7th Kuwait Info Security Forum 2015

1. Crawling Web (Darker Way) for Fun and Profit
Section A - Personal Data:
1. Name: Tamaghna Basu
2. Email Address: tamaghna.basu@gmail.com
3. Cell phone: +91 9880307435
4. Brief biography:
Tamaghna Basu, OSCP, GCIH, RHCE, CEH, ECSA, co-founder of
www.weekendsecurity.org, is a security researcher at heart and has been his
main areas of research include Web app security and network pen‐testing,
exploit development, incident handling and cyber forensic. Being a software
developer earlier, he worked in java, .net, ruby etc. and various domains like
finance, insurance, gaming etc. He was the winner of NULLCON 2010's
hacking challenge.
He is a SANS certified mentor for the course – “Sec 504: Hacker Techniques, Exploits and Incident
Handling”. He also presented in other security conferences like NULLCON, C0C0N, OWASP, ISACA
etc. Tamaghna is one of the core members of NULL security community, he facilitates
Chennai/Bangalore NULL Chapter, a frequent speaker of NULL and OWASP meets, conducted
multiple hacking workshops in NULL HUMLA, Bangalore. He is an active member of security
communities like honeynet, NAISG, DSCI, Clubhack etc. He also contributed to security magazines
like Clubhack and ISACA journal. He has achieved various other certifications like Cyber Crime
Investigation, Diploma in Cyber Law etc.
Talks by Tamaghna:
 “Network Forensic” at Ground Zero Summit, 2013 (www.g0s.org)
 “Web Application Security” at ISACA Bangalore 2013
 “ “Public Exploit Held in Private” at OWASP Conference Delhi 2012 (www.2012.owasp.in)
 “Client Side Exploits using PDF” at C0C0N Cochin 2010 (http://is-ra.org/c0c0n/)
 “JSON Fuzzing” at NULLCON Goa 2011(www.nullcon.net)
 “Practical Exploitation” at ISACA Bangalore Chapter 2011
 Information Security, Past, Present and Future” at Amrita College Cochin 2012
Trainings/workshops by Tamaghna:
 Network Forensics : 1 day workshop at Ground Zero Summit, 2013 (www.g0s.org)
 Network Forensics : 1 day workshop at C0C0N Trivandrum September 2013 (http://is-
ra.org/c0c0n/)
 Hackers Versus Developers: 1 day workshop at Clubhack Pune December 2012
(http://www.clubhack.com/)
 Basics of Web Security: 1 day workshop at Payatu/TestYantra Bangalore November 2012
 Basics of Web Hacking: 1 day workshop at Amrita College Cochin September 2012
 Network Forensic: 1 day workshop at C0C0N Trivandrum September 2013 (http://is-
ra.org/c0c0n/)
 Cyber Crime Investigation and Information Warfare : Multiple workshops for govt. agencies
and defense organizations

2.  Cyber Security Awareness: 1 day workshop in BVB Eng. College, Hubli, 2014
 Ethical Hacking: at Corporates Bangalore 2010-11
Online
 Twitter: @titanlambda
 Linkedin: http://www.linkedin.com/in/tamaghnabasu
 Slideshare: http://slideshare.net/titanlambda/presentations
Section B – Topic details:
1. Title: Crawling Web (Darker Way) for Fun and Profit
2. Brief Description:
Lots of times we talk about targeted attacks where profiling or in general reconnaissance
is critical and most important thing to do very well. Without gathering valid and
appropriate information you might not be able to trigger a successful attack. Here I have
created a web proxy based tool which helps to map the web based on their relevance and
internal references.
What I will be mostly covering in this topic is:
a) How to crawl through web and search through it in automated manner for a
specific interest.
b) How to bypass, or rather postpone captcha which prevents you to do automated
crawling through search engines
c) TOOL RELEASE - Site Mapper : A web proxy based tool which parses through
the web proxy logs after the user is done with browsing and give you hidden,
juicy information about internal servers which the public server refer to while
loading the responses.