| 2025-08-07 | Tool demo | Blackhat |
Frogy 2.0 - Automated external attack surface analysis toolkit
| Chintan Gurjar | attack-surfacevulnerability-assessmentasset-management+2 |
| 2025-08-07 | Tool demo | Blackhat |
Pentest Copilot: Cursor for Pentesters
| Dhruva Goyal, Sitaraman S | pentestingapplication-pentestingvulnerability-assessment+2 |
| 2025-08-07 | Tool demo | Blackhat |
AzDevRecon - Azure DevOps Enumeration Tool
| Raunak Parmar | azuredevsecopsiam+1 |
| 2025-08-07 | Tool demo | Blackhat |
Q-TIP (QR Code Threat Inspection Platform)
| Rushikesh D Nandedkar | incident-responseweb-securityvulnerability-management+2 |
| 2025-08-07 | Talk | Blackhat |
Uncovering ‘NASty’ 5G Baseband Vulnerabilities through Dependency-Aware Fuzzing
| Kanika Gupta | reverse-engineeringfirmware-analysismobile-security+2 |
| 2025-08-06 | Tool demo | Blackhat |
Realtic
| Sohan Simha Prabhakar, Samarth Bhaskar Bhat | pentestingvulnerability-assessmentstatic-analysis+3 |
| 2025-08-06 | Talk | Blackhat |
Adversarial Fuzzer for Teleoperation Commands: Evaluating Autonomous Vehicle Resilience
| Shanit Gupta | automotive-cybersecurityvulnerability-managementsecurity-testing+1 |
| 2025-08-06 | Tool demo | Blackhat |
Damn Vulnerable Browser Extension (DVBE): Unmask the risks of your Browser Supplements
| Abhinav Khanna, Krishna Chaganti | web-securitysecure-codingpentesting+3 |
| 2025-08-06 | Tool demo | Blackhat |
ROP ROCKET: Advanced Framework for Return-Oriented Programming
| Shiva Shashank | reverse-engineeringexploitationpentesting+3 |
| 2025-08-06 | Talk | Blackhat |
The 5G Titanic
| Altaf Shaik | network-pentestingnetwork-architecturevulnerability-management+1 |
| 2025-08-06 | Tool demo | Blackhat |
Varunastra: Securing the Depths of Docker V2
| Devang Solanki | container-securitydockerstatic-analysis+4 |
| 2025-08-06 | Tool demo | Blackhat |
vet: Proactive Guardrails against Malicious OSS using Code Analysis
| Abhisek Datta | static-analysissoftware-securitydevsecops+3 |
| 2025-08-06 | Talk | Blackhat |
When ‘Changed Files’ Changed Everything: Uncovering and Responding to the tj-actions Supply Chain Breach
| Varun Sharma, Ashish Kurmi | ci-cdincident-responsedevsecops+3 |
| 2025-04-30 | Talk | Rsac |
Got Supply Pain? A Real-World Approach to Supply Chain SDL
| Mohit Arora | secure-developmentdevsecopsvulnerability-management+5 |
| 2025-04-29 | Talk | Rsac |
RAG-NAROK: What Poorly-Built RAGs Can Do to Data Security
| Akash Mukherjee | secure-developmentdevsecopsdata-protection+2 |
| 2025-04-04 | Tool demo | Blackhat |
Agneyastra - Firebase Misconfiguration Detection Toolkit V2
| Bhavarth Karmarkar, Devang Solanki | misconfiguration |
| 2025-04-03 | Tool demo | Blackhat |
SupplyShield: Protecting your software supply chain
| Yadhu Krishna M, Akhil Mahendra, Hritik Vijay | supply-chainsbomsca+2 |
| 2025-04-03 | Talk | Blackhat |
Determining Exploitability of Vulnerabilities with SBOM and VEX
| Anusha Penumacha, Srinija Kammari | sbomsupply-chainsca+2 |
| 2025-04-03 | Tool demo | Blackhat |
SCAGoat - Exploiting Damn Vulnerable and Compromised SCA Application
| Hare Krishna Rai, Gaurav Joshi, K v Prashant | vulnerability-managementsupply-chainsupply-chain-attack+2 |
| 2025-03-02 | Talk | Nullcon |
Building Glitch-Resistant Firmware: Practical Software Countermeasures for Hardware glitch attacks
| Shyam Kumar Arshid, Chinmay Krishna | embedded-securityfirmware-analysishardware-security+3 |
| 2025-03-02 | Talk | Nullcon |
eKYC Crisis: Securing the Lockers
| Kartik Lalan | risk-managementvulnerability-managementsecurity-architecture |
| 2025-03-02 | Talk | Nullcon |
Hidden in Plain Sight: Large-Scale Exposure of Orphaned Commits on Major Git Platforms
| Kumar Ashwin | vulnerability-managementsecure-codingdevsecops+1 |
| 2025-03-02 | Talk | Nullcon |
Satellite Communications: Analyzing and Protecting Space-Based Assets
| Drishti Jain | network-pentestingvulnerability-managementindustrial-control-systems-security |
| 2025-03-01 | Talk | Nullcon |
The Future is Trustless: How zkVMS and zkTLS Transform Bug Bounties
| Anto Joseph | vulnerability-managementbug-bountysecure-development |
| 2024-12-11 | Tool demo | Blackhat |
SCAGoat - Exploiting Damn Vulnerable SCA Application
| Hare Krishna Rai, Gaurav Joshi, K v Prashant | vulnerability-managementsupply-chainsca+1 |
| 2024-11-28 | Talk | Blackhat |
A Tale of Pwning 500+ Vehicle Anti-theft Devices
| Umair Nehri | mobile-securityvulnerability-assessmentiot-pentesting+1 |
| 2024-11-28 | Talk | Blackhat |
From Breach to Blueprint: Building a Resilient Future
| Amit Ghodekar | incident-responsevulnerability-managementpentesting+3 |
| 2024-11-27 | Tool demo | Blackhat |
Varunastra: Securing the Depths of Docker
| Kunal Aggarwal | container-securitydockerpentesting+3 |
| 2024-11-27 | Talk | Blackhat |
The Future of Cybersecurity: Addressing New Threats with Groundbreaking Strategies
| Mahesh Babu Kanigiri | risk-managementvulnerability-managementsecurity-architecture+2 |
| 2024-11-26 | Talk | Blackhat |
Critical Exposures: Lessons from a Decade of Vulnerability Research
| Nikhil Shrivastava | vulnerability-managementsql-injectionpentesting+2 |
| 2024-11-26 | Tool demo | Blackhat |
Halberd: Multi-Cloud Security Testing Tool
| Arpan Abani Sarkar | cloud-pentestingcloud-compliancepentesting+1 |
| 2024-11-16 | Talk | C0c0n |
We got the Shiny SBoM; what next?
| Anant Shrivastava | sbomsupply-chainsoftware-bill-of-materials |
| 2024-11-15 | Talk | C0c0n |
[Yodha] SCAGoat - Software Composition Analysis (SCA) Vulnerability Exploration Tool
| Gaurav Joshi, Hare Krishna Rai | vulnerability-managementsupply-chainsca+1 |
| 2024-11-15 | Talk | C0c0n |
Hackers highway: Uncovering vulnerabilities hidden behind every car’s license plate
| Kartik Lalan | automotive-cybersecurityvulnerability-managementreverse-engineering+2 |
| 2024-10-23 | Tool demo | Blackhat |
Cyber Arsenal47
| Simardeep Singh | automated-scanningvulnerability-assessmentpentesting+3 |
| 2024-10-02 | Talk | Virus Bulletin |
Arming WinRAR: deep dive into APTs exploiting WinRAR’s 0-day vulnerability - a SideCopy case study
| Sathwik RAM Prakki | reverse-engineeringvulnerability-managementapt+1 |
| 2024-08-30 | Talk | Hitb Sec Conf |
Exploiting the In-Vehicle Browser: A Novel Attack Vector in Autonomous Vehicles
| Ravi Rajput | web-securitypentestingexploitation+4 |
| 2024-08-29 | Tool demo | Hitb Sec Conf |
Mantis
| Bharath Kumar, Akshay Jain | vulnerability-managementasset-inventorydast+2 |
| 2024-08-14 | Talk | Usenix |
Shesha: Multi-head Microarchitectural Leakage Discovery in new-generation Intel Processors
| Anirban Chakraborty, Nimish Mishra, Debdeep Mukhopadhyay | reverse-engineeringvulnerability-managementsecurity-architecture+1 |
| 2024-08-10 | Talk | Defcon |
Sneaky Extensions: The MV3 Escape Artists
| Vivek Ramachandran, Shourya Pratap Singh | web-securitypentestingvulnerability-management |
| 2024-08-08 | Tool demo | Blackhat |
ICSGoat: A Damn Vulnerable ICS Infrastructure
| Shantanu Kale, Divya Nain | ics-securityscadaplc+3 |
| 2024-06-27 | Talk | Troopers |
The Hidden Dangers Lurking in Your Pocket – Pwning Apple Wallet ecosystem and its apps
| Priyank Nigam | mobile-securitypentestingapi-security+2 |
| 2024-05-09 | Talk | Rsac |
The Good, the Bad, and the Bounty: 10 Years of Buying Bugs at Microsoft
| Aanchal Gupta | vulnerability-managementbug-bountyrisk-management+1 |
| 2024-05-07 | Talk | Rsac |
A Proven Approach on Automated Security Architectural Pattern Validation
| Sunil Arora | security-architecturedevsecopsvulnerability-management+2 |
| 2024-05-07 | Talk | Rsac |
Anatomy of a Vulnerability Response - A View from the Inside
| Mohit Arora | vulnerability-managementincident-responserisk-management+1 |
| 2024-04-19 | Talk | Blackhat |
Faults in Our Bus: Novel Bus Fault Attack to Break Trusted Execution Environments in Embedded Systems
| Anirban Chakraborty, Nimish Mishra, Debdeep Mukhopadhyay | embedded-securityfirmware-analysisvulnerability-management+2 |
| 2024-04-18 | Tool demo | Blackhat |
Mantis - Asset Discovery at Scale
| Ankur Bhargava, Prateek Thakare, Saddam Hussain | asset-inventoryvulnerability-managementsecurity-architecture+3 |
| 2024-03-21 | Talk | Can Sec West |
Rolling in the Dough: How Microsoft Identified and Remidiated a Baker’s Dozen of Security Threats in the Windows DNS Server
| Arif Hussain | vulnerability-managementpentestingsecurity-architecture+1 |
| 2024-03-11 | Talk | Nullcon |
Achilles Heel In Secure Boot: Breaking RSA Authentication And Bitstream Recovery From Zynq-7000 SoC
| Arpan Jati | vulnerability-assessment |
| 2023-12-06 | Tool demo | Blackhat |
SupplyShield: Protecting your software supply chain
| Akhil Mahendra, Hritik Vijay | awssupply-chainsbom+2 |
| 2023-12-06 | Tool demo | Blackhat |
Honeyscanner: a vulnerability analyzer for Honeypots
| Shreyas Srinivasa | vulnerability-assessment |
| 2023-11-17 | Talk | Deepsec |
Nostalgic Memory – Remembering All the Wins and Losses for Protecting Memory Corruption
| Shubham Dubey | vulnerability-managementreverse-engineeringexploitation+1 |
| 2023-09-28 | Talk | Hackinparis |
How to have visibility and security OF CICD ecosystem
| Pramod Rana | cicd-securitydevsecopsvulnerability-management+6 |
| 2023-09-23 | Talk | Nullcon |
Journey in setting up OT SOC
| Ramandeep Singh Walia | socics-securityindustrial-control-systems-security+3 |
| 2023-08-13 | Tool demo | Blackhat |
Advanced ROP Framework: Pushing ROP to Its Limits
| Shiva Shashank | reverse-engineeringpentestingexploitation+3 |
| 2023-08-12 | Talk | Defcon |
Getting More Bang for your Buck:Appsec on a Limited Budget
| Vandana Verma Sehgal, Viraj Gandhi | secure-developmentdevsecopsrisk-management+3 |
| 2023-08-11 | Talk | Defcon |
Generative Adversarial Network (GAN) based autonomous penetration testing for Web Applications
| Ankur Chowdhary | web-securityxssapplication-pentesting+3 |
| 2023-08-11 | Tool demo | Defcon |
vAPI : Vulnerable Adversely Programmed Interface
| Tushar Kulkarni | api-securityowaspauthorization+1 |
| 2023-08-10 | Talk | Defcon |
Attacking Vehicle Fleet Management Systems
| Yashin Mehaboobe | automotive-cybersecurityvulnerability-managementindustrial-control-systems-security |
| 2023-08-10 | Talk | Defcon |
Hardware Backdooring an e-Scooter
| Arun Mane | reverse-engineeringindustrial-control-systems-securityvulnerability-management+2 |
| 2023-08-10 | Talk | Defcon |
Wheels of Wonder: Unveiling Car Hacking Poetry
| Hrishikesh Somchatwar | firmware-analysisreverse-engineeringautomotive-cybersecurity+1 |
| 2023-08-09 | Tool demo | Blackhat |
DIAL - Did I Alert Lambda? Centralised Security Misconfiguration Detection Framework
| Saransh Rana, Rashid Feroze, Harsh Varagiya | misconfiguration |
| 2023-08-07 | Talk | C0c0n |
Uncovering Azure’s Silent Threats: A Story of Cloud Vulnerabilities
| Nitesh Surana | azurecloud-vulnerabilitiescloud-pentesting+2 |
| 2023-08-07 | Talk | C0c0n |
ESOC Trinetra Project
| Pankaj Kumar Dalela | security-governancerisk-managementvulnerability-management+1 |
| 2023-08-07 | Talk | C0c0n |
Generative AI and Cyber Crimes
| Brijesh Singh | malwaresecurity-awarenessrisk-management+2 |
| 2023-08-07 | Talk | C0c0n |
Smart Contract Phishing : Attack & Defense
| Tejaswa Rastogi | smart-contractsblockchain-securityphishing+3 |
| 2023-08-07 | Talk | C0c0n |
Trust Resiliency - A Lesson Learned from Russia Ukraine War
| Ajit Hatti | incident-responsesecurity-architecturerisk-management+2 |
| 2023-08-06 | Talk | C0c0n |
A Secure Privacy-Preserving Lightweight Authentication Scheme for Internet of Medical Things
| Panchami V, Mahima Mary Mathews | authenticationprivacyembedded-security+1 |
| 2023-08-06 | Talk | C0c0n |
Developments in Deep Fake detection
| Tapas Saini | security-architecturesecurity-awarenessreverse-engineering+1 |
| 2023-08-06 | Talk | C0c0n |
Expanding capability horizons : Homelabs and beyond
| Anant Shrivastava | pentestingnetwork-pentestingsecurity-architecture+1 |
| 2023-08-06 | Talk | C0c0n |
Mitigating SSRF at scale the right way with IMDSv2!
| Ayush Priya | web-securityapi-securityaws+3 |
| 2023-08-06 | Talk | C0c0n |
Playing cat and mouse with the Adversary: Sometimes a breach is inevitable
| Abhijith B R | incident-responsevulnerability-managementrisk-management |
| 2023-08-06 | Talk | C0c0n |
Russia-Ukraine Warfare – A Shift in Cyber Threat Landscape
| Jaydev Joshi, Simran Kothari | threat-landscapeincident-responsevulnerability-management |
| 2023-08-06 | Talk | C0c0n |
Surviving In Dependency Hell
| Kumar Ashwin | secure-developmentdevsecopsvulnerability-management+1 |
| 2023-08-06 | Talk | C0c0n |
Taking a Closer Look at CI/CD Pipeline Logs: Extracting Security-Related Information with Build Inspector
| Anshu Kumar, Pavan Sorab | devsecopsci-cdcicd-pipeline+3 |
| 2023-04-21 | Talk | Hitb Sec Conf |
LOCKNOTE:THE HAND THAT STRIKES, ALSO BLOCKS
| Saumil Shah | security-architecturerisk-managementsecurity-awareness+2 |
| 2022-09-28 | Talk | Rootcon |
Gazing into the Crystal Ball - The Fog of Cyberwarfare Escalations
| Harshit Agrawal | industrial-control-systems-securitysecurity-architecturerisk-management+1 |
| 2022-09-24 | Talk | C0c0n |
BEC, still the sure shot trap
| Georgie Kurien | social-engineeringpentestingsecurity-awareness+1 |
| 2022-09-24 | Talk | C0c0n |
Introduction to RFID/NFC Hacking
| Davis Sojan | embedded-securityfirmware-analysishardware-security+3 |
| 2022-09-24 | Talk | C0c0n |
Know Your Organization? : Mapping Entities in Google Workspace
| Manish Gupta, Yash Bharadwaj | gcpidentity-managementaccess-management+2 |
| 2022-09-24 | Talk | C0c0n |
OSINT Tools and Techniques
| Brijesh Singh | threat-huntingintelligence-sharingsecurity-awareness+1 |
| 2022-09-24 | Talk | C0c0n |
Raining CVEs on Wordpress plugins with Semgrep
| Shreya Pohekar, Syed Sheeraz Ali | web-securitystatic-analysissast+2 |
| 2022-09-23 | Talk | C0c0n |
Battle of 300 Crore - how they lost it and got most of it back
| Prashant Choudhary | incident-responsevulnerability-managementrisk-management+1 |
| 2022-09-23 | Talk | C0c0n |
Cybersecurity for Manufacturing
| Santhosh Srinivasan | industrial-control-systems-securityics-securitycontrol-systems+4 |
| 2022-09-23 | Talk | C0c0n |
Hacking SmartContracts
| Anto Joseph | blockchain-securitysmart-contractsvulnerability-management+2 |
| 2022-09-23 | Talk | C0c0n |
Log4j vulnerability continuous to be favourite for APT groups through mid 2022
| Niranjan Jayanand | vulnerability-managementpentestingapt |
| 2022-09-23 | Talk | C0c0n |
Ransomware: Prevention, Early Detection and Response
| Babitha Bp | ransomwareincident-responsevulnerability-management |
| 2022-09-23 | Talk | C0c0n |
TropicTrooper : Targets high profile victims using newly discovered MQTT backdoor
| Saurabh Sharma | reverse-engineeringvulnerability-managementpentesting |
| 2022-09-08 | Talk | Nullcon |
vPrioritizer: Art of Risk Prioritization
| Pramod Rana | vulnerability-assessment |
| 2022-09-08 | Talk | Nullcon |
Hack the Source: Securing Open Source Software – One bug at a time
| Sandeep Singh | open-source-securitysupply-chainvulnerability-management |
| 2022-09-07 | Talk | Nullcon |
Unearthing Malicious And Other “Risky” Open-Source Packages Using Packj
| Devdutt Patnaik | open-source-securitysupply-chainsupply-chain-attack+3 |
| 2022-08-14 | Talk | Defcon |
Tales from the trenches - why organizations struggle to get even the basics of OT asset visibility & detection right
| Vivek Ponnada | industrial-control-systems-securityvulnerability-managementrisk-management+2 |
| 2022-08-12 | Talk | Defcon |
Stop worrying about Nation-States and Zero-Days; let’s fix things that have been known for years
| Vivek Ponnada | secure-codingvulnerability-managementdevsecops+1 |
| 2022-08-11 | Talk | The Diana Initiative |
The Real Cost of Free: What you need to know before downloading a free app
| Ruchira Pokhriyal | mobile-securityapp-securityprivacy+3 |
| 2022-08-11 | Talk | Blackhat |
Eliminating Triage Intermediaries for Zero-day Exploits Using a Decentralised Payout Protocol
| Subhechha Subudhi | zero-day |
| 2022-05-18 | Talk | Can Sec West |
Launching EMUX - A framework for emulating ARM and MIPS IoT Devices
| Saumil Shah | firmware-analysisreverse-engineeringembedded-security+1 |
| 2022-05-12 | Tool demo | Blackhat |
Mitigating Open Source Software Supply Chain Attacks
| Ajinkya Rajput | open-source-securitysupply-chainsupply-chain-attack+3 |
| 2021-11-13 | Talk | C0c0n |
Case study - E-crime group targeting mobile users
| Rahul Sasi | mobile-securityincident-responsevulnerability-management |
| 2021-11-13 | Talk | C0c0n |
Changing Cyber Security Paradigm & Cyber Tsunami
| Sunil Varkey | cybersecurity-strategiesthreat-landscaperisk-management+4 |
| 2021-11-13 | Talk | C0c0n |
Emerging trends in cyber crimes : Investigation tools & techniques
| Triveni Singh | incident-responsevulnerability-managementdigital-forensics |
| 2021-11-13 | Talk | C0c0n |
Introducing Free & Open Elastic Limitless XDR
| Ravindra Ramnani | threat-detectionsecurity-monitoringvulnerability-management+1 |
| 2021-11-13 | Talk | C0c0n |
Light Basin - Telecom roaming network attack case study
| Akib Sayyed | network-pentestingnetwork-traffic-analysisvulnerability-management |
| 2021-11-13 | Talk | C0c0n |
Third Party Risk Management
| Mahesh Kalyanaraman | risk-managementcompliance-governancevulnerability-management+3 |
| 2021-11-12 | Talk | C0c0n |
2021 Supply Chain Attacks Analysis
| Ajit Hatti | vulnerability-managementincident-responserisk-management+2 |
| 2021-11-04 | Talk | Ekoparty |
DIAL: Did I just alert Lambda? A centralized security misconfiguration detection system
| Saransh Rana, Divyanshu Mehta, Harsh Varagiya | awssecurity-monitoringiam+2 |
| 2021-10-15 | Talk | Rootcon |
The Curious case of knowing the unknown
| Vandana Verma Sehgal | vulnerability-managementsecure-codingdevsecops+1 |
| 2021-08-26 | Talk | Hitb Sec Conf |
Gazing Ahead: What Modern RF Combat Looks Like in the Next Decade
| Harshit Agrawal | industrial-control-systems-securitysecurity-architecturevulnerability-management+1 |
| 2021-08-08 | Talk | Defcon |
Top 20 Secure PLC Coding Practices
| Vivek Ponnada | industrial-control-systems-securitysecure-codingvulnerability-management+3 |
| 2021-08-07 | Tool demo | Defcon |
Tenacity- An Adversary Emulation Tool for Persistence
| Atul Nair, Harshal Tupsamudre | incident-responsevulnerability-management |
| 2021-08-07 | Talk | Defcon |
The Curious Case of Knowing the Unknown
| Vandana Verma Sehgal | threat-huntingthreat_modelingsecurity-architecture+2 |
| 2021-08-06 | Talk | Defcon |
Adversary village Kick-off
| Abhijith B R | red-teamingethical-hackingvulnerability-assessment+2 |
| 2021-08-06 | Talk | Defcon |
Defending IoT in the Future of High-Tech Warfare
| Harshit Agrawal | vulnerability-managementiot-pentestingsecurity-architecture+1 |
| 2021-08-05 | Talk | Defcon |
The Bug Hunter’s Recon Methodology
| Tushar Verma | pentestingvulnerability-assessmentapplication-pentesting+1 |
| 2021-08-04 | Tool demo | Blackhat |
Counterfit: Attacking Machine Learning in Blackbox Settings
| Raja Sekhar Rao Dheekonda | vulnerability-assessment |
| 2021-08-04 | Tool demo | Blackhat |
Joern: An Interactive Shell for Code Analysis
| Suchakra Sharma | vulnerability-assessment |
| 2020-11-21 | Talk | App Sec Indonesia |
Learn how to find and exploit race conditions in web apps with OWASP TimeGap Theory
| Abhi M Balakrishnan | web-securityowaspapplication-pentesting+2 |
| 2020-11-21 | Talk | App Sec Indonesia |
The caveats of the unseen: Crouching exposure, Hidden Misconfiguration
| Ashwin Vamshi | vulnerability-managementsecurity-architecturedevsecops+2 |
| 2020-10-02 | Tool demo | Blackhat |
OWASP Nettacker
| Sri Harsha Gajavalli | pentestingvulnerability-assessmentnetwork-pentesting+3 |
| 2020-09-19 | Talk | C0c0n |
Automate your Recon with ReconNote
| Prasoon Gupta | pentestingvulnerability-assessmentAutomation+1 |
| 2020-09-18 | Talk | C0c0n |
Herd Immunity, in the Cyber World
| Sunil Varkey | security-awarenessrisk-managementvulnerability-management+1 |
| 2020-08-06 | Tool demo | Blackhat |
FuzzCube
| Anto Joseph | fuzzingkubernetescloud+1 |
| 2020-04-25 | Talk | Hitb Sec Conf |
THE STATE OF ICS SECURITY: THEN AND NOW
| Praveen Soni, Shivbihari Pandey, Ashish Kumar Gahlot | vulnerability-assessmentpentestinfrastructure+1 |
| 2020-03-06 | Tool demo | Nullcon |
FuzzCube
| Anto Joseph | fuzzingkubernetescloud+1 |
| 2019-11-09 | Talk | Toor Con |
100 Seconds of Solitude: Defeating Cisco Trust Anchor With FPGA Bitstream Shenanigans
| Jatin Kataria | reverse-engineeringhardware-reverse-engineeringvulnerability-management+3 |
| 2019-10-12 | Talk | Texas Cyber Summit |
HX-3012 PErfidious: Make PE Backdooring Great Again!
| Shreyans Doshi | reverse-engineeringmalwarebinary-analysis+3 |
| 2019-10-03 | Talk | Virus Bulletin |
Curious tale of 8.t used by multiple campaigns against South Asia
| Niranjan Jayanand | reverse-engineeringvulnerability-managementapt+1 |
| 2019-09-27 | Talk | C0c0n |
A Day in the Life of a CISO
| Sridhar Govardhan | compliancegovernancerisk-management+3 |
| 2019-09-23 | Talk | Rootcon |
Identity crisis: war stories from authentication failures
| Vishal Chauhan | authenticationidentity-managementvulnerability-assessment+3 |
| 2019-09-13 | Talk | Global App Sec |
Real Time Vulnerability Alerting by Using Principles from the United States Tsunami Warning Center
| Amol Sarwate | vulnerability-managementawssecurity-information-event-management+1 |
| 2019-08-09 | Talk | Defcon |
100 Seconds of Solitude: Defeating Cisco Trust Anchor With FPGA Bitstream Shenanigans
| Jatin Kataria | reverse-engineeringvulnerability-managementsecurity-architecture+2 |
| 2019-08-08 | Talk | Defcon |
Anatomy of cloud hacking
| Pratik Shah | cloud-pentestingpost-exploitationcloud-architecture+1 |
| 2019-08-08 | Talk | Defcon |
Hacking ICS devices for Fun Penetration Testing of Vehicle Components
| Arun Mane | automotive-cybersecuritycan-busics-security+3 |
| 2019-03-28 | Tool demo | Blackhat |
OWASP Nettacker: Automated Penetration Testing Framework
| Sri Harsha Gajavalli | network-pentestingvulnerability-assessmentfirewall+3 |
| 2018-10-10 | Talk | Brucon |
Simplifying the art of instrumentation
| Krishnakant Patil, Rushikesh D Nandedkar | reverse-engineeringstatic-analysisdynamic-analysis+2 |
| 2018-10-05 | Talk | C0c0n |
Dealing with Changing Threat Landscape
| Vijendra Katiyar | threat-landscapethreat-huntingrisk-management+1 |
| 2018-10-05 | Talk | C0c0n |
Will Artificial Intelligence And Machine Learning Bring More Threats On Cyber Security?
| Roshy John | risk-managementvulnerability-managementsecurity-architecture |
| 2018-10-04 | Talk | Brucon |
Disrupting the Kill Chain
| Vineet Bhatia | incident-responsevulnerability-managementsecurity-architecture |
| 2018-08-16 | Talk | Usenix |
Man-in-the-Machine: Exploiting Ill-Secured Communication Inside the Computer
| Siddharth Rao | pentestingvulnerability-managementsecurity-architecture+1 |
| 2018-08-10 | Talk | Defcon |
AN OSINT APPROACH TO THIRD PARTY CLOUD SERVICE PROVIDER EVALUATION
| Lokesh Pidawekar | third-party-risk-managementcloud-securityvulnerability-management+2 |
| 2018-08-09 | Talk | Defcon |
Backdooring DVR/NVR devices
| Arun Mane | hardware-reverse-engineeringembedded-securitypentesting+3 |
| 2018-06-27 | Talk | First |
Securing your in-ear fitness coach: Challenges in hardening next generation wearables
| Sumanth Naropanth, Sunil Kumar | mobile-securitysecure-developmentvulnerability-management+2 |
| 2018-03-13 | Talk | Troopers |
Securing your in-ear fitness coach: Challenges in hardening next generation wearables
| Sumanth Naropanth, Kavya Racharla | mobile-securitysecure-developmentvulnerability-management+2 |
| 2018-01-31 | Talk | Owasp App Sec California |
Hunter – Optimize your Pentesters time
| Kiran Shirali | application-pentestingpentestingvulnerability-management+2 |
| 2017-11-14 | Talk | Blackhat |
Pwning a Smart Home in Under 10 Minutes
| Aditya Gupta | iot-pentestingembedded-securitypentesting+3 |
| 2017-10-05 | Talk | Brucon |
Races, Reaches and Rescues!!! (Race condition vulnerabilities revisited)
| Rushikesh D Nandedkar, Sampada Nandedkar | vulnerability-assessmentpentestingsecure-coding+2 |
| 2017-10-05 | Talk | Virus Bulletin |
The router of all evil: more than just default passwords and silly scripts
| Himanshu Anand | vulnerability-managementreverse-engineeringpentesting+1 |
| 2017-08-18 | Talk | C0c0n |
Threats with online gaming and issues with games like Pokemon
| Riyaz Walikar, Akash Mahajan | security-awarenessmobile-securityvulnerability-management+1 |
| 2017-08-18 | Talk | C0c0n |
Your friendly neighbourhood exploit
| Aseem Jakhar | exploitationpentestingreverse-engineering+1 |
| 2017-08-04 | Talk | Sha |
Attacking OpenSSL using Side-channel Attacks: The RSA case study
| Praveen Vadnala | reverse-engineeringvulnerability-managementsecurity-architecture+1 |
| 2017-07-28 | Tool demo | Defcon |
Lamma 1.0
| Ajit Hatti, Antriksh Shah | cryptographypentestaudit+1 |
| 2017-07-27 | Talk | Defcon |
Recon and bug bounties what a great love story
| Abhijeth Dugginapeddi | vulnerability-assessmentbug-bountynetwork-pentesting+1 |
| 2017-07-27 | Talk | Defcon |
ICS Humla
| Sneha Rajguru, Arun Mane | ics-securityindustrial-control-systems-securitypentesting+2 |
| 2017-06-23 | Talk | Hackinparis |
Injecting Security into Web apps with Runtime Patching and Context Learning
| Ajin Abraham | webblueteamsecure-development+6 |
| 2017-05-23 | Talk | Phdays |
Injecting security into web apps in the runtime
| Ajin Abraham | webblueteamsecure-development+6 |
| 2017-03-23 | Talk | Troopers |
How we hacked Distributed Configuration Management Systems
| Bharadwaj Machiraju | pentestingapplication-pentestingvulnerability-assessment+4 |
| 2017-03-23 | Talk | Troopers |
How we hacked Distributed Configuration Management Systems
| Francis Alexander | pentestingapplication-pentestingvulnerability-assessment+4 |
| 2017-03-03 | Talk | Nullcon |
Breach Response - Time to shake up the status quo
| K K Mookhey, Pranesh Prakash, Sahir Hidayatullah, Shobha Jagathpal | incident-responsevulnerability-managementrisk-management+2 |
| 2017-03-03 | Talk | Nullcon |
Injecting Security into Web apps with Runtime Patching and Context Learning
| Ajin Abraham | webblueteamsecure-development+6 |
| 2017-01-25 | Talk | Owasp App Sec California |
OCSP Stapling in the Wild
| Devdatta Akhawe | web-securityvulnerability-managementsecurity-architecture+1 |
| 2016-10-13 | Talk | App Sec Usa |
When encryption is not enough: Attacking Wearable - Mobile Application communication over BLE
| Sumanth Naropanth, Kavya Racharla | mobile-securityvulnerability-managementreverse-engineering+1 |
| 2016-10-07 | Talk | Deepsec |
Inside Stegosploit
| Saumil Shah | web-securityexploitationpentesting+1 |
| 2016-10-05 | Talk | Virus Bulletin |
One-Click Fileless Infection
| Himanshu Anand | reverse-engineeringincident-responsevulnerability-management |
| 2016-08-07 | Talk | Defcon |
Cyber Grand Shellphish
| Aravind Machiry | automated-exploit-detectionreverse-engineeringvulnerability-assessment+1 |
| 2016-08-06 | Tool demo | Defcon |
LAMMA (beta)
| Ajit Hatti | cryptographypentestaudit+1 |
| 2016-08-05 | Talk | Defcon |
A Monitor Darkly: Reversing and Exploiting Ubiquitous On-Screen-Display Controllers in Modern Monitors
| Jatin Kataria | reverse-engineeringhardware-reverse-engineeringfirmware-analysis+3 |
| 2016-08-04 | Tool demo | Blackhat |
LAMMA
| Ajit Hatti | cryptographypentestaudit+1 |
| 2016-08-04 | Talk | Blackhat |
Understanding HL7 2.x Standards Pen Testing and Defending HL7 2.x Messages
| Anirudh Duggal | vulnerability-managementindustrial-control-systems-securityrisk-management |
| 2016-08-03 | Tool demo | Blackhat |
DataSploit
| Sudhanshu Chauhan, Shubham Mittal, Nutan Kumar Panda | pentestingvulnerability-managementthreat-hunting |
| 2016-06-18 | Talk | Recon |
A Monitor Darkly: Reversing and Exploiting Ubiquitous On-Screen-Display Controllers in Modern Monitors
| Jatin Kataria | reverse-engineeringhardware-reverse-engineeringfirmware-analysis+3 |
| 2016-03-11 | Talk | Nullcon |
Physical Lock Security
| Amey Gat, Swapnil Wadwalkar | pentestingreverse-engineeringvulnerability-management+1 |
| 2015-11-05 | Talk | Ground Zero Summit |
Sanctioned to Hack: Your SCADA HMIs Belong to Us!
| Aditya K Sood | ics-securityweb-securityvulnerability-management+3 |
| 2015-09-24 | Talk | App Sec Usa |
Continuous Cloud Security Automation
| Rohit Pitke | awsdevsecopsAutomation+2 |
| 2015-08-07 | Talk | Defcon |
Hacker’s Practice Ground
| Lokesh Pidawekar | pentestingethical-hackingvulnerability-assessment+2 |
| 2015-08-07 | Talk | Defcon |
Getting into the Trust Store We Trust
| Ajit Hatti | reverse-engineeringsecurity-architecturevulnerability-management |
| 2015-03-15 | Talk | Blackhat |
2015 State of Vulnerability Exploits
| Amol Sarwate | vulnerability-managementautomated-scanningvulnerability-assessment+2 |
| 2015-03-15 | Talk | Defcon |
TECHNICAL TALK-WIHAWK: ROUTER VULNERABILITY SCANNER
| Anamika Singh | network-pentestingvulnerability-assessmentvulnerability-management+2 |
| 2015-02-06 | Talk | Nullcon |
Analyzing Chrome crash reports at scale
| Abhishek Arya | webbrowserclusterfuzz+3 |
| 2015-02-06 | Talk | Nullcon |
Building custom scans for real world enterprise network
| Sanoop Thomas | pentestingnetwork-pentestingvulnerability-assessment+2 |
| 2015-01-27 | Talk | Owasp App Sec California |
Anatomy of memory scraping, credit card stealing POS malware
| Amol Sarwate | reverse-engineeringvulnerability-managementincident-response+1 |
| 2015-01-27 | Talk | Owasp App Sec California |
The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers
| Devdatta Akhawe | web-securityxsscsrf+3 |
| 2014-09-26 | Talk | Virus Bulletin |
Evolution of Android exploits from a static analysis tools perspective
| Jagadeesh Chandraiah | android-securitystatic-analysisvulnerability-management+2 |
| 2014-09-18 | Talk | App Sec Usa |
Anatomy of memory scraping, credit card stealing POS malware
| Amol Sarwate | reverse-engineeringmemory-forensicsincident-response+1 |
| 2014-08-22 | Talk | C0c0n |
Still Single with a bleeding heart (Tool Release)
| Tamaghna Basu | secure-developmentvulnerability-management |
| 2014-08-21 | Talk | Usenix |
The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers
| Devdatta Akhawe | web-securityxsscsrf+3 |
| 2014-03-15 | Talk | Blackhat |
Anatomy of a Credit Card Stealing POS Malware
| Amol Sarwate | reverse-engineeringpentestingvulnerability-management |
| 2014-03-08 | Talk | Defcon |
WI-Hawk
| Anamika Singh | network-pentestingvulnerability-assessmentnetwork-vulnerability-assessment+3 |
| 2014-01-28 | Talk | Owasp App Sec California |
Application Sandboxes: Know thy limits
| Rahul Kashyap | application-pentestingreverse-engineeringvulnerability-management+1 |
| 2013-11-21 | Talk | Appsec Usa |
Wassup MOM? Owning the Message Oriented Middleware
| Gursev Singh Kalra | api-securityvulnerability-managementsecure-coding+1 |
| 2013-09-13 | Talk | Grrcon |
Matriux Leandros - An Open Source Penetration Testing and Forensic Distribution
| Prajwal Panchmahalkar | pentestingforensicsdigital-forensics+2 |
| 2013-08-15 | Talk | Usenix |
An Empirical Study of Vulnerability Rewards Programs
| Devdatta Akhawe | vulnerability-managementbug-bountysoftware-security+3 |
| 2013-08-15 | Talk | Usenix |
Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness
| Devdatta Akhawe | web-securitysecurity-awarenesssecurity-architecture+3 |
| 2013-03-01 | Talk | Nullcon |
Capturing Zero-Day Information
| Dinesh O Bareja, Sumit Sharma | zero-dayredteam |
| 2012-12-01 | Talk | Clubhack |
Anatomy of a Responsible Disclosure – Zero Day Vulnerability in Oracle BI Publisher
| Vishal Kalro | zero-day |
| 2012-10-25 | Talk | App Sec Usa |
Cross Site Port Scanning
| Riyaz Walikar | web-securityvulnerability-managementowasp+1 |
| 2012-08-03 | Talk | C0c0n |
Cyber Weapons
| Sameer Saxena | pentestingexploitationmalware+1 |
| 2012-07-22 | Tool demo | Blackhat |
Kautilya and Nishang
| Nikhil Mittal | post-exploitationethical-hackingpentesting+2 |
| 2011-09-06 | Talk | Securitybyte |
Security Threats on Social Networks
| Nithya Raman | social-engineeringweb-securitysecurity-awareness+2 |
| 2011-08-03 | Talk | Blackhat |
Reverse Engineering Browser Components: Dissecting and Hacking Silverlight, HTML 5 and Flex
| Shreeraj Shah | reverse-engineeringwebajax+6 |
| 2011-08-03 | Talk | Blackhat |
Femtocells: A poisonous needle in the operator’s hay stack
| Ravishankar Borgaonkar | network-pentestingmobile-securityvulnerability-management |
| 2010-10-29 | Talk | T2 |
Hacking Femtocells
| Ravishankar Borgaonkar | mobile-securityreverse-engineeringvulnerability-management |
| 2010-08-01 | Talk | C0c0n |
Hackers’ EcoSystem in India
| Rohit Srivastwa | pentestingsecurity-awarenessrisk-management+1 |
| 2010-06-18 | Talk | Syscan |
REVERSE ENGINEERING WEB 2.0 APPLICATIONS
| Shreeraj Shah | reverse-engineeringwebajax+6 |
| 2010-03-15 | Talk | Blackhat |
400 Apps in 40 Days
| Nish Bhalla | vulnerability-managementrisk-managementapplication-pentesting+2 |
| 2009-11-19 | Talk | Deepsec |
Top 10 Security Issues Developers Don’t Know About
| Neelay S Shah | secure-codingdevsecopsvulnerability-management+3 |
| 2009-08-06 | Talk | C0c0n |
Cyber Victimisation
| K Jaishankar | cybersecurity-educationsecurity-awarenessrisk-management+2 |
| 2009-08-06 | Talk | C0c0n |
Information Security Audit
| Venkatapathy Subramaniam | compliancegovernanceaudit+2 |
| 2009-05-19 | Talk | Syscan |
Securing Enterprise Applications
| Shreeraj Shah | blueteamwebweb-application-security+13 |
| 2009-02-19 | Talk | Blackhat |
Blinded by Flash: Widespread Security Risks Flash Developers Don’t See
| Prajakta Jagdale | flashblueteamweb |
| 2008-08-20 | Talk | Owasp App Sec India |
Web 2.0 Attacks - Next Generation Threats on the Rise
| Shreeraj Shah | redteamblueteampurpleteam+4 |
| 2008-02-20 | Talk | Blackhat |
Scanning Applications 2.0 - Next Generation Scan, Attacks and Tools
| Shreeraj Shah | redteamblueteampurpleteam+4 |
| 2006-08-02 | Talk | Blackhat |
SQL Injections by Truncation
| Bala Neerumalla | web-securitysql-injectionsecure-coding+1 |