| 2025-12-11 | Tool demo | Blackhat |
From Triage to Threat Modeling: Open-Source Security LLM in Action
| Dhruv Kedia, Sajana Weerawardhena | #ai-security#threat-modeling#vulnerability-assessment+1 |
| 2025-12-11 | Tool demo | Blackhat |
SupplyShield: Protecting Your Software Supply Chain
| Rahul Sunder, Yadhu Krishna M, Hritik Vijay, Sourav Kumar | #supply-chain#sbom#software-composition-analysis+3 |
| 2025-12-11 | Tool demo | Blackhat |
Cloud Sec AI BOT
| Nandan Gupta, K v Prashant, Swarup Natukula | #cloud-security-posture-management#aws#azure+2 |
| 2025-12-11 | Tool demo | Blackhat |
ReForge: Where Crashes Become Weapons
| Sohan Simha Prabhakar, Samarth Bhaskar Bhat, Abinav Harsha, Danindu Gammanpilage | #fuzzing#exploit-development#vulnerability-assessment+1 |
| 2025-12-11 | Tool demo | Blackhat |
IOCTL-hammer - Parameter-Centric IOCTL Fuzzer for Windows Drivers
| Mohit Kulamkolly, Mohanraj Ravichandran | #fuzzing#windows#vulnerability-assessment+1 |
| 2025-12-11 | Tool demo | Blackhat |
ThreatShield β The Intelligent Way of Threat Modelling
| Satyam Nagpal, Sayooj B Kumar, Ashwin Shenoi | #threat-modeling#security-strategy#architecture+1 |
| 2025-12-10 | Tool demo | Blackhat |
Catch the Flow: Securing CI/CD Workflows with Flowlyt
| Hare Krishna Rai, K v Prashant, Nandan Gupta | #ci-cd#supply-chain#devsecops+1 |
| 2025-12-10 | Tool demo | Blackhat |
Securing Secrets from Dev Machine to Deployments Using SLV
| Shibly Meeran, Sriram Krishnan, Keshav Kandasamy | #devsecops#cicd-security#supply-chain |
| 2025-12-10 | Tool demo | Blackhat |
EKSi-lite: Simple & Lightweight EKS Cluster Listing & Security Tool
| Divyanshu Shukla, Anjali Singh Shukla | #aws#kubernetes#cloud-security-posture-management+4 |
| 2025-12-10 | Tool demo | Blackhat |
Kubernetes Goat β A Hands-on Interactive Kubernetes Security Playground
| Madhu Akula | #kubernetes#container-security#cloud-pentesting+1 |
| 2025-12-10 | Tool demo | Blackhat |
Nightingale: Docker for Pentesters
| Raja Nagori | #penetration-testing-tools#docker#security-testing+1 |
| 2025-12-10 | Tool demo | Blackhat |
SBOM Play
| Anant Shrivastava | #sbom#supply-chain#vulnerability-assessment+1 |
| 2025-12-10 | Tool demo | Blackhat |
Spotter β Universal Kubernetes Security Engine
| Madhu Akula | #kubernetes#container-security#cloud-security-posture-management+1 |
| 2025-12-10 | Tool demo | Blackhat |
Breaking the Tunnel: Real-Time API Interception in MDM-Locked Mobile Apps with KnoxSpy
| Subho Halder | #mobile-pentesting#vulnerability-assessment#android-security |
| 2025-10-10 | Talk | C0c0n |
Ghosts in Your GitHub Actions and AI’s Hunt for Hidden Exploits
| Suchith Narayan | #supply-chain#supply-chain-attack#devsecops+1 |
| 2025-08-07 | Tool demo | Blackhat |
Pentest Copilot: Cursor for Pentesters
| Dhruva Goyal, Sitaraman Subramanian | #security-assessment#application-pentesting#vulnerability-assessment+1 |
| 2025-08-07 | Tool demo | Blackhat |
AzDevRecon - Azure DevOps Enumeration Tool
| Raunak Parmar | #azure#devsecops#iam |
| 2025-08-07 | Tool demo | Blackhat |
Spotter β Universal Kubernetes Security Scanner & Policy Enforcer
| Madhu Akula | #kubernetes#cloud-workload-protection#container-security+4 |
| 2025-08-07 | Tool demo | Blackhat |
Kubernetes Goat - A Hands-on Interactive Kubernetes Security Playground
| Madhu Akula | #kubernetes#cloud-workload-protection#container-security+3 |
| 2025-08-07 | Tool demo | Blackhat |
Kubernetes Security Scanner
| Krishna Priya | #kubernetes#cloud-workload-protection#container-security+4 |
| 2025-08-07 | Tool demo | Blackhat |
Halberd : Multi-Cloud Agentic Attack Tool
| Arpan Abani Sarkar | #cloud-access-security-broker#cloud-pentesting#security-testing+3 |
| 2025-08-07 | Talk | Blackhat |
Weaponizing Apple AI for Offensive Operations
| Hari Shanmugam | #ai#macos#ai-security+2 |
| 2025-08-07 | Tool demo | Blackhat |
Frogy 2.0 - Automated external attack surface analysis toolkit
| Chintan Gurjar | #attack-surface#vulnerability-assessment#asset-management+2 |
| 2025-08-07 | Tool demo | Blackhat |
Q-TIP (QR Code Threat Inspection Platform)
| Rushikesh D Nandedkar | #incident-management#web-security#architecture+1 |
| 2025-08-06 | Tool demo | Blackhat |
Open-Source API Firewall by Wallarm - Advanced Protection for REST and GraphQL APIs
| Satinder Khasriya | #api-security#web-security#owasp+1 |
| 2025-08-06 | Tool demo | Blackhat |
Varunastra: Securing the Depths of Docker V2
| Devang Solanki | #container-security#docker#static-analysis+3 |
| 2025-08-06 | Tool demo | Blackhat |
vet: Proactive Guardrails against Malicious OSS using Code Analysis
| Abhisek Datta | #static-analysis#software-security#devsecops+2 |
| 2025-08-06 | Tool demo | Blackhat |
ParseAndC 4.0 - The Final Cut
| Parbati Kumar Manna | #reverse-engineering#binary-analysis#code-analysis+4 |
| 2025-08-06 | Tool demo | Blackhat |
Realtic
| Sohan Simha Prabhakar, Samarth Bhaskar Bhat, Danindu Gammanpilage | #security-assessment#vulnerability-assessment#static-analysis+3 |
| 2025-08-06 | Tool demo | Blackhat |
ThreatShield - The Intelligent way of Threat Modelling
| Ashwin Shenoi, Satyam Nagpal, Sayooj B Kumar | #threat-modeling#architecture#devsecops+1 |
| 2025-08-06 | Talk | Blackhat |
When ‘Changed Files’ Changed Everything: Uncovering and Responding to the tj-actions Supply Chain Breach
| Varun Sharma, Ashish Kurmi | #ci-cd#incident-management#devsecops+2 |
| 2025-08-06 | Tool demo | Blackhat |
MORF β Mobile Reconnaissance Framework
| Amrudesh Balakrishnan, Abhishek Jm | #app-security#mobile-pentesting#static-analysis+3 |
| 2025-08-06 | Tool demo | Blackhat |
ShadowSeek: Combining Ghidra and Large Language Models for Advanced Binary Analysis
| Mohammed Tanveer | #reverse-engineering#binary-analysis#static-analysis+3 |
| 2025-08-06 | Tool demo | Blackhat |
Damn Vulnerable Browser Extension (DVBE): Unmask the risks of your Browser Supplements
| Abhinav Khanna, Krishna Chaganti | #web-security#secure-coding#security-assessment+2 |
| 2025-08-06 | Talk | Blackhat |
Adversarial Fuzzer for Teleoperation Commands: Evaluating Autonomous Vehicle Resilience
| Shanit Gupta, Zhisheng Hu, Cooper De Nicola | #automotive-cybersecurity#security-testing#control-systems |
| 2025-08-06 | Tool demo | Blackhat |
ARC β Artifact Reuse Comparator
| Rushikesh D Nandedkar | #static-analysis#reverse-engineering#binary-analysis+3 |
| 2025-08-06 | Tool demo | Blackhat |
SmuggleShield - Protection Against HTML Smuggling
| Dhiraj Mishra | #web-security#malware-detection#browser-security+2 |
| 2025-06-27 | Talk | Lehack |
From HTML Injection to Full AWS Account Takeover: Discovering Critical Risks in PDF Generation
| Raunak Parmar | #ssrf#aws#web-security+2 |
| 2025-04-30 | Talk | Rsac |
Got Supply Pain? A Real-World Approach to Supply Chain SDL
| Mohit Arora, Richard Tonry | #secure-development#devsecops#risk-management+4 |
| 2025-04-29 | Talk | Rsac |
RAG-NAROK: What Poorly-Built RAGs Can Do to Data Security
| Akash Mukherjee, Saurabh Shintre | #secure-development#devsecops#data-protection+1 |
| 2025-04-29 | Talk | Rsac |
XPIA AttacksβRethinking Defense in Depth for an AI-Powered World
| Aanchal Gupta, Abhilasha Bhargav Spantzel, John Leo Jr, Stefano Zanero | #ai#ai-security#input-validation+3 |
| 2025-04-04 | Tool demo | Blackhat |
Intro to CICDGuard - How to have visibility and security OF CICD ecosystem
| Pramod Rana | #cicd-pipeline#cicd-security#secure-development+3 |
| 2025-04-04 | Tool demo | Blackhat |
MORF - Mobile Reconnaissance Framework
| Amrudesh Balakrishnan, Abhishek Jm, Himanshu Das | #reconnaissance#application-pentesting#static-analysis+2 |
| 2025-04-04 | Tool demo | Blackhat |
Decoy Mutex
| Madhukar Raina | #ransomware#endpoint-protection#malware-prevention+3 |
| 2025-04-04 | Tool demo | Blackhat |
Kubernetes Goat: A Hands-on Interactive Kubernetes Security Playground
| Madhu Akula | #kubernetes#cloud-workload-protection#container-security+4 |
| 2025-04-04 | Tool demo | Blackhat |
RedInfraCraft : Automate Complex Red Team Infra
| Yash Bharadwaj, Manish Gupta | #cloud-access-security-broker#cloud-compliance#cloud-pentesting+1 |
| 2025-04-04 | Tool demo | Blackhat |
Agneyastra - Firebase Misconfiguration Detection Toolkit V2
| Bhavarth Karmarkar, Devang Solanki | #misconfiguration#cloud-pentesting#security-tools+1 |
| 2025-04-04 | Talk | Blackhat |
Standing on the Shoulders of Giants: De-Obfuscating WebAssembly Using LLVM
| Vikas Gupta, Peter Garba | #reverse-engineering#code-analysis#software-security |
| 2025-04-03 | Tool demo | Blackhat |
MobXplore
| Aman Pareek, Akarsh Singh | #application-pentesting#ios-security#dynamic-analysis+4 |
| 2025-04-03 | Tool demo | Blackhat |
SmuggleShield 2.0 - Basic Protection Against HTML Smuggling
| Dhiraj Mishra | #application-pentesting#input-validation#security-testing |
| 2025-04-03 | Talk | Blackhat |
ObfusQate: Where Quantum Magic Meets Code Security β Say Goodbye to Easy Cracking!
| Vivek Balachandran, Nikhil Bartake, Zi Jie See Toh, Michael Kasper | #secure-coding#quantum-computing#software-security |
| 2025-04-03 | Tool demo | Blackhat |
Mantis - Asset Discovery at Scale
| Hitesh Thakur, Praveen Kanniah, Prateek Thakare | #asset-inventory#cloud-workload-protection#security-tools+4 |
| 2025-04-03 | Tool demo | Blackhat |
KubeSF V1.2 - Kubernetes Security Posture Audit Suite
| Abhishek S, Ajith Prabhu | #kubernetes#cloud-workload-protection#container-security+4 |
| 2025-04-03 | Tool demo | Blackhat |
R0fuzz: A Collaborative Fuzzer
| Season Cherian, Anikait Panigrahi, Aparna Balaji | #fuzzing#ics-security#industrial-control-systems+2 |
| 2025-04-03 | Tool demo | Blackhat |
Varunastra: Securing the Depths of Docker V2
| Devang Solanki, Bhavarth Karmarkar | #docker#container-security#vulnerability-assessment |
| 2025-03-14 | Talk | Insomnihack |
The Art of Malware Smuggling (Unmasking SVG-Based Attack Techniques)
| Dhiraj Mishra | #endpoint-protection#security-testing#malware-distribution |
| 2025-03-02 | Talk | Nullcon |
eKYC Crisis: Securing the Lockers
| Kartik Lalan | #risk-management#architecture#data-leak+4 |
| 2025-03-02 | Panel | Nullcon |
From Code to Defense: Why Developers Are the New Security Leaders
| Vaibhav Gupta, Vikas Goyal, Hilal Lone, Gene Golovinsky | #secure-development#secure-coding#security-testing+3 |
| 2025-03-02 | Talk | Nullcon |
Hidden in Plain Sight: Large-Scale Exposure of Orphaned Commits on Major Git Platforms
| Kumar Ashwin | #secure-coding#devsecops#architecture |
| 2025-03-02 | Talk | Nullcon |
Building Glitch-Resistant Firmware: Practical Software Countermeasures for Hardware glitch attacks
| Shyam Kumar Arshid, Chinmay Krishna | #embedded-security#firmware-analysis#secure-coding+1 |
| 2025-03-01 | Talk | Nullcon |
Drawing parallels between iOS and macOS Pentesting with DVMA
| Vaibhav Lakhani | #macos#ios#application-pentesting+3 |
| 2025-03-01 | Talk | Nullcon |
MLOps Under Attack: Threat Modeling Modern AI Systems
| Sandeep Singh | #ai#ml#ai-security+4 |
| 2025-03-01 | Talk | Nullcon |
The Future is Trustless: How zkVMS and zkTLS Transform Bug Bounties
| Anto Joseph | #bug-bounty#secure-development#security-testing+2 |
| 2024-12-12 | Tool demo | Blackhat |
MORF - Mobile Reconnaissance Framework
| Amrudesh Balakrishnan, Abhishek Jm, Himanshu Das | #application-pentesting#code-review#secure-development+3 |
| 2024-12-12 | Tool demo | Blackhat |
DarkWidow: Customizable Dropper Tool Targeting Windows
| Soumyanil Biswas | #darkwidow#windows#dynamic-analysis+2 |
| 2024-12-12 | Tool demo | Blackhat |
Cloud Offensive Breach and Risk Assessment (COBRA)
| Harsha Koushik, Anand Tiwari | #cloud-pentesting#cloud-workload-protection#security-testing+3 |
| 2024-12-12 | Tool demo | Blackhat |
Genzai - The IoT Security Toolkit
| Umair Nehri | #genzai#iot-device-management#iot-pentesting+4 |
| 2024-12-12 | Tool demo | Blackhat |
Damn Vulnerable Browser Extension (DVBE) - Knowing the risks of your Browser Supplements
| Abhinav Khanna, Krishna Chaganti | #browser-security#web-security#web-pentesting |
| 2024-12-11 | Tool demo | Blackhat |
Active Directory Cyber Deception using Huginn
| Rohan Durve, Paul Laine | #active-directory#incident-management#network-forensics+1 |
| 2024-12-11 | Tool demo | Blackhat |
Android BugBazaar: Your mobile appsec playground to Explore, Exploit, Excel
| Amit Parjapat, Vedant Wayal | #android#application-pentesting#mobile-application-management+4 |
| 2024-12-11 | Tool demo | Blackhat |
Open Source Tool to Shift Left Security Testing by Leveraging AI
| Shivam Rawat, Shivansh Agrawal | #ai-security#secure-development#security-testing+2 |
| 2024-11-21 | Talk | Securityfest |
Wheels of Wonder
| Hrishikesh Somchatwar | #automotive-cybersecurity#car-hacking#embedded-systems+4 |
| 2024-11-21 | Talk | Securityfest |
Breaking Container Boundary Using Side Channel Attack
| Adhokshaj Mishra | #container-security#docker#security-testing+1 |
| 2024-11-21 | Talk | Securityfest |
UnRegister Me - Advanced Techniques for hunting and securing user registration vulnerabilities
| Priyank Nigam | #web-security#appsec#iam |
| 2024-11-16 | Talk | C0c0n |
Invisible Invaders: Bypassing Email Security with Legitimate Tools
| Dhruv Bisani | #bypassing#phishing#social-engineering+2 |
| 2024-11-16 | Talk | C0c0n |
Ride on the House - Exploiting Public Transport Ticketing Systems for Free Rides
| Rakesh Seal, Diptisha Samanta | #exploitation#ethical-hacking#network-pentesting+1 |
| 2024-11-16 | Talk | C0c0n |
Serverless Phishing Factory: Automate, Attack, Adapt
| Yash Bharadwaj, Manish Gupta | #phishing#serverless#cloud-workload-protection+2 |
| 2024-11-15 | Talk | C0c0n |
PCI 4.0, Javascript Security for product security teams
| Anand Kumar Ganesan, Mohammad Arif | #web-security#secure-coding#application-pentesting+2 |
| 2024-11-15 | Talk | C0c0n |
CISO’s take on BYOAI
| Venugopal Parameswara | #risk-management#security-governance#security-compliance+3 |
| 2024-11-15 | Talk | C0c0n |
Know your Enemies: Deep Dive into Ransomware Threat Groups
| Niranjan Jayanand | #ransomware#endpoint-protection#dynamic-analysis |
| 2024-11-06 | Talk | Blackalps |
IDAT Loader: The Malwareβs Camouflaged Weapon
| Niranjan Jayanand | #endpoint-protection#dynamic-analysis#security-testing |
| 2024-10-29 | Talk | Blackhat |
Hacking Deepfake Image Detection System with White and Black Box Attacks
| Sagar Bhure | #deepfake#ai-security#deep-learning+4 |
| 2024-10-23 | Talk | Blackhat |
Guardians of the OAuth Galaxy: Defending Your Organization from OAuth Application Attacks
| Shruti Ranjit, Mangatas Tondang | #blueteam#oauth#application-pentesting+4 |
| 2024-10-23 | Tool demo | Blackhat |
Cyber Arsenal47
| Simardeep Singh | #automated-scanning#vulnerability-assessment#security-assessment+2 |
| 2024-10-23 | Tool demo | Blackhat |
R0fuzz: A Collaborative Fuzzer
| Season Cherian, Vishnu Dev, Vivek N J | #fuzzing#ics-security#industrial-control-systems+1 |
| 2024-09-26 | Talk | Rootcon |
How to have visibility and security OF CICD ecosystem
| Pramod Rana | #ci-cd#application-hardening#cicd-pipeline+4 |
| 2024-08-30 | Talk | Hitbsecconf |
Exploiting the In-Vehicle Browser: A Novel Attack Vector in Autonomous Vehicles
| Ravi Rajput | #web-security#security-assessment#exploitation+2 |
| 2024-08-29 | Tool demo | Hitbsecconf |
CICDGuard
| Pramod Rana | #ci-cd#cicd-pipeline#cicd-security+3 |
| 2024-08-29 | Tool demo | Hitbsecconf |
AI Assisted Code Reviewer
| Rajanish Pathak, Hardik Mehta | #ai#ai-security#code-review+4 |
| 2024-08-29 | Tool demo | Hitbsecconf |
Mantis
| Bharath Kumar, Akshay Jain | #asset-inventory#dast#anti-phishing |
| 2024-08-15 | Talk | Usenix |
TYGR: Type Inference on Stripped Binaries using Graph Neural Networks
| Aravind Machiry, Adam Doupe, Chang Zhu, Yibo Liu, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Ati Bajaj, Wil Gibbs, Ziyang Li, Anton Xue, Rajeev Alur, Hanjun Dai, Mayur Naik | #binary-analysis#reverse-engineering#deep-learning+1 |
| 2024-08-10 | Talk | Defcon |
Sneaky Extensions: The MV3 Escape Artists
| Vivek Ramachandran, Shourya Pratap Singh | #web-security#security-assessment#application-pentesting+4 |
| 2024-08-10 | Talk | Defcon |
Techniques for Creating Process Injection Attacks with Advanced Return-Oriented Programming
| Shiva Shashank, Bramwell Brizendine | #process-injection#dynamic-analysis#exploit-delivery+1 |
| 2024-08-09 | Talk | Defcon |
Breaking Secure Web Gateways (SWG) for Fun and Profit
| Vivek Ramachandran, Jeswin Mathai | #swg#cloud-access-security-broker#application-pentesting+4 |
| 2024-08-09 | Talk | Defcon |
Breaking Secure Web Gateways (SWG) for Fun and Profit
| Vivek Ramachandran, Jeswin Mathai | #ssl#application-pentesting#secure-coding+3 |
| 2024-08-09 | Talk | Defcon |
Reflections on a Decade in Bug Bounties: Experiences and Major Takeaways
| Nikhil Shrivastava, Charles Waterhouse | #bug-hunting#bug-bounty#security-training+3 |
| 2024-08-08 | Tool demo | Blackhat |
Open Source LLM Security
| Ankita Gupta 1, Ankush Jain | #ai-security#application-pentesting#security-testing+3 |
| 2024-08-08 | Tool demo | Blackhat |
Cloud Offensive Breach and Risk Assessment (COBRA)
| Anand Tiwari, Harsha Koushik | #cloud-security-posture-management#cloud-pentesting#security-testing+1 |
| 2024-08-08 | Tool demo | Blackhat |
Octopii v2
| Owais Shaikh | #red-teaming#ai-security#nlp+2 |
| 2024-08-08 | Tool demo | Blackhat |
ICSGoat: A Damn Vulnerable ICS Infrastructure
| Shantanu Kale, Divya Nain | #ics-security#scada#plc-security+2 |
| 2024-08-07 | Tool demo | Blackhat |
Hacking generative AI with PyRIT
| Raja Sekhar Rao Dheekonda | #ai#ai-security#machine-learning+4 |
| 2024-06-27 | Talk | Troopers |
The Hidden Dangers Lurking in Your Pocket β Pwning Apple Wallet ecosystem and its apps
| Priyank Nigam | #security-assessment#api-security#secure-development |
| 2024-05-07 | Talk | Rsac |
A Proven Approach on Automated Security Architectural Pattern Validation
| Sunil Arora, Parthasarathi Chakraborty | #architecture#devsecops#risk-management+1 |
| 2024-04-19 | Tool demo | Blackhat |
Malware clustering using unsupervised ML : CalMal
| Himanshu Anand | #machine-learning#ai-security#malware-detection+3 |
| 2024-04-19 | Tool demo | Blackhat |
AutoFix: Automated Vulnerability Remediation Using Static Analysis and LLMs
| Asankhaya Sharma | #static-analysis#ai#vulnerability-assessment+1 |
| 2024-04-19 | Tool demo | Blackhat |
AWSDefenderGPT: Leveraging OpenAI to Secure AWS Cloud
| Sherin Stephen, Nishant Sharma, Rishappreet Singh Moonga | #aws#ai-security#ai+4 |
| 2024-04-19 | Tool demo | Blackhat |
GearGoat : Car Vulnerabilities Simulator
| Nishant Sharma, Pranjal Soni, Sanjeev Mahunta | #car-hacking#iot-device-management#iot-pentesting+3 |
| 2024-04-18 | Tool demo | Blackhat |
BinderAPI Scanner & BASS
| Krishnaprasad Subramaniam, Jeffrey Gaor, Valen Sai, Eric Tee Hock Nian | #api-security#application-pentesting#dynamic-analysis+3 |
| 2024-04-18 | Tool demo | Blackhat |
Secure Local Vault - Git Based Secret Manager
| Sriram Krishnan, Shibly Meeran | #blueteam#application-hardening#secure-coding+2 |
| 2024-04-18 | Tool demo | Blackhat |
DetectiveSQ: A Extension Auditing Framework Version 2
| Govind Krishna, Xian Xiang Chang | #audit#application-pentesting#ai-security+4 |
| 2024-04-18 | Tool demo | Blackhat |
MORF - Mobile Reconnaissance Framework
| Amrudesh Balakrishnan, Abhishek Jm, Himanshu Das | #reconnaissance#application-pentesting#static-analysis+3 |
| 2024-04-18 | Tool demo | Blackhat |
Nightingale: Docker for Pentesters
| Raja Nagori | #docker#application-pentesting#cloud-pentesting+3 |
| 2024-04-18 | Tool demo | Blackhat |
Mantis - Asset Discovery at Scale
| Ankur Bhargava, Prateek Thakare, Saddam Hussain | #asset-inventory#architecture#devsecops+1 |
| 2024-04-18 | Tool demo | Blackhat |
APKDeepLens - Android security insights in full spectrum
| Atul Singh, Deepanshu Gajbhiye | #android-security#static-analysis#mobile-pentesting+1 |
| 2024-04-18 | Talk | Blackhat |
Breaking Managed Identity Barriers In Azure Services
| Nitesh Surana, David Fiser | #azure#cloud-pentesting#access-management+3 |
| 2024-04-18 | Tool demo | Blackhat |
R0fuzz
| Season Cherian, Vishnu Dev | #fuzzing#ics-security#ics+2 |
| 2024-04-18 | Tool demo | Blackhat |
Damn Vulnerable Browser Extension (DVBE) - Unfold the risks for your Browser Supplements
| Abhinav Khanna | #browser-security#web-security#vulnerability-assessment |
| 2024-03-12 | Talk | Nullcon |
Secure Web Gateways are dead. Whatβs next?
| Vivek Ramachandran | #browser-security#application-hardening#security-strategy+2 |
| 2024-03-11 | Talk | Nullcon |
Achilles Heel In Secure Boot: Breaking RSA Authentication And Bitstream Recovery From Zynq-7000 SoC
| Arpan Jati | #vulnerability-assessment#embedded-systems#firmware-analysis |
| 2023-12-07 | Tool demo | Blackhat |
Akto - Open Source API Security Tool
| Ankush Jain | #api-security#secure-development#security-testing+3 |
| 2023-12-07 | Tool demo | Blackhat |
Mobile Security Framework - MobSF
| Ajin Abraham | #android-security#ios-security#mobile-pentesting+2 |
| 2023-12-07 | Talk | Blackhat |
Unmasking APTs: An Automated Approach for Real-World Threat Attribution
| Aakansha Saha | #machine-learning#ai-security#static-analysis+1 |
| 2023-12-06 | Tool demo | Blackhat |
DetectiveSQ: A Extension Auditing Framework
| Jeswin Mathai, Shourya Pratap Singh | #threat-intelligence-analysis#application-pentesting#application-hardening+3 |
| 2023-12-06 | Talk | Blackhat |
AutoSpill: Zero Effort Credential Stealing from Mobile Password Managers
| Ankit Gangwal, Shubham Singh, Abhijeet Srivastava | #mobile-hacking#android-security#application-pentesting+2 |
| 2023-12-06 | Tool demo | Blackhat |
MORF - Mobile Reconnaissance Framework
| Abhishek Jm, Amrudesh Balakrishnan, Himanshu Das | #reconnaissance#application-pentesting#static-analysis+3 |
| 2023-12-06 | Tool demo | Blackhat |
Honeyscanner: a vulnerability analyzer for Honeypots
| Shreyas Srinivasa, Emmanouil Vasilomanolakis, Aristofanis Chionis Koufakos, Ricardo Yaben | #vulnerability-assessment#honeypot#security-testing+2 |
| 2023-12-06 | Tool demo | Blackhat |
HAWK Eye - PII & Secret Detection tool for your Servers, Database, Filesystems, Cloud Storage Services
| Rohit Kumar | #bug-hunting#data-loss-prevention#data-protection+4 |
| 2023-12-06 | Tool demo | Blackhat |
SSH into any device from anywhere with ZERO Open Network ports
| Anthony Prakash, Colin Constable | #ssh#zero-trust#secure-development+1 |
| 2023-12-06 | Tool demo | Blackhat |
Octopii v2
| Owais Shaikh, Umair Nehri | #ai#data-protection#nlp+4 |
| 2023-09-28 | Talk | Hackinparis |
How to have visibility and security OF CICD ecosystem
| Pramod Rana | #cicd-security#devsecops#architecture+4 |
| 2023-09-23 | Talk | Nullcon |
Secure Your Angular App Using JWT And GraphQL
| Ankit Sharma | #blueteam#api-security#secure-development+1 |
| 2023-09-23 | Talk | Nullcon |
Uncovering Azure’s Silent Threats: A Journey Into Cloud Vulnerabilities
| Nitesh Surana | #azure#cloud-pentesting#application-hardening+4 |
| 2023-09-23 | Talk | Nullcon |
How I hacked your bank account: A detailed look at UPI Security
| Abhay Rana | #hacking#application-hardening#input-validation+2 |
| 2023-09-23 | Talk | Nullcon |
Android-SigMorph: Covert Communication Exploiting Android Signing Schemes
| Ayan Saha, Achute Sharma | #android#application-pentesting#static-analysis+1 |
| 2023-09-23 | Talk | Nullcon |
Deconstructing The Beast: A Deep Dive Into JIT Compilation Attacks In iOS
| Shubham Sharma | #ios#ios-security#application-pentesting+3 |
| 2023-09-23 | Talk | Nullcon |
Secure Coding: Fix From The Root
| Saddam Hussain, Gopika Subramanian | #secure-coding#application-pentesting#code-review+4 |
| 2023-09-23 | Talk | Nullcon |
The Curious Case Of The Rogue SOAR
| Mukesh Sai Kumar, Jaden Furtado | #blueteam#application-pentesting#dynamic-analysis+3 |
| 2023-09-23 | Talk | Nullcon |
The Convergence Of eBPF, Buildroot, And QEMU For Automated Linux Malware Analysis
| Nikhil Ashok Hegde | #malware-detection#linux#dynamic-analysis+2 |
| 2023-09-23 | Panel | Nullcon |
SHIFTING LEFT WITH SECURITY AND THE EVOLUTION OF YOUR DEVSECOPS TEAMβS JOURNEY TO EXCELLENCE
| Dinesh Varma, Satish Kumar Dwibhashi, Manoj Kumar | #secure-development#security-tools#cicd-security+2 |
| 2023-09-23 | Talk | Nullcon |
Your App Is Probably A Spyware…Or Is It?
| Gaurav Gogia, Pandurang Patil | #spyware#secure-development#security-testing+3 |
| 2023-09-16 | Talk | Romhack |
Hacking into the iOSβs VOLTE implementation
| Hardik Mehta, Rajanish Pathak | #ios#application-pentesting#security-testing |
| 2023-08-25 | Tool demo | Hitbsecconf |
iGoat
| Swaroop Yermalkar | #ios#application-pentesting#secure-coding+3 |
| 2023-08-24 | Tool demo | Hitbsecconf |
Vajra
| Raunak Parmar | #aws#azure#cloud-pentesting+3 |
| 2023-08-12 | Tool demo | Defcon |
Open Source API Security for devsecops
| Ankush Jain, Ankita Gupta 1 | #api-security#devsecops#ci-cd+2 |
| 2023-08-12 | Talk | Defcon |
Getting More Bang for your Buck:Appsec on a Limited Budget
| Vandana Verma Sehgal, Viraj Gandhi | #secure-development#devsecops#risk-management+2 |
| 2023-08-12 | Panel | Defcon |
Not All Alerts Are Born Equal: Insights from AppSec Experts on Prioritizing Security Alert
| Trupti Shiralkar, Kiran Shirali | #appsec#alert-fatigue#vulnerability-assessment |
| 2023-08-11 | Tool demo | Defcon |
vAPI : Vulnerable Adversely Programmed Interface
| Tushar Kulkarni | #api-security#owasp#authorization |
| 2023-08-11 | Talk | Defcon |
Generative Adversarial Network (GAN) based autonomous penetration testing for Web Applications
| Ankur Chowdhary | #web-security#xss#application-pentesting+3 |
| 2023-08-11 | Talk | Defcon |
Getting a Migraine - uncovering a unique SIP bypass on macOS
| Anurag Bohra, Jonathan Bar Or, Michael Pearse | #macos#endpoint-protection#bypassing+2 |
| 2023-08-10 | Tool demo | Blackhat |
vAPI: Vulnerable Adversely Programmed Interface
| Tushar Kulkarni | #api-security#authorization#security-testing+3 |
| 2023-08-10 | Tool demo | Blackhat |
SCodeScanner - An Open-Source Source-Code Scanner
| Utkarsh Agrawal | #code-review#sast#secure-development+4 |
| 2023-08-10 | Talk | Blackhat |
AI Assisted Decision Making of Security Review Needs for New Features
| Mrityunjay Gautam, Pavan Kolachoor | #ai#ai-security#deep-learning+3 |
| 2023-08-09 | Tool demo | Blackhat |
Akto - Open Source API Security Tool
| Ankush Jain, Ankita Gupta 1 | #api-security#application-pentesting#security-testing+3 |
| 2023-08-09 | Tool demo | Blackhat |
AntiSquat - An AI-Powered Phishing Domain Finder
| Owais Shaikh, Umair Nehri | #ai#ai-security#phishing+2 |
| 2023-08-09 | Tool demo | Blackhat |
Damn Vulnerable Bank
| Akshansh Jaiswal, Hrushikesh Kakade, Rewanth Tammana | #android-security#application-pentesting#dynamic-analysis+3 |
| 2023-08-09 | Tool demo | Blackhat |
MORF - Mobile Reconnaissance Framework
| Abhishek Jm, Amrudesh Balakrishnan, Himanshu Das | #reconnaissance#application-pentesting#static-analysis+2 |
| 2023-08-09 | Tool demo | Blackhat |
CASPR - Code Trust Auditing Framework
| Ajit Hatti | #secure-coding#code-review#secure-development+1 |
| 2023-08-09 | Tool demo | Blackhat |
ARCTIC - Automated Remediation for Correlation Threat Intelligence Collections
| Ankit Anurag, Ashwath Kumar, Manikandan Rajappan | #cloud-access-security-broker#incident-management#security-tools+2 |
| 2023-08-07 | Talk | C0c0n |
Serverless Siege: AWS Lambda Pentesting
| Anjali Singh Shukla, Divyanshu Shukla | #aws#serverless#cloud-pentesting+2 |
| 2023-08-07 | Talk | C0c0n |
Homomorphic Encryption - Myth to Reality
| Anish Koshy | #encryption#architecture#data-protection+1 |
| 2023-08-07 | Talk | C0c0n |
Shifting left blockchain development for safer DApps
| Dhanith Krishna | #smart-contracts#secure-development#devsecops+2 |
| 2023-08-07 | Talk | C0c0n |
Start Left SDLC Security with Open-Source DevSecOps Tooling
| Aswin Raj, Shruti M G | #devsecops#secure-development#static-analysis+3 |
| 2023-08-07 | Talk | C0c0n |
Uncovering the Hidden Dangers Lurking as Android Apps using ML Algos
| Nikhil Prabhakar | #android-security#reverse-engineering#dynamic-analysis |
| 2023-08-07 | Talk | C0c0n |
Smart Contract Phishing : Attack & Defense
| Tejaswa Rastogi | #smart-contracts#phishing#secure-coding+1 |
| 2023-08-07 | Talk | C0c0n |
Enhancing Red Team OPSEC: Abusing Stealthy In-Memory Binary Execution Techniques in Linux
| Pranav Sivvam | #red-teaming#linux#memory-forensics+2 |
| 2023-08-06 | Talk | C0c0n |
Mitigating SSRF at scale the right way with IMDSv2!
| Ayush Priya | #web-security#api-security#aws+2 |
| 2023-08-06 | Talk | C0c0n |
The new way to be secure
| Sakshi Bhutani | #secure-development#devsecops#software-security+3 |
| 2023-08-06 | Talk | C0c0n |
Influence of Artificial Intelligence in GRC Space
| Mahesh Kalyanaraman | #security-governance#risk-management#security-compliance+2 |
| 2023-08-06 | Talk | C0c0n |
Surviving In Dependency Hell
| Kumar Ashwin | #secure-development#devsecops#software-security |
| 2023-08-06 | Talk | C0c0n |
Taking a Closer Look at CI/CD Pipeline Logs: Extracting Security-Related Information with Build Inspector
| Anshu Kumar, Pavan Sorab | #devsecops#ci-cd#cicd-pipeline+2 |
| 2023-06-01 | Talk | Securityfest |
Bypassing Anti-Cheats & Hacking Competitive Games
| Rohan Aggarwal | #reverse-engineering#appsec#endpoint-protection+4 |
| 2023-05-12 | Tool demo | Blackhat |
GCPGoat : A Damn Vulnerable GCP Infrastructure
| Shantanu Kale, Rishappreet Singh Moonga, Ravi Verma, Govind Krishna | #gcp#cloud-pentesting#cloud-workload-protection+4 |
| 2023-05-12 | Tool demo | Blackhat |
SCodeScanner - An Open-Source Source-Code Scanner
| Utkarsh Agrawal | #code-review#static-analysis#sast+2 |
| 2023-05-12 | Tool demo | Blackhat |
Introducing the Operating System for Automotive Security Testing: A Hands-on Demonstration
| Ravi Rajput | #automobile#automotive-cybersecurity#embedded-systems+4 |
| 2023-05-11 | Tool demo | Blackhat |
APKHunt | OWASP MASVS Static Analyzer
| Mrunal Chawda, Sumit Kalaria | #owasp#application-pentesting#code-review+4 |
| 2023-05-11 | Tool demo | Blackhat |
CASPR - Code Trust Auditing Framework
| Atharva Chincholkar, Srishti Chaubey | #secure-coding#application-pentesting#code-review+4 |
| 2023-05-11 | Tool demo | Blackhat |
Damn Vulnerable Bank
| Rewanth Tammana, Hrushikesh Kakade, Akshansh Jaiswal | #android-security#application-pentesting#dynamic-analysis+3 |
| 2023-05-11 | Tool demo | Blackhat |
MORF - Mobile Reconnaissance Framework
| Abhishek Jm, Amrudesh Balakrishnan, Himanshu Das | #reconnaissance#application-pentesting#static-analysis+3 |
| 2023-05-11 | Tool demo | Blackhat |
Nightingale: Docker for Pentesters
| Raja Nagori | #docker#application-pentesting#container-security+4 |
| 2023-05-11 | Tool demo | Blackhat |
KernelGoat
| Shivankar Madaan | #kernel#secure-development#security-training |
| 2023-05-11 | Tool demo | Blackhat |
Post-Quantum Cryptography Library
| Sagar Bhure, Shain Singh | #encryption#quantum-computing#secure-development+3 |
| 2023-05-11 | Tool demo | Blackhat |
AzureGoat : A Damn Vulnerable Azure Infrastructure
| Nishant Sharma, Dasari Yashwanth Babu | #azure#cloud-pentesting#cloud-workload-protection+2 |
| 2023-05-11 | Tool demo | Blackhat |
Kubernetes Goat: Interactive Kubernetes Security Learning Playground
| Madhu Akula | #kubernetes#cloud-workload-protection#container-security+4 |
| 2023-04-26 | Talk | Rsac |
Designing Product Security for a Brighter Smile and a Healthier Tomorrow
| Lokesh Pidawekar, Apoorva Phadke | #secure-development#devsecops#software-security+2 |
| 2023-04-26 | Talk | Rsac |
Is Increasing Security Maturity And Decreasing Operational Load Possible?
| Rohit Dhamankar | #risk-management#architecture#security-governance+1 |
| 2023-03-23 | Talk | Insomnihack |
How to have visibility and security OF CICD ecosystem
| Pramod Rana | #ci-cd#devsecops#supply-chain-security+3 |
| 2023-03-09 | Panel | Nullcon |
How to make security easier for your developers
| Santosh Yadav, Frida Kiriakos, Marie Theresa Brosig, Xavier Rene Corail | #secure-development#security-testing#secure-coding+3 |
| 2023-03-09 | Panel | Nullcon |
Elements of a Successful Security Strategy: A Comprehensive Approach
| Sheetal Joseph, Sybe Izzak Rispens, Travis Carelock | #security-strategy#security-testing#secure-development+4 |
| 2023-01-26 | Talk | Usenix |
Building an Automated Machine for Discovering Privacy Violations at Scale
| Suchakra Sharma | #static-analysis#secure-coding#data-protection+2 |
| 2022-12-08 | Tool demo | Blackhat |
Node Security Shield - A Lightweight RASP for NodeJS Applications
| Lavakumar Kuppan, Sukesh Pappu | #application-hardening#secure-development#security-testing+4 |
| 2022-12-07 | Tool demo | Blackhat |
vAPI: Vulnerable Adversely Programmed Interface
| Tushar Kulkarni | #api-security#application-pentesting#secure-development+4 |
| 2022-12-07 | Talk | Blackhat |
Cross-Contract Ricochet Attacks & Off-Chain-On-Chain Manipulation of Billion Dollar NFT Collections
| Nitesh Dhanjani | #exploit#smart-contracts#solidity+4 |
| 2022-12-07 | Tool demo | Blackhat |
Patronus: Swiss Army Knife SAST Toolkit
| Akhil Mahendra, Akshansh Jaiswal, Ashwin Shenoi | #sast#software-composition-analysis#asset-inventory+1 |
| 2022-09-28 | Talk | Rootcon |
AWSGoat : A Damn Vulnerable AWS Infrastructure
| Jeswin Mathai, Shantanu Kale, Sanjeev Mahunta | #aws#cloud-pentesting#cloud-workload-protection+4 |
| 2022-09-24 | Talk | C0c0n |
Building Smart, Resilient and Sustainable Cyber Eco System
| Navin Kumar Singh | #risk-management#cybersecurity-strategy#architecture+4 |
| 2022-09-24 | Talk | C0c0n |
In production with GRC for cloud
| Mahesh Kalyanaraman | #cloud-compliance#security-governance#risk-management+1 |
| 2022-09-24 | Talk | C0c0n |
Raining CVEs on Wordpress plugins with Semgrep
| Shreya Pohekar, Syed Sheeraz Ali | #web-security#static-analysis#sast+1 |
| 2022-09-24 | Talk | C0c0n |
Web3 Security - Security in MetaVerse, and the new world of web3
| Rohit Srivastwa | #web3#decentralized-systems#smart-contracts+2 |
| 2022-09-23 | Talk | C0c0n |
Securing your APIs for a cloud native future
| Navendu Pottekkat | #api-security#secure-development#devsecops |
| 2022-09-23 | Talk | C0c0n |
Threats Landscape and Intelligence of API & Shield to protect
| Navaneethan M | #api-security#threat-landscape#threat-hunting+1 |
| 2022-09-23 | Talk | C0c0n |
Bridging the gap between Security and Operations
| Sujay Rajashekar Gundagatti | #devsecops#architecture#threat-detection+2 |
| 2022-09-23 | Talk | C0c0n |
Building a Safer and Innovative Digital Ecosystem
| Vijay Pamarathi | #secure-development#devsecops#software-security+2 |
| 2022-09-23 | Talk | C0c0n |
Hyperledger Fabric & Ethereum Apps: Security Deep Dive
| Alex Devassy, Dhanith Krishna | #smart-contracts#solidity#decentralized-systems+2 |
| 2022-09-23 | Talk | C0c0n |
Maximizing ROI on cyber security investments: Do you think Adversary Simulation OR Purple teaming holds the key?
| Abhijith B R | #risk-management#architecture#devsecops |
| 2022-09-23 | Talk | C0c0n |
Pwning Android Apps at Scale
| Sparsh Kulshrestha, Shashank Barthwal | #android-security#mobile-pentesting#reverse-engineering+2 |
| 2022-09-23 | Talk | C0c0n |
Hacking SmartContracts
| Anto Joseph | #smart-contracts#reverse-engineering#secure-coding |
| 2022-09-23 | Talk | C0c0n |
Collaborative efforts for safe digital banking
| Biju K | #secure-development#risk-management#architecture |
| 2022-09-23 | Talk | C0c0n |
Common Misconfigurations in your Kubernetes Cluster and What can you do about it?
| Kumar Ashwin | #kubernetes#cloud-workload-protection#container-security+4 |
| 2022-09-08 | Tool demo | Nullcon |
ZaaS: [OWASP] ZAP As A Service - Continous Security For 20K+ APIs
| Rohit Sehgal, Varun Kakumani | #owasp#api-security#cloud-workload-protection+3 |
| 2022-09-08 | Talk | Nullcon |
Pushing Security Left By Mutating Byte Code
| Gaurav Gogia | #secure-coding#application-hardening#static-analysis+1 |
| 2022-09-08 | Talk | Nullcon |
Web3.0 - Smart Contracts Could Be Leaky
| Riddhi Shree | #smart-contracts#web3#decentralized-systems+3 |
| 2022-09-08 | Talk | Nullcon |
Automate Your Whatsapp Chats
| Aditi Bhatnagar | #android#application-pentesting#ai-security+2 |
| 2022-09-08 | Talk | Nullcon |
Hack the Source: Securing Open Source Software β One bug at a time
| Sandeep Singh, Laurie Mercer | #open-source-security#supply-chain#code-review+4 |
| 2022-09-08 | Talk | Nullcon |
Raining CVEs On WordPress Plugins With Semgrep
| Shreya Pohekar, Syed Sheeraz Ali | #static-analysis#code-review#secure-coding+3 |
| 2022-09-08 | Talk | Nullcon |
vPrioritizer: Art of Risk Prioritization
| Pramod Rana | #vulnerability-assessment#security-development-lifecycle#risk-management+3 |
| 2022-09-07 | Talk | Nullcon |
Hacking 5G Is No Rocket Science
| Altaf Shaik, Matteo Strada | #api-security#application-pentesting#security-testing |
| 2022-09-07 | Talk | Nullcon |
Hacking Android Foreground Services Escalation Of Privileges
| Rony Das | #android#android-security#mobile-hacking+3 |
| 2022-09-07 | Talk | Nullcon |
Scale hacking to secure your cloud and beyond
| Anand Prakash | #cloud-pentesting#cloud-security-posture-management#container-security+4 |
| 2022-09-07 | Talk | Nullcon |
Do PDF Tools Conform To The Specification?
| Prashant Anantharaman | #pdf#data-protection#static-analysis+4 |
| 2022-09-07 | Talk | Nullcon |
ElectroVolt: Pwning Popular Desktop Apps While Uncovering New Attack Surface On Electron
| Mohan Sri Rama Krishna Pedhapati, Maxwell Garrett | #red-teaming#application-pentesting#dynamic-analysis+4 |
| 2022-09-07 | Talk | Nullcon |
Honey, I Just Put The Hospital On A Ventilator! - DICOM And Its Pitfalls
| Shyam Sundar Ramaswami, Rakesh Mahanthi | #vulnerability-assessment#hmi#data-protection+1 |
| 2022-09-06 | Panel | Nullcon |
Consumer Tech Bug Bounty Panel: Hear from the Program Managers
| Sandeep Singh, Rishika Hooda, Omar Benbouazza | #bug-bounty#security-testing#application-hardening+3 |
| 2022-09-06 | Panel | Nullcon |
Securing the Software
| Mrudul Uchil, Abhisek Datta, Harish Goel, Matthew Bohne | #software-security#secure-development#security-testing+3 |
| 2022-08-26 | Talk | Hitbsecconf |
CAN A FUZZER MATCH A HUMAN
| Bhargava Shastry | #fuzzing#solidity#smart-contracts+4 |
| 2022-08-25 | Talk | Hitbsecconf |
MPT: Pentest In Action
| Jyoti Raval | #security-assessment#application-pentesting#asset-management+2 |
| 2022-08-12 | Talk | Defcon |
Stop worrying about Nation-States and Zero-Days; let’s fix things that have been known for years
| Vivek Ponnada | #secure-coding#devsecops#owasp |
| 2022-08-12 | Panel | Defcon |
Agility Broke AppSec. Now It’s Going to Fix It.
| Vandana Verma Sehgal, Roy Erlich, Emil Vaagland, Seth Kirschner | #security-testing#secure-development#cicd-pipeline |
| 2022-08-11 | Tool demo | Blackhat |
Patronus: Swiss Army Knife SAST Toolkit
| Akhil Mahendra, Akshansh Jaiswal, Ashwin Shenoi | #sast#software-composition-analysis#asset-inventory+4 |
| 2022-08-11 | Talk | Blackhat |
ElectroVolt: Pwning Popular Desktop Apps While Uncovering New Attack Surface on Electron
| Mohan Sri Rama Krishna Pedhapati, Aaditya Purani, Max Garrett, William Bowling | #red-teaming#application-pentesting#code-review+4 |
| 2022-08-11 | Tool demo | Blackhat |
Octopii - AI-powered Personal Identifiable Information (PII) scanner
| Owais Shaikh | #ai#ai-security#data-protection+4 |
| 2022-08-11 | Talk | Blackhat |
Eliminating Triage Intermediaries for Zero-day Exploits Using a Decentralised Payout Protocol
| Subhechha Subudhi, Clara Maine, Akke Toeter, Victoria Bosch | #zero-day#smart-contracts#security-development-lifecycle+2 |
| 2022-08-10 | Talk | Blackhat |
Attacks From a New Front Door in 4G & 5G Mobile Networks
| Altaf Shaik, Shinjo Park, Matteo Strada | #api-security#access-management#identity-theft+4 |
| 2022-08-10 | Tool demo | Blackhat |
AWSGoat : A Damn Vulnerable AWS Infrastructure
| Nishant Sharma, Jeswin Mathai, Sanjeev Mahunta | #aws#cloud-pentesting#cloud-workload-protection+4 |
| 2022-08-10 | Tool demo | Blackhat |
Node Security Shield - A Lightweight RASP for NodeJS Applications
| Lavakumar Kuppan, Sukesh Pappu | #application-hardening#code-review#secure-development+4 |
| 2022-08-10 | Tool demo | Blackhat |
ParseAndC 2.0 β We Don’t Need No C Programs (for Parsing)
| Parbati Kumar Manna | #reverse-engineering#dynamic-analysis#network-pentesting+4 |
| 2022-08-10 | Tool demo | Blackhat |
Adhrit: Android Security Suite
| Amrudesh Balakrishnan, Rahul Sani, Abhishek Jm | #android#android-security#application-pentesting+4 |
| 2022-08-10 | Tool demo | Blackhat |
ArcherySec - Manage and Automate your Vulnerability Assessment
| Anand Tiwari | #application-pentesting#ci-cd#dynamic-analysis+3 |
| 2022-08-10 | Tool demo | Blackhat |
HazProne : Cloud Hacking
| Devansh Patel, Staford Titus S | #cloud-pentesting#cloud-workload-protection#aws+4 |
| 2022-08-10 | Tool demo | Blackhat |
CASPR - Code Trust Audit Framework
| Ajit Hatti | #secure-coding#secure-development#security-tools+3 |
| 2022-08-10 | Tool demo | Blackhat |
AzureGoat : A Damn Vulnerable Azure Infrastructure
| Jeswin Mathai, Nishant Sharma, Rachna Umaraniya | #azure#cloud-pentesting#cloud-workload-protection+3 |
| 2022-06-07 | Talk | Rsac |
Continuous Security - Integrating Pipeline Security
| Vandana Verma Sehgal | #ci-cd#cicd-pipeline#cicd-security+3 |
| 2022-06-01 | Talk | Securityfest |
Exploitation and automated detection of threats to modern cloud infrastructure
| Krishnaa Srinivasa, Maithri Nadig | #aws#vulnerability-assessment#cloud-monitoring+4 |
| 2022-05-12 | Tool demo | Blackhat |
Node Security Shield
| Lavakumar Kuppan, Sukesh Pappu | #application-hardening#secure-development#security-testing+3 |
| 2022-05-12 | Tool demo | Blackhat |
Nightingale: Docker for Pentesters
| Raja Nagori | #docker#application-pentesting#container-security+4 |
| 2022-05-12 | Tool demo | Blackhat |
ReconPal: Leveraging NLP for Infosec
| Jeswin Mathai, Shantanu Kale, Sherin Stephen | #reconnaissance#ai-security#nlp+4 |
| 2022-05-12 | Talk | Blackhat |
Non-Intrusive Vulnerability Localization and Hotpatching for Industrial Control Systems
| Prashant Rajput, Michail Maniatakos | #ics-security#control-systems#hardware-embedded+3 |
| 2022-05-12 | Tool demo | Blackhat |
Patronus: Swiss Army Knife SAST Toolkit
| Akhil Mahendra, Akshansh Jaiswal, Ashwin Shenoi | #sast#software-composition-analysis#secure-development+1 |
| 2022-04-08 | Talk | Nullcon |
Attack Surfaces for 5G Networks
| Altaf Shaik | #application-pentesting#security-development-lifecycle#api-security |
| 2022-04-08 | Talk | Nullcon |
Bheem OS - A next-generation reasonably secure OS using Rust MicroVM
| Akram Ansari, Subash Sn | #os#virtual-machine#container-security+3 |
| 2022-03-25 | Talk | Insomnihack |
Hook, Line and Sinker - Pillaging API Webhooks
| Abhay Bhargav | #web-security#api-security#ssrf+1 |
| 2021-11-18 | Talk | Hackinparis |
Is it really an intrusion if you get called in?: Mis-configuration based attacks in AWS
| Kavisha Sheth | #aws#cloud-workload-protection#cloud-pentesting+3 |
| 2021-11-13 | Talk | C0c0n |
New way of looking at the hidden mysteries in the code
| Vandana Verma Sehgal | #code-review#static-analysis#reverse-engineering+2 |
| 2021-11-13 | Talk | C0c0n |
Connecting the dots between customers and security teams
| Shruthi Kamath | #incident-management#security-training#devsecops+1 |
| 2021-11-13 | Talk | C0c0n |
Cybersecurity in the era of Resilience - A walk through people, process and technology
| Babitha B P | #risk-management#cyber-resilience#architecture+3 |
| 2021-11-13 | Talk | C0c0n |
Server-side javascript Injection
| Kavisha Sheth | #web-security#secure-coding#web-pentesting |
| 2021-11-13 | Talk | C0c0n |
Exploiting 2A(Authentication and Authorization) Vulnerabilities of Web Application
| Gayatri Nayak | #web-security#authentication#authorization+2 |
| 2021-11-12 | Talk | C0c0n |
Dissecting Malicious Software and Analysis
| Shrutirupa Banerjiee | #reverse-engineering#dynamic-analysis#static-analysis |
| 2021-11-11 | Tool demo | Blackhat |
vAPI: Vulnerable Adversely Programmed Interface (OWASP API Top 10)
| Tushar Kulkarni | #api-security#application-pentesting#security-testing+4 |
| 2021-11-11 | Tool demo | Blackhat |
Damn Vulnerable Bank
| Akshansh Jaiswal, Hrushikesh Kakade, Rewanth Tammana | #android#android-security#application-pentesting+3 |
| 2021-11-11 | Tool demo | Blackhat |
Kubernetes Goat: Interactive Kubernetes Security Learning Playground
| Madhu Akula | #kubernetes#cloud-workload-protection#container-security+4 |
| 2021-11-10 | Tool demo | Blackhat |
Adhrit: Android Security Suite
| Abhishek Jaiswal, Abhishek Jm, Rahul Sani | #android#application-pentesting#code-review+4 |
| 2021-11-10 | Tool demo | Blackhat |
Kubestriker: A Blazing Fast Security Auditing Tool
| Vasant Kumar | #kubernetes#cloud-workload-protection#container-security+3 |
| 2021-11-04 | Talk | Ekoparty |
DIAL: Did I just alert Lambda? A centralized security misconfiguration detection system
| Saransh Rana, Divyanshu Mehta, Harsh Varagiya | #aws#security-monitoring#iam+1 |
| 2021-10-15 | Talk | Rootcon |
The Curious case of knowing the unknown
| Vandana Verma Sehgal | #secure-coding#devsecops#software-security |
| 2021-10-08 | Keynote | Shellcon |
Keynote - Advanced Application of Adversarial AI for Scenario Based Hacking
| Tamaghna Basu | #ai#ai-security#deep-learning+4 |
| 2021-08-27 | Talk | Hitbsecconf |
Securing Webviews and The Story Behind CVE-2021β21136
| Shiv Sahni, Imdadullah Mohammed | #android-security#secure-coding#security-testing+2 |
| 2021-08-08 | Talk | Defcon |
AppSec 101: A Journey from Engineer to Hacker
| Arjun Gopalakrishna | #secure-coding#security-assessment#ethical-hacking+2 |
| 2021-08-08 | Talk | Defcon |
Top 20 Secure PLC Coding Practices
| Vivek Ponnada, Sarah Fluchs | #ics-security#secure-coding#control-systems+1 |
| 2021-08-07 | Tool demo | Defcon |
Tenacity- An Adversary Emulation Tool for Persistence
| Atul Nair, Harshal Tupsamudre | #incident-management#security-testing#attack-surface |
| 2021-08-06 | Panel | Defcon |
Adversary simulation, emulation or purple teaming - How would you define it?
| Anant Shrivastava, Vincent Yiu, Martin Ingesen, Jean Marie Bourbon, Samuel Kimmons, Joe Vest | #security-testing#incident-management#red-teaming+3 |
| 2021-08-06 | Talk | Defcon |
Adversary village Kick-off
| Abhijith B R | #red-teaming#ethical-hacking#vulnerability-assessment+2 |
| 2021-08-05 | Talk | Defcon |
The Bug Hunterβs Recon Methodology
| Tushar Verma | #security-assessment#vulnerability-assessment#application-pentesting+1 |
| 2021-08-05 | Talk | Blackhat |
The Devil is in the GAN: Defending Deep Generative Models Against Adversarial Attacks
| Ambrish Rawat, Killian Levacher, Mathieu Sinn | #ai#ai-security#deep-learning+4 |
| 2021-08-04 | Tool demo | Blackhat |
Attack Surface Framework
| Prajwal Panchmahalkar, Mauricio Espinosa | #network-defense#application-pentesting#attack-surface+1 |
| 2021-08-04 | Tool demo | Blackhat |
ParseAndC: A Universal Parser and Data Visualization Tool for Security Testing
| Parbati Kumar Manna | #reverse-engineering#application-pentesting#code-review+4 |
| 2021-08-04 | Talk | Blackhat |
Siamese Neural Networks for Detecting Brand Impersonation
| Jugal Parikh, Nitin Kumar Goel, Justin Grana, Yuchao Dai | #impersonation#ai-security#deep-learning+4 |
| 2021-08-04 | Tool demo | Blackhat |
Joern: An Interactive Shell for Code Analysis
| Suchakra Sharma, Vickie Li, Fabian Yamaguchi | #vulnerability-assessment#code-review#sast+4 |
| 2021-08-04 | Tool demo | Blackhat |
Counterfit: Attacking Machine Learning in Blackbox Settings
| Raja Sekhar Rao Dheekonda, Will Pearce | #vulnerability-assessment#ai-security#machine-learning+2 |
| 2021-08-04 | Tool demo | Blackhat |
Kubestriker: A Blazing Fast Kubernetes Security Auditing Tool
| Pralhad Chaskar, Vasant Kumar | #kubernetes#cloud-workload-protection#container-security+4 |
| 2021-05-06 | Tool demo | Blackhat |
Demystifying the State of Kubernetes Cluster Security - The Cloud Native Way
| Vasant Kumar, Rupali Dash | #kubernetes#audit#secure-coding+1 |
| 2021-05-06 | Tool demo | Blackhat |
FalconEye: Windows Process Injection Techniques - Catch Them All
| Rajiv Kulkarni, Sushant Paithane | #windows#process-injection#blueteam+1 |
| 2021-03-06 | Talk | Nullcon |
Bug hunter adventures
| Shreyas Dighe, Yuvraj Dighe | #bug-hunting#application-pentesting#bug-bounty+3 |
| 2020-12-10 | Talk | Blackhat |
Effective Vulnerability Discovery with Machine Learning
| Asankhaya Sharma, Ming Yi Ang | #security-assessment#machine-learning#software-composition-analysis+4 |
| 2020-11-21 | Talk | Appsecindonesia |
Learn how to find and exploit race conditions in web apps with OWASP TimeGap Theory
| Abhi M Balakrishnan | #web-security#owasp#application-pentesting+1 |
| 2020-11-21 | Talk | Appsecindonesia |
The caveats of the unseen: Crouching exposure, Hidden Misconfiguration
| Ashwin Vamshi | #architecture#devsecops#risk-management+1 |
| 2020-11-20 | Talk | Deepsec |
What’s Up Doc? - Self Learning Sandboxes to Defeat Modern Malwares Using RSA: Rapid Static Analysis
| Shyam Sundar Ramaswami | #malware-detection#sandbox#static-analysis+1 |
| 2020-11-11 | Talk | Powerofcommunity |
My Hacking Adventures With Safari Reader Mode
| Nikhil Mittal 1 | #browser-security#ios-security#vulnerability-assessment+1 |
| 2020-10-02 | Tool demo | Blackhat |
MalViz.ai
| Vasu Sethia, Shivam Kataria | #blueteam#machine-learning#deep-learning+3 |
| 2020-10-02 | Talk | Blackhat |
Identifying Multi-Binary Vulnerabilities in Embedded Firmware at Scale
| Aravind Machiry, Nilo Redini, Andrea Continella, Ruoyu Wang, Yan Shoshitaishvili, Cristopher Kruegel, Giovanni Vigna, Chad Spensky | #embedded-systems#firmware-analysis#static-analysis+1 |
| 2020-10-02 | Tool demo | Blackhat |
OWASP Nettacker
| Sri Harsha Gajavalli, Ali Razmjoo Qalaei, Sam Stepanyan | #security-assessment#vulnerability-assessment#network-pentesting+3 |
| 2020-10-01 | Tool demo | Blackhat |
OWASP Python Honeypot
| Sri Harsha Gajavalli, Ali Razmjoo | #web-security#owasp#security-assessment+1 |
| 2020-09-19 | Talk | C0c0n |
Automate your Recon with ReconNote
| Prasoon Gupta | #security-assessment#vulnerability-assessment#devsecops |
| 2020-09-18 | Talk | C0c0n |
Introducing SniperPhish: A Web-Email Spear Phishing Toolkit
| Sreehari Haridas, Gem George | #phishing#application-pentesting#security-development-lifecycle+4 |
| 2020-09-18 | Talk | C0c0n |
Web Application hacking with WebZGround
| Parveen Yadav, Narendra Kumar | #web-security#web-pentesting#security-assessment+3 |
| 2020-09-18 | Keynote | C0c0n |
Data protection and Privacy Data protection and Privacy
| Kris Gopalakrishnan | #ai-security#data-protection#identity-theft+2 |
| 2020-09-18 | Talk | C0c0n |
Demystifying Zero Trust - A Real world
| Sandeep Variyam | #zero-trust#architecture#security-governance+1 |
| 2020-09-18 | Talk | C0c0n |
Automation in Bug Bounties to Work Smarter
| Prerak Mittal | #bug-hunting#bug-bounty#security-tools+4 |
| 2020-09-18 | Talk | C0c0n |
My top 3 findings in bug Bounty journey | Aiming for high impact issues
| Ankit Giri | #bug-hunting#bug-bounty#security-testing+3 |
| 2020-09-18 | Talk | C0c0n |
Kubernetes Goat - Vulnerable by Design Kubernetes Cluster Environment
| Madhu Akula | #kubernetes#red-teaming#cloud-workload-protection+3 |
| 2020-09-18 | Talk | C0c0n |
Broken Cryptography & Account Takeover
| Harsh Bothra | #encryption#ssl#security-testing+2 |
| 2020-08-22 | Talk | Thedianainitiative |
Deploying discreet infrastructure for targeted phishing campaigns
| Sreehari Haridas | #phishing#application-pentesting#social-engineering+3 |
| 2020-08-22 | Talk | Thedianainitiative |
Hacking into Android Ecosystem
| Aditi Bhatnagar | #android#android-security#application-pentesting+3 |
| 2020-08-22 | Talk | Thedianainitiative |
Internal Red Team Operations Framework - Building your practical internal Red Team
| Abhijith B R | #red-teaming#cyber-war#phishing+3 |
| 2020-08-09 | Talk | Defcon |
Running an appsec program with open source projects
| Vandana Verma Sehgal | #owasp#secure-development#devsecops+3 |
| 2020-07-26 | Talk | Hitbsecconf |
Swapping Asprin Formulas With MDMA While Red Teaming a Billion Dollar Company
| Himanshu Sharma, Aman Sachdev | #red-teaming#application-pentesting#incident-management+2 |
| 2020-04-25 | Talk | Hitbsecconf |
THE STATE OF ICS SECURITY: THEN AND NOW
| Praveen Soni, Shivbihari Pandey, Ashish Kumar Gahlot | #vulnerability-assessment#security-assessment#blueteam |
| 2020-03-06 | Tool demo | Nullcon |
FRISPY
| Tejas Girme, Parmanand Mishra | #spyware#red-teaming#api-security+3 |
| 2020-03-06 | Talk | Nullcon |
Automated Classification of Web-Application Attacks for Intrusion Detection
| Aneet Kumar Dutta | #intrusion-detection#machine-learning#application-pentesting+3 |
| 2020-03-06 | Tool demo | Nullcon |
Callidus
| Chirag Savla | #red-teaming#azure#application-pentesting+2 |
| 2020-03-06 | Tool demo | Nullcon |
spike2kill
| Manish Singh | #web-scraping#ai-security#nlp+4 |
| 2020-03-06 | Tool demo | Nullcon |
F.R.I.D.A.Y
| Shyam Sundar Ramaswami | #blueteam#dynamic-analysis#sandbox+2 |
| 2020-03-06 | Tool demo | Nullcon |
SASTRI
| Rushikesh D Nandedkar, Lalit Bhandari | #security-assessment#virtual-machine#static-analysis+3 |
| 2020-03-06 | Tool demo | Nullcon |
VyAPI
| Riddhi Shree | #secure-coding#aws#amazon-cognito+3 |
| 2020-03-06 | Tool demo | Nullcon |
Wolverine
| Furqan Khan, Siddharth Anbalahan | #linux#secure-coding#web-security+3 |
| 2020-03-06 | Tool demo | Nullcon |
Talisman
| Suhas Vishwanath | #secure-development#macos#linux+3 |
| 2019-12-04 | Tool demo | Blackhat |
AutoMacTC: Finding Worms in Apple Orchards - Using AutoMacTC for macOS Incident Response
| Kshitij Kumar, Jai Musunuri | #macos#secure-coding#forensics+1 |
| 2019-12-04 | Tool demo | Blackhat |
DumpTheGit
| Malkit Singh | #reconnaissance#data-leak#data-protection+1 |
| 2019-11-07 | Talk | Powerofcommunity |
Software Zero-Day Discovery - How To? Targets/Seeds? Methods - Fuzzing, Reverse-Engg, ‘Neither’??
| Kushal Shah | #vulnerability-assessment#fuzzing#reverse-engineering+2 |
| 2019-11-01 | Talk | Hackfest |
The Mechanics of Malware’s Darkside
| Yagnesh Waran P, Laura Harris | #dynamic-analysis#static-analysis#security-testing+1 |
| 2019-11-01 | Talk | Appsecdayaustralia |
Protecting the Damned: Deploying Insecure Applications at Scale
| Vivek Ramachandran | #blueteam#container-security#docker+3 |
| 2019-10-16 | Tool demo | Hitbsecconf |
Introducing ARM-X - The ARM IoT Firmware Emulation Framework
| Saumil Shah | #arm#linux#firmware-analysis+4 |
| 2019-10-11 | Talk | Texascybersummit |
Exploit The State of Embedded Web Security in IoT Devices !
| Aditya K Sood | #iot-security-testing#web-security#embedded-security |
| 2019-10-10 | Talk | Brucon |
Security transition from 4G to 5G: are we secure enough?
| Altaf Shaik, Ravishankar Borgaonkar | #5g#4g#network-architecture+3 |
| 2019-09-28 | Talk | Romhack |
Oh! Auth: Implementation pitfalls of OAuth 2.0 & the Auth Providers who have fell in it
| Samit Anwer | #oauth#phishing#csrf+2 |
| 2019-09-27 | Talk | C0c0n |
autoSource an automated framework for Source Code Review
| Malkit Singh | #code-review#secure-coding#static-analysis+3 |
| 2019-09-27 | Talk | C0c0n |
Security @scale for startups
| Shivanath Somanathan | #devsecops#secure-development#software-security+2 |
| 2019-09-27 | Talk | C0c0n |
Stepping into Password Less Economy
| Ajit Hatti | #authentication#identity-management#secure-development+1 |
| 2019-09-27 | Talk | C0c0n |
Golang for Pentesters / RedTeamers
| Anant Shrivastava | #security-assessment#red-teaming#secure-coding |
| 2019-09-27 | Talk | C0c0n |
Serverless SOAR
| Sabyasachi Dhal, Suresh Sharma | #secure-coding#security-assessment#serverless+4 |
| 2019-09-27 | Talk | C0c0n |
VyAPI - The Vulnerable Hybrid Android App
| Riddhi Shree | #secure-coding#aws#amazon-cognito+3 |
| 2019-09-27 | Talk | C0c0n |
Practical Approach to Cyber Security for financial institutions
| Georgie Kurien | #financial-institutions#secure-development#risk-management+2 |
| 2019-09-27 | Talk | C0c0n |
Securing Payment Data with PCI Security Standards and Programs
| Nitin Bhatnagar | #blueteam#data-protection#secure-development+3 |
| 2019-09-27 | Panel | C0c0n |
Shouldn’t Organization disclose breaches - The need for a shared platform
| Sunil Varkey, Jacxine Fernandez, Rahul Sasi, K K Chaudhary | #data-leak#data-protection#security-testing+4 |
| 2019-09-23 | Talk | Rootcon |
Identity crisis: war stories from authentication failures
| Vishal Chauhan | #authentication#identity-management#vulnerability-assessment+3 |
| 2019-09-13 | Talk | 44con |
One Person Army β Playbook on how to be the first Security Engineer at a company
| Kashish Mittal | #devsecops#application-hardening#secure-development+4 |
| 2019-09-13 | Talk | Globalappsec |
A Purple Team View of Serverless and GraphQL Applications
| Abhay Bhargav | #purpleteam#cloud-workload-protection#serverless+3 |
| 2019-09-13 | Talk | Globalappsec |
Real Time Vulnerability Alerting by Using Principles from the United States Tsunami Warning Center
| Amol Sarwate | #aws#siem#devsecops |
| 2019-09-12 | Keynote | Globalappsec |
Making a Change, One at a time - Diversity: More than just Gender
| Vandana Verma Sehgal | #security-training#human-factor#cybersecurity-strategy+3 |
| 2019-08-30 | Talk | Hitbsecconf |
COMMSEC: PErfidious: Make PE Backdooring Great Again!
| Shreyans Doshi | #secure-coding#red-teaming#blueteam+1 |
| 2019-08-11 | Talk | Defcon |
Exploiting and Securing iOS Apps using OWASP iGoat
| Swaroop Yermalkar | #ios-security#application-pentesting#security-assessment+3 |
| 2019-08-11 | Talk | Defcon |
Shifting the DevSecOps Culture, Taking away the sugar piece and giving the pile to ants
| Vandana Verma Sehgal | #devsecops#secure-development#ci-cd+2 |
| 2019-08-08 | Talk | Defcon |
Phishing in the cloud era
| Ashwin Vamshi, Abhinav Singh | #phishing#api-security#web-security+2 |
| 2019-08-08 | Talk | Blackhat |
Preventing Authentication Bypass: A Tale of Two Researchers
| Ravi Jaiswal, Terry Zhang, Ron Chan | #security-development-lifecycle#identity-management#authentication+4 |
| 2019-08-08 | Tool demo | Blackhat |
RWDD: Remote Web Deface Detection Tool
| K v Prashant, Ade Yoseman Putra | #blueteam#application-pentesting#security-monitoring+1 |
| 2019-08-08 | Talk | Blackhat |
DevSecOps : What, Why and How
| Anant Shrivastava | #devsecops#ci-cd#cicd-pipeline+4 |
| 2019-08-08 | Talk | Defcon |
Anatomy of cloud hacking
| Pratik Shah | #cloud-pentesting#post-exploitation#architecture+1 |
| 2019-08-07 | Tool demo | Blackhat |
SASTRI: Plug and Play VM for SAST/Static Application Security Testing Realtime Integration/
| Rushikesh D Nandedkar, Lalit Bhandari | #security-assessment#virtual-machine#application-hardening+4 |
| 2019-08-07 | Tool demo | Blackhat |
Medaudit: Auditing Medical Devices and Healthcare Infrastructure
| Anirudh Duggal | #security-assessment#application-pentesting#network-architecture+1 |
| 2019-05-28 | Talk | Securityfest |
Oh! Auth: Implementation pitfalls of OAuth 2.0 & the Auth Providers who have fell in it
| Samit Anwer | #web-security#iam#appsec |
| 2019-05-21 | Talk | Phdays |
GDALR: an efficient model duplication attack on black-box machine learning models
| Rewanth Tammana, Nikhil Joshi | #red-teaming#machine-learning#api-security+3 |
| 2019-05-21 | Talk | Phdays |
Breaking Microsoft Edge extensions security policies
| Nikhil Mittal | #application-pentesting#code-review#security-testing+2 |
| 2019-05-10 | Talk | Hitbsecconf |
HAXPO: RF Exploitation: Demystifying IoT/OT Hacks with SDR
| Himanshu Mehta, Harshit Agrawal | #rf#red-teaming#hardware-embedded+3 |
| 2019-05-09 | Talk | Hitbsecconf |
GDALR: Duplicating Black Box Machine Learning Models
| Rewanth Tammana, Nikhil Joshi | #machine-learning#red-teaming#api-security+2 |
| 2019-05-04 | Talk | Thotcon |
What The Frida Gave Me: A Novel Take on E-Ticket Forging and E-Ticket Stealing
| Priyank Nigam | #frida#application-pentesting#dynamic-analysis+3 |
| 2019-03-28 | Tool demo | Blackhat |
Kurukshetra: Playground for Interactive Security Learning
| Anirudh Anand, Mohan Kallepalli, Ankur Bhargava | #secure-coding#blueteam#application-pentesting+4 |
| 2019-03-28 | Tool demo | Blackhat |
RTS: Real Time Scrapper
| Naveen Rudrappa | #blueteam#application-pentesting#security-monitoring+4 |
| 2019-03-28 | Talk | Blackhat |
DevSecOps : What, Why and How
| Anant Shrivastava | #devsecops#secure-coding#ci-cd+3 |
| 2019-03-28 | Tool demo | Blackhat |
pytm: A Pythonic Framework for Threat Modeling
| Rohit Shambhuni, Izar Tarandach | #secure-coding#threat-modeling#red-teaming |
| 2019-03-28 | Tool demo | Blackhat |
OWASP Nettacker: Automated Penetration Testing Framework
| Sri Harsha Gajavalli, Ali Razmjoo Qalaei, Ehsan Nezami | #network-pentesting#vulnerability-assessment#firewall+3 |
| 2019-03-02 | Panel | Nullcon |
The Myth of Sisyphus Secure Product Development
| Bipin Upadhyay, Minatee Mishra, Neelu Tripathy, Vaibhav Gupta, Vishal Sahani | #secure-development#secure-coding#security-testing+3 |
| 2019-03-02 | Panel | Nullcon |
Navigating Risk in the Changing Business and Technology Landscape
| Rahul Neel Mani, Burgess Cooper, Manish Tiwari, Mannan Godil | #risk-management#cybersecurity-strategy#business-resilience+4 |
| 2019-03-02 | Panel | Nullcon |
CISO Strategy for OT and IoT risk and Threat Management
| Gaurav Shukla, Gomeet Pant, Rakesh Viswanathan, Sudarshan Rajagopal | #ics-security#iot-pentesting#cybersecurity-strategy+3 |
| 2019-02-28 | Talk | Nullcon |
Pentesting without Pentesters - Automating Security Testing with Functional Testing Test Cases
| Lavakumar Kuppan, Ankit Gupta | #security-assessment#application-pentesting#application-hardening+3 |
| 2019-02-28 | Talk | Nullcon |
A Hacker Walks into a Co-working Space
| Rahul Binjve | #red-teaming#application-pentesting#network-architecture+2 |
| 2019-02-28 | Talk | Nullcon |
Andromeda - GUI based Dynamic Instrumentation Toolkit powered by Frida
| Shivang Desai | #secure-coding#security-assessment#dynamic-analysis+4 |
| 2019-02-28 | Talk | Nullcon |
Building Hardened IoT Implementations with LangSec
| Prashant Anantharaman | #blueteam#secure-development#input-validation+4 |
| 2018-12-05 | Tool demo | Blackhat |
Kurukshetra: Playground for Interactive Security Learning
| Anirudh Anand, Mohan Kallepalli | #secure-coding#blueteam#application-hardening+4 |
| 2018-12-05 | Tool demo | Blackhat |
Mafia: Mobile Security Automation Framework for Intelligent Auditing
| Ankur Bhargava, Mohan Kallepalli | #audit#security-testing#secure-development+4 |
| 2018-11-27 | Talk | Hitbsecconf |
BSIDES: Creating Browser Extensions to Hunt for Low-Hanging Fruit
| Rewanth Tammana | #red-teaming#application-pentesting#browser-security+2 |
| 2018-10-19 | Talk | Appsecdayaustralia |
Threat Modeling-as-Code & Automation for DevSecOps wins
| Abhay Bhargav | #threat-modeling#devsecops#application-hardening+4 |
| 2018-10-19 | Talk | Appsecdayaustralia |
Continuous Integration and Delivery with Docker Containers
| Vasant Kumar | #docker#blueteam#container-security+4 |
| 2018-10-10 | Talk | Brucon |
Simplifying the art of instrumentation
| Krishnakant Patil, Rushikesh D Nandedkar | #reverse-engineering#static-analysis#dynamic-analysis+2 |
| 2018-10-05 | Talk | C0c0n |
Pentesting GraphQL Applications
| Neelu Tripathy | #security-assessment#application-pentesting#dynamic-analysis+4 |
| 2018-10-05 | Talk | C0c0n |
DomGoat - the DOM Security Playground
| Lavakumar Kuppan | #xss#web-security#input-validation+4 |
| 2018-10-05 | Talk | C0c0n |
SCANDA: To Unbosom Malware Behavior
| Rajesh Nikam, Parmanand Mishra | #reverse-engineering#dynamic-analysis#malware-research+1 |
| 2018-10-05 | Talk | C0c0n |
Unconventional vulnerabilities in Google Cloud Platform
| Pranav Venkat | #gcp#red-teaming#cloud-pentesting+3 |
| 2018-10-05 | Talk | C0c0n |
Using Fault Injection for Forensics
| Yashin Mehaboobe | #forensics#digital-forensics#security-testing+2 |
| 2018-10-04 | Talk | Confidence |
Hacking 50 Million users using 123456
| Aman Sachdev, Himanshu Sharma | #web-security#authentication#ethical-hacking+2 |
| 2018-10-03 | Tool demo | Blackhat |
Angad: A Malware Detection Framework Using Multi-Dimensional Visualization
| Ankur Tyagi | #malware-detection#static-analysis#dynamic-analysis+3 |
| 2018-09-27 | Talk | Rootcon |
Defending cloud Infrastructures with Cloud Security Suite
| Shivankar Madaan | #aws#secure-coding#web-security+2 |
| 2018-09-12 | Talk | 44con |
Make ARM Shellcode Great Again
| Saumil Shah | #arm#embedded-systems#security-tools+3 |
| 2018-09-06 | Talk | Grrcon |
Analyzing Multi-Dimensional Malware Dataset
| Ankur Tyagi | #blueteam#machine-learning#dynamic-analysis+1 |
| 2018-09-06 | Talk | Grrcon |
Crypto Gone Rogue: A Tale of Ransomware, Key Management and the CryptoAPI
| Pranshu Bajpai, Richard Enbody | #encryption#ransomware#dynamic-analysis+1 |
| 2018-08-16 | Talk | Usenix |
Man-in-the-Machine: Exploiting Ill-Secured Communication Inside the Computer
| Siddharth Rao, Thanh Bui, Markku Antikainen, Viswanathan Manihatty Bojan, Tuomas Aura | #security-assessment#architecture#application-hardening+4 |
| 2018-08-11 | Talk | Defcon |
Compression Oracle Attacks on VPN Networks
| Ahamed Nafeez | #vpn#network-architecture#application-pentesting+3 |
| 2018-08-11 | Tool demo | Defcon |
Halcyon IDE
| Sanoop Thomas | #reconnaissance#red-teaming#nmap+1 |
| 2018-08-11 | Tool demo | Defcon |
Sh00tβAn open platform for manual security testers & bug hunters
| Pavan Mohan | #security-assessment#bug-hunting#secure-coding+1 |
| 2018-08-09 | Tool demo | Blackhat |
Mafia: Mobile Security Automation Framework for Intelligent Auditing
| Ankur Bhargava, Sagar Popat, Mohan Kallepalli | #audit#security-testing#automated-scanning+4 |
| 2018-08-08 | Tool demo | Blackhat |
AutoMacTC: Finding Worms in Apple Orchards - Using AutoMacTC for macOS Incident Response
| Kshitij Kumar, Jai Musunuri | #macos#secure-coding#forensics+1 |
| 2018-08-08 | Tool demo | Blackhat |
Astra: Automated Security Testing For REST APIs
| Ankur Bhargava, Prajal Kulkarni, Sagar Popat | #security-assessment#rest-api#api-security+4 |
| 2018-08-08 | Tool demo | Blackhat |
ThreatPlaybook
| Abhay Bhargav, Sharath Kumar | #threat-modeling#ci-cd#security-development-lifecycle+4 |
| 2018-08-08 | Tool demo | Blackhat |
SCoDA: Smart COntract Defender and Analyzer
| Ajit Hatti | #blueteam#secure-coding#smart-contracts+4 |
| 2018-08-08 | Tool demo | Blackhat |
Halcyon IDE: For Nmap Script Developers
| Sanoop Thomas | #reconnaissance#red-teaming#nmap+1 |
| 2018-06-27 | Talk | First |
Securing your in-ear fitness coach: Challenges in hardening next generation wearables
| Sumanth Naropanth, Sunil Kumar | #secure-development#architecture#devsecops |
| 2018-06-04 | Talk | Confidence |
From 123456 on a staging to compromising a multi-million dollar VC - The journey of us Red Teamers of a hack spanning over 200 days
| Himanshu Sharma, Aman Sachdev | #red-teaming#ethical-hacking#security-assessment+2 |
| 2018-05-30 | Talk | Auscert |
How to Bypass Authentication & Authorization
| Sarwar Jahan | #authentication#authorization#web-security+1 |
| 2018-05-29 | Award | |
Data Exfiltration via Formula Injection #Part1
| Ajay Prashar, Balaji Gopal | #data-leak#exploitation#web-security+1 |
| 2018-05-13 | Talk | Defcon |
Androsia: Securing ‘Data in Process’ for your Android Apps
| Samit Anwer | #android#blueteam#android-security+4 |
| 2018-03-22 | Tool demo | Blackhat |
Androsia - A Step Ahead in Securing Sensitive In-Memory Android Application Data
| Samit Anwer | #android#blueteam#application-hardening+4 |
| 2018-03-22 | Talk | Blackhat |
XOM-switch: Hiding Your Code from Advanced Code Reuse Attacks In One Shot
| Ravi Sahita, Daiping Liu, Mingwei Zhang | #blueteam#application-hardening#code-review+4 |
| 2018-03-13 | Talk | Troopers |
Securing your in-ear fitness coach: Challenges in hardening next generation wearables
| Sumanth Naropanth, Kavya Racharla | #secure-development#data-protection#architecture |
| 2018-03-03 | Panel | Nullcon |
Forensic Challenges and Road Ahead
| Manu Zacharia, Brijesh Singh, Sanjay Bahl, Vladimir Katalov | #data-leak#data-protection#forensics+4 |
| 2018-03-01 | Talk | Nullcon |
Looting your bank savings using Digital India
| Indrajeet Bhuyan | #red-teaming#application-pentesting#api-security+4 |
| 2018-03-01 | Talk | Nullcon |
Security through obscurity and fear
| Abhinav Srivastava | #application-pentesting#secure-development#security-testing+3 |
| 2018-01-31 | Talk | Owaspappseccalifornia |
Hunter β Optimize your Pentesters time
| Kiran Shirali | #application-pentesting#security-assessment#devsecops |
| 2017-12-07 | Tool demo | Blackhat |
THREAT MINER SDL - AUTOMATING THREAT INTELLIGENCE FOR SDL
| Raghudeep Kannavara | #threat-intelligence-analysis#machine-learning#security-development-lifecycle+4 |
| 2017-10-19 | Talk | Hacklu |
Are your VoLTE and VoWiFi calls secure?
| Sreepriya Chalakkal | #volte#vowifi#sip+2 |
| 2017-10-05 | Talk | Brucon |
Races, Reaches and Rescues!!! (Race condition vulnerabilities revisited)
| Rushikesh D Nandedkar, Sampada Nandedkar | #vulnerability-assessment#security-assessment#secure-coding+1 |
| 2017-09-21 | Talk | Appsecusa |
iGoat β A Self Learning Tool for iOS App Pentesting and Security
| Swaroop Yermalkar | #ios#application-pentesting#ios-security+4 |
| 2017-09-21 | Talk | Appsecusa |
Androsia: A tool for securing in memory sensitive data
| Samit Anwer | #android-security#static-analysis#secure-coding |
| 2017-08-19 | Talk | C0c0n |
Building Trust for Digital Transactions in India’s COD Culture
| Parry Aftab, Betsy Broder, Sridhara R Sidhu, Mirza Faizan | #secure-development#risk-management#architecture |
| 2017-08-19 | Panel | C0c0n |
Security in Banking - Being one step aheadt
| Sunil Varkey, Rajesh Hemrajani, Biju K, Bhavin Bhansali, B R Nath, V George Antony | #financial-institutions#secure-development#security-strategy |
| 2017-08-18 | Talk | C0c0n |
Case study: Security of Digital Wallet apps in India
| Ashwath Kumar, Sandesh Mysore Anand | #appsec#mobile-pentesting#application-hardening+4 |
| 2017-08-18 | Talk | C0c0n |
Penetration Testing Orchestrator: A Framework that leverages multi-tool penetration testing approach combined with Machine Learning-NLP for faster result analysis
| Furqan Khan, Siddharth Anbalahan | #machine-learning#security-assessment#nlp+4 |
| 2017-08-18 | Talk | C0c0n |
Dynamic Binary Instrumentation
| Vivek Arora, Bhaskar Rastogi | #dynamic-analysis#reverse-engineering#binary-analysis+1 |
| 2017-08-18 | Talk | C0c0n |
Yarafying Android Malware: A Missing Step Before Malware Analysis
| Shivang Desai | #android#blueteam#android-security+3 |
| 2017-08-18 | Talk | Usenix |
DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers
| Aravind Machiry, Chad Spensky, Jake Corina, Nick Stephens, Christopher Kruegel, Giovanni Vigna | #linux#kernel#static-analysis+4 |
| 2017-08-18 | Talk | C0c0n |
Androsia: A tool for securing in memory sensitive data
| Samit Anwer | #secure-coding#android#security-assessment |
| 2017-08-18 | Talk | C0c0n |
iGoat β A Self Learning Tool for iOS App Pentesting and Security
| Swaroop Yermalkar | #ios#security-assessment#blueteam+1 |
| 2017-08-18 | Talk | C0c0n |
Anti-Virus Bypassing for Fun and Profit
| Vanshit Malhotra | #red-teaming#malware-research#bypassing+2 |
| 2017-08-18 | Talk | C0c0n |
Exploiting the smartness of BLE Stack
| Apoorva Gupta | #bluetooth#red-teaming#mobile-hacking+3 |
| 2017-08-18 | Talk | C0c0n |
The Internet Of Things: Essentials of Secur(IOT)y
| Arpit Bajpai, Ronald Michael | #blueteam#iot-device-management#iot-pentesting+4 |
| 2017-07-30 | Tool demo | Blackhat |
Yasuo
| Saurabh Harit | #secure-coding#red-teaming#blueteam+3 |
| 2017-07-28 | Tool demo | Defcon |
Lamma 1.0
| Ajit Hatti, Antriksh Shah | #encryption#security-assessment#audit+1 |
| 2017-07-27 | Tool demo | Blackhat |
Fuzzapi - Fuzzing Your RESTAPIs Since Yesterday
| Lalith Rallabhandi, Abhijeth Dugginapeddi, Srinivas Rao | #fuzzing#rest-api#security-assessment+1 |
| 2017-07-27 | Tool demo | Blackhat |
Gibber Sense
| Ajit Hatti | #secure-coding#reconnaissance#encryption+3 |
| 2017-07-27 | Tool demo | Blackhat |
Kubebot - Scaleable and Automated Testing Slackbot with the Backend Running on Kubernetes
| Anshuman Bhartiya | #security-assessment#bug-hunting#cloud-workload-protection+3 |
| 2017-07-27 | Talk | Defcon |
ICS Humla
| Sneha Rajguru, Arun Mane | #ics-security#security-assessment#embedded-systems+4 |
| 2017-07-27 | Talk | Defcon |
Recon and bug bounties what a great love story
| Abhijeth Dugginapeddi | #vulnerability-assessment#bug-bounty#network-pentesting+1 |
| 2017-07-26 | Tool demo | Blackhat |
Devknox - Autocorrect Security Issues from Android Studio
| Subho Halder | #android#code-analysis#secure-coding |
| 2017-06-26 | Tool demo | Blackhat |
DiffDroid
| Anto Joseph | #android#security-assessment#web-security |
| 2017-06-23 | Talk | Hackinparis |
Injecting Security into Web apps with Runtime Patching and Context Learning
| Ajin Abraham | #blueteam#secure-development#sqli+4 |
| 2017-05-23 | Talk | Phdays |
Injecting security into web apps in the runtime
| Ajin Abraham | #blueteam#secure-development#sqli+4 |
| 2017-04-14 | Talk | Hitbsecconf |
Is There a Doctor in The House? Hacking Medical Devices and Healthcare Infrastructure
| Anirudh Duggal | #red-teaming#application-pentesting#data-protection+3 |
| 2017-03-31 | Talk | Blackhat |
WHAT MALWARE AUTHORS DON’T WANT YOU TO KNOW - EVASIVE HOLLOW PROCESS INJECTION
| Monnappa K A | #code-injection#red-teaming#malware-research+4 |
| 2017-03-30 | Tool demo | Blackhat |
LAMMA 1.0
| Ajit Hatti | #encryption#security-assessment#static-analysis+1 |
| 2017-03-30 | Tool demo | Blackhat |
Devknox - Autocorrect Security Issues from Android Studio
| Subho Halder | #android#code-analysis#secure-coding |
| 2017-03-24 | Talk | Insomnihack |
How we hacked Distributed Configuration Management Systems
| Francis Alexander, Bharadwaj Machiraju | #security-assessment#application-pentesting#vulnerability-assessment+4 |
| 2017-03-23 | Talk | Troopers |
How we hacked Distributed Configuration Management Systems
| Bharadwaj Machiraju, Francis Alexander | #security-assessment#application-pentesting#vulnerability-assessment+4 |
| 2017-03-23 | Talk | Troopers |
How we hacked Distributed Configuration Management Systems
| Francis Alexander, Bharadwaj Machiraju | #security-assessment#application-pentesting#vulnerability-assessment+4 |
| 2017-03-04 | Panel | Nullcon |
Application Security Opportunities and Challenges in a DevOps World
| Abhay Bhargav, Ajay Bongirwar, Arun Jadhav, Pravesh Sharma, Adam Leaonard | #secure-development#security-testing#dynamic-analysis+3 |
| 2017-03-03 | Talk | Nullcon |
Hacking medical devices and infrastructure
| Anirudh Duggal | #red-teaming#application-pentesting#security-testing |
| 2017-03-03 | Talk | Nullcon |
Tale of training a Web Terminator!
| Bharadwaj Machiraju | #ml#security-assessment#application-pentesting+4 |
| 2017-03-03 | Talk | Nullcon |
DevOpSec: Rapid Security in the Cloud with AWS and CIS
| Mikhail Advani, Rajesh Tamhane | #devsecops#aws#cloud-compliance+4 |
| 2017-03-03 | Talk | Nullcon |
Agility with security mitigations in Windows 10
| Swamy Shivaganga Nagaraju | #windows#blueteam#security-development-lifecycle+2 |
| 2017-03-03 | Talk | Nullcon |
Injecting Security into Web apps with Runtime Patching and Context Learning
| Ajin Abraham | #blueteam#secure-development#sqli+4 |
| 2017-03-03 | Talk | Nullcon |
Case Study on RFID (proximity cards) hacking
| Sarwar Jahan, Ashwath Kumar | #rfid#red-teaming#hardware-embedded+4 |
| 2017-01-25 | Talk | Owaspappseccalifornia |
DASTProxy: Donβt let your automated security testing program stall on crawlInstead focus on business context
| Kiran Shirali, Srinivasa Rao Chirathanagandla | #dynamic-analysis#dast#devsecops+2 |
| 2017-01-25 | Talk | Owaspappseccalifornia |
OCSP Stapling in the Wild
| Devdatta Akhawe, Emily Stark | #web-security#architecture#devsecops |
| 2016-11-11 | Talk | Deepsec |
Human vs Artificial intelligence β Battle of Trust
| Hemil Shah | #ai#application-pentesting#application-hardening+4 |
| 2016-11-11 | Talk | Deepsec |
AMSI: How Windows 10 Plans To Stop Script Based Attacks and How Good It Does That
| Nikhil Mittal | #blueteam#amsi#endpoint-protection+1 |
| 2016-11-04 | Tool demo | Blackhat |
Firmware Analysis Toolkit (FAT)
| Aditya Gupta | #firmware#security-assessment#embedded-systems+3 |
| 2016-11-04 | Tool demo | Blackhat |
Yasuo
| Saurabh Harit | #secure-coding#red-teaming#blueteam+3 |
| 2016-11-03 | Tool demo | Blackhat |
DataSploit
| Shubham Mittal, Nutan Kumar Panda | #osint#reconnaissance#security-tools+3 |
| 2016-10-27 | Talk | Brucon |
Decepticon The Rise and Evolution of an Intelligent Evil Twinβ¦!!!
| Rushikesh D Nandedkar, Amrita C Iyer, Krishnakant Patil | #reverse-engineering#evil-twin-attack#network-monitoring+3 |
| 2016-10-14 | Talk | Appsecusa |
Automating API Penetration Testing using fuzzapi
| Abhijeth Dugginapeddi, Lalith Rallabhandi | #fuzzing#api-security#application-pentesting+4 |
| 2016-10-14 | Talk | Appsecusa |
DevOps to DevSecOps: a 2-dimensional view of security for DevOps
| Sanjeev Sharma | #application-hardening#secure-coding#security-development-lifecycle+3 |
| 2016-10-13 | Talk | Appsecusa |
Lightning Talk - Demystifying Windows Application
| Rupali Dash | #windows#application-hardening#secure-coding+4 |
| 2016-10-13 | Talk | Appsecusa |
When encryption is not enough: Attacking Wearable - Mobile Application communication over BLE
| Sumanth Naropanth, Kavya Racharla, Chandra Prakash Gopalaiah | #reverse-engineering#secure-development#ble+4 |
| 2016-10-07 | Talk | Deepsec |
Inside Stegosploit
| Saumil Shah | #web-security#exploitation#security-assessment |
| 2016-09-23 | Talk | Rootcon |
Halcyon β A Faster Way to Build Custom Scripts for Nmap Scans
| Sanoop Thomas | #secure-coding#reconnaissance#red-teaming+1 |
| 2016-08-19 | Talk | C0c0n |
App Sec in the Time of Docker Containers
| Akash Mahajan | #docker#application-pentesting#container-security+4 |
| 2016-08-19 | Talk | C0c0n |
Kill the password - A new era of authentication
| Tamaghna Basu | #authentication#iam#architecture+1 |
| 2016-08-19 | Talk | C0c0n |
Breaking into Gas stations!
| Suraj Pratap | #red-teaming#ethical-hacking#exploit-delivery+2 |
| 2016-08-19 | Talk | C0c0n |
Esoteric XSS Payloads
| Riyaz Walikar | #xss#red-teaming#code-injection+3 |
| 2016-08-07 | Talk | Defcon |
Cyber Grand Shellphish
| Aravind Machiry, Yan Shoshitaishvili, Antonio Bianchi, Kevin Borgolte, Jacopo Corbetta, Francensco Disperati, Andrew Dutcher, Giovanni Vigna, Chris Salls, Nick Stephens, Fish Wang, John Grosen | #automated-exploit-detection#reverse-engineering#vulnerability-assessment+1 |
| 2016-08-06 | Tool demo | Defcon |
Android-InsecureBank
| Dinesh Shetty | #android#red-teaming#application-pentesting+4 |
| 2016-08-06 | Tool demo | Defcon |
Datasploit
| Shubham Mittal | #osint#reconnaissance#data-leak+4 |
| 2016-08-06 | Tool demo | Defcon |
LAMMA (beta)
| Ajit Hatti | #encryption#security-assessment#audit+1 |
| 2016-08-04 | Talk | Blackhat |
DPTrace: Dual Purpose Trace for Exploitability Analysis of Program Crashes
| Rohit Mothe, Rodrigo Rubira Branco | #security-assessment#application-pentesting#dynamic-analysis+3 |
| 2016-08-04 | Talk | Blackhat |
Understanding HL7 2.x Standards Pen Testing and Defending HL7 2.x Messages
| Anirudh Duggal | #ics-security#risk-management#application-pentesting+3 |
| 2016-08-04 | Tool demo | Blackhat |
Maltese (Malware Traffic Emulating Software)
| Sasi Siddharth | #dns#secure-coding#malware-detection+2 |
| 2016-08-04 | Tool demo | Blackhat |
Droid-FF: Android Fuzzing Framework
| Anto Joseph | #android#fuzzing#secure-coding+1 |
| 2016-08-04 | Tool demo | Blackhat |
LAMMA
| Ajit Hatti | #encryption#security-assessment#audit+1 |
| 2016-08-03 | Tool demo | Blackhat |
Android-InsecureBankv2
| Dinesh Shetty | #android#red-teaming#application-pentesting+4 |
| 2016-07-01 | Talk | Hackinparis |
DIFFDroid - Dynamic Analysis Made Easier for Android
| Anto Joseph | #android#security-assessment#web-security |
| 2016-05-26 | Talk | Hitbsecconf |
HITB Lab: Mobile Application Security for iOS and Android
| Tushar Dalvi, Tony Trummer | #android#ios#security-assessment+2 |
| 2016-05-17 | Talk | Phdays |
Security Automation Based on Artificial Intelligence
| Rahul Sasi | #ai#blueteam#ai-security+4 |
| 2016-05-17 | Talk | Phdays |
Fingerprinting and Attacking a Healthcare Infrastructure
| Anirudh Duggal | #red-teaming#fingerprinting#ransomware+4 |
| 2016-04-01 | Tool demo | Blackhat |
LIMON-SANDBOX FOR ANALYZING LINUX MALWARES
| Monnappa K A | #linux#dynamic-analysis#static-analysis+2 |
| 2016-03-15 | Talk | Groundzerosummit |
Web App Security
| Harpreet Singh, Himanshu Sharma, Nipun Jaswal | #web-security#api-security#secure-coding+3 |
| 2016-03-11 | Talk | Nullcon |
Attacking and defending healthcare - EMR solutions
| Anirudh Duggal | #red-teaming#blueteam#application-pentesting+1 |
| 2016-03-11 | Talk | Nullcon |
Making Machines think about security for fun and profit
| Rahul Sasi | #blueteam#ml#application-pentesting+4 |
| 2016-03-11 | Talk | Nullcon |
Million Dollar Baby: Towards ANGRly conquering DARPA CGC
| Aravind Machiry | #red-teaming#security-assessment#application-pentesting+4 |
| 2016-03-11 | Talk | Nullcon |
Real-time Ingestion of security telemetry data into Hadoop distributed system to respond to 0-day
| Pallav Jakhotiya, Vipul Sawant | #secure-development#blueteam#data-analytics+3 |
| 2015-11-19 | Talk | Deepsec |
Continuous Intrusion: Why CI Tools Are an Attacker’s Best Friends.
| Nikhil Mittal | #red-teaming#ci-cd#cicd-security+3 |
| 2015-11-13 | Talk | Blackhat |
Continuous Intrusion: Why CI tools are an Attacker’s Best Friends
| Nikhil Mittal | #red-teaming#ci-cd#application-pentesting+4 |
| 2015-11-13 | Talk | Blackhat |
AUTOMATING LINUX MALWARE ANALYSIS USING LIMON SANDBOX
| Monnappa K A | #linux#security-assessment#malware-research+4 |
| 2015-11-12 | Tool demo | Blackhat |
Android InsecureBank
| Dinesh Shetty | #android#red-teaming#application-pentesting+4 |
| 2015-11-05 | Talk | Groundzerosummit |
Authentication flaw in Automatic Bank Passbook printing machine.
| Indrajeet Bhuyan | #authentication#identity-management#application-pentesting+3 |
| 2015-11-05 | Talk | Groundzerosummit |
Dissecting Android Malware
| Anto Joseph | #android#application-pentesting#dynamic-analysis+3 |
| 2015-11-05 | Talk | Groundzerosummit |
Thanks for the free cookies
| Anshul Saxena, Nishant Yadav | #red-teaming#application-pentesting#security-testing |
| 2015-11-05 | Talk | Groundzerosummit |
XSS - The art of evading web application filters!
| Anirudh Anand | #xss#application-pentesting#input-validation+2 |
| 2015-11-05 | Talk | Groundzerosummit |
Elliptical Curve Cryptography
| Aneesha S | #encryption#elliptic-curve-cryptography#secure-development+1 |
| 2015-11-05 | Talk | Groundzerosummit |
Trailing Terror in the Darknets
| Shesh Sarangdhar | #deep-web#tor#cryptocurrency+1 |
| 2015-11-05 | Talk | Groundzerosummit |
Sanctioned to Hack: Your SCADA HMIs Belong to Us!
| Aditya K Sood | #ics-security#web-security#firmware-analysis+2 |
| 2015-10-25 | Talk | Toorcon |
PixelCAPTCHA β A Unicode Based CAPTCHA Scheme
| Gursev Singh Kalra | #web-security#authentication#bypassing |
| 2015-10-21 | Talk | Hacklu |
Stegosploit - Delivering Drive-By Exploits With Only Images
| Saumil Shah | #red-teaming#steganography#application-pentesting+1 |
| 2015-10-08 | Talk | Brucon |
The .11 Veil, Camouflage & Covert!!! Invisible Wifi, Revealed
| Rushikesh D Nandedkar, Amrita C Iyer | #wifi#network-pentesting#security-testing+2 |
| 2015-09-25 | Talk | Appsecusa |
The State of Web Application Security in SCADA Web Human Machine Interfaces (HMIs)!
| Aditya K Sood | #scada#hmi#web-security+1 |
| 2015-09-24 | Talk | Appsecusa |
Continuous Cloud Security Automation
| Rohit Pitke | #aws#devsecops#architecture |
| 2015-09-11 | Talk | 44con |
Stegosploit β Drive-by Browser Exploits using only Images
| Saumil Shah | #steganography#red-teaming#web-security+1 |
| 2015-08-07 | Talk | Defcon |
Hacker’s Practice Ground
| Lokesh Pidawekar | #security-assessment#ethical-hacking#vulnerability-assessment+2 |
| 2015-08-06 | Talk | Blackhat |
Harnessing Intelligence from Malware Repositories
| Arun Lakhotia, Vivek Notani | #blueteam#security-analytics#malware-research+2 |
| 2015-08-05 | Tool demo | Blackhat |
PixelCaptcha: A unicode based captcha scheme
| Gursev Singh Kalra | #secure-coding#application-hardening#input-validation+3 |
| 2015-08-01 | Talk | C0c0n |
Attack chaining for web exploitation- From Information leakage to gaining Root access
| Abhijeth Dugginapeddi | #red-teaming#application-pentesting#attack-surface+2 |
| 2015-08-01 | Talk | C0c0n |
NoPo - The NoSQL HoneyPot Framework
| Francis Alexander | #secure-coding#application-pentesting#security-testing+2 |
| 2015-08-01 | Talk | C0c0n |
Understanding the known : A deep look at OWASP A9 : Using Components with Known Vulnerabilities
| Anant Shrivastava | #owasp#blueteam#security-testing+4 |
| 2015-08-01 | Talk | C0c0n |
Demystifying and Breaking BLE
| Yashin Mehaboobe | #bluetooth#mobile-hacking#exploit-delivery+1 |
| 2015-08-01 | Talk | C0c0n |
Hacking RFIDs under 2000 INR
| Jayesh Chauhan, Divya S John | #rfid#hardware-embedded#embedded-systems+3 |
| 2015-07-06 | Talk | Blackhat |
DOM FLOW - UNTANGLING THE DOM FOR MORE EASY-JUICY BUGS
| Ahamed Nafeez | #red-teaming#xss#application-pentesting+2 |
| 2015-06-16 | Talk | Blackhat |
The Savage Curtain: Mobile SSL Failures
| Tushar Dalvi, Tony Trummer | #ssl#mobile-application-management#application-pentesting+1 |
| 2015-05-28 | Talk | Hitbsecconf |
The Savage Curtain: Mobile SSL Failures
| Tushar Dalvi, Tony Trummer | #ssl#security-assessment#mobile-application-management+1 |
| 2015-05-28 | Talk | Hitbsecconf |
Stegosploit: Hacking With Pictures
| Saumil Shah | #red-teaming#steganography#web-security |
| 2015-05-26 | Talk | Phdays |
iOS Application Exploitation
| Prateek Gianchandani, Egor Tolstoy | #ios#red-teaming#application-pentesting+4 |
| 2015-05-26 | Talk | Phdays |
Invisible Backdoors In Your Code
| Debasis Mohanty | #blueteam#code-review#secure-coding+4 |
| 2015-03-27 | Talk | Syscan |
Stegosploit - Hacking with Pictures
| Saumil Shah | #steganography#red-teaming#web-security+1 |
| 2015-03-15 | Talk | Defcon |
TECHNICAL TALK-FUZZING ASYNCHRONOUS PROTOCOLS BUILT OVER WEBSOCKETS
| Lavakumar Kuppan | #fuzzing#application-pentesting#dynamic-analysis+1 |
| 2015-03-15 | Talk | Blackhat |
2015 State of Vulnerability Exploits
| Amol Sarwate | #automated-scanning#vulnerability-assessment#risk-management+1 |
| 2015-02-06 | Talk | Nullcon |
Anatomy of a credit card stealing POS malware
| Amol Sarwate | #red-teaming#application-pentesting#data-protection+1 |
| 2015-02-06 | Talk | Nullcon |
Pentesting a website with million lines of Javascript
| Lavakumar Kuppan, Ahamed Nafeez | #web-security#security-assessment#application-pentesting+2 |
| 2015-02-06 | Talk | Nullcon |
Building security and compliance into the software delivery process
| Anubhav Bathla, Dinesh Pillai, S Chandrasekhar, Harish Pillay | #secure-development#devsecops#security-compliance+3 |
| 2015-02-06 | Talk | Nullcon |
Toliman, a Hadoop Pentesting Tool
| Jitendra Chauhan | #security-assessment#security-tools#cloud-workload-protection+2 |
| 2015-02-06 | Talk | Nullcon |
Building custom scans for real world enterprise network
| Sanoop Thomas | #security-assessment#network-pentesting#vulnerability-assessment+1 |
| 2015-01-27 | Talk | Owaspappseccalifornia |
The Savage Curtain : Mobile SSL Failures
| Tushar Dalvi, Tony Trummer | #ssl#application-pentesting#dynamic-analysis |
| 2015-01-27 | Talk | Owaspappseccalifornia |
The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers
| Devdatta Akhawe | #web-security#xss#csrf+2 |
| 2014-11-21 | Talk | Deepsec |
Mobile SSL Failures
| Tushar Dalvi, Tony Trummer | #ssl#android-security#ios-security+3 |
| 2014-11-13 | Talk | Groundzerosummit |
Attacking Web-Proxies like never before
| Ahamed Nafeez | #red-teaming#application-hardening#security-testing |
| 2014-11-13 | Talk | Groundzerosummit |
Cyber ‘BrahMos’ - Static analysis driven secure coding
| Joy Sen | #secure-coding#static-analysis#sast+4 |
| 2014-11-13 | Talk | Groundzerosummit |
Evaluating WAF (Web Application Firewall) for Fun and Profit with WOF
| Bhaumik Merchant | #red-teaming#application-pentesting#security-testing+1 |
| 2014-11-13 | Talk | Groundzerosummit |
Fuzzing Asynchronous Protocols built over Websockets
| Lavakumar Kuppan | #fuzzing#red-teaming#application-pentesting+2 |
| 2014-11-13 | Talk | Groundzerosummit |
How I won Browser Fuzzing
| Amol Naik | #fuzzing#red-teaming#security-testing+4 |
| 2014-11-13 | Talk | Groundzerosummit |
SCADA Exploitation through Firmware
| Ashish Saxena | #red-teaming#firmware-analysis#ics-security+3 |
| 2014-10-23 | Talk | Hacklu |
Hacking with Images - Evil Pictures
| Saumil Shah | #red-teaming#steganography#application-pentesting+3 |
| 2014-09-28 | Talk | Blackhat |
Understanding IMSI Privacy
| Swapnil Udar, Ravishankar Borgaonkar | #imsi#red-teaming#android+4 |
| 2014-09-26 | Talk | Virusbulletin |
Evolution of Android exploits from a static analysis tools perspective
| Jagadeesh Chandraiah, Anna Szalay | #android-security#static-analysis#reverse-engineering |
| 2014-09-25 | Talk | Virusbulletin |
Optimized mal-ops. Hack the ad network like a boss
| Rahul Kashyap, Vadim Kotov | #browser-security#web-security#malware-distribution+1 |
| 2014-09-24 | Talk | Brucon |
OWASP: OWTF
| Bharadwaj Machiraju | #security-assessment#application-pentesting#dynamic-analysis+2 |
| 2014-08-22 | Talk | C0c0n |
Breaking and Securing Mobile Apps - Automagically
| Aditya Gupta | #purpleteam#mobile-application-management#mobile-hacking+4 |
| 2014-08-22 | Talk | C0c0n |
Exploiting NoSQL Like Never Before
| Francis Alexander | #red-teaming#application-pentesting#security-testing |
| 2014-08-22 | Talk | C0c0n |
Lesser Known Attack - XML Injection
| Amol Naik | #red-teaming#application-pentesting#code-review+3 |
| 2014-08-22 | Talk | C0c0n |
Still Single with a bleeding heart (Tool Release)
| Tamaghna Basu | #secure-development#application-pentesting#secure-coding+1 |
| 2014-08-22 | Talk | C0c0n |
My tryst with Source Code Review
| Anant Shrivastava | #code-review#secure-coding#security-testing |
| 2014-08-21 | Talk | Usenix |
The Emperorβs New Password Manager: Security Analysis of Web-based Password Managers
| Devdatta Akhawe, Zhiwei Li, Warren He, Dawn Song | #web-security#xss#csrf+2 |
| 2014-08-07 | Tool demo | Blackhat |
C-SCAD: Assessing Security flaws in clearscada Web_X client!
| Aditya K Sood | #red-teaming#security-assessment#ics-security+3 |
| 2014-06-23 | Talk | Hackinparis |
Pentesting NoSQL DB’s with NoSQL Exploitation Framework
| Francis Alexander | #secure-coding#security-assessment#application-pentesting+4 |
| 2014-03-27 | Talk | Blackhat |
JS Suicide: Using JavaScript Security Features to Kill JS Security
| Ahamed Nafeez | #web-security#red-teaming#csrfguard+1 |
| 2014-03-15 | Talk | Hitbsecconf |
JS Suicide: Using Javascript Security Features to Kill Itself
| Ahamed Nafeez | #web-security#application-pentesting#code-review+3 |
| 2014-03-15 | Talk | Blackhat |
Anatomy of a Credit Card Stealing POS Malware
| Amol Sarwate | #reverse-engineering#security-assessment#security-testing |
| 2014-02-15 | Tool demo | Nullcon |
DrupSnipe
| Ranjeet Sengar, Sukesh Pappu | #drupal#security-assessment#application-pentesting+2 |
| 2014-02-15 | Tool demo | Nullcon |
NoSQL Exploitation Framework
| Francis Alexander | #red-teaming#application-pentesting#security-tools+3 |
| 2014-02-15 | Tool demo | Nullcon |
OWASP OWTF - The Offensive (Web) Testing Framework
| Bharadwaj Machiraju, Abraham Aranguren | #security-assessment#application-pentesting#security-tools+3 |
| 2014-02-14 | Talk | Nullcon |
Chrome - OS Security 2014: New and future hotness
| Sumit Gwalani | #blueteam#application-hardening#application-pentesting+4 |
| 2014-02-14 | Talk | Nullcon |
Pentesting without Pentesters - Automating Security Testing with Functional Testing Test Cases
| Ankita Gupta, Lavakumar Kuppan | #security-assessment#application-pentesting#security-development-lifecycle+3 |
| 2014-02-14 | Talk | Nullcon |
Flowinspect - A Network Inspection Tool
| Ankur Tyagi | #security-assessment#malware-detection#network-monitoring+2 |
| 2014-02-14 | Talk | Nullcon |
Attack of the setuid bit - pt_chown and pwning root terminals
| Siddhesh Poyarekar | #glibc#red-teaming#blueteam+2 |
| 2014-02-14 | Talk | Nullcon |
2014 The year in which we cannot ignore SCADA
| Amol Sarwate | #scada#blueteam#ics-security+4 |
| 2014-02-14 | Talk | Nullcon |
User Privacy in Cellular Networks
| Ravishankar Borgaonkar | #data-protection#network-architecture#data-governance+2 |
| 2014-02-14 | Talk | Nullcon |
A security analysis of Browser Extensions
| Abhay Rana | #browser-security#web-security#vulnerability-assessment |
| 2014-02-14 | Talk | Nullcon |
phoneypdf: A Virtual PDF Analysis Framework
| Kiran Bandla | #pdf#web-security#red-teaming+2 |
| 2014-01-28 | Talk | Owaspappseccalifornia |
Application Sandboxes: Know thy limits
| Rahul Kashyap | #application-pentesting#reverse-engineering#exploit-development |
| 2013-11-21 | Talk | Appsecusa |
Wassup MOM? Owning the Message Oriented Middleware
| Gursev Singh Kalra | #api-security#secure-coding#application-pentesting |
| 2013-11-21 | Talk | Deepsec |
Automation In Android & iOS Application Security Review
| Hemil Shah | #android#ios#application-pentesting+4 |
| 2013-11-20 | Talk | Appsecusa |
Why is SCADA Security an Uphill Battle?
| Amol Sarwate | #scada#application-pentesting#application-hardening+4 |
| 2013-11-20 | Talk | Appsecusa |
Project Talk: OWASP OpenSAMM Project
| Pravir Chandra, Seba Deleersnyder | #software-security#secure-development#devsecops+4 |
| 2013-11-20 | Panel | Appsecusa |
Aim-Ready-Fire
| Pravir Chandra, Ajoy Kumar, Suprotik Ghose, Jason Rottaupt, Ramin Safai, Sean Barnum, Wendy Nather | #appsec#secure-development#security-strategy |
| 2013-11-07 | Talk | Groundzerosummit |
IronWASP
| Lavakumar Kuppan | #security-assessment#application-pentesting#security-tools+2 |
| 2013-10-19 | Talk | Toorcon |
Static Malware Analysis with PyTriage
| Yashin Mehaboobe | #malware-detection#static-analysis#malware-research+1 |
| 2013-10-17 | Talk | Hitbsecconf |
Static Analysis and Dynamic Instrumentation for Intelligent Exploit Analysis
| Rahul Sasi | #blueteam#static-analysis#automated-exploit-detection |
| 2013-09-27 | Talk | C0c0n |
Blur Captcha
| Anirudh Duggal, Abhinav Mohanty | #red-teaming#security-testing#application-pentesting+1 |
| 2013-09-27 | Talk | C0c0n |
From Bedroom to Boardroom - Taking your Weekend Infosec Project Global
| Vivek Ramachandran | #devsecops#secure-development#security-assessment+2 |
| 2013-09-27 | Talk | C0c0n |
Sandy - The Malicious Analysis
| Rahul Sasi | #reverse-engineering#static-analysis#dynamic-analysis |
| 2013-09-27 | Talk | C0c0n |
Static analysis of malware with PyTriage
| Yashin Mehaboobe | #secure-coding#static-analysis#dynamic-analysis+2 |
| 2013-09-27 | Talk | C0c0n |
Infiltrating the Intranet with Skanda
| Jayesh Chauhan | #red-teaming#secure-coding#ethical-hacking+1 |
| 2013-09-27 | Talk | C0c0n |
Snake Bites
| Anant Shrivastava | #secure-coding#security-assessment#xss |
| 2013-09-13 | Talk | Rootcon |
My Experiments with truth: a different route to bug hunting
| Devesh Bhatt | #bug-hunting#bug-bounty#security-testing+3 |
| 2013-09-13 | Talk | Grrcon |
Matriux Leandros - An Open Source Penetration Testing and Forensic Distribution
| Prajwal Panchmahalkar | #security-assessment#forensics#digital-forensics+1 |
| 2013-09-12 | Talk | Grrcon |
The Droid Exploitation Saga β All Over Again!
| Aditya Gupta, Subho Halder | #android#red-teaming#android-security+4 |
| 2013-08-15 | Talk | Usenix |
An Empirical Study of Vulnerability Rewards Programs
| Devdatta Akhawe, David Wagner, Matthew Finifter | #bug-bounty#software-security#risk-management+2 |
| 2013-08-15 | Talk | Usenix |
Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness
| Devdatta Akhawe, Adrienne Felt | #web-security#security-training#architecture+2 |
| 2013-08-02 | Talk | Defcon |
Interactive Web Security Testing with IronWASP
| Lavakumar Kuppan | #application-pentesting#dynamic-analysis#security-testing+3 |
| 2013-08-01 | Talk | Blackhat |
Hot knives through butter: Bypassing automated analysis systems
| Abhishek Singh, Zheng Bu | #red-teaming#dynamic-analysis#malware-research+1 |
| 2013-08-01 | Tool demo | Blackhat |
Sparty
| Aditya K Sood | #secure-coding#audit#blueteam |
| 2013-08-01 | Tool demo | Blackhat |
XENOTIX xBOT
| Ajin Abraham | #botnet#linux#windows+3 |
| 2013-07-31 | Talk | Blackhat |
Javascript static security analysis made easy with JSPrime
| Nishant Das Patnaik, Sarathi Sabyasachi Sahoo | #web-security#blueteam#application-hardening+4 |
| 2013-05-28 | Talk | Confidence |
My Experiments with truth: a different route to bug hunting
| Devesh Bhatt | #security-assessment#vulnerability-assessment#secure-development+2 |
| 2013-03-22 | Talk | Insomnihack |
Guns and Smoke to fight Mobile Malware
| Ruchna Nigam | #android-security#malware-research#reverse-engineering+2 |
| 2013-03-15 | Talk | Blackhat |
The Sandbox Roulette- Are you ready for the gamble?
| Rahul Kashyap, Rafal Wojtczuk | #blueteam#application-pentesting#dynamic-analysis+3 |
| 2013-03-15 | Talk | Blackhat |
Vulnerability analysis of 2013 SCADA issues
| Amol Sarwate | #scada#ics-security#attack-surface+2 |
| 2013-03-01 | Talk | Nullcon |
Bug Bounty Hunter’s confession
| Amol Naik | #bug-hunting#security-training#ethical-hacking+3 |
| 2013-03-01 | Talk | Nullcon |
CSRF Finder as a Mozilla Addon
| Piyush Pattanayak | #csrf#blueteam#application-pentesting+4 |
| 2013-03-01 | Talk | Nullcon |
Detecting and Exploiting XSS Vulnerabilities and Xenotix XSS Exploitation Framework
| Ajin Abraham | #xss#red-teaming#application-pentesting+3 |
| 2013-03-01 | Talk | Nullcon |
Inception of graphical passwords
| Rishi Narang | #authentication#application-pentesting#secure-development+3 |
| 2013-03-01 | Talk | Nullcon |
Mobile Code mining for discovery and exploits
| Hemil Shah | #code-analysis#secure-development#blueteam+4 |
| 2013-03-01 | Talk | Nullcon |
Automating JavaScript Static Analysis
| Lavakumar Kuppan | #web-security#security-assessment#blueteam |
| 2012-12-06 | Talk | Blackhat |
Attacking ODATA
| Gursev Singh Kalra | #red-teaming#api-security#application-pentesting+2 |
| 2012-12-06 | Talk | Blackhat |
HTML5 top 10 threats β Stealth Attack and Silent Exploits
| Shreeraj Shah | #red-teaming#application-pentesting#dynamic-analysis+4 |
| 2012-12-06 | Talk | Blackhat |
Poking servers with Facebook(and other web applications)
| Riyaz Walikar | #xspa#red-teaming#application-pentesting+2 |
| 2012-12-06 | Talk | Blackhat |
The art of exploiting logical flaws in web apps
| Sumit Siddharth, Richard Dean | #red-teaming#secure-coding#application-pentesting+1 |
| 2012-12-05 | Talk | Blackhat |
Droid Exploitation Saga
| Aditya Gupta, Subho Halder | #android#red-teaming#android-security+3 |
| 2012-12-01 | Talk | Clubhack |
Content-Type attack -Dark hole in the secure environment
| Raman Gupta | #red-teaming#application-pentesting#pdf+3 |
| 2012-12-01 | Talk | Clubhack |
Detecting and Exploiting XSS with Xenotix XSS Exploit Framework
| Ajin Abraham | #xss#red-teaming#application-pentesting+4 |
| 2012-12-01 | Talk | Clubhack |
Anatomy of a Responsible Disclosure β Zero Day Vulnerability in Oracle BI Publisher
| Vishal Kalro | #zero-day#application-pentesting#secure-development+1 |
| 2012-12-01 | Talk | Clubhack |
HAWAS β Hybrid Analyzer for Web Application Security
| Lavakumar Kuppan | #security-assessment#application-pentesting#dynamic-analysis+4 |
| 2012-12-01 | Talk | Clubhack |
Stand Close to Me, & Youβre pwned! : Owning SmartPhones using NFC
| Aditya Gupta, Subho Halder | #nfc#red-teaming#android-security+4 |
| 2012-12-01 | Talk | Clubhack |
XSSshell
| Vandan Joshi | #xss#application-pentesting#code-review+4 |
| 2012-12-01 | Talk | Clubhack |
FatCat Web Based SQL Injector
| Sandeep Kamble | #sqli#red-teaming#input-validation+4 |
| 2012-11-29 | Talk | Deepsec |
Bad Things in Good Packages - Creative Exploit Delivery
| Saumil Shah | #red-teaming#exploit-delivery#security-testing |
| 2012-11-23 | Talk | Malcon |
Windows Phone 8 Malware Prototype
| Shantanu Gawde | #windows-phone#red-teaming#mobile-device-management+3 |
| 2012-11-23 | Talk | Malcon |
Advanced Malware Engine
| Mohit Kumar | #android#red-teaming#malware-research+3 |
| 2012-11-23 | Talk | Malcon |
Advances in ROP attacks
| Raashid Bhat | #red-teaming#bypassing#exploit-delivery+3 |
| 2012-11-23 | Talk | Malcon |
Tampering in Energy Meters
| Mohit Arora | #energy-theft#embedded-systems#firmware-analysis+2 |
| 2012-11-07 | Award | |
Cross Site Port Attack (XSPA)
| Riyaz Walikar | #application-pentesting#security-testing#dynamic-analysis+3 |
| 2012-10-26 | Talk | Appsecusa |
XSS & CSRF with HTML5 - Attack, Exploit and Defense
| Shreeraj Shah | #xss#csrf#dynamic-analysis+3 |
| 2012-10-26 | Talk | Appsecusa |
The 7 Qualities of Highly Secure Software
| Mano Paul | #secure-development#software-security#secure-coding+3 |
| 2012-10-25 | Talk | Appsecusa |
Cross Site Port Scanning
| Riyaz Walikar | #web-security#owasp#api-security |
| 2012-09-28 | Talk | Nullcon |
Alert(/xss/) - How to catch an XSS before someone exploits / reports it?
| Ahamed Nafeez | #web-security#xss#secure-coding+2 |
| 2012-09-27 | Talk | Grrcon |
The Realm of Third Generation Botnet Attacks
| Aditya K Sood, Dr. Richard J Enbody | #red-teaming#botnet#dynamic-analysis+1 |
| 2012-09-26 | Talk | Nullcon |
Opening the kimono: Automating behavioral analysis for mobile apps
| Pradeep Kulkarni, Michael Sutton | #application-pentesting#security-testing#dynamic-analysis+1 |
| 2012-09-26 | Talk | Nullcon |
The art of Passive Web Vul Analysis with IronWASP
| Lavakumar Kuppan | #security-assessment#application-pentesting#security-testing+2 |
| 2012-09-26 | Talk | Nullcon |
How secure is internet banking in India
| Ajit Hatti | #web-security#authentication#financial-institutions+1 |
| 2012-09-05 | Talk | 44con |
Why Integrity is left alone and not given TLC (Tender, Love and Care) it deserves?
| Jitender Arora | #data-protection#security-strategy#threat-modeling+3 |
| 2012-08-29 | Talk | Owaspappsecindia |
Find me if you can Smart fuzzing and discovery!
| Shreeraj Shah | #fuzzing#application-pentesting#dynamic-analysis+3 |
| 2012-08-15 | Award | |
Attacking OData: HTTP Verb Tunneling, Navigation Properties for Additional Data Access, System Query Options ($select)
| Gursev Singh Kalra | #api-security#web-pentesting#security-tools |
| 2012-08-03 | Talk | C0c0n |
Easy Money with UI-Redressing
| Amol Naik | #bug-hunting#application-pentesting#dynamic-analysis+4 |
| 2012-08-03 | Talk | C0c0n |
Evil JavaScript
| Bishan Singh | #red-teaming#web-security#application-pentesting+4 |
| 2012-08-03 | Talk | C0c0n |
WebApp Remote Code Execution using Server Side Scripting Engines
| Rahul Sasi | #red-teaming#security-assessment#application-pentesting+4 |
| 2012-08-03 | Talk | C0c0n |
Gathering security requirements
| K v Prashant, Saleem Ahamed | #security-testing#secure-development#security-development-lifecycle+2 |
| 2012-07-28 | Talk | Defcon |
Botnets Die Hard - Owned and Operated
| Aditya K Sood, Richard J Enbody | #botnet#blueteam#malware-detection+2 |
| 2012-07-26 | Tool demo | Blackhat |
Bypassing Every CAPTCHA provider with clipcaptcha
| Gursev Singh Kalra | #web-security#bypassing#security-tools |
| 2012-07-25 | Tool demo | Blackhat |
Oyedata for OData Assessments
| Gursev Singh Kalra | #api-security#web-pentesting#security-tools |
| 2012-07-14 | Talk | Hope |
Advancements in Botnet Attacks and Malware Distribution
| Aditya K Sood | #botnet#web-security#reverse-engineering+1 |
| 2012-05-24 | Talk | Hitbsecconf |
CXML/VXML Auditing for IVR Pentesters and PCI/DSS Consultants
| Rahul Sasi | #security-assessment#ivr#application-pentesting+2 |
| 2012-05-13 | Talk | Carolinacon |
Attacking CAPTCHAs for Fun and Profit
| Gursev Singh Kalra | #web-security#bypassing#exploitation |
| 2012-03-15 | Talk | Nullcon |
An App(le) a day keeps the wallet away
| Antriksh Shah | #security-assessment#web-security#api-security+1 |
| 2012-03-15 | Talk | Owaspappsecindia |
The Magic of Passive Web Vulnerability Analysis
| Lavakumar Kuppan | #application-pentesting#security-testing#static-analysis+2 |
| 2012-03-14 | Talk | Blackhat |
Hacking XPATH 2.0
| Sumit Siddharth, Tom Forbes | #red-teaming#application-pentesting#input-validation+1 |
| 2012-03-02 | Award | |
CAPTCHA Re-Riding Attack
| Gursev Singh Kalra | #web-security#bypassing#authentication |
| 2012-02-15 | Talk | Nullcon |
Application security cost management
| Ketan Vyas | #blueteam#application-pentesting#secure-development+2 |
| 2012-02-15 | Talk | Nullcon |
Attacking Backup Software
| Nibin Varghese | #red-teaming#application-pentesting#security-testing |
| 2012-02-15 | Talk | Nullcon |
CAPTCHAs for fun and Profit
| Gursev Singh Kalra | #red-teaming#application-pentesting#input-validation+2 |
| 2012-02-15 | Talk | Nullcon |
IVR Security: Internal Network attacks via phone lines
| Rahul Sasi | #ivrs#red-teaming#application-pentesting+1 |
| 2012-02-15 | Talk | Nullcon |
Best practices to improve the security grading of your project
| Hemant Khandelwal | #blueteam#threat-modeling#secure-development |
| 2012-02-15 | Talk | Nullcon |
Content sniffing Algorithm bypassing techniques and possible attack vectors
| Anil Aphale, Chaitany Kamble | #red-teaming#xss#web-security+2 |
| 2012-02-15 | Talk | Nullcon |
Javascript static analysis with IronWASP
| Lavakumar Kuppan | #web-security#security-assessment#blueteam |
| 2012-02-15 | Talk | Nullcon |
Node.js: The good, bad and ugly
| Bishan Singh | #web-security#red-teaming#blueteam+1 |
| 2011-12-04 | Talk | Clubhack |
Hacking your Droid
| Aditya Gupta | #red-teaming#android#mobile-hacking+4 |
| 2011-12-04 | Talk | Clubhack |
One Link Facebook
| Anand Pandey | #red-teaming#application-pentesting#phishing+1 |
| 2011-12-04 | Talk | Clubhack |
DOM XSS β Encounters of the 3rd Kind
| Bishan Singh | #xss#red-teaming#secure-coding+4 |
| 2011-12-04 | Talk | Clubhack |
Android Forensics
| Manish Chasta | #android#forensics#android-security+4 |
| 2011-11-25 | Talk | Malcon |
Exploit the Exploit kits
| Dhruv Soi | #blueteam#exploit-kit#malware-detection+3 |
| 2011-11-17 | Award | |
CAPTCHA Hax With TesserCap
| Gursev Singh Kalra | #web-security#bypassing#authentication |
| 2011-10-13 | Talk | Hitbsecconf |
Femtocells: A Poisonous Needle in the Operatorβs Hay Stack
| Ravishankar Borgaonkar, Kevin Redon, Nico Golde | #3g#red-teaming#application-pentesting |
| 2011-10-13 | Talk | Hitbsecconf |
Web Wars 3
| Saumil Shah | #cyber-war#exploit-delivery#application-pentesting+1 |
| 2011-10-07 | Talk | C0c0n |
Deep(er) Penetration: Reaching the Internal Network using Exposed Web Applications
| Riyaz Walikar | #red-teaming#application-pentesting#application-hardening+1 |
| 2011-10-07 | Talk | C0c0n |
iPhone Jailbreak
| Antriksh Shah | #ios#ios-security#jailbreak+3 |
| 2011-10-07 | Talk | C0c0n |
Paranoid Android
| Ankur Bhargava, Mrigesh | #android#android-security#mobile-hacking+3 |
| 2011-10-07 | Talk | C0c0n |
Pentesting iPhone Applications
| Satish Bommisetty | #ios#security-assessment#application-pentesting+4 |
| 2011-10-07 | Talk | C0c0n |
Secure HTTP Headers or How I can finally convince management to let go of IE6
| Akash Mahajan | #application-pentesting#secure-development#security-testing+1 |
| 2011-10-07 | Talk | C0c0n |
Security Threats in Custom ROM’s (Android)
| Anant Shrivastava | #android#android-security#application-pentesting+3 |
| 2011-10-07 | Talk | C0c0n |
Web Application Backdoor Attack,Evasion and Detection
| Rahul Sasi | #purpleteam#application-pentesting#backdoor-detection+4 |
| 2011-10-07 | Talk | C0c0n |
Automated Malware Analysis - Setting up the Environment
| K v Prashant, Pushkar Pashupat | #security-assessment#dynamic-analysis#malware-research+1 |
| 2011-09-19 | Talk | Brucon |
Step-by-Step for Software Security (that anyone can follow)
| Pravir Chandra | #software-security#secure-development#devsecops+4 |
| 2011-09-19 | Talk | Brucon |
Botnets and Browsers, Brothers in a Ghost Shell
| Aditya K Sood | #botnet#red-teaming#dynamic-analysis+1 |
| 2011-09-07 | Talk | Securitybyte |
Social Web & Privacy β An evolving world
| Bala Sathiamurthy, Aridaman Tripathi | #data-protection#api-security#security-compliance+2 |
| 2011-09-07 | Talk | Securitybyte |
Mobile Devices β Boon or Curse?
| Kishor Sonawane, Oliver Ng | #mobile-device-management#mobile-application-management#application-hardening+4 |
| 2011-09-07 | Talk | Securitybyte |
IronWASP - A Web Application Security Testing Platform
| Lavakumar Kuppan | #security-assessment#application-pentesting#dynamic-analysis+4 |
| 2011-09-07 | Talk | Securitybyte |
Web Application Defender
| K v Prashant, Mohammed Imran | #blueteam#application-pentesting#secure-development+4 |
| 2011-09-06 | Talk | Securitybyte |
Application Security Strategies
| K K Mookhey | #secure-coding#secure-development#web-security+3 |
| 2011-09-06 | Talk | Securitybyte |
Botnets at Application+ layer
| Raj Shastrakar | #bot#red-teaming#application-pentesting+4 |
| 2011-09-06 | Talk | Securitybyte |
Runtime thread injection and execution in Linux processes
| Aseem Jakhar | #thread-injection#linux#process-injection+2 |
| 2011-09-06 | Talk | Securitybyte |
Enabling Un-trusted Mashups
| Bishan Singh | #web-security#xss#csrf+4 |
| 2011-09-06 | Talk | Securitybyte |
Security Threats on Social Networks
| Nithya Raman | #social-engineering#web-security#security-training+1 |
| 2011-08-03 | Talk | Blackhat |
Killing the Myth of Cisco IOS Diversity: Towards Reliable, Large-Scale Exploitation of Cisco IOS
| Jatin Kataria, Ang Cui, Salvatore Stolfo | #cisco-ios#hardware-embedded#firmware-analysis+4 |
| 2011-08-03 | Talk | Blackhat |
Reverse Engineering Browser Components: Dissecting and Hacking Silverlight, HTML 5 and Flex
| Shreeraj Shah | #reverse-engineering#ajax#web-security+1 |
| 2011-05-19 | Talk | Hitbsecconf |
Spying on SpyEye β What Lies Beneath?
| Aditya K Sood | #blueteam#botnet#endpoint-protection+4 |
| 2011-03-30 | Talk | Troopers |
Femtocell: Femtostep to the Holy Grail
| Ravishankar Borgaonkar, Kevin Redon | #red-teaming#application-pentesting#mobile-hacking+1 |
| 2011-02-25 | Talk | Nullcon |
Chupa Rustam
| Abhijeet Hatekar | #surveillance#red-teaming#application-pentesting+2 |
| 2011-02-25 | Talk | Nullcon |
Fuzzing with complexities
| Vishwas Sharma | #fuzzing#red-teaming#application-pentesting+4 |
| 2011-02-25 | Talk | Nullcon |
JSON Fuzzing: New approach to old problems
| K v Prashant, Tamaghna Basu | #fuzzing#red-teaming#application-pentesting+4 |
| 2011-02-25 | Talk | Nullcon |
Lessons Learned From 2010
| Saumil Shah | #red-teaming#exploit-delivery#social-engineering+2 |
| 2011-02-25 | Talk | Nullcon |
Reversing microsoft patches to reveal vulnerable code
| Harsimran Singh Walia | #reverse-engineering#code-review#static-analysis+1 |
| 2011-02-25 | Talk | Nullcon |
Automatic Program Analysis using Dynamic Binary Instrumentation (DBI)
| Sunil Kumar | #dynamic-binary-instrumentation#code-analysis#dynamic-analysis+3 |
| 2011-02-25 | Talk | Nullcon |
(secure) SiteHoster β Disable XSS & SQL Injection
| Abhishek Kumar | #xss#sqli#blueteam+1 |
| 2010-12-04 | Talk | Clubhack |
Attacking with HTML5
| Lavakumar Kuppan | #red-teaming#application-pentesting#security-testing |
| 2010-12-04 | Talk | Clubhack |
Firefox Security!
| Prasanna Kanagasabai | #application-pentesting#secure-development#security-testing+4 |
| 2010-12-04 | Talk | Clubhack |
Mantra β Free and Open Source security framework based on browser platform
| Abhi M Balakrishnan | #blueteam#endpoint-protection#application-pentesting+3 |
| 2010-12-04 | Talk | Clubhack |
Ultimate Pen Test β Compromising a highly secure environment
| Nikhil Mittal | #security-assessment#social-engineering#application-pentesting+4 |
| 2010-11-25 | Talk | Deepsec |
Developers are from Mars, Compliance Auditors are from Venus
| Neelay S Shah | #security-compliance#security-governance#risk-management+4 |
| 2010-11-11 | Talk | Blackhat |
Attacking with HTML5
| Lavakumar Kuppan | #web-security#xss#web-pentesting+1 |
| 2010-10-27 | Talk | Hacklu |
Exploit Delivery - Tricks and Techniques
| Saumil Shah | #red-teaming#exploit#exploit-delivery+4 |
| 2010-10-14 | Talk | Hitbsecconf |
Exploit Delivery
| Saumil Shah | #red-teaming#exploit#exploit-delivery+2 |
| 2010-10-13 | Talk | Hitbsecconf |
Hacking a Browserβs DOM β Exploiting Ajax and RIA
| Shreeraj Shah | #red-teaming#web-security#ajax+3 |
| 2010-08-01 | Talk | C0c0n |
Code Disclosure over HTTP
| Anant Kochhar | #red-teaming#application-hardening#code-review+4 |
| 2010-08-01 | Talk | C0c0n |
Last line of defense - Host Intrusion Prevention and Secure application development.
| Avinash Shenoi | #blueteam#application-hardening#secure-coding+3 |
| 2010-08-01 | Talk | C0c0n |
Client Side Exploits using PDF
| Ankur Bhargava, Tamaghna Basu | #red-teaming#pdf#data-leak+2 |
| 2010-08-01 | Talk | C0c0n |
Dangers and dynamic Malware analysis
| Chandrasekar | #forensics#dynamic-analysis#malware-detection+4 |
| 2010-08-01 | Talk | C0c0n |
Writing x86 ShellCode & Secure Self Modifying code and Cross Platform Programming - A Security Angle
| Praseed Pai | #windows#red-teaming#secure-coding |
| 2010-08-01 | Talk | C0c0n |
Concept, Methodology and Challenges in Computer Forensics
| Sebastian Edassery | #forensics#digital-forensics#incident-management+2 |
| 2010-07-30 | Talk | Defcon |
Hacking Oracle From Web Apps
| Sumit Siddharth | #sql-injection#application-pentesting#security-testing+2 |
| 2010-07-29 | Talk | Blackhat |
Hacking Browser’s DOM - Exploiting Ajax and RIA
| Shreeraj Shah | #red-teaming#ajax#application-pentesting+4 |
| 2010-07-29 | Talk | Blackhat |
Hacking Oracle From Web Apps
| Sumit Siddharth | #red-teaming#sql-injection#application-pentesting+3 |
| 2010-07-01 | Talk | Hitbsecconf |
The Travelling Hacksmith 2009 β 2010
| Saumil Shah | #red-teaming#application-pentesting#phishing+2 |
| 2010-06-18 | Talk | Syscan |
REVERSE ENGINEERING WEB 2.0 APPLICATIONS
| Shreeraj Shah | #reverse-engineering#ajax#web-security+1 |
| 2010-04-21 | Talk | Hitbsecconf |
Web Security β Going Nowhere?
| Saumil Shah | #red-teaming#application-hardening#application-pentesting+4 |
| 2010-04-14 | Talk | Blackhat |
Attacking JAVA Serialized Communication
| Manish Saindane | #secure-coding#red-teaming#security-assessment |
| 2010-03-15 | Talk | Blackhat |
400 Apps in 40 Days
| Nish Bhalla, Sahba Kazerooni | #risk-management#application-pentesting#attack-surface+1 |
| 2010-03-02 | Award | |
Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution
| Lavakumar Kuppan | #clickjacking#application-hardening#security-testing+1 |
| 2010-02-25 | Talk | Nullcon |
Malware Detection Tool for Websites: A Proof-Of-Concept
| Anant Kochhar | #blueteam#malware-detection#application-pentesting+3 |
| 2010-02-25 | Talk | Nullcon |
Penetration Testing versus Source Code
| Nikhil Wagholikar | #security-assessment#code-analysis#application-pentesting+4 |
| 2010-02-25 | Talk | Nullcon |
Software Fuzzing with Wireplay.
| Abhisek Datta | #fuzzing#red-teaming#network-pentesting+3 |
| 2010-02-25 | Talk | Nullcon |
Botnet mitigation, monitoring and management.
| Harshad Patil | #botnet#blueteam#malware-detection+4 |
| 2010-02-25 | Talk | Nullcon |
Imposter ke karnamey: The Browser Phishing Tool.
| Lavakumar Kuppan | #phishing#red-teaming#security-testing+1 |
| 2009-12-05 | Talk | Clubhack |
India Cyber Crime Scene - Caught in the Crossfire
| Vinoo Thomas, Rahul Mohandas | #cyber-crime#data-leak#pdf+3 |
| 2009-12-05 | Talk | Clubhack |
Incident Handling and Log Analysis for Web Based Incidents
| Manindra Kishore | #incident-management#forensics#application-pentesting+2 |
| 2009-12-05 | Talk | Clubhack |
Mobile Application Security Testing
| Gursev Singh Kalra | #security-assessment#mobile-pentesting#application-pentesting+4 |
| 2009-12-05 | Talk | Clubhack |
Revealing the Secrets: Source Code Disclosure, Techniques and Impacts
| Anant Kochhar | #secure-development#secure-coding#code-review+2 |
| 2009-12-04 | Talk | Clubhack |
Facilitate Collaboration with Information Rights Management
| Abhijit Tannu | #information-rights-management#data-protection#application-hardening+4 |
| 2009-11-19 | Talk | Deepsec |
Top 10 Security Issues Developers Don’t Know About
| Neelay S Shah | #secure-coding#devsecops#software-security+2 |
| 2009-11-18 | Talk | Securitybyte |
Hacking Oracle From Web
| Sumit Siddharth | #red-teaming#sql-injection#application-hardening+1 |
| 2009-11-18 | Talk | Securitybyte |
Introduction to Web Protection Library
| Anil Chintala | #blueteam#application-pentesting#secure-development+4 |
| 2009-11-18 | Talk | Securitybyte |
Rumbling Infections β Web Malware Ontology
| Aditya K Sood | #dynamic-analysis#malware-research#sandbox+2 |
| 2009-11-17 | Talk | Securitybyte |
Applications - The new cyber security frontier
| Mano Paul | #secure-development#devsecops#software-security+2 |
| 2009-11-17 | Talk | Securitybyte |
Usability and Privacy in Security
| Ponnurangam Kumaraguru | #data-protection#architecture#security-training+2 |
| 2009-08-06 | Talk | C0c0n |
Cyber Forensics
| Krishna Sastry Pendyal | #forensics#digital-forensics#data-leak+4 |
| 2009-07-31 | Talk | Defcon |
Advancing Video Application Attacks with Video Interception, Recording, and Replay
| Arjun Sambamoorthy, Jason Ostrom | #red-teaming#security-tools#application-hardening |
| 2009-05-19 | Talk | Syscan |
Securing Enterprise Applications
| Shreeraj Shah | #web-security#ajax#xss+4 |
| 2009-05-19 | Talk | Syscan |
Securing Applications at Gateway with Web Application Firewalls
| Shreeraj Shah | #blueteam#footprinting#firewall+1 |
| 2009-04-22 | Talk | Troopers |
Browser Design Flaws β Hacking by Breaking in Architectures
| Aditya K Sood | #red-teaming#application-pentesting#secure-development+1 |
| 2009-04-22 | Talk | Troopers |
SQL Injections: More Fun and Profit
| Sumit Siddharth | #red-teaming#application-pentesting#code-review+4 |
| 2009-04-22 | Talk | Hitbsecconf |
Application Defense Tactics & Strategies - WAF at the Gateway
| Shreeraj Shah | #blueteam#footprinting#firewall+1 |
| 2009-03-16 | Talk | Cansecwest |
On Approaches and Tools for Automated Vulnerability Analysis
| Tanmay Ganacharya, Abhishek Singh, Swapnil Bhalode, Nikola Livic, Scott Lambert | #security-assessment#blueteam#automated-scanning+4 |
| 2009-02-19 | Talk | Blackhat |
Blinded by Flash: Widespread Security Risks Flash Developers Don’t See
| Prajakta Jagdale | #flash#blueteam#application-pentesting+2 |
| 2008-12-06 | Talk | Clubhack |
Hacking Client Side Insecurities
| Aditya K Sood | #red-teaming#application-pentesting#input-validation+1 |
| 2008-12-06 | Talk | Clubhack |
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA’s and Caching
| Karmendra Kohli | #secure-development#secure-coding#blueteam+1 |
| 2008-12-06 | Talk | Clubhack |
Reverse Engineering v/s Secure Coding
| Atul Alex | #secure-coding#reverse-engineering#red-teaming+2 |
| 2008-11-13 | Talk | Deepsec |
Game of Web 2.0 Security - Attacking Next Generation Apps
| Shreeraj Shah | #red-teaming#application-pentesting#dynamic-analysis+2 |
| 2008-10-29 | Talk | Hitbsecconf |
Browser Exploits - A New Model for Browser Security
| Saumil Shah | #red-teaming#application-pentesting#code-review+3 |
| 2008-10-29 | Talk | Hitbsecconf |
Top 10 Web 2.0 Attacks
| Shreeraj Shah | #web-security#ajax#xss+4 |
| 2008-10-22 | Talk | Hacklu |
Browser Exploits - A new model for Browser security
| Saumil Shah | #red-teaming#application-hardening#browser-security+4 |
| 2008-08-20 | Talk | Owaspappsecindia |
Web Application Security: Too Costly To Ignore
| Rajesh Nayak | #appsec#blueteam#application-hardening+4 |
| 2008-08-20 | Talk | Owaspappsecindia |
Case Study: Testing 200+ applications in a $10 Billion Enterprise
| Roshen Chandran | #security-assessment#application-pentesting#security-testing+4 |
| 2008-08-20 | Talk | Owaspappsecindia |
Building Enterprise AppSec Program
| Nish Bhalla | #appsec#secure-development#security-testing+4 |
| 2008-08-20 | Talk | Owaspappsecindia |
Application Security Trends & Challenges
| Kamlesh Bajaj | #owasp#appsec#secure-development+4 |
| 2008-08-07 | Talk | Blackhat |
Got Citrix, Hack It!
| Shanit Gupta | #red-teaming#rdp#application-pentesting+1 |
| 2008-04-16 | Talk | Hitbsecconf |
Securing Next Generation Applications Γ’β¬β Scan, Detect and Mitigate
| Shreeraj Shah | #web-security#ajax#xss+4 |
| 2008-03-27 | Talk | Blackhat |
Iron Chef Black Hat: John Henry Challenge
| Pravir Chandra, Jacob West, Brian Chess, Sean Fay | #ethical-hacking#secure-development#devsecops |
| 2007-12-19 | Talk | Clubhack |
Backdoor 2.0: Hacking Firefox to steal his web secrets
| Sunil Arora | #red-teaming#application-pentesting#browser-security+2 |
| 2007-12-09 | Talk | Clubhack |
Hacking Web 2.0 Art and Science of Vulnerability Detection
| Shreeraj Shah | #red-teaming#application-pentesting#dynamic-analysis+4 |
| 2007-12-09 | Talk | Clubhack |
The future of automated web application testing
| Amish Shah, Umesh Nagori | #security-assessment#application-pentesting#security-testing+3 |
| 2007-12-09 | Talk | Clubhack |
Subtle Security flaws: Why you must follow the basic principles of software security
| Varun Sharma | #blueteam#software-security#secure-coding+4 |
| 2007-12-09 | Talk | Clubhack |
Analysis of Adversarial Code: The Role of Malware Kits!
| Rahul Mohandas | #red-teaming#malware-research#dynamic-analysis+1 |
| 2007-11-20 | Talk | Deepsec |
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
| Shreeraj Shah | #ajax#web-security#blueteam |
| 2007-09-06 | Talk | Hitbsecconf |
Hacking Ajax and Web Services Γ’β¬β Next Generation Web Attacks on the Rise
| Shreeraj Shah | #red-teaming#ajax#web-security |
| 2007-08-02 | Talk | Blackhat |
Smoke ’em Out!
| Rohyt Belani | #forensics#incident-management#digital-forensics+4 |
| 2007-04-05 | Talk | Hitbsecconf |
WEB 2.0 Hacking β Defending Ajax and Web Services
| Shreeraj Shah | #red-teaming#blueteam#purpleteam+2 |
| 2007-03-30 | Talk | Blackhat |
Web Service Vulnerabilities
| Nish Bhalla | #blueteam#purpleteam#application-pentesting+4 |
| 2007-03-15 | Talk | Blackhat |
Exploit-Me Series β Free Firefox Application Penetration Testing Suite Launch
| Nish Bhalla, Rohit Sethi | #web-security#xss#sql-injection+4 |
| 2006-11-29 | Talk | Pacsec |
Smashing Heap by Free Simulation
| Sandip Chaudhari | #heap#red-teaming#exploit-delivery+4 |
| 2006-10-19 | Talk | Hacklu |
Smashing Heap by Free Simulation:
| Sandip Chaudhari | #heap#red-teaming#exploit-development+2 |
| 2006-10-19 | Talk | Hacklu |
Writing Metasploit plugins - from vulnerability to exploit
| Saumil Shah | #metasploit#red-teaming#exploit-development+3 |
| 2006-09-21 | Talk | Hitbsecconf |
Finding Secrets in ISAPI
| Nish Bhalla | #secure-coding#reverse-engineering#application-pentesting+4 |
| 2006-09-21 | Talk | Hitbsecconf |
Smashing the Stack for Profit - Period
| Rohyt Belani | #red-teaming#application-pentesting#code-review+3 |
| 2006-08-02 | Talk | Blackhat |
Web Application Incident Response & Forensics: A Whole New Ball Game!
| Rohyt Belani, Chuck Willis | #application-pentesting#code-review#incident-management+3 |
| 2006-08-02 | Talk | Blackhat |
SQL Injections by Truncation
| Bala Neerumalla | #web-security#sql-injection#secure-coding |
| 2006-08-01 | Talk | Blackhat |
Writing Metasploit Plugins - from Vulnerability to Exploit
| Saumil Shah | #metasploit#exploit-development#secure-coding+2 |
| 2006-04-13 | Talk | Hitbsecconf |
Writing Metasploit Plugins - From Vulnerability to Exploit
| Saumil Shah | #metasploit#red-teaming#exploit-development+3 |
| 2006-01-26 | Talk | Blackhat |
Analysis of Adversarial Code: Problem, Challenges, Results
| Arun Lakhotia | #secure-coding#blueteam#static-analysis+1 |
| 2005-09-29 | Talk | Hitbsecconf |
Trends in Real World Attacks: A Compilation of Case Studies
| Rohyt Belani | #red-teaming#application-pentesting#application-hardening+4 |
| 2005-09-29 | Talk | Hitbsecconf |
Analyzing Code for Security Defects
| Nish Bhalla | #code-analysis#blueteam#secure-coding |
| 2005-09-26 | Talk | Hitbsecconf |
Web hacking Kung-Fu and Art of Defense
| Shreeraj Shah | #blueteam#application-pentesting#code-review+4 |
| 2005-07-28 | Talk | Blackhat |
Rapid Threat Modeling
| Akshay Aggarwal | #threat-modeling#red-teaming#security-strategy+4 |
| 2005-06-10 | Talk | Syscan |
.Net Web Security-Attack And Defense
| Shreeraj Shah | #.net#web-security#web-pentesting |
| 2005-04-12 | Talk | Hitbsecconf |
Web Application Kung-Fu, The Art of Defense
| Shreeraj Shah | #blueteam#application-hardening#secure-coding+4 |
| 2005-03-31 | Talk | Blackhat |
Defeating Automated Web Assessment Tools
| Saumil Shah | #red-teaming#security-testing#application-pentesting+1 |
| 2004-07-29 | Talk | Blackhat |
Evasion and Detection of Web Application Attacks
| K K Mookhey | #blueteam#intrusion-detection#application-pentesting+3 |
| 2004-07-28 | Talk | Blackhat |
Defeating Automated Web Assessment Tools
| Saumil Shah | #red-teaming#application-pentesting#application-hardening+2 |
| 2004-05-19 | Talk | Blackhat |
HTTP Fingerprinting and Advanced Assessment Techniques
| Saumil Shah | #fingerprinting#blueteam#automated-scanning+2 |
| 2004-01-29 | Talk | Blackhat |
HTTP Fingerprinting and Advanced Assessment Techniques
| Saumil Shah | #fingerprinting#blueteam#application-pentesting+3 |
| 2003-12-16 | Talk | Blackhat |
HTTP Fingerprinting & Advanced Assessment Techniques
| Saumil Shah | #fingerprinting#blueteam#network-defense+3 |
| 2003-12-12 | Talk | Hitbsecconf |
Defending Web Applications: Strategies, methods and practices
| Shreeraj Shah | #blueteam#secure-coding#firewall+1 |
| 2003-10-01 | Talk | Blackhat |
HTTP Fingerprinting & Advanced Assessment Techniques
| Saumil Shah | #fingerprinting#blueteam#application-pentesting+2 |
| 2003-07-31 | Talk | Blackhat |
HTTP Fingerprinting & Advanced Assessment Techniques
| Saumil Shah | #fingerprinting#blueteam#application-pentesting+2 |
| 2003-02-26 | Talk | Blackhat |
HTTP: Advanced Assessment Techniques
| Saumil Shah | #fingerprinting#blueteam#application-pentesting+4 |
| 2001-11-21 | Talk | Blackhat |
One-Way SQL Hacking : Futility of Firewalls in Web Hacking
| Saumil Shah | #firewall#red-teaming#sql-injection+2 |
| 2001-04-26 | Talk | Blackhat |
Web Hacking
| Saumil Shah | #red-teaming#application-pentesting#security-testing+4 |
| 2001-02-14 | Talk | Blackhat |
Web Hacking
| Saumil Shah | #red-teaming#application-pentesting#dynamic-analysis+3 |