THREAT CON 2018 – Nepal’s First Hackers’ Convention organised by ThreatNix was successfully concluded on 23rd November. The two day event saw overwhelming participation of IT and cybersecurity professionals along with enthusiasts from various different fields. On 22nd November, two workshops, “Secure Coding Workshop” by Jim Manico from USA and “Bug Bounty Workshop” by Prateek Tiwari from India, were conducted and were attended by 112 people in total. Whereas in the next day’s conference 335 people from 9 different countries participated. Both conference and workshop tickets were completely sold out before the event.

During the second day parallel sessions were being run on two halls. On one of the hall, speakers from 5 different countries presented papers on various domains of cybersecurity. The keynote speaker Matt Suiche gave a talk on growth of cybersecurity communities in the past 30 years and their influence in the development of the field. Jim Manico presented a talk on the proactive control mechanism that need to be implemented to develop a secure application. Alex ‘Jay’ Balan gave a live demonstration of hacking an IoT smart power socket and talked about how IoT devices have critical unaddressed vulnerabilities and the need to secure them. The team of Vladimir Dashchenko and Sergey Temnikov presented their research on the weakness of various license managers.They also gave demonstration of zero day vulnerabilities on some popular license managers. The talk by Rohit Tamma and Sukriti Sharma presented ways to secure the cloud infrastructure of an organisation. After the talks, two panel discussion sessions titled “State & Strategies of Cyber Security in Nepal” and “Government Initiatives in Cyber Security” were conducted in the hall.

In the other hall, a live bug bounty event was conducted for the first time in Nepal. In the event, hackers tested for vulnerabilities in three different platforms and found a total of 13 vulnerabilities. A total reward amount of 34 thousand rupees was paid to the hackers.

Alongside the live bug bounty event, computer security tools were demonstrated by researchers at the Arsenal section which too was a first event in Nepal. The tools demonstrated in the section consisted of open source security tools built by Nepali security researchers. These tools dealt with detecting web attacks, identifying malicious connections and demonstrating potential malicious usage of proxy servers which are now being widely used in Nepal to bypass website restrictions.

Two capture the flag (CTF) competitions were conducted where participants used their hacking skills to solve challenges by employing various hacking techniques. The competition was won by team “Kaspersky Labs” from Russia and they took home a prize of Rs 20,000 and a 100$ worth of coupon code from NoStarch. A total of 14 team participated in the competition.

The convention was a milestone in Nepalese cybersecurity frontier and was able to bring it to the attention of international security community. We consider that it was definitely able to accomplish the goal of assimilating international security professionals and practices to Nepalese cybersecurity practicing community. We would like to extend our deepest gratitude to all the collaborators, sponsors, attendees, well-wishers and most of all to the distinguished speakers without whom the event wouldn’t have been able to observe a successful completion.

The slides from the talks and workshops have been uploaded to https://2018.threatcon.io/media/.

But regretfully, the slides of the talks “License managers: The Phantom Menace” and “How To Effectively Manage Your Org’s Cloud Security Posture” have not been uploaded as per the request of the respective speakers. These slides will be uploaded if and when the speakers give the all clear.

The videos of the talk and all photos will be going live in the event website https://threatcon.io within a couple of days.

THREAT CON will be returning next year in an improved form by addressing all of the possible shortcomings and hiccups of this year.