Upload File

disclosing vulnerabilities for fun &...

  • Home
  • Documents
  • Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA
27
Disclosing Vulnerabilities FOR FUN & PROFIT Nikhil.P.Kulkarni www.twitter.com/nikchillz

Upload: others

Post on 04-Oct-2020

5 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA

Disclosing Vulnerabilities

FOR FUN & PROFIT

Nikhil.P.Kulkarni

www.twitter.com/nikchillz

Page 2: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA

Nikhil.P.Kulkarni

intro.me

Web Application Pen-testing

Bug Hunter Blogger

Listed in Various Hall Of Fames

Web Designer Researcher at CSPF

Page 3: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA
Page 4: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA
Page 5: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA

File Inclusion BUG

Page 6: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA

VULNERABILITY

DISCLOSURE

FULL DISCLOSURE

RESPONSIBLE DISCLOSURE

Page 7: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA
Page 8: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA
Page 9: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA

Tools Proxy:

Burp Suite

Web Scarab

Fiddler

And many more…!!!

Firefox Addons:

Tamper Data

Web Developer Extensions

Live HTTP Headers

Firebug

Hackbar

XSS Me

And many more…!!!

Optional:

Camtasia Studio(Screen Recorder)

Snipping Tool(Screenshots)

Useful Tools:

IRONWASP

XENOTIX

And many more…!!!

Page 10: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA

$100 to $20,000

$500 to $5000

500 to $3000

Page 11: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA

Unknown Price money (Approx. $50 to $10,000)

$500 + T-Shirt

Page 12: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA

https://bugcrowd.com/list-of-bug-bounty-programs/

https://bugcrowd.com/list-of-bug-bounty-programs/
https://bugcrowd.com/list-of-bug-bounty-programs/
https://bugcrowd.com/list-of-bug-bounty-programs/
https://bugcrowd.com/list-of-bug-bounty-programs/
https://bugcrowd.com/list-of-bug-bounty-programs/
https://bugcrowd.com/list-of-bug-bounty-programs/
https://bugcrowd.com/list-of-bug-bounty-programs/
https://bugcrowd.com/list-of-bug-bounty-programs/
https://bugcrowd.com/list-of-bug-bounty-programs/
Page 13: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA

Normal

Resume Resume with

HOF

Page 14: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA

Find Bugs

Report Them

Get Reward

Party

Broke

Page 15: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA

Never go for Full Disclosure without company’s permission.

Always see that, you’ve made a Responsible Disclosure before going for

Full Disclosure.

Page 16: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA
Page 17: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA
Page 18: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA
Page 19: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA
Page 20: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA

Stored XSS in the Official Website of

DELL

Page 21: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA
Page 22: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA

DEMO

Page 23: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA

XSS CSRF SQLi And many

more

Page 24: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA
Page 25: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA
Page 26: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA

Kislay Bhardwaj

Prasanna

Karthik Ranganath

And everyone else related to DEFCON Bangalore DC9180

Page 27: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA

Thank You

DEFCON

Bangalore Nikhil.P.Kulkarni www.facebook.com/nikchillz www.twitter.com/nikchillz

http://www.facebook.com/nikchillz
http://www.twitter.com/nikchillz

Ramzan shama Election Compaign

2451-MVSR Engineering College, Nadergul, Saroornagar, Ranga Reddy … · 2014-04-24 · 2451-MVSR Engineering College, Nadergul, Saroornagar, Ranga Reddy District. 737-I.T ... 31

MUHAMMAD RAMZAN - HEC

Ali Ramzan MId

Dua 15 Shaban and Ramzan Wazaif

MVSR Engineering College, Nadergul Department of ... sec wise 2017...MVSR Engineering College, Nadergul Department of Sciences & Humanities Time Table for B.E-1/4 Academic year:2017-18

Ramzan Daily Dua

MUHAMAD ANWAR BIN RAMZAN

Ramzan Recipe_ Cheesy Corn Pattice - 1

Kwizzare Ramzan Quiz 2014

MVSR ECE Newsletter

Ramzan i̇şbaran

Ramzan calendar 2019 - ARY Digitalcdn.arydigital.tv/Ramzan-calendar-2019.pdf · ramzan mubarak 2019 /1440 20th may, 2019 mon fiqa jafria khi sehr: 04:09 am iftar: 07:22 pm sehr: 03:18

MVSR Engineering College...IEEE – MVSR Student Branch Page | 3 The function commenced with the welcome note by the Student Branch Chairman, S. Sathwik followed by the Lighting up

Ramzan Mubarak

GREEN PLANTATION - IEEEewh.ieee.org/sb/hyderabad/mvsr/reports19/green_plantation(july_27).pdfGREEN PLANTATION IEEE MVSR SB ha s organized a Green Plantation event on July 27 th, 2019

Ramzan 2012

Ramzan Book by ICEAGE Industries

MVSR ENGINEERING COLLEGE, NADERGUL. pics/mech-2012... · MVSR ENGINEERING COLLEGE, NADERGUL. ... Likhith, Varun varma, Avinash Row-4 ... Pratheek, Mnoj, Mahesh, Koutilya Tej, Sathya

Aamaal mah e-ramzan - volume 2

Vachana Viveka Vol 01by Ramzan Darga

Customer List Ramzan Card

Atrc ramzan presentation_20_july_2012-2

Virtues and Masail of Ramzan

IEEE MVSR SB in collaboration with Information Technology ...ewh.ieee.org/sb/hyderabad/mvsr/events-pdf/events18/... · Guest lecture details: Date: 04 August,2018. Time: 11:30 pm

Full page fax print - Defence Housing Authority, … Creek Club Newsletter...Advance Ramzan Mubarak to all us members Taraveeh prayers will be held from Ramzan to 27th Ramzan. On Ramzan,

Ramzan book

Industrial Instrumentation Dr. –Ing. Naveed Ramzan

EEVIWW MVSR ) WXIIP PMQMXIHenvironmentclearance.nic.in/writereaddata/online/EC/... · 2019-02-01 · EEVIWW MVSR ) WXIIP PMQMXIH XIJV jsv 618 QXTE Mrxikvexih Wxiip Tperx Ex Lepezevxlm

Ramzan & Eid i.pptx

Ramzan - Benefits of Fasting

Tohfa e Ramzan

MVSR Engineering Collegeewh.ieee.org/sb/hyderabad/mvsr/events-pdf/events13...Chief Guest, Prof. P. Premchand, Dean Engineering, Osmania University addressing the gathering Dr. S. Sameen

Mahe Ramzan or Roze

Aamaal mah e-ramzan - volume 1