HITB ARMORY

SECURITY tools demonstration area

SPONSORED BY CROWDFENSE

The HITB Armory is where you can meet your favourite security tool authors and developers and see in-person demos of what their tools can do in 2 x 2 hour sessions in the exhibition area.

Come, meet, ask questions, and grow your skills! This is a relaxed and informal environment where you get to chat with authors about features they’re hoping to add or gain insight into some new and essential security tools to add to your arsenal!

HITB Armory is organized in collaboration with Opposing Force and generously made possible with support from Crowdfense!

TOOL PRESENTATION SCHEDULE
day 1
SESSION 1
10:30 - 12:30

out-of-tree

Mikhail Klementev

Vajra

Raunak Parmar

AVred

Dobin Rutishauser

KidFuzzer v2

Zhenpeng Pan

LUNCH

SESSION 2
(14:00 - 16:00)

eBPFShield

Sagar Bhure

Revelator

Jundong Xie

GCP Goat

Joshua Jebaraj

iGoat

Swaroop Yermalkar

TCP/IP NETWORKING SOCIAL HOUR
18:30 - 20:00

day 2
SESSION 1
10:30 - 12:30

eBPFShield

Sagar Bhure

Revelator

Jundong Xie

GCP Goat

Joshua Jebaraj

iGoat

Swaroop Yermalkar

LUNCH

SESSION 2
(14:00 - 16:00)

out-of-tree

Mikhail Klementev

Vajra

Raunak Parmar

AVred

Dobin Rutishauser

KidFuzzer v2

Zhenpeng Pan

POST CONFERENCE PARTY
19:30 - 00:00

about the tools & their authors
KidFuzzer 2.0

KidFuzzer is an hybrid user-space fuzzer for Apple Ecosystem, which can help you find vulnerabilities from IOKit Drivers to Coprocessor firmwares and XNU kernel. During this session will demonstrate how to port some old bug patterns and researcher’s general idea into a real fuzzer and find new bugs.

Mobile Security Researcher

Star Labs SG

Zhenpeng Pan(@Peterpan0927) is a mobile security researcher at STAR LABS SG, focusing on iOS/macOS/Web bug hunting and exploitation. He used to work in Alibaba Security Pandora Lab and Qihoo 360 Nirvan Team. He was a speaker of Zer0Con, POC, OffensiveCon and 0x41Con.

iGoat

OWASP iGoat: An essential tool for every iOS developer offering in-depth lessons on common security vulnerabilities. Dive into hands-on sessions, understand security pitfalls, and learn to fortify your applications against threats in the real world

Senior Cyber Security Researcher

ThriveDX

Swaroop Yermalkar is a seasoned cybersecurity professional with over 11 years of industry experience, currently working as a Senior Cyber Security Researcher at ThriveDX. In his role, Swaroop focuses on investigating cutting-edge attack vectors and incorporating them into the company’s learning platform to enhance cybersecurity training and awareness. In the past, Swaroop has collaborated with organizations such as Philips Healthcare, Khoros, Traveloka, and Persistent Systems, taking on various roles such as Security Engineer and Head of Product Security.

Vjara

Discover, Assess & Control Cloud Hacking with Vajra. A potent UI-based tool for Azure & AWS environments. Perform OAuth Phishing, Password Attacks, Azure User/AD/RM Enumeration, Subdomain discovery & more.

Security Consultant

@notsosecure

Raunak Parmar works as a security consultant at @notsosecure whose areas of interest include web penetration testing, Azure/AWS security, source code review, scripting, and development. He has 3+ years of experience in information security. He likes to research new attack methodologies and create open-source tools that can be used during Cloud Red Team activities. He has worked extensively on Azure and AWS. He is the author of Vajra, an offensive cloud security tool. He has spoken at multiple respected security conferences like Black Hat, Defcon, and Nullcon and also at local meetups.

eBPFShield

Empowering robust system security with DNS monitoring, IP-Intelligence, ML-based IDS, and Forensics for proactive threat detection & prevention.

Engineer

F5 Networks

Sagar Bhure is a highly accomplished Security Researcher with a proven track record of excellence in his research on security. He is a filed patent holder with the US for his innovative work on ML and Security and has published several papers on the subject in top-tier journals. Sagar is also the founder of the BSides Hyderabad security community, where he actively collaborates with industry professionals to enhance security awareness and education. He currently leads various projects at OWASP, including the prestigious “ML Security Top 10” an OWASP flagship project.

Sagar has spoken at several industry-leading international conferences, including BlackHat, OWASP, and APISecure. He is regarded as a respected thought leader in the cybersecurity community, frequently invited to speak at conferences and workshops on topics related to offensive and defensive security. Sagar’s engaging presentations have helped to educate security professionals with cutting-edge research and tools to strengthen their security toolkits.

GCP-Goat

GCP-Goat is an intentionally vulnerable GCP environment designed for learning and practicing GCP Security.

Cloud Native Researcher

we45

Joshua Jebaraj is Creator of GCP-Goat .His primary are of interest around cloud and cloud native security.He had also Spoken at conferences like Defcon,Owasp-Seasides,Bsides-Delhi and Eko-party When away from the screen he can be found watching movies and making memes

Revelator

Revelator is a tool designed for structure recovery. It can automatically or semi-automatically create structures, discover the usage locations of structure in IDA as much as possible, and restore variable types in IDA.

Security Expert

Ant Security Light-Year Lab

Jundong Xie, a security expert at Ant Security Light-Year Lab, is a graduate of Zhejiang University and a former member of the AAA CTF team. His areas of interest include browser security and instant messaging software security. From 2018 to 2020, he participated in three editions of the Tianfu Cup International Cyber Security Competition, where he broke into Safari, Adobe Reader, and multiple mobile devices with his teammate. In the 2020 Tianfu Cup, he and his teammate were the only ones to complete a fullchain attack on the Safari project. He is also very willing to share his research findings, and has presented his topics at Blackhat Asia 2021, Blackhat USA 2021, and ZeroCon 2022.

out-of-tree

out-of-tree is the tool for reducing the complexity of the environment for developing, testing and debugging Linux kernel exploits and out-of-tree kernel modules (hence the name "out-of-tree").

Developer

out-of-tree

The main developer of out-of-tree

AVred

Avred is an open source python application which is able to reverse engineer which parts of a file is being detected by an antivirus. based on the results it provides as much information as possible to enable the analyst to easily obfuscate the file in question. doing this with a large sample size gives a good insight into the inner workings of an AV.

Penetration Tester

Raiffeisen Schweiz

Dobin was a penetration tester for many years, and then switched to be a SOC analyst. Currently he is leading the RedTeam at Raiffeisen Schweiz