Seminars & Events

Video compiled by: Prashant Kardam, Rajesh Sahu, Rohit Negi

jkhk

Bio: I am pursuing M.Tech in Computer Science (with specialization Cyber Security) at the Centre for Advanced Studies, Dr. A.P.J. Abdul Kalam Technical University, Lucknow and I have done B.Tech degree in Computer Science Engineering from Shri Ram MurtiSmarak College of Engineering & Technology at Bareilly.

Area of Interest:  Cyber Security, Malware Analysis & Web VAPT

Title: Detection of loopholes in web application

Vulnerability Assessment and Penetration Testing (VAPT) techniques help them to go looking out security loopholes. These security loopholes could also be utilized by attackers to launch attacks on technical assets. It divides into 3- phases like Web Application Development Cycle, Web Application Security Testing and Web based attacks, Security aspect in Development Cycle. According to the news of OWASP for web applications vulnerability like Broken Authentication & Session Management, Cross-site Scripting (XSS), Insecure Direct Object References. In my work I am doing detection of some loopholes in web application.

Alternative text - include a link to the PDF!

Bio: I am an undergraduate Computer Science Engineering student from Gandhi Engineering College, Odisha. By day am a full-time student and at night am an Ethical Hacker and a Cyber Security Researcher. Till yet worked and acknowledged by more than 100+ companies, most of counted from Silicon Valley.

Area of Interest: VAPT (Vulnerability Assessment and Penetration Testing ). Basically, at C3I center am testing the security vulnerabilities of the SCADA systems.

Abstract: Detection of a malware when a new binary is downloaded, to distinguish it from ‘benign-ware’ is an important part of computer security.  There exist various techniques proposed by researchers using both static and dynamic analyses to detect malware. But day by day, malware authors have improved its evasion capability using non-persistence, obfuscation techniques, and use of  volatile payloads that operate only in memory.  With obfuscation techniques, malware authors make the reverse engineering of binary tougher. So now malware analysis is not limited to static and dynamic analysis. By memory forensics techniques we can get a comprehensive view of the actions of an executable. We have used an interval-based approach to take the memory dumps and then selected one memory dump for further analysis. In this work we have extracted various features from memory dump such registry bindings, suspicious DLLs, hidden processes, orphan threads, code injection, injected DLLs, file system etc., and automated the classification of malware vs. benign-ware. For evaluation purposes we used 1730 malware and 1571 benign files. We achieved 99.09% accuracy with 0.43% false positive rate using XG-Boost
classification method.

Abstract: Functional Encryption and Obfuscation are two of the most exciting primitives in modern cryptography. Functional Encryption generalizes public key encryption and allows fine grained access on encrypted data. Obfuscation asks to garble a program such that its input output behaviour is preserved but all its internal workings are hidden. These two primitives are deeply connected, and finding efficient constructions for them, provably secure from well understood hardness assumptions is one of the key themes of modern crypto research.

In this talk, I will summarize the state of art in this space as well as discuss some new results.