| 2025-08-06 | Tool demo | Blackhat |
MORF β Mobile Reconnaissance Framework
| Amrudesh Balakrishnan, Abhishek Jm | #app-security#mobile-pentesting#static-analysis+3 |
| 2025-08-06 | Tool demo | Blackhat |
Realtic
| Sohan Simha Prabhakar, Samarth Bhaskar Bhat, Danindu Gammanpilage | #security-assessment#vulnerability-assessment#static-analysis+3 |
| 2025-08-06 | Tool demo | Blackhat |
ShadowSeek: Combining Ghidra and Large Language Models for Advanced Binary Analysis
| Mohammed Tanveer | #reverse-engineering#binary-analysis#static-analysis+3 |
| 2025-04-03 | Tool demo | Blackhat |
MobXplore
| Aman Pareek, Akarsh Singh | #application-pentesting#ios-security#dynamic-analysis+4 |
| 2025-03-01 | Talk | Nullcon |
Drawing parallels between iOS and macOS Pentesting with DVMA
| Vaibhav Lakhani | #macos#ios#application-pentesting+3 |
| 2024-12-12 | Tool demo | Blackhat |
DarkWidow: Customizable Dropper Tool Targeting Windows
| Soumyanil Biswas | #darkwidow#windows#dynamic-analysis+2 |
| 2024-12-11 | Tool demo | Blackhat |
Android BugBazaar: Your mobile appsec playground to Explore, Exploit, Excel
| Amit Parjapat, Vedant Wayal | #android#application-pentesting#mobile-application-management+4 |
| 2024-12-11 | Tool demo | Blackhat |
Open Source Tool to Shift Left Security Testing by Leveraging AI
| Shivam Rawat, Shivansh Agrawal | #ai-security#secure-development#security-testing+2 |
| 2024-11-15 | Talk | C0c0n |
Know your Enemies: Deep Dive into Ransomware Threat Groups
| Niranjan Jayanand | #ransomware#endpoint-protection#dynamic-analysis |
| 2024-11-06 | Talk | Blackalps |
IDAT Loader: The Malwareβs Camouflaged Weapon
| Niranjan Jayanand | #endpoint-protection#dynamic-analysis#security-testing |
| 2024-10-29 | Talk | Blackhat |
Hacking Deepfake Image Detection System with White and Black Box Attacks
| Sagar Bhure | #deepfake#ai-security#deep-learning+4 |
| 2024-08-10 | Talk | Defcon |
Sneaky Extensions: The MV3 Escape Artists
| Vivek Ramachandran, Shourya Pratap Singh | #web-security#security-assessment#application-pentesting+4 |
| 2024-08-10 | Talk | Defcon |
Techniques for Creating Process Injection Attacks with Advanced Return-Oriented Programming
| Shiva Shashank, Bramwell Brizendine | #process-injection#dynamic-analysis#exploit-delivery+1 |
| 2024-04-19 | Tool demo | Blackhat |
Malware clustering using unsupervised ML : CalMal
| Himanshu Anand | #machine-learning#ai-security#malware-detection+3 |
| 2024-04-18 | Tool demo | Blackhat |
APKDeepLens - Android security insights in full spectrum
| Atul Singh, Deepanshu Gajbhiye | #android-security#static-analysis#mobile-pentesting+1 |
| 2024-04-18 | Tool demo | Blackhat |
BinderAPI Scanner & BASS
| Krishnaprasad Subramaniam, Jeffrey Gaor, Valen Sai, Eric Tee Hock Nian | #api-security#application-pentesting#dynamic-analysis+3 |
| 2024-04-18 | Tool demo | Blackhat |
DetectiveSQ: A Extension Auditing Framework Version 2
| Govind Krishna, Xian Xiang Chang | #audit#application-pentesting#ai-security+4 |
| 2023-12-07 | Tool demo | Blackhat |
Akto - Open Source API Security Tool
| Ankush Jain | #api-security#secure-development#security-testing+3 |
| 2023-12-07 | Tool demo | Blackhat |
Mobile Security Framework - MobSF
| Ajin Abraham | #android-security#ios-security#mobile-pentesting+2 |
| 2023-12-07 | Talk | Blackhat |
Unmasking APTs: An Automated Approach for Real-World Threat Attribution
| Aakansha Saha | #machine-learning#ai-security#static-analysis+1 |
| 2023-12-06 | Tool demo | Blackhat |
Honeyscanner: a vulnerability analyzer for Honeypots
| Shreyas Srinivasa, Emmanouil Vasilomanolakis, Aristofanis Chionis Koufakos, Ricardo Yaben | #vulnerability-assessment#honeypot#security-testing+2 |
| 2023-09-23 | Talk | Nullcon |
Deconstructing The Beast: A Deep Dive Into JIT Compilation Attacks In iOS
| Shubham Sharma | #ios#ios-security#application-pentesting+3 |
| 2023-09-23 | Talk | Nullcon |
Secure Coding: Fix From The Root
| Saddam Hussain, Gopika Subramanian | #secure-coding#application-pentesting#code-review+4 |
| 2023-09-23 | Talk | Nullcon |
The Convergence Of eBPF, Buildroot, And QEMU For Automated Linux Malware Analysis
| Nikhil Ashok Hegde | #malware-detection#linux#dynamic-analysis+2 |
| 2023-09-23 | Talk | Nullcon |
The Curious Case Of The Rogue SOAR
| Mukesh Sai Kumar, Jaden Furtado | #blueteam#application-pentesting#dynamic-analysis+3 |
| 2023-08-10 | Tool demo | Blackhat |
vAPI: Vulnerable Adversely Programmed Interface
| Tushar Kulkarni | #api-security#authorization#security-testing+3 |
| 2023-08-09 | Tool demo | Blackhat |
Akto - Open Source API Security Tool
| Ankush Jain, Ankita Gupta 1 | #api-security#application-pentesting#security-testing+3 |
| 2023-08-09 | Tool demo | Blackhat |
Damn Vulnerable Bank
| Akshansh Jaiswal, Hrushikesh Kakade, Rewanth Tammana | #android-security#application-pentesting#dynamic-analysis+3 |
| 2023-08-07 | Talk | C0c0n |
Start Left SDLC Security with Open-Source DevSecOps Tooling
| Aswin Raj, Shruti M G | #devsecops#secure-development#static-analysis+3 |
| 2023-08-07 | Talk | C0c0n |
Uncovering the Hidden Dangers Lurking as Android Apps using ML Algos
| Nikhil Prabhakar | #android-security#reverse-engineering#dynamic-analysis |
| 2023-06-01 | Talk | Securityfest |
Bypassing Anti-Cheats & Hacking Competitive Games
| Rohan Aggarwal | #reverse-engineering#appsec#endpoint-protection+4 |
| 2023-05-11 | Tool demo | Blackhat |
Damn Vulnerable Bank
| Rewanth Tammana, Hrushikesh Kakade, Akshansh Jaiswal | #android-security#application-pentesting#dynamic-analysis+3 |
| 2022-12-08 | Tool demo | Blackhat |
Node Security Shield - A Lightweight RASP for NodeJS Applications
| Lavakumar Kuppan, Sukesh Pappu | #application-hardening#secure-development#security-testing+4 |
| 2022-12-07 | Tool demo | Blackhat |
vAPI: Vulnerable Adversely Programmed Interface
| Tushar Kulkarni | #api-security#application-pentesting#secure-development+4 |
| 2022-09-23 | Talk | C0c0n |
Pwning Android Apps at Scale
| Sparsh Kulshrestha, Shashank Barthwal | #android-security#mobile-pentesting#reverse-engineering+2 |
| 2022-09-08 | Tool demo | Nullcon |
ZaaS: [OWASP] ZAP As A Service - Continous Security For 20K+ APIs
| Rohit Sehgal, Varun Kakumani | #owasp#api-security#cloud-workload-protection+3 |
| 2022-09-07 | Talk | Nullcon |
ElectroVolt: Pwning Popular Desktop Apps While Uncovering New Attack Surface On Electron
| Mohan Sri Rama Krishna Pedhapati, Maxwell Garrett | #red-teaming#application-pentesting#dynamic-analysis+4 |
| 2022-08-11 | Talk | Blackhat |
ElectroVolt: Pwning Popular Desktop Apps While Uncovering New Attack Surface on Electron
| Mohan Sri Rama Krishna Pedhapati, Aaditya Purani, Max Garrett, William Bowling | #red-teaming#application-pentesting#code-review+4 |
| 2022-08-10 | Tool demo | Blackhat |
Adhrit: Android Security Suite
| Amrudesh Balakrishnan, Rahul Sani, Abhishek Jm | #android#android-security#application-pentesting+4 |
| 2022-08-10 | Tool demo | Blackhat |
ArcherySec - Manage and Automate your Vulnerability Assessment
| Anand Tiwari | #application-pentesting#ci-cd#dynamic-analysis+3 |
| 2022-08-10 | Tool demo | Blackhat |
AWSGoat : A Damn Vulnerable AWS Infrastructure
| Nishant Sharma, Jeswin Mathai, Sanjeev Mahunta | #aws#cloud-pentesting#cloud-workload-protection+4 |
| 2022-08-10 | Tool demo | Blackhat |
HazProne : Cloud Hacking
| Devansh Patel, Staford Titus S | #cloud-pentesting#cloud-workload-protection#aws+4 |
| 2022-08-10 | Tool demo | Blackhat |
Node Security Shield - A Lightweight RASP for NodeJS Applications
| Lavakumar Kuppan, Sukesh Pappu | #application-hardening#code-review#secure-development+4 |
| 2022-08-10 | Tool demo | Blackhat |
ParseAndC 2.0 β We Don’t Need No C Programs (for Parsing)
| Parbati Kumar Manna | #reverse-engineering#dynamic-analysis#network-pentesting+4 |
| 2022-05-12 | Tool demo | Blackhat |
Node Security Shield
| Lavakumar Kuppan, Sukesh Pappu | #application-hardening#secure-development#security-testing+3 |
| 2022-05-12 | Talk | Blackhat |
Non-Intrusive Vulnerability Localization and Hotpatching for Industrial Control Systems
| Prashant Rajput, Michail Maniatakos | #ics-security#control-systems#hardware-embedded+3 |
| 2021-11-12 | Talk | C0c0n |
Dissecting Malicious Software and Analysis
| Shrutirupa Banerjiee | #reverse-engineering#dynamic-analysis#static-analysis |
| 2021-11-11 | Tool demo | Blackhat |
Damn Vulnerable Bank
| Akshansh Jaiswal, Hrushikesh Kakade, Rewanth Tammana | #android#android-security#application-pentesting+3 |
| 2021-11-11 | Tool demo | Blackhat |
vAPI: Vulnerable Adversely Programmed Interface (OWASP API Top 10)
| Tushar Kulkarni | #api-security#application-pentesting#security-testing+4 |
| 2021-11-10 | Tool demo | Blackhat |
Adhrit: Android Security Suite
| Abhishek Jaiswal, Abhishek Jm, Rahul Sani | #android#application-pentesting#code-review+4 |
| 2021-08-04 | Tool demo | Blackhat |
ParseAndC: A Universal Parser and Data Visualization Tool for Security Testing
| Parbati Kumar Manna | #reverse-engineering#application-pentesting#code-review+4 |
| 2020-10-02 | Tool demo | Blackhat |
MalViz.ai
| Vasu Sethia, Shivam Kataria | #blueteam#machine-learning#deep-learning+3 |
| 2020-08-22 | Talk | Thedianainitiative |
Hacking into Android Ecosystem
| Aditi Bhatnagar | #android#android-security#application-pentesting+3 |
| 2020-08-09 | Talk | Defcon |
Running an appsec program with open source projects
| Vandana Verma Sehgal | #owasp#secure-development#devsecops+3 |
| 2020-03-06 | Tool demo | Nullcon |
F.R.I.D.A.Y
| Shyam Sundar Ramaswami | #blueteam#dynamic-analysis#sandbox+2 |
| 2020-03-06 | Tool demo | Nullcon |
FRISPY
| Tejas Girme, Parmanand Mishra | #spyware#red-teaming#api-security+3 |
| 2019-11-01 | Talk | Hackfest |
The Mechanics of Malware’s Darkside
| Yagnesh Waran P, Laura Harris | #dynamic-analysis#static-analysis#security-testing+1 |
| 2019-05-04 | Talk | Thotcon |
What The Frida Gave Me: A Novel Take on E-Ticket Forging and E-Ticket Stealing
| Priyank Nigam | #frida#application-pentesting#dynamic-analysis+3 |
| 2019-02-28 | Talk | Nullcon |
Andromeda - GUI based Dynamic Instrumentation Toolkit powered by Frida
| Shivang Desai | #secure-coding#security-assessment#dynamic-analysis+4 |
| 2019-02-28 | Talk | Nullcon |
Pentesting without Pentesters - Automating Security Testing with Functional Testing Test Cases
| Lavakumar Kuppan, Ankit Gupta | #security-assessment#application-pentesting#application-hardening+3 |
| 2018-10-10 | Talk | Brucon |
Simplifying the art of instrumentation
| Krishnakant Patil, Rushikesh D Nandedkar | #reverse-engineering#static-analysis#dynamic-analysis+2 |
| 2018-10-05 | Talk | C0c0n |
Pentesting GraphQL Applications
| Neelu Tripathy | #security-assessment#application-pentesting#dynamic-analysis+4 |
| 2018-10-05 | Talk | C0c0n |
DomGoat - the DOM Security Playground
| Lavakumar Kuppan | #xss#web-security#input-validation+4 |
| 2018-10-05 | Talk | C0c0n |
SCANDA: To Unbosom Malware Behavior
| Rajesh Nikam, Parmanand Mishra | #reverse-engineering#dynamic-analysis#malware-research+1 |
| 2018-10-03 | Tool demo | Blackhat |
Angad: A Malware Detection Framework Using Multi-Dimensional Visualization
| Ankur Tyagi | #malware-detection#static-analysis#dynamic-analysis+3 |
| 2018-09-06 | Talk | Grrcon |
Analyzing Multi-Dimensional Malware Dataset
| Ankur Tyagi | #blueteam#machine-learning#dynamic-analysis+1 |
| 2018-09-06 | Talk | Grrcon |
Crypto Gone Rogue: A Tale of Ransomware, Key Management and the CryptoAPI
| Pranshu Bajpai, Richard Enbody | #encryption#ransomware#dynamic-analysis+1 |
| 2018-08-09 | Tool demo | Blackhat |
Mafia: Mobile Security Automation Framework for Intelligent Auditing
| Ankur Bhargava, Sagar Popat, Mohan Kallepalli | #audit#security-testing#automated-scanning+4 |
| 2018-08-08 | Tool demo | Blackhat |
SCoDA: Smart COntract Defender and Analyzer
| Ajit Hatti | #blueteam#secure-coding#smart-contracts+4 |
| 2018-08-08 | Tool demo | Blackhat |
ThreatPlaybook
| Abhay Bhargav, Sharath Kumar | #threat-modeling#ci-cd#security-development-lifecycle+4 |
| 2017-08-18 | Talk | C0c0n |
Dynamic Binary Instrumentation
| Vivek Arora, Bhaskar Rastogi | #dynamic-analysis#reverse-engineering#binary-analysis+1 |
| 2017-08-18 | Talk | C0c0n |
Yarafying Android Malware: A Missing Step Before Malware Analysis
| Shivang Desai | #android#blueteam#android-security+3 |
| 2017-03-31 | Talk | Blackhat |
WHAT MALWARE AUTHORS DON’T WANT YOU TO KNOW - EVASIVE HOLLOW PROCESS INJECTION
| Monnappa K A | #code-injection#red-teaming#malware-research+4 |
| 2017-03-04 | Panel | Nullcon |
Application Security Opportunities and Challenges in a DevOps World
| Abhay Bhargav, Ajay Bongirwar, Arun Jadhav, Pravesh Sharma, Adam Leaonard | #secure-development#security-testing#dynamic-analysis+3 |
| 2017-03-03 | Talk | Nullcon |
Tale of training a Web Terminator!
| Bharadwaj Machiraju | #ml#security-assessment#application-pentesting+4 |
| 2017-01-25 | Talk | Owaspappseccalifornia |
DASTProxy: Donβt let your automated security testing program stall on crawlInstead focus on business context
| Kiran Shirali, Srinivasa Rao Chirathanagandla | #dynamic-analysis#dast#devsecops+2 |
| 2016-11-04 | Tool demo | Blackhat |
Firmware Analysis Toolkit (FAT)
| Aditya Gupta | #firmware#security-assessment#embedded-systems+3 |
| 2016-10-14 | Talk | Appsecusa |
DevOps to DevSecOps: a 2-dimensional view of security for DevOps
| Sanjeev Sharma | #application-hardening#secure-coding#security-development-lifecycle+3 |
| 2016-10-13 | Talk | Appsecusa |
Lightning Talk - Demystifying Windows Application
| Rupali Dash | #windows#application-hardening#secure-coding+4 |
| 2016-08-06 | Tool demo | Defcon |
Android-InsecureBank
| Dinesh Shetty | #android#red-teaming#application-pentesting+4 |
| 2016-08-04 | Talk | Blackhat |
DPTrace: Dual Purpose Trace for Exploitability Analysis of Program Crashes
| Rohit Mothe, Rodrigo Rubira Branco | #security-assessment#application-pentesting#dynamic-analysis+3 |
| 2016-08-04 | Tool demo | Blackhat |
Maltese (Malware Traffic Emulating Software)
| Sasi Siddharth | #dns#secure-coding#malware-detection+2 |
| 2016-05-17 | Talk | Phdays |
Security Automation Based on Artificial Intelligence
| Rahul Sasi | #ai#blueteam#ai-security+4 |
| 2016-04-01 | Tool demo | Blackhat |
LIMON-SANDBOX FOR ANALYZING LINUX MALWARES
| Monnappa K A | #linux#dynamic-analysis#static-analysis+2 |
| 2016-03-11 | Talk | Nullcon |
Million Dollar Baby: Towards ANGRly conquering DARPA CGC
| Aravind Machiry | #red-teaming#security-assessment#application-pentesting+4 |
| 2015-11-13 | Talk | Blackhat |
AUTOMATING LINUX MALWARE ANALYSIS USING LIMON SANDBOX
| Monnappa K A | #linux#security-assessment#malware-research+4 |
| 2015-11-12 | Tool demo | Blackhat |
Android InsecureBank
| Dinesh Shetty | #android#red-teaming#application-pentesting+4 |
| 2015-11-05 | Talk | Groundzerosummit |
Dissecting Android Malware
| Anto Joseph | #android#application-pentesting#dynamic-analysis+3 |
| 2015-08-06 | Talk | Blackhat |
Harnessing Intelligence from Malware Repositories
| Arun Lakhotia, Vivek Notani | #blueteam#security-analytics#malware-research+2 |
| 2015-08-01 | Talk | C0c0n |
NoPo - The NoSQL HoneyPot Framework
| Francis Alexander | #secure-coding#application-pentesting#security-testing+2 |
| 2015-07-06 | Talk | Blackhat |
DOM FLOW - UNTANGLING THE DOM FOR MORE EASY-JUICY BUGS
| Ahamed Nafeez | #red-teaming#xss#application-pentesting+2 |
| 2015-03-15 | Talk | Defcon |
TECHNICAL TALK-FUZZING ASYNCHRONOUS PROTOCOLS BUILT OVER WEBSOCKETS
| Lavakumar Kuppan | #fuzzing#application-pentesting#dynamic-analysis+1 |
| 2015-02-06 | Talk | Nullcon |
Pentesting a website with million lines of Javascript
| Lavakumar Kuppan, Ahamed Nafeez | #web-security#security-assessment#application-pentesting+2 |
| 2015-02-06 | Talk | Nullcon |
Toliman, a Hadoop Pentesting Tool
| Jitendra Chauhan | #security-assessment#security-tools#cloud-workload-protection+2 |
| 2015-01-27 | Talk | Owaspappseccalifornia |
The Savage Curtain : Mobile SSL Failures
| Tushar Dalvi, Tony Trummer | #ssl#application-pentesting#dynamic-analysis |
| 2014-11-13 | Talk | Groundzerosummit |
Evaluating WAF (Web Application Firewall) for Fun and Profit with WOF
| Bhaumik Merchant | #red-teaming#application-pentesting#security-testing+1 |
| 2014-11-13 | Talk | Groundzerosummit |
Fuzzing Asynchronous Protocols built over Websockets
| Lavakumar Kuppan | #fuzzing#red-teaming#application-pentesting+2 |
| 2014-11-13 | Talk | Groundzerosummit |
How I won Browser Fuzzing
| Amol Naik | #fuzzing#red-teaming#security-testing+4 |
| 2014-10-23 | Talk | Hacklu |
Hacking with Images - Evil Pictures
| Saumil Shah | #red-teaming#steganography#application-pentesting+3 |
| 2014-09-24 | Talk | Brucon |
OWASP: OWTF
| Bharadwaj Machiraju | #security-assessment#application-pentesting#dynamic-analysis+2 |
| 2014-06-23 | Talk | Hackinparis |
Pentesting NoSQL DB’s with NoSQL Exploitation Framework
| Francis Alexander | #secure-coding#security-assessment#application-pentesting+4 |
| 2014-02-15 | Tool demo | Nullcon |
DrupSnipe
| Ranjeet Sengar, Sukesh Pappu | #drupal#security-assessment#application-pentesting+2 |
| 2014-02-15 | Tool demo | Nullcon |
NoSQL Exploitation Framework
| Francis Alexander | #red-teaming#application-pentesting#security-tools+3 |
| 2014-02-15 | Tool demo | Nullcon |
OWASP OWTF - The Offensive (Web) Testing Framework
| Bharadwaj Machiraju, Abraham Aranguren | #security-assessment#application-pentesting#security-tools+3 |
| 2014-02-14 | Talk | Nullcon |
Flowinspect - A Network Inspection Tool
| Ankur Tyagi | #security-assessment#malware-detection#network-monitoring+2 |
| 2013-11-07 | Talk | Groundzerosummit |
IronWASP
| Lavakumar Kuppan | #security-assessment#application-pentesting#security-tools+2 |
| 2013-09-27 | Talk | C0c0n |
Sandy - The Malicious Analysis
| Rahul Sasi | #reverse-engineering#static-analysis#dynamic-analysis |
| 2013-09-27 | Talk | C0c0n |
Static analysis of malware with PyTriage
| Yashin Mehaboobe | #secure-coding#static-analysis#dynamic-analysis+2 |
| 2013-08-02 | Talk | Defcon |
Interactive Web Security Testing with IronWASP
| Lavakumar Kuppan | #application-pentesting#dynamic-analysis#security-testing+3 |
| 2013-08-01 | Talk | Blackhat |
Hot knives through butter: Bypassing automated analysis systems
| Abhishek Singh, Zheng Bu | #red-teaming#dynamic-analysis#malware-research+1 |
| 2013-03-22 | Talk | Insomnihack |
Guns and Smoke to fight Mobile Malware
| Ruchna Nigam | #android-security#malware-research#reverse-engineering+2 |
| 2013-03-15 | Talk | Blackhat |
The Sandbox Roulette- Are you ready for the gamble?
| Rahul Kashyap, Rafal Wojtczuk | #blueteam#application-pentesting#dynamic-analysis+3 |
| 2013-03-01 | Talk | Nullcon |
CSRF Finder as a Mozilla Addon
| Piyush Pattanayak | #csrf#blueteam#application-pentesting+4 |
| 2013-03-01 | Talk | Nullcon |
Detecting and Exploiting XSS Vulnerabilities and Xenotix XSS Exploitation Framework
| Ajin Abraham | #xss#red-teaming#application-pentesting+3 |
| 2012-12-06 | Talk | Blackhat |
HTML5 top 10 threats β Stealth Attack and Silent Exploits
| Shreeraj Shah | #red-teaming#application-pentesting#dynamic-analysis+4 |
| 2012-12-06 | Talk | Blackhat |
Poking servers with Facebook(and other web applications)
| Riyaz Walikar | #xspa#red-teaming#application-pentesting+2 |
| 2012-12-05 | Talk | Blackhat |
Droid Exploitation Saga
| Aditya Gupta, Subho Halder | #android#red-teaming#android-security+3 |
| 2012-12-01 | Talk | Clubhack |
Detecting and Exploiting XSS with Xenotix XSS Exploit Framework
| Ajin Abraham | #xss#red-teaming#application-pentesting+4 |
| 2012-12-01 | Talk | Clubhack |
FatCat Web Based SQL Injector
| Sandeep Kamble | #sqli#red-teaming#input-validation+4 |
| 2012-12-01 | Talk | Clubhack |
HAWAS β Hybrid Analyzer for Web Application Security
| Lavakumar Kuppan | #security-assessment#application-pentesting#dynamic-analysis+4 |
| 2012-11-23 | Talk | Malcon |
Advanced Malware Engine
| Mohit Kumar | #android#red-teaming#malware-research+3 |
| 2012-11-23 | Talk | Malcon |
Advances in ROP attacks
| Raashid Bhat | #red-teaming#bypassing#exploit-delivery+3 |
| 2012-11-07 | Award | |
Cross Site Port Attack (XSPA)
| Riyaz Walikar | #application-pentesting#security-testing#dynamic-analysis+3 |
| 2012-10-26 | Talk | Appsecusa |
XSS & CSRF with HTML5 - Attack, Exploit and Defense
| Shreeraj Shah | #xss#csrf#dynamic-analysis+3 |
| 2012-09-28 | Talk | Nullcon |
Alert(/xss/) - How to catch an XSS before someone exploits / reports it?
| Ahamed Nafeez | #web-security#xss#secure-coding+2 |
| 2012-09-27 | Talk | Grrcon |
The Realm of Third Generation Botnet Attacks
| Aditya K Sood, Dr. Richard J Enbody | #red-teaming#botnet#dynamic-analysis+1 |
| 2012-09-26 | Talk | Nullcon |
Opening the kimono: Automating behavioral analysis for mobile apps
| Pradeep Kulkarni, Michael Sutton | #application-pentesting#security-testing#dynamic-analysis+1 |
| 2012-09-26 | Talk | Nullcon |
The art of Passive Web Vul Analysis with IronWASP
| Lavakumar Kuppan | #security-assessment#application-pentesting#security-testing+2 |
| 2012-08-29 | Talk | Owaspappsecindia |
Find me if you can Smart fuzzing and discovery!
| Shreeraj Shah | #fuzzing#application-pentesting#dynamic-analysis+3 |
| 2012-08-03 | Talk | C0c0n |
Easy Money with UI-Redressing
| Amol Naik | #bug-hunting#application-pentesting#dynamic-analysis+4 |
| 2012-08-03 | Talk | C0c0n |
Evil JavaScript
| Bishan Singh | #red-teaming#web-security#application-pentesting+4 |
| 2012-08-03 | Talk | C0c0n |
WebApp Remote Code Execution using Server Side Scripting Engines
| Rahul Sasi | #red-teaming#security-assessment#application-pentesting+4 |
| 2012-07-28 | Talk | Defcon |
Botnets Die Hard - Owned and Operated
| Aditya K Sood, Richard J Enbody | #botnet#blueteam#malware-detection+2 |
| 2012-05-24 | Talk | Hitbsecconf |
CXML/VXML Auditing for IVR Pentesters and PCI/DSS Consultants
| Rahul Sasi | #security-assessment#ivr#application-pentesting+2 |
| 2012-03-15 | Talk | Owaspappsecindia |
The Magic of Passive Web Vulnerability Analysis
| Lavakumar Kuppan | #application-pentesting#security-testing#static-analysis+2 |
| 2011-12-04 | Talk | Clubhack |
DOM XSS β Encounters of the 3rd Kind
| Bishan Singh | #xss#red-teaming#secure-coding+4 |
| 2011-10-07 | Talk | C0c0n |
Automated Malware Analysis - Setting up the Environment
| K v Prashant, Pushkar Pashupat | #security-assessment#dynamic-analysis#malware-research+1 |
| 2011-10-07 | Talk | C0c0n |
Web Application Backdoor Attack,Evasion and Detection
| Rahul Sasi | #purpleteam#application-pentesting#backdoor-detection+4 |
| 2011-09-19 | Talk | Brucon |
Botnets and Browsers, Brothers in a Ghost Shell
| Aditya K Sood | #botnet#red-teaming#dynamic-analysis+1 |
| 2011-09-07 | Talk | Securitybyte |
IronWASP - A Web Application Security Testing Platform
| Lavakumar Kuppan | #security-assessment#application-pentesting#dynamic-analysis+4 |
| 2011-09-07 | Talk | Securitybyte |
Web Application Defender
| K v Prashant, Mohammed Imran | #blueteam#application-pentesting#secure-development+4 |
| 2011-09-06 | Talk | Securitybyte |
Botnets at Application+ layer
| Raj Shastrakar | #bot#red-teaming#application-pentesting+4 |
| 2011-09-06 | Talk | Securitybyte |
Runtime thread injection and execution in Linux processes
| Aseem Jakhar | #thread-injection#linux#process-injection+2 |
| 2011-05-19 | Talk | Hitbsecconf |
Spying on SpyEye β What Lies Beneath?
| Aditya K Sood | #blueteam#botnet#endpoint-protection+4 |
| 2011-02-25 | Talk | Nullcon |
Automatic Program Analysis using Dynamic Binary Instrumentation (DBI)
| Sunil Kumar | #dynamic-binary-instrumentation#code-analysis#dynamic-analysis+3 |
| 2011-02-25 | Talk | Nullcon |
Fuzzing with complexities
| Vishwas Sharma | #fuzzing#red-teaming#application-pentesting+4 |
| 2011-02-25 | Talk | Nullcon |
JSON Fuzzing: New approach to old problems
| K v Prashant, Tamaghna Basu | #fuzzing#red-teaming#application-pentesting+4 |
| 2010-12-04 | Talk | Clubhack |
Firefox Security!
| Prasanna Kanagasabai | #application-pentesting#secure-development#security-testing+4 |
| 2010-08-01 | Talk | C0c0n |
Code Disclosure over HTTP
| Anant Kochhar | #red-teaming#application-hardening#code-review+4 |
| 2010-08-01 | Talk | C0c0n |
Dangers and dynamic Malware analysis
| Chandrasekar | #forensics#dynamic-analysis#malware-detection+4 |
| 2010-07-29 | Talk | Blackhat |
Hacking Browser’s DOM - Exploiting Ajax and RIA
| Shreeraj Shah | #red-teaming#ajax#application-pentesting+4 |
| 2010-03-02 | Award | |
Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution
| Lavakumar Kuppan | #clickjacking#application-hardening#security-testing+1 |
| 2010-02-25 | Talk | Nullcon |
Software Fuzzing with Wireplay.
| Abhisek Datta | #fuzzing#red-teaming#network-pentesting+3 |
| 2010-02-25 | Talk | Nullcon |
Botnet mitigation, monitoring and management.
| Harshad Patil | #botnet#blueteam#malware-detection+4 |
| 2010-02-25 | Talk | Nullcon |
Penetration Testing versus Source Code
| Nikhil Wagholikar | #security-assessment#code-analysis#application-pentesting+4 |
| 2009-12-05 | Talk | Clubhack |
Mobile Application Security Testing
| Gursev Singh Kalra | #security-assessment#mobile-pentesting#application-pentesting+4 |
| 2009-11-18 | Talk | Securitybyte |
Introduction to Web Protection Library
| Anil Chintala | #blueteam#application-pentesting#secure-development+4 |
| 2009-11-18 | Talk | Securitybyte |
Rumbling Infections β Web Malware Ontology
| Aditya K Sood | #dynamic-analysis#malware-research#sandbox+2 |
| 2009-04-22 | Talk | Troopers |
SQL Injections: More Fun and Profit
| Sumit Siddharth | #red-teaming#application-pentesting#code-review+4 |
| 2009-03-16 | Talk | Cansecwest |
On Approaches and Tools for Automated Vulnerability Analysis
| Tanmay Ganacharya, Abhishek Singh, Swapnil Bhalode, Nikola Livic, Scott Lambert | #security-assessment#blueteam#automated-scanning+4 |
| 2009-02-19 | Talk | Blackhat |
Blinded by Flash: Widespread Security Risks Flash Developers Don’t See
| Prajakta Jagdale | #flash#blueteam#application-pentesting+2 |
| 2008-11-13 | Talk | Deepsec |
Game of Web 2.0 Security - Attacking Next Generation Apps
| Shreeraj Shah | #red-teaming#application-pentesting#dynamic-analysis+2 |
| 2008-10-29 | Talk | Hitbsecconf |
Browser Exploits - A New Model for Browser Security
| Saumil Shah | #red-teaming#application-pentesting#code-review+3 |
| 2008-08-20 | Talk | Owaspappsecindia |
Application Security Trends & Challenges
| Kamlesh Bajaj | #owasp#appsec#secure-development+4 |
| 2007-12-19 | Talk | Clubhack |
Backdoor 2.0: Hacking Firefox to steal his web secrets
| Sunil Arora | #red-teaming#application-pentesting#browser-security+2 |
| 2007-12-09 | Talk | Clubhack |
Analysis of Adversarial Code: The Role of Malware Kits!
| Rahul Mohandas | #red-teaming#malware-research#dynamic-analysis+1 |
| 2007-12-09 | Talk | Clubhack |
Hacking Web 2.0 Art and Science of Vulnerability Detection
| Shreeraj Shah | #red-teaming#application-pentesting#dynamic-analysis+4 |
| 2007-12-09 | Talk | Clubhack |
Subtle Security flaws: Why you must follow the basic principles of software security
| Varun Sharma | #blueteam#software-security#secure-coding+4 |
| 2007-12-09 | Talk | Clubhack |
The future of automated web application testing
| Amish Shah, Umesh Nagori | #security-assessment#application-pentesting#security-testing+3 |
| 2007-03-30 | Talk | Blackhat |
Web Service Vulnerabilities
| Nish Bhalla | #blueteam#purpleteam#application-pentesting+4 |
| 2006-11-29 | Talk | Pacsec |
Smashing Heap by Free Simulation
| Sandip Chaudhari | #heap#red-teaming#exploit-delivery+4 |
| 2006-10-19 | Talk | Hacklu |
Smashing Heap by Free Simulation:
| Sandip Chaudhari | #heap#red-teaming#exploit-development+2 |
| 2006-04-13 | Talk | Hitbsecconf |
Writing Metasploit Plugins - From Vulnerability to Exploit
| Saumil Shah | #metasploit#red-teaming#exploit-development+3 |
| 2006-01-26 | Talk | Blackhat |
Analysis of Adversarial Code: Problem, Challenges, Results
| Arun Lakhotia | #secure-coding#blueteam#static-analysis+1 |
| 2005-09-26 | Talk | Hitbsecconf |
Web hacking Kung-Fu and Art of Defense
| Shreeraj Shah | #blueteam#application-pentesting#code-review+4 |
| 2005-04-12 | Talk | Hitbsecconf |
Web Application Kung-Fu, The Art of Defense
| Shreeraj Shah | #blueteam#application-hardening#secure-coding+4 |
| 2004-07-29 | Talk | Blackhat |
Evasion and Detection of Web Application Attacks
| K K Mookhey | #blueteam#intrusion-detection#application-pentesting+3 |
| 2004-01-29 | Talk | Blackhat |
HTTP Fingerprinting and Advanced Assessment Techniques
| Saumil Shah | #fingerprinting#blueteam#application-pentesting+3 |
| 2003-10-01 | Talk | Blackhat |
HTTP Fingerprinting & Advanced Assessment Techniques
| Saumil Shah | #fingerprinting#blueteam#application-pentesting+2 |
| 2003-07-31 | Talk | Blackhat |
HTTP Fingerprinting & Advanced Assessment Techniques
| Saumil Shah | #fingerprinting#blueteam#application-pentesting+2 |
| 2003-02-26 | Talk | Blackhat |
HTTP: Advanced Assessment Techniques
| Saumil Shah | #fingerprinting#blueteam#application-pentesting+4 |
| 2001-04-26 | Talk | Blackhat |
Web Hacking
| Saumil Shah | #red-teaming#application-pentesting#security-testing+4 |
| 2001-02-14 | Talk | Blackhat |
Web Hacking
| Saumil Shah | #red-teaming#application-pentesting#dynamic-analysis+3 |