Disclosing Vulnerabilities for Fun and Profit
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Disclosing Vulnerabilities for Fun and Profit

on

  • 1,138 views

null Bangalore Chapter, January 2013 Meet

null Bangalore Chapter, January 2013 Meet

Statistics

Views

Total Views
1,138
Views on SlideShare
690
Embed Views
448

Actions

Likes
0
Downloads
18
Comments
0

1 Embed 448

http://null.co.in 448

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Disclosing Vulnerabilities for Fun and Profit Presentation Transcript

  • 1. Disclosing VulnerabilitiesFOR FUN & PROFITNikhil.P.Kulkarniwww.twitter.com/nikchillz
  • 2. Nikhil Kulkarni (aka Intrud3r) A 21yr old Tech Enthusiast. A Blogger, Web Designer, Graphical Designer Mainly into Web App Testingfacebook.com/nikchillztwitter.com/nikchillz
  • 3. File Inclusion BUG
  • 4. FULL DISCLOSURE VULNERABILITY DISCLOSURE RESPONSIBLE DISCLOSURE
  • 5. Tools Firefox Addons: Tamper Data Web Developer ExtensionsProxy: Live HTTP HeadersBurp Suite FirebugWeb Scarab HackbarFiddler XSS MeAnd many more…!!! And many more…!!!Useful Tools:IRONWASPXENOTIXAnd many more…!!! Optional: Camtasia Studio(Screen Recorder) Snipping Tool(Screenshots)
  • 6.  $100 to $20,000$500 to $5000 500 to $3000
  • 7.  $500 + T-Shirt  Unknown Price money (Approx. $50 to $10,000)
  • 8. http://computersecuritywithethicalhacking.blogspot.in/2012/09/web- product-vulnerabilty-bug-bounty.html
  • 9. Normal Resume withResume HOF
  • 10. Find Broke Bugs ReportParty Them Get Reward
  • 11. Never go for Full Disclosure without company’s permission.Always see that, you’ve made a Responsible Disclosure before going for Full Disclosure.
  • 12. KEEDA ProjectA NULL Community InitiativeHighlights:Informs the vendors and Certs about anyvulnerabilities found in the wild.The credit is given to the bug submitteritself.Does not charge the vendor in return.But at least a thank you letter from theVendor.If vendor does not rectify the bug, theFULL DISCLOSURE of the bug is done usingKeeda Portal.
  • 13. Stored XSS in the Official Website of DELL
  • 14. DEMO
  • 15. And manyXSS CSRF SQLi more
  • 16. Kislay BhardwajPrashanth.K.VRiyaz WalikarAmol NaikPrasanna KangasabaiAkash MahajanSabari SelvanSrikanth RaoHimanshu Kumar DasSuriya PrakashHarsimram WaliaLava KumarAnd the whole of NULL Bangalore Chapter.
  • 17. Thank YouNULL BangaloreNikhil.P.Kulkarniwww.facebook.com/nikchillzwww.twitter.com/nikchillz