My first experience at c0c0n XI
C0c0n is a cybersecurity conference and where you’ll find something useful and something fun it covered from hooking methods to car hacking topics some small awareness program was also going on for non-tech people contests etc
I and my friend went to c0c0n it was our first time in a security conference Null Bhopal sponsored us to go there on our first day we reached there before the conference even started
we received our passes and went in as soon as we went in, there were people wearing cool badges with light in them we were curious why do they have it as it was our first time at a conference we didn’t know there was a CTF competition going on we went and participated in DOM CTF. there were 47 teams competing we captured 4 flags in C0c0ns main competition at night though we were busy attending talks while we were in Grand Hyatt
We heard a talk about a tool that recognises faces and searches that facial figure in records and leaked password databases and data breaches of sensitive information using machine learning we realised that machine learning and AI with cybersecurity can be a lethal combination.
The opening act was about car hacking and self-driving cars it was funded by TCS a self-driving Tata nano was itself a thing of amusement then hacking it with police inspector in it was a sight to watch they said we “kidnapped the superintendent of police” pun intended. though all that was funny and amazing but this made everyone think about self-driving cars and there security you might not know where you are going in your car in future if someone has hacked it. Technology have it’s perks and flaws.
Next, we saw a talk by Raphael in which he demonstrated how he hacked a camera over which was really simple because he just connected to a camera and from this kit mentioned above he hacked into that camera.
He found an exploit in the camera, it was using a service which had the default password and he searched over shodan for the service online and found 3000 affected devices. all because the software was tested and the device a hardware vulnerabilities were neglected and they can reveal some unseen information during a pentest. He explained how important hardware pentesting is and how devices can easily be hacked with a simple raspberry pi although that’s not recommended by him but good to start learning.
Then there was lunch we networked with many people there including people from the police force, military, people who have been in the industry from years and some guys our age who are still learning we met Navneet and Jaiden who were working on machine learning product with Kerela cyber dom. We are now doing a project together.
Red team village CTF competition that was my first CTF i participated in that and it was one of the best ctf’s i have ever seen it had to be completed in 3 hours when we reached competition venue and we got 3 flags and we won 3rd place coincidentally we got 3 in all of them lol then there was dinner and the first day was over.
We had fun on the first day the second day we attended talks about
the first talk was about how a bug bounty hunter hacked and got 5000$ bounty 3 times for same clickjacking vulnerability.
Then this was one hell! of a talk to attend there was a speaker who was investigating, North Korean hackers and how they hacked into US intelligence and how there are ways to hide and use social engineering attacks in order to reach places where you are not allowed they hacked people in recruitment department and hired themselves via emails and phones getting hacked of important people in an organisation.
next, we got another tool in our arsenal after we heard this talk about a tool used for pentesting cloud infrastructure by Abhishek sir.
This was a very interesting talk as he used Instagram to get access to peoples bank accounts using very simple social engineering and information gathering. this was also in a way a dumpster diving attack as he looked for peoples aircraft tickets and gathered there whole names and rest of the information at last, we attended on the last talk about SQL injection
then there was the closing ceremony of cocon in which they revealed robots dancing to songs and award ceremony there was a actor famous in Kerela though i don’t know him at last we left with experience and information we might not get anywhere else.
Thanks to Anant sir and Null Bhopal without null we won’t be there or have an opportunity as students to learn and meet such people who have years and years of experience.