18 Sat 09:00 AM – 05:40 PM IST
Accepting submissions till 30 Nov 2019, 11:59 PM
Rootconf is a platform to discuss real-world problems around Site Reliability Engineering (SRE), DevOps for data engineering platforms, evaluating and adopting technologies such as Kubernetes and containers, and DevSecOps.
Rootconf Delhi edition will be held on 18 January 2020 at the India International Centre (IIC).
Speakers from Flipkart, Hotstar, MindTickle, Red Hat and Naukri.com will discuss the following topics:
To know more about Rootconf, check the following resources:
For information about the event, tickets (bulk discounts automatically apply on 5+ and 10+ tickets) and speaking, call Rootconf on 7676332020 or write to email@example.com.
AWS is the most widely used cloud environments today and almost every security professional has to encounter this environment whether you are attacking an organization or defending it. In this fast-paced workshop, we will teach participants with some neat tools, techniques, and procedures to attack the most widely used AWS services as well as to defend them. Below is the broad agenda for the workshop:
Students will be able to understand and appreciate the delta in attack surface which gets added due to moving to the cloud. And subsequently, design architecture and develop applications to defend them.
What will participants be provided?
- PDF copy of slide deck
- Workshop lab manual
- Bonus labs access for 15 days
- Cloud Security Engineers
- DevOps engineers
- Security Analyst
- Penetration Testers
- Anyone else who is interested in Cloud Security
Quick primer of AWS (15 min)
Explaining the virtual target enterprise scenario (5 min)
Recon + Attacking S3 buckets (25 Mins)
- Buckets enumeration
- Exploiting anonymous public Permissions
- Exploiting AWS public permissions [DEMO]
- Sub-domain takeovers [LAB]
- Protecting account wide buckets [DEMO]
Exploiting web application flaws to compromise AWS services (40 Mins)
- Enumerating and exploiting SSRF vulnerability
- Leveraging SSRF to exploit AWS metadata service [LAB]
- Gaining access tokens from Metadata service to access other AWS resources [LAB/DEMO]
Attacking Serverless applications (40 Mins)
- Understanding Serverless (Lambda) functions
- Misconfigurations in Lamba
- Example application layer attack on Lambda [LAB]
Defending networks in AWS (15 Mins)
- Attacking and defending internal VPCs [LAB/DEMO]
Automating defenses/security monitoring in AWS environments (30 Mins)
- Concepts of Logging in AWS
- Setting up automated logging in AWS
- Deletion of Lamba activity logs [LAB/DEMO]
Conclusion and Wrap up (10 Mins)
Prerequisites for students:
- Need to have AWS account (Free-tier)
- Basic understanding of AWS
Vaibhav is working as a Security Researcher with Adobe. His expertise lies in infusing design and architecture level security in applications hosted in-house and on cloud environments. With ~10 years of diverse InfoSec exposure, he has strong experience in attacking and defending applications and cloud environments.
He has shared his knowledge at multiple international platforms like Blackhat USA, OWASP AppSec Europe, Nullcon, BSides Las Vegas, Defcon USA, etc. He is a strong supporter of open communities and is leading OWASP, BSides, and Null in Delhi region.
Sandeep is a Security Managing Consultant with NotSoSecure, a specialist IT Security company. He has over 5 years of experience in delivering high-end security consulting services to clients across the globe. He is the co-lead of OWASP Delhi chapter and Community Manager of null community and actively contributes to the local security community. He has conducted and delivered many talks and workshops for the local community in the past.