[PART 3] BSides Noida 0x02 - 22nd December 2024

BSides Noida2:51:32118 viewsPublished 2024-12Watch on YouTube ↗

Show transcript [en]

So So, this is the incident response example. We are in Kubernetes, so we have checked the permissions in Kubernetes. So, one of the findings comes, here the security comes, this side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other

side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other

side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the other side, the You can see that there is no finding in this. What will be caught? Bitcoin will be caught in this. Maltex will be caught in

this. There is no vote scan. It will be caught in this. So there are so many signatures in this. You can say that our talk yesterday was that Maltex will be caught. In this, you will see that Maltex is also You can see here Sorry So when it is not measured because either I will scan the marker from here after the upload or I will only report it after the marker scan. I will not get it uploaded. So we prefer to scan before uploading. So we have not done this before. We have done this before. So we have not done this before. And how do we do that? We have made a service of pilot route. So

where everything is uploaded on our app or website, it scans from our scooter first. And it also measures the file length, it takes extensions, and then it uploads everything. So this is the argument which will tell you about all the incidents which are happening in your area. Now let's take an example of a small machine. So you all are using a number and you are using a redox attack. So the service of AWS is called Sheel. So Sheel stops all your redox attacks. So Sheel is a service that is dedicated to saving redox. If redox is happening anywhere, then Sheel will stop. Let me show you an example of our redox attack. I will show you why we could

save it and why we could not. If you see, we have reviewed the entire request. So you have seen that first of all, CloudFront CDN came. So we put this on CDN. So it was first captured, then it was sent. The retos came two days ago. How many minutes did the retos take? 9 minutes. What was it? It was the request. Now we will go into details about it. So from here you will click on it and come. Which area will it come from? How much request will it get? What percentage will it get? From which country? About which other country? So here you will get the full picture of the whole process. That why this happened? And one thing is good

in this, if you have a lot of facts If you have added protection from Deloze, then you can also keep it auto-related. Like I will tell you a simple thing, you will see here, this thing which I have highlighted. Automatic application is Deloze application. We have disabled it. We have disabled it because sometimes Deloze is shown very positively. How it is shown here? Like we use microservices of communities. So in that case, what will happen is that our application is down. So our name is in logistics business. So what happens in logistics business is that the devices that come in the truck, so these guys are logistics, truck based logistics startup, which is called GPS in the trucks. So now if someone wants to send a base to

our server, but our server can't handle it, then why do we have to do all this? Because ideally, we have to show the location of the user code, so it takes all the data. If any service is down, let's say a mobile service that we use for traffic, if that is down, then in that case, when it is up, the whole bomb will be there, we will have 30 million tons. So, premium trucks, premium trucks, if they don't get the same amount of pins, then they don't get the same amount of bureaucracy. So, we have to learn automatically because it also learns legitimate requests. Okay, so this High level, over view incident response, incident response is very

good. Cloud detection response, which you have heard about in CDR, it happens in Jharkhand. CDR also comes under incident response. So, the big incident response is to react to any incident and at least make a lot of decisions. Which is logging and monitoring. So logging and monitoring basically we are learning from the name that whatever things are there, we need any visibility in the cloud that something is happening or not. For example, if there is a server and the CPU is spiked, then how will it be changed? When I have added logging and monitoring on it. So this can be done in various ways. Now security Let's say, let me show you the security system. Security is the concept of security

group. Security group means how much traffic can come from there, from where can call can be made and from where can it come from inside. So for example, I take a select and call and tell you that we are going to security. Security is not the same. These are all coming from the source, what protocols are coming, what rules are being used and what security group idea is there. What is the name of the security group? What is the description? Now any attacker gets access to AWS console If any attacker wants access to AWS console Then he needs access to a server So what will he do? Will he change in the security group so that he can identify on the server? So the first thing you will see

in the logging and monitoring is security group changes. If there is no change in the security group, then I have to make a real-time alert that someone has changed the security group. Then I will report it. Then I will see that this is a hand-off, then it is not. Or listen, someone has formed a public access. We should not do that. Similarly, I have put a phone on the web that someone is closing the payload. And someone has gone and turned off the web. So all these are all logging and monitoring. So, monitoring all these things is very important. Security group changes something, web application is being hired, so it changes its routes, it changes

its network ACLs, any non encrypted BIAs that are stored in the bucket, its S3 events, it tries to leak content from S3 bucket, so this other project tries to dump, many reports are made of put. So which is S3 when notification critical changes in infrastructure like public BMS installs, public bucket, so all this login and monitoring has to be done by the hackers. I will show you an example. The most used things in login and monitoring are CloudTrain, CloudWatch, SMS, Trusted Advisor, Configurator and Inspector. About Cloud Spring, we have talked about it, that it takes 90 days to complete one page of a store. The interview question is better, if I have a law paper to

verify that how many changes have been done in the infobank, and it has been done for 100 days, then how can I verify? Then Cloud Spring will not give the answer. Because Cloud Spring only takes 90 days, I did not want to keep it in the same way. So what can happen? CloudKill does something like this. So whatever will happen to the S3, whatever will happen to the policy, then it will come there and kill you. So CloudWatch, CloudWatch basically might try this. Like I have talked about CPU, how to know? So how will you know if it will be in CPU? CloudWatch, CloudWatch will make a metric of CPU and will do the same

thing. SNS is a simple notification service. Any mail that comes, like this mail. This mail came from security incident. This is the login and monitoring number. It was forcing SSS on our server. So this mail, why did it get triggered? You see here the name of the service is SNS. So this gets triggered on this service. Simple notification service. It can be mail, call, etc. It can be any other. But not just notifications. Trusted Advisor. Just an advisor is like, a portal where it tells you that your account's configuration will change into a proper security posture. If you private your 3rd market publican, then your security posture will be better. Just an advisor is not

a configuration. What is the difference between Cloudflare and Cloudflare? Cloudflare is basically a cloud-operated email. So if we take an example of this, it is very much about conflict and what is inside the cloud. For example, cloud notes the constitutional changes. Like I said, S3 is a storage market, everyone knows that. Now if I have released any data from S3, then it will be one call. So, like after S3, we store things in S3. So in compliance, you have to identify PIs. Like India Right compliance is in D3D. So in D3D, you have to store all the PIs, personally identifiable information, very well. So what does MESI do? You store a lot of data in S3, your storage marketer. So MESI sends S3 for PIs

specifically. If there is no PI, then it is not in the unnoticed bucket, then it is shown as handle, which is missing. Inspector basically inspects EC2 instance, EKS cluster, inspects everything including security patches. So, if like, if you have switched access, if you have switched access, so basically it does all the server's respect. It stands for the server and it is the only thing that is done. Now, what does logging and monitoring look like? You can take your example. Someone did this. Public bucket access grant. Someone made the bucket public. And no bucket should be public. So our each and every bucket should not be public. So this is our life. We can see this because of logging and monitoring. Because

our logging and monitoring has good security features. That's why we are caught. Now let's see this. Let's look at two domains. The third domain is infrastructure security. Now all these things come into this. When we make the infrastructure, there is a problem in the configuration. Let's say that I have launched EC2 instance and attached it to public IP. So will this misconfiguration happen or not? EC2 instance always attaches to public IP, so will this misconfiguration not happen? You security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security

security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security

security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security security Most important thing is the services used which is to secure the whole infrastructure. So what all things will be used? VAT which will protect you from outside. Law firm degree which will put your certificates on the book. HCPS certificates. Sheet, sheet list will be made from the book. Law firm which will be your pendant, which will be your pendant. Inspector who will do the behavior. Security will tell you about the compliance. These are the examples of what

are the security of infrastructure. CloudFront is CDN, CDN also known as Edge Computing. Did you know this? So what is edge computing? Because the request that someone is doing, CDN is done by the server, it doesn't let it come from the server. It returns the static cache data from the edge. That is why it is also known as edge computing. So we will see edge security in CloudFront. If we detect any misconfiguration, like publicing the EC-Polster, or if there is a vulnerability in any server, or publicing the S3 bucket, etc. How do we know which misconfiguration is there? What are the negatives? We will analyze all of that. If we talk about DDoS protection, company management, security, etc. If any secrets are not disclosed, then this

is also called a money hole. Let's talk about MESI. What does MESI do? What do you think, Karasi? It is a BIS. We have calculated this. We have collected financial information, the numbers of credit cards, etc. So listen to this message box. It is very easy to add messages. Here, the message box is kept in one box. Yes, the message box is kept in another box. You just have to click on the message box and directly select the target. These are various things. So these are the rules of WAF, you can see them here. Diversified trade limiting, other countries block, block endpoints, banter traffic protection. So these are the rules of WAF. We can see these rules of WAF in the portal. Let's take an

example, a very good question. If you like any interview with the House of Lords, then you will definitely get this question. The question will be covered by the EC2. So, Now we are taking backpacks in the baggage. So let me show you backpacks first. So these are backpacks. There are rule groups. We don't go into depth now. What are the rule groups? Why do we have to make a rule group? There is a one-on-one match. We don't talk about that now. We just take overview. We will guide you how to move ahead, how to go into depth. When you go into the rule groups, you will see your universal rule set. So the universal concept is that what happens when you have

some accesses saved like dp overflow, cuckoo overflow, alarm, etc. So how do we attach the waveforms? The best question we are going to discuss is about PC clusters. Let's say I have a use case that I want to publicize it in Easy Business I want a public server So in this case you say that it is fine, I will give you a customer named DevOps team DevOps team will say that you should put proper security measures on it That it will come from public and it can get any attacks, it can get any sprituals, it can get any try So you put OS's rule on it Why? Yes, to extend the closing. So if we talk about networking, then both of them have layers. So

their working layer is different. One works on network layer and the other on session layer. So you can apply an item of one layer on that layer. So graph cannot be attached to EC2 instance. So that's why any server's you have to take a direct public action what you have to do instead is that you have to be a cloud friend of it either you put it on the ALP or you can point it at the server So when we make this route, then your web, which is the production of the feed box, which is the advanced sheet, it can't directly take the web or the host. So whatever the sheet is, you can make a route from the cloud front, which is public routes. Otherwise, the instance that

will not work here, if you look at it like this, then it will be So, we started with the idea of directly accessing the server. This was our server, which people tried to access. So, we started with the popular blog, and we started with the popular account. Directly, we started with the server. This is what is happening in the field of identity and access management. Basically, all the hard work that is done, like zero trust, principle of ease, all that is done through identity and access management. Now, we don't have to talk about any loud specific topic, like identity and access management will be done by everyone. In the slide that came today, you have a particular category. So, every cloud is

the same. Even if you are a security specialist or a daily, then you have to have a certain category. So, what are the things that come up? Find, trace, control, R-back, permissions, security groups, making roles, making groups, all these things are identified in the name. I mean So in that case we use IDN decentralized. As you can see, I showed you the gmail. So, I will give you an example. This is how we received the notification that alarm has been reduced, this cloud has been reduced, this region has been reduced, etc. So, how identity center plays? So, we have to log in to AWS from the ID password. So these are permission sets which are

managed in identity center. Other than that, what we call a bar, it's a line. I mean, it's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a

line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a

line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It's a line. It So IAM and Identity Center are two different things. IAM is used to manage users of AWS and in Identity Center, it is used to manage SSO users. You have to include every user. Now what other things are there in IAM? Most of the services are used by IAM, AWS Organizations. What happens in AWS Organizations? We have server or account. We do accounts. AWS Organizations like VRA, Visa Organizations. We have all the work, it can be in the stage, it can be in production. Here we separate it. Here we make it a

part of the organization. So if you see here, I am logging here. I am not doing it on my own, I am getting this mouse tool. This tool comes because these accounts are part of one organization. So AWS organization is for that. AWS organization is called SCP. Service Control Policies. Let's talk about this. One is identity acceptance, SPS. Now, no one has access to the SSR. You need to take a visa for 10 days, you need 15 days. How will you give it at this time? Either you will complete the user, give them full access, or you will forget to give them the permission. So, for temporary access, SPS is used, September Local Service. So, this is time-based. You will get the protection of 10 days

and 10 days. cognitive user-proof and it is used for access S3, S3's pre-signed and access policy which is also used in identity center S3's bucket policy is written like this initially it is not very scary, means you have seen it before, the policies that are made by logs, they are very scary. Now what is it? As soon as you start working, it becomes very simple, I will tell you from experience And you should not be able to read this in the raw form. Whatever the logs are, cloud-based logs, cloud-fronted logs, any email that comes in, you should not read it in the raw form. Because if you are not even appearing in certification, you are not even stripping the AID and the ECQ, you are not even doing the

GCQ, the security, you should not be able to read it in the raw form. So you should not be able to read it in the raw form. So If I ask you, is there any way to make it so that I can access the admin on any particular thing? Let's say, if we look at the S3 bucket, even the admin doesn't have it. How can this happen? Super admin doesn't have it either. How can you do that? What policies? If you use the S3 bucket's policies, the admin will explain and change the policy. Think about it. Tell me. Oh no, man. So see what happens. Now we will talk about organization. As you know, the organization is like a pizza. Pizza has

a different name. Now I want to put the policy of organization that all the accounts that will be made in this organization whether it is admin or super admin or developer or DevOps CEO, no one will get access. The best way to achieve this is STP, Service Control Policy, Organizational Level Certification from where we can get access to admin, admin cannot access a particular thing.

Here in AWS Organizations. This is the business teaching and business technology. So, when you say any teaching, you go to policies here, then you will be told that service control policies. These are such that if you attach that in which account, whatever user is there, whether it is admin or not, give him access to it. Like they have a perfect denied tag feature. So, for recent tools or test, any service is there whose tags are not there. So we decided that we don't need any debt because we need to identify the source. So this is how you can put the service control policy and we can also use any of these. Which one is identity and some other.

Data protection. These are the last two. So what happens in this domain is that If we talk about compliances, then all the compliances are integrated and data is not robbed. Data is robbed, everything is here. If we talk about encryption and test, encryption and transit, everything will be here. The encryption of S3 bucket will also be here. Keep an object like this, keep it encrypted with that high latency and keep it with S3. When we encrypt with this protocol, everything will come under data protection. I will give you a quick answer. So you can see real life examples encryption address, encryption transit, key rotation, server side encryption, light side encryption, SSL certification, protocol for SSL, secrets

manager, all these things, AWS fair or any cloud where data protection is used, that will be included in the data protection category. And let's talk about this, DLS and SSL are used in it, that too does not come with data protection. Now DLS and SSL have brought SSL Labs. Yes, so SSL Labs, you must have seen that this website is the gold corner of DLS. It is not using 1.4, it is using 1.1, it is using 4 or 8, its rating has dropped. So, Now I will show you

Thank you. If we talk about load balancer, then what is our interest in load balancer? In SDPPS. SDPPS is a protocol number. So what is the code number? 440. So what is the security pattern of 440? So you can see here that I have put a policy here. I have put a policy like this. This is how we test. We try to find stronger protocols. And which protocols to choose depends on our use case. Data production is a key management service. Like we said before, encryption at rest. So how is encryption at rest done? What happens to it? It is encrypted, it is encrypted. It is not encrypted, it is not encrypted. So how is it encrypted? So to get it,

we need a key. So where does the key come from? KMS. We put the key of KMS on a particular object and then we integrate KMS when we have to use it. So S3 is the part of data protection. You can see here. This is what we have seen here. This is the security of the IP. And this is the S3 IP. S3 is basically your storage. So S3 has 3 types of storage. There are 3 types of encryption. You can encrypt it according to 3 types. SSC S3, SSC KMS, DSC KMS. Is there any idea which one is best? If someone has told you then you can make a very good one. Okay. SSC KMS is preferred because

its key is managed by itself This is dual encryption, it takes a lot of time to use it but provides highest security SSC S3 is like encryption address but let's say the email address is reached someone got the S3's S3 So if we have encrypted like this and that object is connected to Nandira So at that time we have encrypted ourselves like this So this is not the whole name, either the question is for this or that So once we have done this, the security work that has been done for the past two months So IAM is Identical Access Management, it has two things, one is IAM, you can do it with IAM, but it is IAM itself. The next one is Infrastructure Security, so

the day EAP is done and the day the humility is done, the scan will be done, the year will come. The fourth is Data Protection, the data will be data protected, the data protection will be data protected. Now the fourth topic is that we will learn some lessons from cloud misconfiguration which is CST So what does cloud misconfiguration mean? We will discuss it now So basically this is what cloud misconfiguration is I mean, if it is done till now, then it doesn't matter Now we will see the demo, how to do misconfiguration, how to remember misconfiguration So from here we will focus So the topic will start from here is Cloud security question management, what are the things that

are called misconfiguration? I gave someone an undisputed access area of my network, which is misconfiguration. Bucket bucketing, which is a misconfiguration. Using outdated software version is also a misconfiguration. Non-compliance with security standards. Misconfigured firewall rules. Unencrypted data in class means detection task over all. Xcode, database code and db public. Publicly available. db public. Expired SSL and ALS certificates. So all this is done. Let's see what we do with this file. First let's take the example of row. Then we will see its automation. And how to find it manually. We will see that too. Okay. So what is the use case of this? Publicly accessible s3 bucket. Is this bucket publicly accessible? So how can we find it? When you are in any

organization, you have to look for this style. Or you have to check the public bucket. Or you can block the S3, there is an option. If you are in this level, then you can do this. There is an option here, block public access settings for this. So remember to check this, and if you make a public debate, then also it will remain public. Because I have enforced this in the form of accounts. Let's do it quickly, let's talk. This is a use case, another use case. What type of locks will be put in the delivery? Now see How do we know what to check? How many tests do we do? Can we manually check it? Can we find

an automated scanner?

So, we have to find out why this happened and what happened. Some of the real life incidents have happened. US was involved in the US-Munich fight. With the help of the S3 market. There was a data breach of the SSL. The same S3 market was left to us. So, to find out the S3 market is very critical. And, we have an ad tech company in India. We have a company called Lensys. So, we have to find out the case of that company. Similar to that, there are two more cases. This is the case. If you have any misconfiguration, server will be signed. If such a situation arises, it has to be handled. What are the challenges? What is

the implementation? What is the commission? What is the automation? Let's discuss this in the document. We will discuss it in the document. Okay. Now, First of all, let's talk about this. Let's say you are doing a book committee. Now you have to know about the book committee. For example, if the book committee is using the visa or not. Because if you are doing a book committee, you have to know about the visa. DNS is a course. Okay. And other than DNS, you can take the example of CloudFit. If you have done CloudFIT, then what do you do? I do sports and tennis. Sports and tennis. Sports and tennis. Okay, we will come to that. And IP range. IP range is still different, it is because of DNS.

So I will tell you. The most simple is to use the same tool with Liferay. Means, no one will see anything. I will take 5 bucks from there. I took 5 bucks from there. I applied for 3-4 times. You must have known the appaliser. The service of 3-4 times is this. So, now, I am confirming. Now, I have to find an issue that if I want to get public of S3 bucket, then it will be a big problem. I will report them and take more money. So, now, what will be done? It is possible that they will find that there is no S3 bucket. Source code analysis. Source code analysis is done. Targeting. Targeting root for sure. Let's say I

have given you a bucket term. Inside quality 1 to 3. So you will give me a permutation of inside. So can be a good solution but not a best solution. Source code analysis is good. Apart from that?

So the best thing to do is to store anything in S3, objects, photos, images, any data So wherever there is upload functionality, you can store things like that. First of all, you should know if AWS has it or not. Then you will come to second, where upload is also a strategy. So there you will know where to put the profile or document. So when you will see the request response, I will show you a screenshot. I have uploaded here. This is the same example that I am telling you about the password. So I uploaded here. I got to know about the design URL. I didn't know that it was a user-ready database. So I uploaded a photo of it. It uploaded

a photo. I got a URL for the photo. From here I got to know the name of the bucket. The company's name was Dash Static. I got to know from here. Okay? Then I said, "Let me show you." So I tried to see if it was public or not. Now I'll show you a 30-second tutorial. You'll understand. *Pewds talking* Now see the code I have the full certificate, all their certifications, media, their courses, paid courses of Rs. 30,000, all of those courses are in their system. These are the results of their evaluation, everything. These are the practicals, the whole assessment is done. Now see, the sector is very good, from the course to the entire data.

Let's see how much data we have. And some data was not taken out, that day you will get a lot of information. So this is how, we are going to talk about this. How this is approaching to the AOS users. Since this topic was not so good, we did not even explore it. But this whole red thing, we saw it in the party. Now let's quickly talk about the automation. How do you get into this company? They are very much interested in security and security automation. This one is for automation. AWS, GCP, Azure, Alibaba. These are some of them. I mean, the controls that are required, they should be there. You can check it out on any website. You can see it later.

All of them have hyperlinks. All of these will be discussed. We will be discussing it. Automation tools. Trawler, Scouters, Agao, AWS security, Razorglou. All of them have those. Now we will use the Trawler. So, we will start. First of all, protocol is used for peer access. Here, the staging account is here. Here, the number is observed. And in this terminal, it is imported. It is not perfect because there is no customer text. We run the protocol. That's it. I will put it here, let's not get into the topic. For example, if you look here, the crawler goes like this. It will go like this. . You can practice a lot. There is a lab called

CloudFood by Lionel Labs. You can do it. And if I tell you the changes, you should know it. You will get the security as soon as you do it. It is of the same website. Now it is being domineered. I will show it to you. And the rest of the documentation, if you have, I will share it with you later. I will put it in the comment section. So you can suggest me from there. So this is what it is. I will end the question. Whatever you put, you can connect it to LinkedIn. Don't call. I will put it in the comment section. Just call or put it in the comment section. Sorry. Put it on LinkedIn or on Gmail. LinkedIn.com.

And if you put it on someone, they will call you. SSI is very common in the cloud. Does AWS provide such things or you are interested in it? AWS does not provide it from its side. You have to figure it out yourself. Like if we talk about the server, you have to look at the path, you have to look at the input sanitization. AWS does not manage that. And there are other things. Because when you are saying that you are scanning PIA from Macy's, your company, the coordination you are saying, that happens only when you are working with someone outside. You are not doing it in your company. Complicitly, it falls on your organization. I can give you an example.

You don't have to do the vehicle, you will not have to take out the ticket issues, the violation of your driver's license. But you are looking at it yourself. To make your company better, to make your security better, similarly you can do it. It is automatically specified that you have to start the bus. Which is compliant. So automatically it will take you. And whenever I run, it is very big and it takes a lot of time. So once you see the packet, what size of the student you are giving to the boss, then after that you can be aware of the message used. So, I have to call you and I will ask you to

use any tool. So, let's say you take an example. Okay so guys I would like to invite our next speaker, Armaan Sidana. Armaan is a side-seeker in professional wizardry like OSDB, CH, CISA, CSFPC and ISA. He is also a Guinness World Record holder, shooter and national boxer. Truly a mighty fighter. Congratulations, Armaan Sidana to the stage. Guys, up the hall. Good afternoon guys, can you wave me till the back please? Just give me a raise. Alright, so I have two ways. Like we will come to the next chapter. Either you can be sleepy Or you can interact with them because that's what everyone is waiting for, that's bug bounty. And everyone has a major problem that

bug bounty is shown on all the demo platforms. Life doesn't work, we have a habit of calling bugs live. Who thinks this is right? That life doesn't work, they just play on that particular link. So what do we do? which is because we are really great but we have a little bit of a source because we have come to this world to eat so for a quick quiz of cybersecurity we will do a live quiz and whoever will write that quiz will get a customer's t-shirt from my company right? whoever you want to print on that with my company's logo you can do that so how to join the quiz just go to slido.com and you have to fill in the code on the homepage here you can

scan this But there are some rules to make this really interesting. If you want to play this game, play it right. Everyone is fine with Hindi, right? Alright, give me a second please.

So there are some rules for joining this which join with your own name, don't join with someone's name, someone's father, someone's mother name, there are inspections. So that should be great because if you win the game, I can't say that someone's father should come on stage to get honored. So just keep a track of that voting and it has some rules that if you give the right answer, then also you have to give it fast and if you don't get the right answer, then also give the wrong answer fast. Right? You know the rules, okay? I'll give it just one more minute because we are already short of time. So just one more minute for

everyone to join. And you'll get one only. What I have planned for the rest of the people who are playing, there's a giveaway of the Bug Bounty Quizz, like Bug Bounty Coast. The three of us will give it for free to everyone. That's great, okay guys? Give it up for the cheers please. So here comes your first question. What else a reversal use for in penetration exercise? Quotients are very easy so that everyone can score. We are not only going to score everything. These are the basic things that we have seen. So there is a cherry on the top that whoever wins will get a specific gift like an E6 quote. But it would be really great. So yeah, the cherry on the top. So

87% people said sending commands from the attacker's machine to the target. That's right. But let's see who gave the right answer in the fastest time. Who saw the journey? Who saw it? That's great. So what we will do is play it quickly so that we don't miss any bug bounty. So I will be wrapping it up fast, right? Second question, what is the purpose of intrusion prevention systems in network security? Encrypting data transmissions, managing access controls, identifying blocking suspicious network traffic in real time. Or auditing user activity logs. What happens? Will it happen? No. GDPR hua? Okay. So kitne log ho mein GDPR hua? Right, as a good one, theory. That's great. The literature changed a bit.

Vikas is on second, then who's? Anuj bhai in on fourth. Then Gopal on third. Sintu? Who's Sintu? Pakka na mein hai. What is shared responsibility model in cloud security? Shared responsibility. When I was gonna take the question, I had bata nahi it's a It is said that the correct answer is the one that is longer. Have you noticed? It is possible that the correct answer is the one that is longer. But people see it and think that it is longer. They don't know what is the answer. Right? What is the purpose of digital signatures in cryptography? Digital signatures are a great idea. Let me tell you a very funny story related to digital signatures. Netto issue can happen. How about that? So I

asked a person about the digital signature. He said that a e-sign will make a digital signature. I asked him how he will prove it. He said that I have signed it and I want to match my signature. So that's not the case. Digital signature is something, a proof that you have signed it and you are responsible for what you are sending. So multiple types of digital signatures are there, let's not go on to that. So I am trying to give a little context on every question. So to authenticate the center of the message that's right, the leaderboard changed. Who's the group? Here. Sit back and make big names. Bad mentions on top. Which bad mentions

are right in the room? All of them, cyber security, all bad mentions. Which of the following encryption algorithms is considered the most secure for protecting data? This could be tricky. Because there is a misconception that people who listen to Johnshy more, they mark it. That's why Johnshy has the most algorithmic knowledge. Amplify has also marked it. So the major proportion is divided between RSA and ABS. So ABS is right. Great guess. Next thing, what is the difference between cloud security and traditional on-premises security? What is the difference in things? That you are using the bigger the better one again. I can hear the changes. Guys, you are using the bigger the better one. I am doing a team fire. This is a joke. No, people are

not paying their salaries properly. What is the purpose of a vulnerability management program? So let's see the answer. Identifying prioritizing and remedying security vulnerabilities. That's right. Saurabh on top again. And let's see the next question. What is the main objective of a man in the middle attack? Man in the middle. *Mumbling* Not always but yeah, majorly. Which tool is used for networks, lifting and password capturing? *Mumbling* So, Bhaiya Shah, this is a summary that has been done in this as well. Which technique is commonly used to bypass anti-virus detection during an attack? Net issue guys, let's cancel this question because we have answered this question already. Let's cancel this. This is the toughest question. Now, the question is, which of the following is not a

common authentication factor? What are you doing? Who are you? What do you have? What do you know? Hindi. Just in case someone doesn't understand. So, what is a common authentication factor? You are better at it. So, where are you? Let's move back to the video. What is the primary goal of a risk assessment? Rishka and Jauh are the fastest. There is no bigger the matter. Just two more questions left guys. Then we would start with the core topic of this thing. And the second last question is what is data sovereignty in the context of problem computing? There is a net issue. Let's just bear with that. Now it has come. It has come. It has never come. Come

on, let's go. Let us find this. One second. How below? Haven't been here? Aaga ya? Late. Bust 2 questions ki wala guys. What is data sovereignty in the context of cloud computing? Iska ki answer mark hai guys? Aewale hai? Saare aewale hai? Let's see. Baisa isme toh bigger and better wala manda nahi tha. Kaise guess kiya hai? Aan sabhi sabka ghalat hua hai. But this consensus mechanism is used in Ethereum blockchain. Well, now it's updated. I think I'm making a mistake. Anyone is interested in blockchain and stuff? No? Which is more interesting? Let's see. Most of the people... Oh, who wrote the second option? Delegated proof of stake. This way the analyst has made an interesting

point. I got it marked as complex. It's proof of stake. The last version of Ethereum was back in November 2022. It has proof of stake. So, enjoy the quiz guys. No, on. No problem. Right. I enjoyed the quiz guys. Because even for this, So, before I even started the quiz, I had given the introduction. So, you should know about me. Right? So, this is about me. I am the CEO and founder of Lexus Security and before making any statement, I am just 21 years old. I don't know. So I am OSCP. And the best thing is that those who got inspired by OSCP are with me today. Please give a huge round of applause for

him. So we are the official partners with PC Council And word by word I have trained lakhs of students but this is something the number jo stats pe you deliver dita I have been tested 150+ companies and I am currently top 10 in the world of Yogosha for this quarter. and a lot of things. So this is something which my profession set-cam Guinness World Record holder. I am a national box set with 52 knockouts. Till the time I play, I have not been knocked out once. And I am the author of two books. I write books. I am Mr. Thrillers' lifesaver and I am a guitarist and singer. And I can dance to the generator. So if we move ahead, there is offensive security not

doing much into it, everyone knows. When we are attacking with the mindset to break it and create a pain in the head of the development team or the defensive team, that is called offensive security. Basically if you have a 2-man team and you want to take revenge on the defensive team, the best thing you can do is be in the offensive team. Right? So second thing is understanding the retinue we have pretty much covered what is retinue I won't be repeating the same concepts again and again But main concern is that we have done the certifications but we are not getting the jobs The main reason for not getting the jobs is that you don't

have real sense You have just been in a simulated environment There is a saying that a dog also shares in the house So that dog are all us and your street is a simulated environment Till you come out, you don't know how much water you are in. Right? Making sense my friends? So if you come out, you don't know how much water you are in. Networking is very important. See there are two types of people, introvert and extrovert. Introverts, I am not saying that due to respect introverts are bad but the level which an extrovert can reach in a day, an introvert can't reach that day. Because he doesn't know how to manipulate a person.

And life is all about manipulation. From childhood, from manipulating your parents to manipulating your wives and children, you should know how to manipulate them Because you need manipulation to do deeds, you need to increase your CPC often, that's manipulation So the concept of manipulation is patience If you are playing on the shuttle, let's take an example, if you like a girl or a boy, you take him on the shuttle and say, "If I don't find you, I will die" Your job is never done. So patience is the key to manipulation. So being humble, resourcefulness and if you want to do any business, then to do that business, first you have to do a job in

that field. With job, we know how to create our employees. And what we don't have to tell our employees. Business is all about a curtain. Any business is a big deal, it's all about the cover Being a owner, if you are able to cover it, that's the great thing about it So I am not going to the business perspective plus But if you go ahead, this is not a conclusion So the best thing which we are going to do right now is I am taking a live website And we do quite testing on live website, here it is Alright, let me just adjust the screen, everyone is looking good on screen right? I have to

adjust the size too right? He is bigger the better than me. Right. So I am taking the example of a website, volunteerlocal.com Before making anything, before making any spying on this website, we will report it to the boss. This is my client, I have permission, you guys do it and it will be a case. Right. Because the boss told me, someone else tells you on LinkedIn, it's exploit is not done, it doesn't work in a fantastic way. If your IP address is leaked, you will think that if I retain it, then MAC address is something, it will reach to the root. MAC address is not easy, not everyone can do it. So this is the

platform. Before this, I will explain you that just having a website and entering in it is not all about what we are talking about. If certification circuit, if someone was doing hacking, then everyone who has to eat ratta, they will eat the food of hacking. Hacking is all about your mindset. I don't care about the thing that you have practiced once I don't care about the thing that you have practiced 100 times The more you know, the more your mind works in that field If you haven't heard about a bug, then you can't even see the road So that's the core concept of our thing and always maintain your checklist. Checklist means don't miss any stuff. Because what you do is you choose the bandwagon, you

check it every time, So, I am going to follow this and see how we approach that target. So, the target over here is volunteer local. The first thing we should do is understand what are the sub-domains of this. So, you can use sub-domain finder, call it, that's up to your choice. So, if you have a sub-domain finder, I am sticking to very basic, I am using Fancy. So we go to subdomain fighter. You will see that the volunteers are not subdomains of such companies because one website is pretty much sufficient for them to work. I am not talking about MNCs, MNCs have multiple infrastructure which is out there. But to understand that you need a whole automation. to get the screenshots, get the subdomains

and everything. Now, this subdomain is not most probably we are facing some sort of network issue. We assume that this is a single domain which we need to focus on. And to save time, I know it has a record, it is not there. So that we can patch it, it has not showed any record yet. Now, mostly, we don't understand this one single thing. Guys, you have a plan to rap fast, right? No, I am asking you to rap fast. I don't think you will rap fast. Make some noise. It's the voice of the people. So, we think that there is nothing to show. So, what we do is we click on get started. From here, you have to prepare a mind map that which

are the functionalities that we will start exploring. So, the first thing is your name. Wherever you see input fields, you have to write your name along with the accesses period. It's not all about accesses. The basic thing you should know is that if you are writing a name, one thing is enough for you to confirm that the accesses escalate post normal extreme and injection. Now everyone knows what is tax, it will underline, if it underlines then there are 70% chances that it will escalate to excess. And mail id you put in your account, or in your tempo, that hardly matters but the difference is that if you test a lot, you will get spammed, your

mail box will be filled, so always use 10 minutes, it hardly takes a few minutes to make an account, take any mail from 10th page, this is not to be taken into account, there are many delays in preferences, this one is good. Yeah, this one is hard to use. This one doesn't have delay. This one is refreshes, net is not that much delay. Input field on email has very less sense of access payload Because if you try access there, you won't be able to access it because there are proper rules that there should be an ad-ret in Gmail, Yahoo So here access payload will not make sense, I am not saying that it will not make sense anywhere but here In organization, there is a

lot of SSTI, everyone knows about SSTI? Yes sir What happened? So you took an HTML injection in one place. Let's take a doubt of the benefit. That the developer is high on beat and he is making the same mistake everywhere. Why should you take the same assumption? You tried it in one place in Html and did it in SSTI. If he comes to Ganja, he must have done that mistake in every field. He must have used the same protection SSTI on your name and not on the organization. That's how it diversifies. If I put the same Html injection payload in every field, I can't test for SSTI. Doing the same thing four times or I am taking the time to do it once, that

is still a bug hunting. Sitting for 24 minutes doesn't make any sense. So it's asking for a plan, I am not sure yet. I am a volunteer. Now this is something, this is a text box. Everyone knows that, everyone knows that, this is a text box. If I want to escape from the text box, then one thing I would do is, double columns and I will put a page here. I am taking this as a benefit of doubt because it has just started and I am just saying that I don't want to do this. This is basic coding stuff, we will not go into this. So in a login form, I have confirmed three injection

points. I have run the edge table, added pure XSS and added SSCA above. If anything could get triggered, then I will know which of my things is working. If I click on sign up, I guess sign up page will not load. The button will not load. I have to refresh it. Maybe it has shifted to the top, I don't know. The button has loaded, right? Let's explain it and pre-fill it quickly. Just give me a second. Whatever it is, it hardly matters. We have pre-filled it. Next, we have the email. And yeah, by the time I'm filling this particular thing, So one thing that I will recommend to you is that, even if you do this much, it is still an avoidance. The

higher the scope, the higher the chances you would be getting a bug. Report valid. There are multiple reasons for that. Like I was having a discussion in the morning Anuj bhai was hunting on program called cash by cash. Bug crowd with program called cash by cash. So if you want to show the bug crowd panel, why not sign a page for it? I have already missed it. So, just a moment while you are setting things up, while you are loading, you see the scope. Now, what happened in the cache pack case? When I did the subdomain and the operations, I have heard about 16,000 bugs. So, I saw the domain, it was a shopping website but it was not listed with Shopify. Everyone knows about

DMARC, record value. It is written in the mailing server that I have reported the bug crowd and they said that they use the subdomain for mailing. Not article path here. By God's grace, when I had to make a feedback form there, I made a feedback form and I got a response and on top of that, their money was being used. I took a screenshot, sent it to the book crowd, and I got $250 in my name. So this is something that if you had filled it with 10,000, then it would have been used. Pros and cons both are the same, make a Gmail account but make a mail. Sometimes SSCI triggers and it takes 6

months. I got the Bounty Team SSCI trigger after 7 months because they launched an event campaign. I got something around $22500 for that much. I gave it an escalator till today. You can't see these things on Tempo Mail. So we got over into the profile. The first thing we will see is that what has been executed in the mail. If we see that So, did you get any underline from the high-end company? No. Did you get an SSC? No. So, the next thing is to check if this is verified or not. Because if you notice, we didn't get confirmation or OTP, but we got logged in. If you are doing a private pen test, then

this is a good time. The company will take 50$ easily because this is a security best practice. You will report the bug crowd and I will get ID. Hmm. The name of this bug is weak email confirmation because the URL is not having a HTTPS but it also has two mutations. If your confirmation link is taking you directly to the dashboard then only it will be considered as P4. If the confirmation link is used once and then it expires the second time then it is P5. Does anyone understand why? Let's assume let's say any random person We can't say it's an account takeover because of money crashes. or less message level but it's a default which

a company should correct that once it's used it shouldn't get redirected to the dashboard Now the first thing we asked was create a password From here a bug starts if we see, what you have to do is it will correct it Now did I enter a password here? No, you didn't I entered a space So entering a space in a password is a no password policy No password policies and P4 bugs, these are also bugs. It's fun guys, I'm just quickly covering what are the bugs. These are the bugs you will find in the website which people should ignore. Everyone looks for CSR, it's not one thing that I have learned in my career, it's not how fancy you are about me bugs, it's about how you think your

application can work. The more basic you are, the more payouts you will get. And you will be able to test something that people can't even imagine. So our email is verified. If we go to the dashboard, now most of the people will click on the left, right, or whatever they want. One thing I see in lot of beginners is that whatever input points they have, they are mind exercise to exercise. For example, SQL, Map, it's not that how it works. You should know that, if I tell you a very good thing, which is very good in my career, that 80% bugs are business logic. that a business should run like this, a website should run like this but it doesn't work like this if

I want to see a realized POC which I have found in an website because here we will have to find that scenario to take a lot of time let me go to the drive of mine just give me a beer with me for one second guys So this is account section. So this is your profile. If we go over here, the first thing that I see is first name. Now what happened is that I entered XIU. There is no field in first name here. Which is pretty much fishy for me. That I entered first name, why it is not showing here. That means there is some miscommunication of this particular thing. You again enter the same thing here. There are two reasons for

that. Don't ever think that the functionality ...login se pehle chal rahe thi, it's same after long. Because kahin dhelpas nahin rehte, whole another level of logic. Yeh nahin rehte ho, ki saamne wala kis mentality ke saad aaya. So we did that, if I click on save user, save user kar dijiye, ab yaha pe kya aaya, file has been updated. That's great. Ab hume yeh dhunna hai ki hume toh yaha pe tags daale the. Tags hote hai guys? Underline is here and content filtering is here. No need to waste time on that. By chance, bypass content filtering. That's great. But what happens is, if you are doing a sky test, you have ample of time. But if you have bug mounting program, you don't have ample of time to hit

and try. Once I got a bug of 15000 dollars in 30 minutes. You can understand that I didn't have to spend 12 lakhs to get it. So you can't hit and try or multiple things and try and then I will report you. You just need to be as quick as you want. So you also know how to duplicate. Next thing is where is the email? Now bugs start from here also. I will just get another email. I will search for another email. I just do one thing, I clicked on it and I am trying to replace this email but it doesn't work. Now this is an intended functionality. Many people will miss this. But all this is a break. What is a break? You have to go to

inspect the environment. You have to do it right? Yes. There is one more way, the second way is if you just capture this request, this is the first time I am using WorkSoul in this session. That is also a funny thing. Now one more thing to learn from this is that you don't need fancy tools to get works. And the day you discover the work, you will be able to test it anyway. So it's not about just giving a minute I will explain you something. A person asked me, "brother, take your PC, it will cost you crores." I said, "brother, I will use your tools, I will use your checklist, I will not pay you."

This is a misconception. When I was learning, I used to think that there is a bug attack, there is a bug attack. So I told him to give me a laptop for the next day. I will give you money for that. Because I thought that in a laptop like Jal Poonam 8.1, you get something when you search for it. It is very difficult but that's not true. The person who is running the laptop depends on his skill set. No tool makes you good. I agree. I was in a podcast where a person asked me to tell the truth about OSK. OSCP is not a tool, it depends on how deep you want to go You

have to retrieve so much cache, it's all upon you. Now to say AD, Active Directory means OSCP's Active Directory is very hard and very easy Now I sit with a sharp mount, the number of hours is better than that I stick to manual basis I retrieve it, so it's not about the tools If we capture it here I captured a request, intercept on and save to the user I got the request, I received the request and it works fine So this is a particular request, if I just make it big for you guys and you can see Email is empty here, what the developer did, he restricted the frontend, he didn't do backend So this is

also a bug, P4 will go but its case scenario is very different If you don't do this with CSRF So it will be P2 easily But we will not go there because people don't know how to go with core functionality So what we do is we do a basic scenario and I will put it in my mail And this is not my primary way So I am entering my own mail id Now nothing is going to happen by looking at this, I will call and I will not take the account Generally people get too crazy on seeing a bug but we don't know that if we click here to intercept response to this request then back end is actually not letting us trade or

not. If I do that, it should be written above that profile is updated, go to your profile, email changed, this also happens. It's not relatively that we can see the feature in the backend, so we will put it in the backend. Now you will say that we are not getting any bug in the real world. Right? Now not a single bug is reportable because it is my client. Right? I will sit and show you the bug and you will put it in my account. Right, so all the bugs have already taken money and fixed it but I will tell you how to do it from the authority of real web. Okay, now we have done this functionality test, here is the functionality to reset your password.

Everyone loves rate limits, right? Now one thing about rate limits is that I have a file called resetpassword.php here. Now I have found out that with the help of backend technology, I have got a fancy rapidizer, no need for a button. Common sense. Okay? Don't laugh. You will think that I am targeting you. It's not like that. Now here you can do multiple tasks. Everyone can see this mail. Now here I can add one more mail. I will add an 'and' packet. I will add an 'e' packet. So this is kind of a mutation attack. That I want the backend to believe that you have sent the reset password mail on two mails. That's an attack Excel. Again, its security is defined in many

factors. If you will do the attack before logging and you get a password, then it's a P1. Right? So that P1 will go. If it didn't come, then it's a defender. Let's see. We will click on the locker from the slide. Let's take two arrangements. I clicked on response. And let's wait for the response. 2p over here this is the response result k is result 1 now mostly in binary language 0 is 1 is root of y2 why? because this logic is made by mobile developer not computer logic if i had to make it 0 in 4 months it was a bug type so i can't disclose that i also felt the same So it's the logic that the developer

has created, how is this computer interacting with us? So just don't fall for these traps. Now here I got a popup. Now when I see this popup, I have two things in my mind. This popup is required here, I have to put it here. So I have to hack it. Now when you will come, you will say that how to hack it? It's absolutely right. Now it depends on how the implementation of popup is. This block, everyone knows about block. A temporary memory is executed and self-destroyed. Many pop-ups are not real. Pop-up = line If you guess the parameter of pop-up and put the accession, 9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p9p Lets go to the previous one, we had made it with the account register, so we have a password link here. You can

test rate limits, everyone knows the prudel method, null periods, it would work. We won't be repeating that stuff because we have 5 minutes, hardly, because I don't want the whole system to get disrupted because of me. With due respect to everyone. So click here, there is a link. Now open this link and see multiple things in this link What will catch your attention? Code Who says email? From here you can test 10 things with this URL I will tell you the mutations First test this code with email then test this code with email then if both things are not working then call this code as homograph Then change the slowest part of the email like we are r.4851 sign up. Other people will get confused, let

me make it simple for you. If you have my email arman@gmail.com I have registered on any website arman@gmail.com So if someone wants to hack my account, he needs to make an account with arman.sindana@gmail.com gmail.com So that will work but if it is asking for email verification then ultimately mail is coming to me which I have shown in the previous speakers that it doesn't matter for gmail how many locations you are using it will redirect back to you So here if we test, first thing that will be done is this random digit Can you guess how this random digit is generated? No, everyone says that this random number cannot be guessed But if I say it can be

guessed How can I guess if I suggest someone? Ask multiple codes Ask multiple numbers Sometimes it is said that first 4 letters are constant, but in the beginning 4,7,6 is visible Just let me give you a little hint 4,7,6 is my ID The user ID is going through the back-end. So there are some mutations that are still there. The last thing that was seen was that the user ID is tempered. Till now, all the speakers have not been able to find the bounty. Because their specializations are different. I know most of the people are interested in bug bounty. This company, I reported an SQL injection. Why am I going on that side? Because many people come to find bugs. You people don't want to get money. See,

if you are doing it out of your hard work, your full right is that whatever you are paid should be there. So when I reported this bug to the company, the owner of that company asked me the first question. Any guesses? Guess, guess, who? POC? Does anyone think that I need to give POC for an aspirin injection? Huh? Does anyone think that I need to give POC after an aspirin injection? I can see how many emails are threading. So Manish's data and kept it in store but the thing to see in this is that I had written in the contract that if your data is being injected as a proof to prove you I have a local copy let's say in the store of 500

users what will be the next email of that? 3 days free? when Raju gives an interview, what happens to that interview? how will you get it written? so within 5 minutes I got $1500 from him I will give you a drawback, I have reported one SQL injection on one endpoint. The pen test guy is honest, he will give me money for another endpoint. He has spent the rest of the endpoints for the RRF. Now from where I could easily make 10,000 dollars, I had to spend 1500 rupees. So this is how you should ethically think before reporting. Don't try to do trial with P4box, wait for it. If it's P1, P0, always think how many multiple endpoints I can find it on. IT company, developer is JD,

he will do one thing everywhere. Sorry for my language but that's true. Because company has to pay the price of their intoxication. Right? What to say, I was laughing. Sorry, sorry, I was laughing. So, let's assume that she must have made common mistakes everywhere. And the most important thing about bug counting is that all the codes before trial, all the codes with different endpoints, all of them crash and we get similar errors. Right? So, with that being said, we would ask the question answer. Sutta can you wrap up quickly, he has seen my data. Teach him many times, I am fine. Yes, yes. Leave it, it's a manual. Yeah, so questions, ask someone a question and be vocal with me.

Any questions? Yeah, I'm good at this. Very good, right? With voting, I'm good at this. With that being said, this is from my side. Thank you, Andrew, for being with me on LinkedIn. My name is Armaan Sanada. Thank you. *Continues* And one more thing, there is a question that says, "Are Saurabh and Sintu top 3?" So, a buzz is very big for my business card. Does anyone want to see my business card? So, what do you think is the secret behind your business card? What? Guesses? LFC or? QR code or? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And?

And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And?

And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? And? Have you seen fingerprint scanner? This is my business card. Can you see it? If you can just turn on the light. So that everyone can see. Can you see it? Pass it to everyone. Give it back to me. So what's in this? There is a fingerprint scanner and it has NFC. How to implement it? On the NFC chip, the company for which I work, when its CEO will put a fingerprint on

it, then only that information will be decoded and will be sent to its PC. And this works as a proof for me that I have given the information. Now write what you have done. Right? So enjoy the session guys. Thank you.

Okay, we're gonna put this in. It was a great session, really enjoyed I am sure. Because in the background, everyone is very close to the young British man, Sinha. So it was very unique. As before, there was a similar second course. The concept was the same, that it has been provided again by the second quarter. So the same concept, do answers in the quiz, it will be a tiny aquatic, which will get a second prize for the first time and maybe it will be a baby pool scene which will also work out for this one. But maybe, that if any scene takes a lot of response. And we want Gino to win. Yeah, of course. Bro, the first one to win will be Manti. So

again, this is Karen, bro. So, what do you think about this one? So we'll wait for 30 seconds more and then we'll start the quiz. We thought that the questions that we'll be asked will be easy. So this main thing is that the sponsor can read the options quickly. And it's basically a time-based quiz. So I think everyone's done. Done? All surprised? Yes. Who gets the ball? Cedric. We will start the game now. I

Hello? um *laughter* I don't know if that's fine. Thank you. I want to be there. *coughing* I think we will continue. I guess the last one is the winner. The one who will come in the bottom will be the winner. The last one is the winner. I think we will continue. So, first Aya or Aya, Shea or Shea, second is Duffy Chauhan and third is Shantri Scott. So our next speaker is Mr. Aditya Singh. He is a cybersecurity associate at TotalNexus and solutions where he is working on different tools including developing a decoy system to grab attackers and monitor their activity as well as creating a sandbox environment. So please put your hands together for Mr. Alitya Singh.

*talking about the process of making the paper* The link is updated. Hello guys, there is an announcement. Here we have Nahan Singh Khurana. He is going to give away 5 Trinity vouchers only for students. So... Hello, students of Holland. So this is a development of my clientele offers only for students. No professional allow. So the requirement is, So basically the requirement is first, you need to follow me on my page. Second, I have done a post on my page yesterday, not yesterday, day 2 yesterday. You need to like it, share it and take a selfie with me. During this event, the winners will be declared by the end of this quarter. And yeah, the format will be also required

on that particular post. You can follow me on Instagram, LinkedIn. It's @dhansaseen_murad. Cool. Hi guys. Yeah, so this side of the thing. I'll make it very short because this is the last thing I think I'm going to find, point-blank. So this will be more of a lightning talk on the way. I have tested this before so I'll be dropping it down a bit. So who am I? So I was at the same associate at this startup called Durtec. My name was Kavar, I studied at Black Hat, the size group in Sydney, and I figured I need to run. I have been a recent intern at R.A. Bombay. I have worked as a friend on this intern

at NCAC. and I have been to a lot of Pakistan so that's where I am. These are the few things that we'll be looking over. Let's start with the production of Mirai. So, as you all might have known that Mirai was run with J&K in 2016. It started when it started a vehicle for that on I guess it was on the dry patch. People began to take notice but before that it already has gone through a lot of major attacks including the hosting service OBS. After the brand gets the notice of dark and these are the posts on it, the electric watch of the man wears pants and by the reason of its coat on the heels to our eyes. Then it started with this Mirai alliance,

then it spread across its truth more alliance. Mirai didn't just die there, it started just emerging in a new form, a new alliance. Why Mirai doesn't still relevant? Even if you look at the Mario Bazaar, there will be a lot of alliance that is a variant of Mirai. It's a few changes in size then, but they still basically have their still Mirai. This is the basic architecture of the variety. So what it basically does is there is an admin that controls the whole CHS server and can either give us a service to other users who want to use that to either gain access and adapt to any network or any services. Then that admin will

give the user access credentials. Then that user will start sending messages to bots So what basically happens is this bot will look over the internet and try to force its credentials. But it needs to actually say, "Okay, this is a vulnerable device and he wants to get access to it." Then this bot will send those credentials to the reporting server. Then the reporting server will then give it to a loader server which will load the main data. After that loader server gets the access to the vulnerable devices, he can pivot into the system, he can gain access to it, then he just takes control over it, and the cycle begins again. And with these, these

are not bots, they can either attack a victim or do anything, whatever they want to do. So I'm keeping the podcast quite a bit layman terms. This is the initial access. They usually use the brute-forcing command farm and several IoT devices. The credentials are obfuscated inside the MiracMatters code by its next-door key that is UXW. After the initial MiracMatters When you add that after K-10, they started using CDs and RCs to play in the camp using different CDs to exploit the system and gain access to the system. After playing the system initially they will start processing the systems. The most common one is the obviously the modernized drone tower including there. Manages to put inside the drone tower so that

whenever the system reboots that range of hits, then the automatically starts them again. Then the second one comes with modified files, so it copies itself and files it, so whenever the system boots up, it automatically again, it will boot up. So even if you reset the system, you, let's say, erase all the system, it will still be there. Then it starts with the killer, so what it basically does is it binds to several talent and actually creates servers and binds itself to not-gay alerts. So that other matters could get hold of that system and then finds other services, like quality surface, it can create its own variant or it can be other matters, then just kills that service and takes control over it and compete with it.

Then it starts the propagation. So, again the cycle starts again, then needle just... There is still a few more improvements inside the vortex system. When we start looking for more systems inside the infrastructure or over the internet to gain access of the system other than that. And then, the last thing is the vortex attack. These are the attack that the vortex system that will be used to perform them. The most common one is the central attack. and then it comes to the HTTP front-end, like what is the name that just runs the system with the, with the services, it will be HTTP with your central attacks. Then the last thing comes to the DNS form attacks, what this basically does is, it queries the DNS server for its information,

it just, it either gives those DNS information and then releases those information onto that server, onto that user, so that denies the services of those servers. So this is what the S-COM attack is. This was a few of the quite menacious guys on. There was a YouTube link and by any matter, I had to click on the link and then link it to a link to. And this was just another security that was inside those code area. And yeah, that's it. I think we can kind of handle it. So yeah, that's it. Thank you. Thank you so much, all. So I think we guys have organized one last very good quiz. And safe and set. All this comes to a system,

right? So obviously, we'll tell you guys .. Just give us probably a minute or two. We'll just get back to you. so Thank you. Thank you. So guys, our story will be very simple. The people who are the last three, the last three, I will tell you one by one, the last three The winners will be the ones who score the most in the order. Obviously, the winners will be the ones who score the most. So, yes, there won't be four players. There will be only two zeroes. No, no, no, the ones who score the most in non-zero, like some have three numbers, some have four, and some have five, so the winners will have five. Make sense? Like, if... If... For our quiz, the

surprise factor is that you guys have to guess how many questions we have to answer correctly. If it makes sense. The last team of the non-heroes, the ones who get the best out of the two, we will not consider them. Apart from that, the ones who get 1, 2 or 3, the ones who get the highest number, we will consider them. Does that make sense? So we came up with the normal standard rules. Again. Samajhaya hai? Salgut? Got it? This time, we will... So you guys can join the person now. Hi, hi everyone. First time calling my name is Dorian. So, as my accent is not very clear to you, so I am here to explain a bit

more. Yes or no? So you would have to bring the lowest marks on the box. Okay guys, here's one. All set? Okay, let's start. So here's the first question. Okay. I am very emotional. I am very emotional. I thought that the techniques were less there. I am not doing it. I am just doing it. I am just doing it. I am just doing it. I am just doing it. um *Mumbling* I'm sorry. Guys, if they just listen I *Mumbling* Thank you. Thank you. - It's a success. Thank you. *coughing* Hi Last question. *Mumbling* Thank you. *Same question* I Open minds. Guys, that way. So, once again, a big round of applause for him. He has done a very

good job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great

job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job.

He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He has done such a great job. He

has done such a great job. He has done such a great job Has anyone ever loved you? No. But you have? No. No. No. So, I want everyone to know that I love you. "Do love, love with all your heart, don't waste anyone's time" "Do love, love with all your heart, don't waste anyone's time" "Don't let the bird fly away in the open sky" "Love, then go away from your heart. Do not waste anyone's time. Let the air fly into the open sky. Do not let the birds fly away. And I will fall in the same stream. Do not drink so much in the future. And what is the use of asking me? Drink alcohol." "What is the use of asking me? Drink alcohol and get rid

of your mind." Thank you so much for all your love. I don't think I have a heart beyond hackers. I have a heart beyond knowledge. So this city is for you. One word is Rakpa. Who knows the meaning of Rakpa? Rakpa means area. What is this? City is like I have measured the depth of his heart. Many people have gone wrong, I have to go right. This is what happens, I will talk about it in the video later. I have measured the depth of his heart. He will keep ten people in the bar. Actually, my name is Ashok Kumar Singh. I am also associated with you. So, if you have any type of courses, you

can check on website. um Thank you so much. Do you have any comments? What? Excerpt haji? *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling* *Mumbling*

*Mumbling* *Mumbling* No, no, I don't want to speak. I was just saying for the open mic. See, guys, in this too... Come on. So, actually, our concept is different. I'm just a student. And here's a topic note. So, someone asked, "What's your requirement?" He said, Requirements are nothing, but they should be available. So what happened? The thing is, whatever you do, share the contact details and the name. Neither the viewers nor the commentators, they don't know who's speaking. So that was something which I felt a bit bad about. But I was like, "Okay, this is also fine." And the guy pulled off with an aura of a client. "How was it?" "Anyone?" My So there is nothing about Quora. White key can

be numbered. Quora is all about itself. So is it a Punjabi song or Hindi song guys? Punjabi? Have you listened to Marsha Saleem? My beloved knows my beloved, he doesn't know. Listen to that clap. Nainate nainate harf padha Thank you. There is some, a song I didn't write but never sang, I'll write it for some reason. "The night before you slept, the first day after you came, I couldn't remember anything" Thank you. I found myself in a party that I can't pay off. It's very funny. You like it? I'll see you in a bit. Go away! Go away! Go away! Go away! Go away! Take a bite. There it is. *Mumbling* I think that's enough. And I'm also

a little scared. I can't do this. You don't understand, right? No? I'm not sure. Speakers, I'm not sure about the defamation. That's a surface. And I'm very scared. I'm very scared. Okay guys, did you have fun? Yes? I won't cut you. Okay, so now it's time for our request winners. I would like to welcome Sachin sir on stage. So, we can just give him a big round of applause. Okay. So the first position in the quiz, first whiskey, sorry, first whiskey. Major winner is Sirbha. Sirbha, please come on the stage and sir, please.

Please. Okay, and the second is Saurabh Jain and Sintu. Your prize will be given to you. Okay, bye. Great applause to both of them. Okay, so for the second quiz, the winner is Shreya. Shreya, please come. And the second is Lohi Chauhan. Sorry. And Chandri. Who is Chandri? What is written here? Okay, okay. So, These styles were Now I invite all the speakers on the stage for um Thank you. Thank you so much for the applause guys. Mr. Ahmad. Mr. Abhijit Singh. Mr. Abhijit Singh. Mr. Abhijit. Mr. Abhijit. Now a speaker with a head in the air, Mr. Sharman Sila. Now last but not the least, Mr. Harpreet Sen. My applause goes to him. So guys, how was it? So guys, how was it? So guys, how

was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how

was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, how was it? So guys, Excellent! Awesome! Awesome! So when we are fascinating everyone, how can we forget Sachin? Is it possible guys? Sachin sir has been like a very humble person. I remember when we were looking out for a venue, we reached out and Yes, yes, it will be done. On a very first call, without even knowing what event is going

on, how many activities are going on, and other sort of things. You guys won't even believe, everything was arranged or accredited. And then this guy, he is a very humble person. We love you so much. Along with this, did you guys have noticed, sir's name somewhere? Yes, yes. Samne? Samne chhodo yaar. Nice catch. Who was it? Who is? Unni name dote kar toh bhai. Namalai Yogi? Aniket Tauber? Aapka record bhi main pe hai. Aapka record bhi main pe hai. And name sa bhai? Po Kamee Di Aayeg. That's it. So, how many of you answered the last question correctly? Sir, they are the ones who think that such inside out comes most. And more often, you know it, you

guys must have missed to see Sir's profile picture or did you? I have missed it. You did? That's why you know the right answer. That's it guys. I would like to hand over to the manager. I would like to call Madhav sir, who is the president of CSA, Nirmal Shah. so i would like to introduce Thank you for giving me the opportunity to sit with you. I think we all are students and it was a great opportunity learning with you for the whole day. One thing which I would like to understand from you, have you heard about the Cloud Security Alliance? Can you raise your hand? How many of you are with the Cloud Security Alliance on the LinkedIn?

With the NCI chapter? None? No one is here with the NCI chapter? So I have 140 members right today. I would like that you should join Cloud Security Alliance NCR chapter India on the LinkedIn and you don't have to do anything just send me the request and I will approve. We are active with the gate50 members. We don't have a face-to-face participation but anytime the opportunity comes in any of the academia or any of the industry associations, we invite everyone. CSA has been formed since 2009 and we have been doing many other things first in the cloud but away from the cloud we have been doing in related areas and in today's time we have been working very

closely with the US government, AOD, European government singapore government so it's an orchestration and advocacy with the government public sectors and it's a great enriching experience now we have been presently doing a lot of things in ai and ai related security again and if you join uh cloud security alliance for toaji the very activity which emerges that you are open to experience the circuit. So working groups, we have 30+ active working groups and they don't have any big qualifications. You can join the working groups with whatever experience and see how you can contribute. Same thing of what is happening at a global level, we want to do it at the lcm at the india level we

want to bring out the original research i had a i had a presentation but because and at the last probably we can give some another opportunity and invite you to have a face-to-face and we can have a very organized show I think they were mentioning I am very humble and all that stuff but let me tell you I have done nothing. I have just given the venue and the lunch and samosas are still waiting. But guys, whatever you guys are doing is not easy. I was part of lot of conferences where I was acting as an organizer. It is not easy to bring people on the platform. and the way you are doing it as of now,

sharing knowledge among people, creating awareness, it's not that easy. I think you are doing a good job, keep doing it and I support you the way I can. Right? Thank you. Ninesh sir please can you come on the stage So, I had basically written in the beginning how to manage it and contact Mr. Sachin sir and Mr. Deep Shankar sir Mr. Avendish for his sponsorship. So thank you so much Mr. Ice Team for this opportunity. Thank you so much. Now we would like to invite Mr. Malhar sir again on the stage. So we have someone in the audience. Why is Saria without hands? Why? Why is Saria without hands? And for momentum, Rakesh Anupat. Okay people, how was it? Again?

How was the event guys? It was fine? Didn't cut your budget, is it? Amazing! Amazing! So, who made this event amazing? Us! You don't even know me! Who am I? Us! So I had to push all of us over here. So yeah, rather than him, there are multiple back-end people, back-end companies which is back-stated and I would like to thank Kibota and the people from Kibota such as Omji, D'ska. I will call him. Sir, I think it could be a tie in there. It was completely surprising that we didn't get to meet you here. We are like, everything is surprising, even the surprise. I was surprised. I was surprised too. But thanks for all you guys

who made this event so successful. And thanks to you all, besides me and everyone who joined us for the present. Thank you. Thank you so much.

So this is the final call. We have a lot of different J-O-Bays with us. Such as Nanak ji, which is here. So if you guys have participated, you can leave now. You can leave now. You will do that later. I am very sorry. So whoever is the winner, you will be getting the vouchers for emailing. Fine? That works? is *Same time* Again, I take the back pass off. Along with this, the giveaways of Qverter, you must have participated. So, I think that would be delivered to you in the end. Thanks. So, that too will be delivered to you via email. That would be it. I take my Vipa from your eyes. Guys, just one last request. Before everyone goes, we would really request each and every single one

of you guys to follow us on Instagram and all the socials so that next time when the event goes, we'll try to make it even better, even bigger. And just follow us, you guys can keep updating us over there. And yeah, as sir said, up there is Samosa and Chai, if I'm not mistaken, Midri. You can easily go up there. Yeah, of course. Make sure we are trying to grow just like everybody in this field is trying to grow. So forward to your friends, we just want to grow right? Just like everyone else. We are following up on what we are trying to do in the next 21-22 years. So yeah, you guys can always come

to scan this tour and follow us everywhere. So it's besides murder. And yeah, thank you so much. It was a great event. So we will meet you guys in the next tour. So first I will request the speakers and our guests to go upstairs and then everyone else can call. Low vibes, yeah. Thank you. Thank you. foreign Thank you. I'm really sorry guys, that wouldn't be okay for you guys. Shall we eat? Let's have samosa? Sure. Sure. See you guys later.

[PART 3] BSides Noida 0x02 - 22nd December 2024

Related talks