Uncategorized

Bluehat India 2024 – Slide deck – The lesser known business logic flaws

I had the incredible honor of speaking at the first-ever BlueHat India event, held in Hyderabad. This landmark conference brought together a diverse group of cybersecurity professionals, researchers, and enthusiasts from around the globe. The energy and enthusiasm at the event were palpable, and it was a privilege to be a part of such a vibrant conference. My presentation focused on business…

1 Comment

May 22, 2024

Uncategorized

Setting Up Elasticsearch and Kibana on EC2: A Step-by-Step Guide

Introduction:In the world of data analytics and log management, Elasticsearch and Kibana stand out as powerful tools for indexing, searching, and visualizing large volumes of data. In this tutorial, we'll walk through the process of setting up Elasticsearch and Kibana on an EC2 instance, enabling you to harness the full potential of these tools for your projects. Prerequisites:Before we dive into the…

0 Comments

March 19, 2024

Uncategorized

Winja CTF @ Nullcon Goa 2023 Edition Solutions

Hello, Everyone! I trust you had a fantastic time at Winja CTF 2023 - Goa Edition. I hope you found the challenges intriguing. In this blog post, I will be sharing the solutions to the challenges I built. Faulty Portal This was a web challenge that's based on collibra. Collibra is a software company that specializes in data governance and cataloging solutions.…

0 Comments

September 25, 2023

Conference / Information Security

My First Nullcon as a Speaker!

- [ ] Deliver a talk at Nullcon Are you wondering what this is? This was one of the to-dos I defined for myself in the new year's resolutions! Well new year's resolutions are something that just motivates us till end of Jan! However, this time I managed to get it done❤️ Nullcon 2022 was my 2nd Nullcon and 1st time as…

0 Comments

September 14, 2022

Conference / CTF / Information Security

Winja CTF @ Nullcon Goa 2022 – Osint Challenges Writeup

This post contains the OSINT challenges created as part of Winja CTF, Nullcon Goa 2022.

0 Comments

September 13, 2022

CTF / Information Security

Winja CTF – Web Challenges Solutions – Nullcon Goa 2022

This post contains the web challenges created by me in winja ctf 2022.

0 Comments

September 12, 2022

Conference / Information Security

Raining CVEs on WordPress Plugin via Semgrep – Nullcon Goa 2022 Slide deck

This post is contains the talk slides and the demo videos that we presented in Nullcon Goa 2022.

0 Comments

September 12, 2022

Cloud / CTF / Information Security

Winja CTF – Nullcon Berlin Edition – Solutions

Hey there!!! This post is all about the solutions to the CTF challenges I created for Winja CTF - berlin edition. The category for the challenges is Cloud. If you are not aware, the challenges for this CTF were based on the money heist theme. Hence all the challenge description or context will be referring to money heist. Challenge 1 - The…

0 Comments

May 6, 2022

How To / linux / Web application

How to configure SSL on EC2 instance for free

The post is a walkthrough on how to configure ssl on linux instances. This can also be helpful when exploiting CORS.

0 Comments

December 7, 2021

OWASP top 10 / Uncategorized / Web application

How I found an IDOR in deletion of comparison lists

Read about an interesting scenario of IDOR that allowed to me view private user information and also delete publicly available list.

1 Comment

September 26, 2021

How To / Information Security / OWASP top 10 / Web application

Here is how to hunt for OAUTH vulnerabilities

The post disccuss around the basics of OAUTH and how to hunt for OAUTH vulnerabilities like leaking tokens, abusing redirect URI, absense of state parameter.

0 Comments

July 7, 2021

How To / WordPress

How to setup your blog on WordPress with right theme and plugins

How to setup a wordpress blog from scratch with all the essential plugins to use. The theme that will make your site look and feel awesome.

0 Comments

June 2, 2021

Code Vigilant / OWASP top 10 / php / Source Code Review / Web application / XSS

Dont just sanitize but also escape – A fable of sanitize_text_field

The post talks about an interesting find of XSS even when the filter was used. It also covers the mistakes that a developer makes while sanitizing input.

4 Comments

May 21, 2021

Information Security / OWASP top 10 / Web application

Blind XXE attacks – Out of band interaction Techniques (OAST) to exfilterate data

The post covers various techniques by which sensitive data can be exfilterated using out of band interaction in XXE

1 Comment

April 24, 2021

Information Security / OWASP top 10 / Web application

XXE Simplified: The concept, Attacks and Mitigations

XXE remains amongst the one with a critical score on the severity perspective. Why? Being able to read server's sensitive files is where the victim can be fully compromised.

0 Comments

April 14, 2021