerablities in the Windows operating system managed to get access into the Iran nuclear facility and destory one-fifth of its centrifuges, slowing down the Iran nuclear program by years. It also managed to spread through the internet and affect millions of countries worldwide.

Won’t the “Cyber Security Professionals” take care of it ?
Actually the Cyber Security Professionals are very few when compared to the needs of the Software and IT industry. “The demand for the (cybersecurity) workforce is expected to rise to 6 million (globally) by 2019, with a projected shortfall of 1.5 million,” stated Michael Brown, CEO at Symantec, the world’s largest security software vendor.

The Talk will be about:

  1. Why basic security knowledge is necessary for every programmer.
  2. What happens to a program/process when it is compiled. Introduction to the Stack.
  3. The Infamous Buffer Overflow Vulnerability : A program having such a buffer overflow vulnerability will be exploited live and will be explained to the Audience
  4. The Format String Vulnerability : A program having a format string vulnerability will be exploited in front of the participants
  5. SQL Injection : A website with having a vulnerability being exploited in front of the audience.
  6. XSS Vulnerability: A website having a XSS vulnerability will be exploited in front of the audience.

Requirements

A deep desire to learn new stuff and to code better and safer.

Speaker bio

I am currently pursuing a B.Tech in Computer Science at Amrita School of Engineering , Amritapuri.
I am a Foss and Security Enthusiast, mainly into Reverse Engineering, Binary Exploitation and Cryptography.
I am a member of team Bi0s. We are currently the top CTF team in India ahead of IITs, NITs and BITS. Currently ranked 65th in the world by ratings given by CTFtime.org.

All submissions

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

F
FOSSMeet
FOSSMeet is an annual event on Free and Open Source Software, conducted at National Institute of Technology, Calicut. The funnel is a space for proposals and voting on events. more