My experience at nullcon 2014

I was recently a speaker at nullcon 2014, a premier infosec conference in India. My talk was a re-hash of my earlier talk at Deloitte CCTC-2 and was titled “Browser Extension Security”.

I applied for the CFP sometime in November with a copy of my talk, paper and code I’d used. My application was reviewed and I was told, accepted under the night-track on 13th February.

The talk itself covered browser security mechanisms, and where the current state of art lies (Chrome) with respect to Browser Extensions. The talk was pretty well received (even though I sweated a lot onstage), and a lot of attendees came up to me to discuss it further after the talk.

The paper behind the talk, and the related source code can be found on GitHub. Create a new issue or send me an email in case you have any queries. ~The tool demo I gave during the talk can be found at http://nullcon.captnemo.in~ (Not available anymore). Note, however that it currently uses cached data to check for permissions, and is not a LIVE tool.

nullcon was my first conference, and I’m glad to say I enjoyed it very much. From the great hosts to the amazing parties, and all the free booze, I loved it all. I made a lot of friends, and I plan on keeping in touch. The networking level was amazing at the conference, and I was happy to get in touch with so many guys in the industry, so to speak.

A lot of people queried me about future research on the topic, and while I currently do not have enough time to pursue it, its on my radar of things to do. I’m also thinking of getting in touch with the Chrome Security Team with my research.

As an aside, a big thanks to Rushil for helping me in the first version of the paper for CCTC. It won’t have been possible without him.

##Some Clicks

I’m still waiting on receiving official clicks from nullcon. Will update this post when I get my hands on them.

Published on March 13, 2014
By