This is the deck which is used to present at c0c0n 2015. Due to some privacy reasons, I'm unable to share few screenshots. If interested please reach out to me.
If you have some feedback please drop an email to abhijeth0423@gmail.com.
Video will be published soon which will give more idea about the talk.
Also credits to: @mat www.wesecureapp.com
2. #whoami
Security Analyst at Adobe Systems
Hacking since 14 and gave sessions in most engineering colleges
Like many, found bugs in Google, Facebook, Yahoo, Microsoft and more
than 50 sites. Among Top 5 Bug hunters in Synack
A Telugu movie buff and a start up enthusiast
3. No organization or no company is responsible for whatever I talk for the next 30 minutes!!
10. Called up amazon and add a new credit card to amazon account
Associated email
Billing Address
Random Credit card number
Now they call again saying they lost the password
Name
Billing address
Credit card number
The attackers now got access to his amazon account
15. Chaining of web attacks
• Used majorly by Real attackers
• Understanding the application code and infrastructure in depth
• Using multiple vulnerabilities
• Knowledge on various technologies
Impacts
• Defacing sites
• Denial of service
• Deleting code, DBs, user profiles, customer data etc.
34. Insecure Direct Object Reference
Parameter tampering
CSRF
Perform illegal transactions
from a victim’s account
Access control violation
35. Target= Abhijeth
Abhijeth’s Bank Details
Access to someone’s details
Bruteforce and get Abhijeth’s details
Use this details to make illegal transaction!!