Papers & Presentations

Security research papers, conference presentations, and published articles by Debasis Mohanty.

Conference TalkNov 2021
BSides Delaware 2021

Software Security Engineering (Learnings from the past to fix the future) - Extended Version

This talk covered some crucial aspects of software security engineering and strategy that most organisations have overlooked or ignored. Primarily the presentation provides some insights on why we still continue to see two decades old bugs and recommendations to consider going ahead. This is a slightly extended version of the OWASP 20th Anniversary talk.

Conference TalkSep 2021
OWASP 20th Anniversary Event

Software Security Engineering (Learnings from the past to fix the future)

Presented at OWASP 20th Anniversary virtual event, this talk covered some crucial aspects of software security engineering and strategy that most organisations have overlooked or ignored. Primarily the presentation provides some insights on why we still continue to see two decades old bugs and recommendations to consider going ahead.

Kernel SecurityApr 2018
Roachcon 2017 (Insomnia Security)

The Path To Ring-0 (Windows Edition)

Presentation on Windows Kernel Exploitation providing insights into common Windows kernel exploitation techniques and the current state of kernel mitigation. Presented at Insomnia Security's internal security conference known as Roachcon (2017).

Exploit ResearchDec 2008
Hakin9 Magazine (Nov 2007 issue)

Defeating Virtual Keyboard

Around mid of 2005, I was intrigued to write a proof-of-concept keylogger to capture text input events fired using Virtual Keyboards (VK). The PoC keylogger was publicly released on 5th Aug 2005 to demonstrate the hack for a particular banking site. This paper underlines the fact that any site which uses similar VK or OSK can be defeated. Originally published in Hakin9 magazine.

WhitepaperNov 2005
Wipro Technologies

Event Correlation & Need for SIM

Between 2003 and 2005, Security Information Management (SIM/SIEM) products were new for the industry and in the state-of-the-art stage. This whitepaper was originally published on Wipro Technology's website. The official link is currently broken, therefore making it available here.

ArchiveJul 2004

Multiple Articles (Archived)

Following are very old articles which are archived and removed from this website. If you need a copy, feel free to email. Alternatively, you may search for the title to find online copies archived elsewhere.

View article list
  • Security Testing Demystified(19 Jan 2006)
  • Fake FBI Worm Exposed(25 Feb 2005)
  • Antivirus Evasion Techniques & Countermeasures(03 Dec 2004)
  • Demystifying Penetration Testing(26 Aug 2004)
  • Demystifying Google Hacks(01 Jul 2004)