Saturday, 18 April 2015

WINJA at NULLCON2015


WINJA - An all women’s Capture The Flag (CTF) event arranged at NULLCON 2015 by Sneha Rajguru, Apoorva Giri and Shruthi Kamath was a well organized and well run event.
The event attracted enthusiastic participants from across India, some of them were already regulars at the null chapters in their respective cities.

Wondering what or who a WINJA is?
It is an on-site hacking simulated competition at nullcon where individuals attempt to attack and defend computers and networks using certain software and network structures. http://nullcon.net/website/goa-15/ctf.php#winja
Women Ninja at NullCon
3 groups were distributed with vulnerable systems and asked to crack the challenges. Below are some of the challenges presented to the participants.
  1. Missing function level
  2. Command execution
  3. SQL Injection
  4. IDOR
  5. Spoofing Referer
  6. Reflective XSS
  7. Sensitive data exposure
  8. File upload
  9. Stored XSS
  10. CSRF

Participants were grouped into three teams consisting of 3 / 4 girls in each team.
  1. Group A participants
Kriti, Shobha, Rupali, Soni
  1. Group B participants
Sudeeksha, Elizabeth, Angeline
  1. Group C participants [WINJA Winners]
Vandana, Hema, Ananya

Cracked challenges and scores
Missing function level -10, SQL Injection - 10, Reflective XSS - 30

The participants tested their hacking skills and learnt different attack vectors for various vulnerabilities and had fun while doing it.

Feedback from some of the participants
Saumya - Excellent concept, glad to have bonded at the first and one of it’s kind women only event.
Kriti from Adobe - Liked the opportunity to volunteer and be a part of the event.
Sneha a participant from Attify - An exclusive women only event helped to network with the other participants and know each other.
Elizabeth - It was my 1st CTF event, tried and understood what I was doing and enjoyed it.
More such events should be organized.
Ananya Chatterjee - Having the event organized at NULLCON helped. Glad that it was an  inhouse event so that the participants could attend the conference plus the competition.

Overall the participants were in unison that the event was educative and helped them all know and network with each other.
Team 2 continued to crack the challenges after the event, with the winning team helping the runners up.
This did not stop here as Sneha Rajguru extended her help to continue to learn after the event by sharing their contacts to exchange ideas and share knowledge.
Some of the participants expressed their interest to contribute to Infosec girls and be a part of the null chapters at their respective cities.

Group C emerged as the winners and were awarded at the end of the event.

The event in pictures

About The Event organizers - The Infosec Girls
Apoorva Giri
Apoorva works as a Security Analyst with iViZ Security (a Cigital company).She has presented a workshop on "Cyber Security and Ethical Hacking for Women" at c0c0n 2014at Kochi, Kerala. Her interests lie in Web Application Security and Mobile Security. She's an active member of null/OWASP Bangalore Chapter. She has been listed on the Barracuda Hall of Fame for finding vulnerabilities on their application.
Shruthi Kamath
Shruthi works at Infosys Limited. She is a certified Ethical Hacker from EC Council .She has presented a workshop on "Cyber Security and Ethical Hacking for Women" at c0c0n 2014.She has conducted a one day workshop on "OWASP TOP 10" at Null Bangalore chapter. She has presented on "Secure SDLC" at c0c0n Conference 2013.She has participated at Jailbreak nullcon 2014. She presented a talk on "Cybercrimes in India and its Mitigation" at the National Conference for Women Police held at Trivandrum. She's an active member of null/OWASP Bangalore Chapter. Her area of interest is Web Application Security.
Sneha Rajguru
Sneha works at Payatu Technologies Pvt.Ltd. She is a Certified Ethical Hacker and a Licensed Penetration Tester from EC Council. She's an active member of null Pune Chapter and has presented talks on various information security related topics during the local null meets(Pune chapter). Her area of interest lies in Web application and mobile application security and fuzzing.
Follow the below web links to learn more about NULLCON conference, Infosec girls and null chapters.
Null - http://null.co.in/ Infosec Girls - https://infosecgirls.in/ NULLCON - http://nullcon.net/

No comments: