Bluetooth Hacking Workshop
π 3 Hours
Goal
Practical, hands-on introduction to attacking Bluetooth (BLE & Classic)
devices: discovery, service analysis, common weaknesses, fuzzing, and
basic exploitation techniques.
Prerequisites
- Basic Linux command line comfort
- Familiarity with networking concepts and serial/UART basics (helpful)
-
Laptop with Bluetooth (or external adapter like Ubertooth/CSR) and
Wireshark installed
Learning outcomes
After this course participants will be able to:
- Enumerate Bluetooth devices and identify BLE vs Classic
- Inspect GATT services & characteristics and manipulate them
- Perform passive/active recon (scan, sniff, MITM basics)
- Fuzz and test characteristic inputs; find simple crashes/logic flaws
- Apply basic hardening recommendations for Bluetooth products
Speakers
Saqeeb
IoT Security Researcher Group
Bug Bounty β Advanced Recon & Reporting
π 3 Hours
Audience
Experienced bug bounty hunters, red teamers, and security engineers who already know the basics (OWASP Top 10, Burp, scopes, triage).
Learning outcomes
- Build a scalable, repeatable advanced recon pipeline that enumerates assets beyond subdomains.
- Apply WAF/edge bypass strategies (ModSecurity/OWASP CRS & Cloudflare) ethically to gain visibility without brute force or service disruption.
- Use AI workflows to accelerate recon, prioritize findings, and draft higher-quality reports.
- Detect and validate advanced vulnerability classes like race conditions, cache issues, SSRF via converters, GraphQL/OAuth authz bugs.
- Communicate impact and maximize acceptance with clean evidence, reproduction steps, and risk narratives.
Speakers
Dr. Shifa Cyclewala
CEO and Director
Hacktify Cyber Security
Dr. Rohit Gautam
Director and Lead Tactical & Adversarial Principal Instructor
Hacktify Cyber Security
Getting started with Source Code Reviews
π 3 Hours
Secure coding starts with deeply understanding code and vulnerabilities, and secure code reviews are crucial in finding issues early. In this hands-on secure code review workshop, we will teach the participants how to perform effective code reviews with both manual and automated techniques.
Description
We start by understanding how a common web application code is structured β from imports to functions to object-oriented logic. Participants will learn how code and data flow in real-world applications and be able to kickstart their journey with source code reviews.
From there, we will explain a few of the OWASP Top 10 vulnerabilities, showing how each one appears in real Python code. For every vulnerability, we:
- Explain the security issue with a live example
- Show how to detect it during code review
- Demonstrate exploitation in a lab environment
- Teach how to remediate it securely
Speakers
Prateek Thakare
Senior Security Engineer
GoDaddy
Gaurav Bhosale
Senior Application Security Engineer |
Ex-10xbanking, Mastercard, Payatu
