SecureLayer7 at Nullcon 2022 Berlin Conference

Redis sandbox escape affects only Debian, Ubuntu, and other derivatives

April 4, 2022

Vulnerability Analysis of CVE-2018-12613 – phpMyAdmin 4.8.1 Remote Code Execution

September 6, 2022

Published by Srivani Reddy at April 20, 2022

Nullcon is a well-known Indian cybersecurity conference and first time held in the Berlin, Germany location. The conference is known for its technical research talks and networking parties.

To support the Nullcon initiatives, SecureLayer7 sponsored the event as a community partner with its team representing at the Conference. Pushkar Kadadi was representing the products, Sandeep Kamble took care of planning and executing the overall initiatives at the booth, and Girsh Patil was ensured to connect people for demonstrating the BugDazz and AuthSafe products. This was the first POST COVID conference SL7 team attended and all were excited to meet super cool hackers.

The fun fact about the event is that team members booked the flight tickets one day before the conference because of the uncertainty of VISA status. Fortunately, folks from SecureLayer7 managed to onboard the flight without much difficulties and reached safely in Berlin on same day of the conference.

The conference was held on the Ground floor, NH Berlin Alexandrian Hotel, Berlin, SecureLayer7 have been allocated tables for the exhibition. At the Nullcon Berlin conference, our objective was to connect with the customers, security researchers, and pentesters and share the BugDazz’s mission of simplifying the complex pentest processes and deliver maximum ROI to customers.

Nullcon Sponsors

Day #1 at Nullcon

On 8th April, conference SecureLayer7 team started attending the talks and the fintech panel discussion. The fintech panel was especially focused on the account takeover and vendors cybersecurity responsibilities.

On day #1 mainly three CTF were visible in the exhibition hall as listed below.

Google CTF
HackIM
Firmware Village

First, Google started with CTF registration and received a good number of registrations. To play CTF, g33ks and H4x0r started booting their systems. The Google CTF dashboard clearly displayed the leading teams and that was super motivational to all team members. All CTF players eagerly waited for the second day as results are going to be published and there were gifts for all. Google always appreciates the cybersecurity community efforts and history explains the engagement in detail.

Second, HackIM registrations opened for playing the CTF. Lot of classic challenges were seen as part of the HackIM CTF. In the hall, everywhere you will find people staring at laptops and solving challenges.

Third, Village firmware was one of the unique or I would say Crown Jewels of the conference. The CTF was focused on reversing the firmware and identifying the flags. But wait to reverse the firmware you need to dump it from device and exploit it further.

Lastly, the entire Nullcon audience was waiting for the special talk at the end of the day focused on burning the UPS by upgrading the firmware remotely. Here is video recorded and you can clearly can see the smoke coming out from the UPS. Nullcon volunteers were on standby to stop the smoke out of the UPS or the device. The speaker talked about the process followed to build such weaponised exploit and it was worth attending the talk.

The Burning UPS

Networking Party

On the evening of 8th April, Nullcon hosted an invite-only party for networking and peer-to-peer discussion. Everyone knows what happens in Goa party stays in Goa but in Berlin, the theme was different. All party hackers have been invited to the computer museums. The museum’s main attraction was an old gaming console that you will rarely see in any of the places.

Our CTO met Mario from Cure53 and had a detailed discussion on the various topics and introduced to the core team members of the Cure53. Our friends, Chaitu and Fabian were clicking photos and videos for sharing conference glimpses with the cybersecurity community. At 10:00 PM everyone left for their respective destinations with bunch of connections and smiling happy faces.

The Place where we Nullcon Night Party

Day #2 at Nullcon

The second day was sunny, and it was not much cold as the first one. Hopefully, the hangover was over for everyone who participated in the party. Everyone was waiting for the James Kettle talk and he was talking about the security research process.

SecureLayer7’s product manager said that he was able to demonstrate the BugDazz to 25 security professionals in one day. BugDazz received a bunch of interesting feedback and kudos from the security professionals. We have collected the feedback and shared it with the product engineering team for further feasibility analysis.

We met James Kettle (@albinowax)

We met Aseem Jakhar (@aseemjakhar)

SecureLayer7’s Girish Patil had an opportunity to meet some of the industry leaders from N26, Google, Blockchain startups, Mozilla, Chrome development engineers, and many other companies. He had remarkable experience after listening to their experiences and stories for pentest activities. Unfortunately, Girish did not get much opportunity to speak about the Fraud detection in Nullcon but few of the fintech acknowledged the AuthSafe use cases.

Girish also met many Indian Infosec students from Berlin who already knew SecureLayer7 as leading Indian cybersecurity product and service company. Many of them expressed their interest in joining SecureLayer7 in the future.

We also met professor Volker Skwarek from Hamburg university and had fruitful discussion on IoT security in conference.

Closing Ceremony:

Nullcon, one of the largest and most important hacker conferences in the world, was about to conclude. The last day had arrived, and the presenters and attendees were collecting their belongings and preparing to depart. The conference’s final talk was about to begin, and everyone was looking forward to hearing it.

We were pleased to watch how the community worked toward solving the challenge when the CTF prize distribution began for CTF victors. Antriksh Shah thanked all of the team members and sponsors at the end of the notes. It took a tremendous amount of effort to go from zero to one in a new region. With a few people present, the SecureLayer7 crew began preparing an after-event party in the background.

Exploring the Berlin, Germany:

Sandeep, Girish, and Pushkar had always been adventurers. They were always eager to visit new locations, and Berlin was no different. The city had a lot to offer, from its gorgeous architecture to the delicious food and drinks available. They passed by notable locations such as the Brandenburg Gate and the Reichstag as they walked about. They also discovered some new spots to visit, such as the Berlin Wall and an East Side gallery. They promised to return soon because the experience was genuinely remarkable. The Enigma machine was one of the highlights of their trip to the Spy Museum. [1]