null Recap - 2018 - What were we up to
null is one of the most active security communities in India. There are multiple chapters spread across the world, we have grown significantly in the recent past and have now an international presence in Amsterdam, Singapore, Dubai and more places joining the horde.
Today we are here to talk about 2018, what was 2018 for null as a community, what we did and what we achieved out of it.
null community chapter statistics: https://null.co.in/stats/2018
|Meet||88 (Sessions: 330)|
|Humla||14 (Sessions: 18)|
|Workshop||6 (Sessions: 9)|
|Puliya||4 (Sessions: 4)|
|Bachaav||2 (Sessions: 2)|
|Pre-null-meet||0 (Sessions: 0)|
|Public Puliya||4 (Sessions: 5)|
|Public Bachaav||1 (Sessions: 1)|
From our humble beginnings in 2008 we have grown leap and bounds. However, numbers don’t do justice to what null has achieved, so this year we approached each and every chapter and asked them to outline what they did in 2018. Anything that they considered worth sharing is what they discussed and is outlined in the post. We have budding chapters like Ahmedabad and Bhopal where the majority of the attendees are students to mature chapters like Bangalore, Mumbai, Singapore, Dubai and more were mostly professionals’ venture. All of them have taken initiative beyond just organizing meetups to serve as a knowledge sharing community.
This post will outline what null chapters have done over the entire year in 2018 and will be celebrating the joy of giving back.
Here is what each of our chapters had to say about what they were up to (strictly in alphabetical order).
First of all, we would like to thank all the null core community members who have approved null Ahmedabad to establish it as a chapter. We consider this as our biggest achievement. We conducted our first puliya session this year. Within 11 months, 12 events were conducted out of which 11 were meets and 1 was public puliya session. Out of 46 sessions, 23 unique speakers presented. Apart from the regular events:
Jaimin Gohel and Bhashit Pandya conducted multiple CTF challenges post meetups.
We supported Defcon Dehradun conducting an online session.
Unique hands-on workshop on lock picking and hardware hacking was conducted by Namrata Brahmkshatriya and Ravi Rajput respectively.
null Ahmedabad also participated in Kaspersky CTF.
Starting from the handful of people, we reached 60 registration.
Few students and people from non-security background came up and presented like Sanjay Makwana, Parth Jankhariya, Chinmay Patel, Kuldeep Pandya, Bhuvan Gandhi, Vishal Patel and Manju Chufal.
It was an absolute privilege to have Amish Patadiya, Savan Ahmedabad for multiple meets and our 1st Puliya conducted by Kartik Lalan.
It is all the joint efforts of the team and supporters. 2018 has been a year of learning but it is just the beginning. Cheers!
Amsterdam Chapter conducted a total of 4 MeetUps in 2018. A total of 114 attendees RSVP’d.
In 2018, Amsterdam chapter conducted a successful experimental meetup “Horror Stories from the Hacker World”, where attendees were asked to share incidents where their mistakes resulted in almost catastrophic failures.
Details can be found on https://www.meetup.com/null-The-Open-Security-Group/
Bangalore: null / OWASP / G4H
This year null Bangalore Chapter organized 25 different events of which 12 were the regular meets, 10 were the null Humla Sessions, 1 Workshop, 1 Puliya Session and 1 Special null Meet on Digital Identity and Privacy, 1 Public Puliya session, all of these spanning across multiple venues with total of 1539 participants and 58 unique speakers.
This year we also introduced a new session format of QUIZ into the regular null Meets. The Quiz Session was recently taken up during the Jan 2019 Winja Public Puliya Meet. The session turned out to be really interactive with the maximum audience participation as the questions asked during the Quiz Session sparked an interesting discussion on various topics in security such as SCADA, Malware Analysis, Application Security, IoT Security and other recent happenings in the Security Industry.
This year null Bangalore celebrated its 9th Anniversary. The event got one of the highest registrations for null Bangalore with 164 RSVPs.
Also, this year null Bangalore happened to interact with Rob Taylor (OWASP Charlotte Chapter Lead) during the November 2018 regular null Meet as he shared his experience on running security communities, and how communities are helping Security as an industry to grow.
- Link: https://twitter.com/nullblr/status/1063671869918740480
We conduct “Networking Sessions” for participants where they get a chance and meet the expert or relatively expert in various security domains. This is one of the best sessions where we get more appreciation. Some of the remarkable Open Q\&A sessions have been conducted by Akash & Riyaz where several practical questions were answered.
Top 2 speakers from Bangalore in the 2018 top 5 speakers analytics:
Top 2 Speakers for null from Bangalore: Riyaz Walikar and Mihir Shah
We had multiple champions who conducted CTFs during their sessions. This aided in better hands-on experience and clarified concepts for the participants. Some of the notable ones were Bittu Kumar (XSS), Riyaz (Second Order SQL..)
Technology: We started the use of Docker containers for use and distribution of target practice setups, vulnerable apps, networks, etc.
Conference Collaborations: Rootconf 2018
nullBlr collaborated with Rootconf 2018 as a community partner. As a result, various null chapter attendees and volunteers got an opportunity to experience the conference.
null Winja session: As a part of collaborated with nullcon, we carried out a null-Winja meet up with a healthy line-up of women infosec speakers.
We added one new venue to our existing list of venues which is MoEngage, which makes it a total of 19 venues for null Blr.
Machine Learning Series: We collaborated with CloudSek to conduct a thorough machine learning series for null participants where they can attend and speak on various machine learning topics with a view of security and related applications. The first session was conducted in Jan, 2019.
We had a unique hands-on session on Firmware analysis by Veerbabu and Vaibhav Bedi on 24th November where participants got a chance work and fuzz various IoT firmware and understand practical implications of the attacks.
We organized monthly sessions by OWASP where OWASP members present an OWASP project in detail and discuss the security implications.
- Link: https://null.co.in/event_sessions/2408-understanding-owasp-mobile-top-10-2016-m2-insecure-data-storage
We had a couple of special talks on Car Hacking this year where the speakers discussed the anatomy of CanBus and offensive car hacking techniques. These were delivered by Kalathil Kartik and Debjyoti(Security Access in Automobile).
This year null Bhopal organized 9 meets, 1 Bachaav session, 1 Humla Session 2 Puliya Sessions. Out of these, 2 sessions were online sessions. We had 163 number of participants registered and RSVP’s in total (actual counts was generally more as people turn up directly at the venue).
Besides the gathering, null Bhopal was busy in multiple other avenues such as:
1. Members of null Bhopal (Deepanshu and Sahil) delivered a 2-day workshop on Linux and cyber security for 200 participants at CSIT Durg and spread the word about null and information security in general. Also, Saurabh delivered many workshops in various college across Bhopal including lnct group, Radharaman group of college and technocrats college Bhopal.
2. Multiple members attended and participated in various conferences like nullcon, c0c0n, Bsides Delhi.
3. Members from null Bhopal got internships with startups like Attify, Infotek Solutions, Faccia and more.
4. One of the members Deepanshu was selected for Google Summer of code 2018 at Debian.
5. Our female participants also got involved with other like-minded organizations like OWASP WIA, Infosec Girls and more and have delivered online sessions on topics like IoT Hacking (delivered by Shreya) etc.
6. We started CTF solving sessions as part of workshop and humla sessions where we take a CTF VM from Vulnhub and all participants work together to solve it.
7. Students also participated in Cocon CTF, DRDO CTF, Winja CTF and secured decent rank.
8. Members also started actively participating in student events like Smart India hackathon, Bhopal Smart City Hackathon etc.
9. Saurabh published a research paper on advanced malware analysis in IEEE Research journal (ICACT-IEEE 2018)
Overall we are happy to say that this year we have seen an uptick in interest in information security in students, as well as our members, have started propagating awareness also. So overall 2018 was a good year for us and we aim to outclass ourselves next year.
Chandigarh chapter was dormant till June 2018 due to unavailability of chapter leaders. We started again from July 2018 and organized 4 meetups including 1 null Bachaav, 3 monthly meetups. In total, we had around 30 participants who were registered on null.co.in and RSVP’s in total were more because the actual count was more as people turned up directly at the venue. The event details are cross-posted on meetup.com as it’s popular in the local community and we keep getting multiple participants via that also.
Besides meets additional activities conducted by the chapter are listed below:
Let there be fresh blood: An initiative led by Vibhor Mahajan to activate the dormant chapter and bring in more fresh hands. Students who are eager to share their knowledge were made aware of the null community and what we do in meetups.
Mission Secure Chandigarh: Started by sas3 our previous chapter leader. This is an initiative to educate people on how to create a safe application by spreading knowledge and awareness about secure coding practices. Also, it spreads awareness about information security in general.
We are aiming more events and regular meetups this year @2019.
null - Chennai Chapter had 12 meetups in 2018. One of our speakers Vengatesh has delivered the highest number of talks across chapters. Vengat’s sessions were hands-on in nature and he proactively provided attendees with prerequisites which helped in smooth functioning of sessions and people gained a better understanding. Special mentions: Bhaskar despite personal issues made time for presenting topics which are of immense technical depth.
null Delhi chapter organized 8 meetups, 1 humla and 1 bachaav session in
- null Delhi chapter saw participation from attendees of various backgrounds and nearby regions throughout the year. The meetups happened in collaboration with OWASP Delhi.
Some of the notable chapter activities in 2018 are listed below:
There were 686 participants in 2018 who RSVP’d for our events.
null Delhi chapter had 23 unique speakers who presented at the chapter events.
null Delhi chapter hosted talks and workshops on a wide range of topics both in the areas of offense and defense some of which included (but not limited to) Threat Hunting, APTs, Windows Kernel Exploitation, Bug Bounties, Web Application Vulnerabilities, Mobile Security, Containers, Cloud Security, etc.
We continued to receive local support from organizations such as Airtel, ThoughtWorks, Sapient and Deloitte for allowing us to host various events.
This chapter was dormant in 2018.
This year null Chapter organized a total of 10 events totaling to 42 sessions. 34 unique speakers delivered sessions across the year with the participation of ~35 people every meet. The participation in the meets including the speaker was very diverse, from first-timers to seasoned speakers, they all delivered on presentation with high-quality content. 20 out of 34 speakers were speaking at our chapter for the first time.
We associated with HITB Dubai this year. We had 6 volunteers/leads who worked tirelessly to make the event possible. We had 2 standees, 6 T-shirts, 1 roll up banner, Free stickers designed by Seid. We set up a booth at the conference and spread awareness about null and null meets the likes of Dubai Government, Universities, Students and professionals. We also hosted a CTF challenge (sponsored by nullCon) to solve code review challenges and awarded a winner. All in all, it was a fun year with some very cool memories.
Pictures are posted on our Twitter handle @nullDubai.
null Hyderabad chapter has around 2000 members and we have organized 9 meets and 3/1 Humla/Bachav in 2018, total registrations for the meet is -1554 and for Humla & Bachav – 218.
As a mature chapter, our target toward 2018 was “quality talks” and improve “communication” with null hyd members. We also improved core team strength and created a process for new volunteers. We have continuous support from giant companies like JPMC, Service Now, Thought works, EPAM, CA, ADP and many more. Hyderabad leader and core team made this all possible (mentions - Mahesh Bheema, Pavan, Shanthan.
As our community is growing bigger day by day, being an open security community we are trying to maintain the quality of content high along with passing a sense of responsibilities to the participants to contribute back to the community.
We have hosted a total 20 Event (63 Sessions) this year which includes 12 Open monthly meets, 2 Humla hands-on sessions, 3 Puliya session and 3 security workshops.
We witnessed diverse participation from industry professionals, academic institutes, government agencies and independent consultants. We have also witnessed the participation from corporates for providing the venue and required resources for hosting the open security meets and hands-on session. Few of the companies even went ahead and mandated the participation of our community for their employees to gain the knowledge as well as giving back the knowledge.
This year we attempted to bridge the skills gaps which industry is facing by introducing industry professionals to our community and at the same time by introducing the college students to such professionals for an internship or full-time opportunities. We have many student participants which got an internship or got permanently placed at reputed organizations.
We tried covering the diverse security topics this year including Python Programming, ICS Security, IOT security, Machine Learning, Reverse Engineering, Buffer overflow, Malware Analysis, WiFi Antenna making and frequency analysis, Crowdsourced CTF solving, writing custom shellcodes, etc.
null Mumbai was also community partner for the security conference organized by Computer Society of India and Cyber Maharashtra (Project under Maharashtra Government).
This was a good year for null Pune. We conducted 10 events in 2018 (8 meets and 2 workshops). We had a total of ~400 RSVPs (we really had some outstanding turnouts with 45+ people some days) and an average 3 sessions per meet. A mix of students and professionals attend and present in Pune. We even mentor some students from the first year of college. We did some great sessions with a variety of topics including blockchain, hardware/IoT, maths, crypto, machine learning, browser security and reverse engineering. We also had talks specific to people getting into or preparing for certs like OSCP/OSCE where attendees learned from the experiences of speakers. Similar to the Bangalore chapter we had a WINJA meet in the first week of January 2019 which had a great turnout, interactive quizzes and CTF. Looking into the next year we plan on having multiple Puliya sessions based on the response from the community and CTFs to correlate with sessions.
null Singapore Chapter is currently the largest security community in Singapore with over 1600 members. We have organized 4 meetup and 3 workshop events in 2018. At null Singapore, we have interesting participation from members with a wide range of expertise including developers, pentest, hardware security, crypto experts, product security, network security operations, and more. We are pleased to host null community booths in well-known conferences here such as Blackhat and HITBGSEC and spread the awareness about our activities.
We have amazing support from the local companies in Singapore to host our event. In 2018, most of our events were hosted at Grab, Zendesk, and Cloudflare.
It’s inspiring to see how all these chapters have been working tirelessly towards the propagation of knowledge and bringing awareness about information security at grassroots. Each chapter has done something different to connect with the local community. The testament to the efforts in the event archive page which is arguably one of the largest information security archives with base in India: https://null.co.in/event_sessions. One can pick any topic under the sun on information security and can hopefully find at least one session that was delivered at a null chapter.
The way forward for the community is to keep surpassing our own achievements and reach new heights, there are hundreds of unexplored possibilities and scenarios which will only be possible when people join hands. So this blog post should also be considered as a request to step forward and suggest what more we can do to help the world be a better place.
Please reach out to your respective chapter leaders or the null community managers for any feedback.
In case, your local region does not have a chapter and you want to start a new chapter to promote infosec learning, visit this page.