HOSTED BY

OFFICIAL GOVERNMENT CYBERSECURITY PARTNER

OFFICIALLY SUPPORTED BY

ORGANISED BY

{ Call for Tools }

GISEC ARMORY will serve as an exclusive arena, showcasing the very best of open-source cybersecurity projects, tools, and solutions. This platform offers developers, security experts, and enthusiasts an opportunity to display their open-source projects, gain recognition, and foster collaboration within the global cybersecurity community.

  •  
    1
     

    Tool Demonstrations

    Armory will feature live demonstrations of cutting-edge open-source cybersecurity tools. Attendees will have the opportunity to see these tools in action, ask questions, and gain insights into how they can enhance their cybersecurity efforts.

  •  
    2
     

    Meet the Developers

    This event will bring together developers of open-source cybersecurity tools, allowing attendees to connect with the people behind the projects, share ideas, and potentially contribute to the development of these tools.

  •  
    3
     

    Networking Opportunities

    Armory will feature live demonstrations of cutting-edge open-source cybersecurity tools. Attendees will have the opportunity to see these tools in action, ask questions, and gain insights into how they can enhance their cybersecurity efforts.

  •  
    4
     

    Knowledge Sharing

    Attendees can participate in informative sessions and workshops that focus on the importance of open-source tools in cybersecurity, how to effectively use them, and best practices for securing digital environments.

  •  
    5
     

    Open Source Tool Awards

    Armory will recognize the outstanding contributions to the field of open-source cybersecurity by presenting awards to developers and projects that have made significant impacts.

{ AGENDA }

Day 1 | 23 April 2024

10:00 - 10:45
Topic: AI Wargame
Come join a fun and educational attack and defence AI wargame. You will be given an AI chatbot. Your chatbot has a secret that should always remain a secret! Your objective is to secure your chatbot to protect its secret while attacking other players' chatbots and discovering theirs. The winner is the player whose chatbot survives the longest (king of the hill). All skill levels are welcomed, even if this is your first time seeing code, securing a chatbot, or playing in a wargame.
Presenter

Pedram Hayati

11:00 - 11:45
Topic: CQData: Data Extraction & Forensic Toolkit
This toolkit is a powerful cybersecurity resource designed for the extraction and
analysis of cached credentials to identify system vulnerabilities.

How is it useful?
• Empowering penetration testers to locate and extract cached credentials
• Empowering admins to look for weaknesses in the configuration of the
infrastructure (stored credentials etc.)

Why is it cool?
• Based on a world discovery in DPAPI – reverse-engineering the mechanism of
extracting passwords
• Powerful tools for penetration testing
• Help with password leak prevention

Who is it for?
• Penetration testers, red teamers, admins
Presenter

Paula Januszkiewicz

12:00 - 12:45
Topic: AI alert correlation to augment every SIEM
Detect stealthy attacks hiding in the noise. Existing incident correlation solutions use rule-sets to find well-known attack scenarios.
The model uses its extensive cyber expertise to uncover highly-probable attack scenarios.
Convert incidents and signals into actionable intelligence in real time.
Existing response guidance systems use rule-sets that trigger on very specific use cases of well-known incidents.
The midel uses its encoded subject matter knowledge to deliver unparalleled contextual awareness and decision advisories to all incidents, based on real time probabilistic analysis.
Presenter

Ezz Tahoun

13:00 - 13:45
Topic: Genzai - The IoT Security Toolkit
With a widespread increase in the adoption of IoT or Internet of Things devices, their security has become the need of the hour. Cyberattacks against IoT devices have grown rapidly and with platforms like Shodan, it has become much easier to scroll through the entire internet and look for just the right target which an attacker wants. To combat such threats it has become necessary for individuals and organisations to secure their IoT devices but when it becomes harder to keep track of them, the chances of unpatched loopholes increase.
Presenter

Umair Nehri

14:00 - 14:45
Topic: Wi-Pi Hunter
The Swiss Army knife against Malicious WiFi activity: Wi-Pi Hunter has 9+ different modules. These modules work with different techniques and their main purpose is to monitor, detect and report wireless network attacks.
Presenter

Besim Altinok

15:00 - 15:45
Topic: APKDeepLens - Android security insights in full spectrum
APKDeepLens is an open-source tool designed for Android app security analysis, employing static and dynamic techniques to uncover vulnerabilities. It features detecting OWASP Top 10 mobile risks. The tool can extract sensitive data from the code, highlighting critical security gaps. APKDeepLens supports comprehensive reporting in formats like HTML, PDF, and JSON, streamlining the remediation process.
Presenter

Deepanshu Gajbhiye

16:00 - 16:45
Topic: Mantis - Asset Discovery at Scale
Mantis is an asset inventory framework that has the capability to distribute a single scan across multiple machines, provides easy customization, dashboard support, and advanced alerting capabilities. We have not reinvented the wheel. Rather, we have tried to design an architecture that provides the essential features for a framework that involves the complexity of integrating multiple tools that are outside our control.
Presenter

Mohammed Akbar Shariff

Day 2 | 24 April 2024

10:00 - 10:45
Topic: AI Wargame
Come join a fun and educational attack and defence AI wargame. You will be given an AI chatbot. Your chatbot has a secret that should always remain a secret! Your objective is to secure your chatbot to protect its secret while attacking other players' chatbots and discovering theirs. The winner is the player whose chatbot survives the longest (king of the hill). All skill levels are welcomed, even if this is your first time seeing code, securing a chatbot, or playing in a wargame.
Presenter

Pedram Hayati

11:00 - 11:45
Topic: Mantis - Asset Discovery at Scale
Mantis is an asset inventory framework that has the capability to distribute a single scan across multiple machines, provides easy customization, dashboard support, and advanced alerting capabilities. We have not reinvented the wheel. Rather, we have tried to design an architecture that provides the essential features for a framework that involves the complexity of integrating multiple tools that are outside our control.
Presenter

Mohammed Akbar Shariff

12:00 - 12:45
Topic: APKDeepLens - Android security insights in full spectrum
APKDeepLens is an open-source tool designed for Android app security analysis, employing static and dynamic techniques to uncover vulnerabilities. It features detecting OWASP Top 10 mobile risks. The tool can extract sensitive data from the code, highlighting critical security gaps. APKDeepLens supports comprehensive reporting in formats like HTML, PDF, and JSON, streamlining the remediation process.
Presenter

Deepanshu Gajbhiye

13:00 - 13:45
Topic: AI alert correlation to augment every SIEM
Detect stealthy attacks hiding in the noise.
Existing incident correlation solutions use rule-sets to find well-known attack
scenarios.
The model uses its extensive cyber expertise to uncover highly-probable attack
scenarios.

Convert incidents and signals into actionable intelligence in real time.
Existing response guidance systems use rule-sets that trigger on very specific use
cases of well-known incidents.
The midel uses its encoded subject matter knowledge to deliver unparalleled
contextual awareness and decision advisories to all incidents, based on real time
probabilistic analysis.
Presenter

Ezz Tahoun

14:00 - 14:45
Topic: BucketLoot - An Automated S3 Bucket Inspector
Thousands of S3 buckets are left exposed over the internet, making it a prime target for malicious actors who may extract sensitive information from the files in these buckets that can be associated with an individual or an organisation. There is a limited research or tooling available that leverages such S3 buckets for looking up secret exposures and searching specific keywords or regular expression patterns within textual files.

BucketLoot is an automated S3 Bucket Inspector that can simultaneously scan all the textual files present within an exposed S3 bucket from platforms such as AWS, DigitalOcean etc.

It scans the exposed textual files for:
- Secret Exposures
- Assets (URLs, Domains, Subdomains)
- Specific keywords | Regex Patterns (provided by the user)

The end user can even search for string based keywords or provide custom regular expression patterns that can be matched with the contents of these exposed textual files.

All of this makes BucketLoot a great recon tool for bug hunters as well as professional pentesters.

The tool allows users to save the output in a JSON format which makes it easier to pass the results as an input to some third-party product or platform.
Presenter

Umair Nehri

15:00 - 15:45
Topic: Wi-Pi Hunter
The Swiss Army knife against Malicious WiFi activity: Wi-Pi Hunter has 9+ different modules. These modules work with different techniques and their main purpose is to monitor, detect and report wireless network attacks.
Presenter

Besim Altinok

16:00 - 16:45
Topic: CQ PrivilegeEscalation Toolkit: Effective Tools for Windows Privilege Escalation Gamers
This toolkit is a great resource for penetration testers and IT professionals, designed to enhance the process of gaining system privileges by exploiting vulnerabilities in Windows environments.

How is it useful?
• Provides step-by-step guidance for exploiting software and operating system bugs or design flaws.
• Offers a comprehensive approach to privilege escalation, crucial for database, system, network, and application administrators.
• Complements existing forensic tools, improving organizational security posture and monitoring capabilities.

The tools presented are:
• CQSecretsDumper
• CQNTDSDTDecrypter
• CQLsassSecretsDumper
• CQCreateProces
Presenter

Paula Januszkiewicz

17:00 - 17:00
Topic: AI Wargame winner announcment
Presenter

Pedram Hayati

IN PARTNERSHIP WITH

Don't miss this chance to be part of the premier gathering of top security experts worldwide.

Submit your cutting-edge tool below before the deadline on March 15, 2024, at 23:59 CET.

SUBMIT YOUR TOOLS FREE VISITOR PASS