content top

Memory Corruption – null Security Meet

Memory Corruption – null Security Meet

Introduction   It’s was my pleasure to talk about “Memory Corruption“. The event was null Pune which held @ThoughtWorks.   Topics and Schedules   10:00 AM – 10:15 AM: Introduction by Murtuja Bharmal. 10:15 AM – 10:45 AM: Security News Bytes by Imdadullah Mohammed. 10:45 AM – 11:45 AM: Android Fuzzing by Prasanna Kanagasabai. 11:45 AM – 12:00 PM: Tea and Coffee Break. 12:00 PM –...

Read More

Shellcode Of Death – null Security Meet

Shellcode Of Death – null Security Meet

Introduction   It’s was my pleasure to talk about “Shellcode Of Death” a.k.a “Wicked Sunny“. The event was null Pune which held @SICSR.   Topics and Schedules   04:00 PM – 04:10 PM: Introduction by Null + G4H team 04:10 PM – 05:15 PM : Shell Code of Death by Ashfaq Ansari.   I was giving the talk on “Shellcode Of Death” a.k.a “Wicked...

Read More

Damn Vulnerable Web App – Local File Inclusion (LFI)

Damn Vulnerable Web App – Local File Inclusion (LFI)

Introduction   In the first part of Damn Vulnerable Web App (DVWA) series, we have seen how we can install Damn Vulnerable Web Application (DVWA) on BackTrack 5 R1.   If you have not read the first part, here is the link: http://hacksys.vfreaks.com/pen-testing/damn-vulnerable-web-app-sql-injection.html   Now, we will test another attack vector known as Local File Inclusion (LFI).   Local File Inclusion (LFI) is a...

Read More

Art Of Exploit Writing – null Security Meet

Art Of Exploit Writing – null Security Meet

Introduction   It’s was my pleasure to be with fantastic security minds of Bangalore. The event was null Bangalore which held @ThoughtWorks.   Topics and Schedules   09:30 – 10:00: Web App Basics – Insecure Direct Object Reference – Himanshu Das 10:00 – 10:15: Introductions 10:15 – 10:35: Newsbytes – Apurva 10:35 – 11:05: Vulnerability Disclosure – Nikhil Kulkarni 11:05...

Read More

Penetration Testing Report – Web Application

Penetration Testing Report – Web Application

Introduction   Penetration Testing is a critical security testing of a network infrastructure, application, web application. Penetration testing is not going to be worth anything if there are no reports to detail what has been done and what needs to be fixed or corrected.   Penetration Test report lay down the base foundation that determines how good or bad a network, web applications and Internet security performs.   But how...

Read More

Reverse Shell v1.0 PHP – Authentication Feature

Reverse Shell v1.0 PHP – Authentication Feature

Introduction   This tool is designed for pentest situation where you have upload access to a webserver that is running PHP. Upload this script to somewhere in the web root then run it by accessing the appropriate URL in your browser. The script will open an outbound TCP connection from the webserver to a host and port defined in the script. Bound to this TCP connection will be a shell.   This will be a proper interactive shell in...

Read More
content top