Disclosing Vulnerabilities for Fun and Profit

959 views

Published on

null Bangalore Chapter, January 2013 Meet

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
959
On SlideShare
0
From Embeds
0
Number of Embeds
459
Actions
Shares
0
Downloads
29
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Disclosing Vulnerabilities for Fun and Profit

  1. 1. Disclosing VulnerabilitiesFOR FUN & PROFITNikhil.P.Kulkarniwww.twitter.com/nikchillz
  2. 2. Nikhil Kulkarni (aka Intrud3r) A 21yr old Tech Enthusiast. A Blogger, Web Designer, Graphical Designer Mainly into Web App Testingfacebook.com/nikchillztwitter.com/nikchillz
  3. 3. File Inclusion BUG
  4. 4. FULL DISCLOSURE VULNERABILITY DISCLOSURE RESPONSIBLE DISCLOSURE
  5. 5. Tools Firefox Addons: Tamper Data Web Developer ExtensionsProxy: Live HTTP HeadersBurp Suite FirebugWeb Scarab HackbarFiddler XSS MeAnd many more…!!! And many more…!!!Useful Tools:IRONWASPXENOTIXAnd many more…!!! Optional: Camtasia Studio(Screen Recorder) Snipping Tool(Screenshots)
  6. 6.  $100 to $20,000$500 to $5000 500 to $3000
  7. 7.  $500 + T-Shirt  Unknown Price money (Approx. $50 to $10,000)
  8. 8. http://computersecuritywithethicalhacking.blogspot.in/2012/09/web- product-vulnerabilty-bug-bounty.html
  9. 9. Normal Resume withResume HOF
  10. 10. Find Broke Bugs ReportParty Them Get Reward
  11. 11. Never go for Full Disclosure without company’s permission.Always see that, you’ve made a Responsible Disclosure before going for Full Disclosure.
  12. 12. KEEDA ProjectA NULL Community InitiativeHighlights:Informs the vendors and Certs about anyvulnerabilities found in the wild.The credit is given to the bug submitteritself.Does not charge the vendor in return.But at least a thank you letter from theVendor.If vendor does not rectify the bug, theFULL DISCLOSURE of the bug is done usingKeeda Portal.
  13. 13. Stored XSS in the Official Website of DELL
  14. 14. DEMO
  15. 15. And manyXSS CSRF SQLi more
  16. 16. Kislay BhardwajPrashanth.K.VRiyaz WalikarAmol NaikPrasanna KangasabaiAkash MahajanSabari SelvanSrikanth RaoHimanshu Kumar DasSuriya PrakashHarsimram WaliaLava KumarAnd the whole of NULL Bangalore Chapter.
  17. 17. Thank YouNULL BangaloreNikhil.P.Kulkarniwww.facebook.com/nikchillzwww.twitter.com/nikchillz

×