• C0d3G33k

    by Published on 03-16-2017 08:53 PM     Number of Views: 290 

    i was a part of infosec community for over a year. And many times i came across the people who told me about this amazing tech convention which was held in Goa march every year. This got me really excited for the NULLCON.

    So i did little research about nullcon and how to get entry in this event. So i got to know that there ware passes available to get in the event. But at that time i was not able to afford the passes so i dropped the idea to go in nullcon. But later on i heard about the Garage4Hackers community providing free passes to those who have contributed to open source community. As i was a member of Garage4Hackers community for quite some time. So, i provided them some of my open source contribution and i am glad that they choose me for the free passes of nullcon.

    Now i have the free passes to nullcon so the excitement level was very high. Apart from passes going to Goa wasn't a easy task for me. And for that i took a break from my college and on going projects. So that i can focus on bug bounties and i can say that odds were in my favor because at the end of the day i had sufficient amount to go to Goa.

    On 28th Feb i took a bus from Kota to Indore and then i got on the flight from Indore to Goa. And the journey took me about 21 hrs to get to the hotel in Goa.

    On 3rd march the first day of nullcon 2017 begin. I went to nullcon location at holiday inn resort, Goa. And the crowd present there got me more excited. Then i moved to the booth to collect my free pass, along with free pass i got a goodies bag. And now this was the moment, for which i have waited a long time.

    At the gate, i met sandeep sir and it was great to see some familiar faces, as we have already worked together at secureLyaer7 for quite a while. So we got along and then we head towards the hall-A where the opening note was about to begin.

    After the opening note a keynote on Silicon: Security's New Layer by Joshua Pennel was quite informative. And then Mr. Michael Hendrickx from Microsoft discussed on How to be successful in the Azure bug bounty program. He explained the entire Azure architecture as well as reports from other researchers. Mr. Jack Whitton from Facebook told about increasing impacts on Facebook bug bounty program. Previously i have studied many of bug reports submitted to Facebook from different resources. Apart from those, he disclosed some amazing bug reports. And also he gave instructions on how to submit bug reports on Facebook.

    Google talk begun at 2PM on great bugs in google VRP in 2016 by Karshan Sharma and Martin Straka. As a security researcher, i have encountered some bugs and submitted to google but after their talk i was amazed to see how creative the people were who have submitted bugs in google. And this was the point, where i realized, its a long road ahead and to be able to reach at that level, i need to keep on going. So, clearly this was the best talk of the nullcon 2017.

    Then Adam Bacchus, chief bounty officer at hackerone explained how the bug reporting mechanism work. This was again an awesome topic because the people who submit bugs need to know about the process that follows after the bug submission.

    After the presention of Adam Bacchus there was a 30 min break and then i got to meet with Geekboy, the one guy who has helped me alot in bug bounties.
    It always amazed me that a guy at a level of him is always ready to help. And then i was setting in hall for the next session to begin, when i realized that the person in the crowd that was in front of me is Mr. Karshan Sharma who gave an excellent talk on great bugs in google VRP. So, i approached him, And he was really nice. He told me about his journey from being a security engineer to a google employ. And i got to know about how things work at google. And how much of the work they need to automate. Then, i asked him how can i apply in google. Then he explained me about the procedure and then we talk about me and my achievements. It was my privilege to meet such a nice guy and this happened to me because of nullcon so i thank all the people who made this possible.

    After the break, Mr Faraz from bugcrowd gave an interesting presentation on how to interact with bug bounty programs. Through a simple presentation he explained the bug bounty programs and their working. And this was the end of day 1 at nullcon 2017. But not for me then i met with nilesh sir for the first time. We have met on Facebook and he always motivates me and meeting him was such a great surprise we discussed about first day at nullcon and he experience in infosec community. Then i was on my way back to hotel.

    DAY 2

    After the great experience of day 1, i expected highly of day 2 but the talks of day 2 were not upto the mark that was set on the day 1. So, i decided to go for CTF challenges. Then it was the time to meet Garage4Hackers gang. So the Garage4Hackers gang gathered at the decided place, Then sandeep sir introduced me with some senior members of Garage4Hackers later he talked about the ranchoddas webcast series and asked for our opinion to make it better. As well, he gave us responsibility to continue to forum after them. After that the whole Garage4Hackers team went to grab lunch together. Time passed quickly and soon, it was the time for last talk of day 2. and we decided to go for it. it was about injection security into webapps with runtime patching and context learning by Ajin Abraham.

    In the evening i was invited to the party organised by secureLyaer7 but due to some reasons i decided to head back to hotel.
    And on 6th Feb, i took the flight from Goa to Indore.

    Overall Experience

    Entirely this whole journey was a great experience. And i appreciate the people who have organised nullcon because its a great way to bring the people of infosec community together. Nullcon benefits all kind of people even if he is beginner, intermediate or expert. But even nullcon isn't perfect. People goto these conventions with hope to share their knowledge and to learn from other members of community while some members don't share and help other people. And the only thing that can make the nullcon perfect is the people. So i would like to say to all who went to nullcon this year or wish to go in upcoming years, don't hold back. Help everyone and share your achievements and experience. Not only this will make you grow as a infosec researcher but as
    a human being too. And then we would have the best nullcon ever.
    by Published on 03-16-2017 08:38 PM

    i was a part of infosec community for over a year. And many times i came across the people who told me about this amazing ...
  • G4H Facebook

  • G4H Twitter