DC9180 – Hunting bugs the Bounty way

This talk informs you all you should know about finding bug bounty. Various scenarios, tools, procedure, real time replies etc. About the speaker: Nikhil P Kulkarni a.k.a Intrud3r Web application Pentester | Blogger | Bug Hunter | Researcher at CSPF | Listed in various hall of fames   You can find the full presentation at… Read More »

DC9180 – OWASP Xenotix XSS Exploit FRAMEWORK

This presentation covers XSS vulnerability to gain reverse shell access to the system. The PDF copy of the presentation can be downloaded here –  pwningwithxss-defconbanglore-130820063858-phpapp01 About the speaker: Name: Ajin Abraham •Info Sec Enthusiast •OWASP Xenotix XSS Exploit Framework •Free and Open Info Sec Education Supporter (Kerala Cyber Force) •Runs a DEFCON chapter Defcon Kerala

DC9180 – Bitcoins

What is bitcoin ? Bitcoin is a cryptocurrency where the creation and transfer of bitcoins is based on an open-source cryptographic protocol that is independent of any central authority. What this presentation covers? Illegal use Bitcoin Mining botnets An another way to find botnets Block methods used by pools Max connection check Bot herders can… Read More »

Mozilla automates web security through Minion!

The Minion platform from Mozilla allows various teams like Development, QA, and Security members to perform automated web security scans. The targeted users by this platform are the developers because they can use once the written code is ready for testing. Principles: Minion should be as easy to use as possible It is aimed at… Read More »

Facebook URL redirection bug

Facebook suffers from a URL redirection bug which never got patched even after responsible disclosure.  But when they patch it they fail to give credit to the reporter. This bug has been reported by many hunters, and had gone to deaf ears. I am attaching few screenshots here of the bug which will give an… Read More »

The Mobile Device Management Saga

Wikipedia defines Mobile Device Management (MDM) solutions as solutions that secure, monitors and supports mobile devices, deployed across various Mobile service providers and operators. This domain of technology sweeps its charms over Smartphones, Tablets, Tablet Computers, mobile printers and various other devices dependent on On-The-Air (OTA) technology. The primary intent of this model is to… Read More »


OSINT stands for Open Source Intelligence. In this article we cover the most important OSINT tools for a security researcher. Basically, OSINT tools are used in the reconnaissance phase to gather as much information about the target as possible. These tools have an artificial intelligence to mine data from the web about all possible matches… Read More »

Advanced Persistent Threats – Attack and Defence

Advanced Persistent Threats (APT) was originally coined while nations were involved in cyber-espionage. These techniques are used by cyber-criminals to steal data for monetary gains. Unlike other threats, these threats are advanced, often targeted, persistent in nature, and evasive too. APTs target particular organizations unlike other usually found malwares, which sweep down random millions of… Read More »

Security Audit Tools

In this photo story segment we cover the brief overview of internal security audit tools. These tools are ranging from port scanners to exploit development frameworks, be it web applications or network components, this segment shows you some of the must have tools for a successful security audit. 1.      Maltego: Following the well defined hacker… Read More »