This talk was presented at BSides Delaware 2021. This talk covered some crucial aspects of software security engineering and strategy that most organisations have overlooked or ignored. Primarily the presentation provides some insights on why still we continue to two decades old bugs and recommendations to consider going ahead.
Note: I gave this talk earlier in the year at the OWASP Global 21st event, but this talk is a slightly extended version of the OWASP talk. Therefore, treat this slide as the most up to date version.
The video recording of this talk is available via the BSides DE youtube channel.
Presented at OWASP 20th Anniversary virtual event, this talk covered some crucial aspects of software security engineering and strategy that most organisations have overlooked or ignored. Primarily the presentation provides some insights on why still we continue to two decades old bugs and recommendations to consider going ahead.
The video recording of this talk is available via the OWASP youtube channel.
Presentation on Windows Kernel Exploitation providing insights into common Windows kernel exploitation techniques and the current state of kernel mitigation. Presented at Insomnia Security's internal Security conference known as Roachcon (2017).
Around mid of 2005, I was a bit intrigued to write a proof-of-concept (PoC) keylogger to capture text input events fired using Virtual Keyboards (VK). The PoC keylogger was publicly released on 5th Aug 2005 to demonstrate the hack for a particular banking site. However, this PoC underlines the fact that any site which uses similar VK or OSK can be defeated. This paper was publicly released by Hakin9 magazine in their Nov 2007 issue and as per the contract I was allowed to publish the free copy after six months of their release.
Between 2003 till 2005, Security Information Management (SIM or SEIM) products were new for the industry and was in the start-of-the-art stage which has evolved significantly over time. Back then, I was quite intrigued by such products which got me write a paper on it. This whitepaper was originally published on Wipro Technology's website while I used to work for Wipro. However, the official link to the paper is currently broken, therefore, making it available here.
Following are list of very old articles which are archived and are removed from this website. If you need a copy of it, feel free to email me. Alternatively, you may google for it's title to get an online copy archived elsewhere.