Bug Finding - K.K.Mookhey

Network Intelligence India Pvt. Ltd.

Technologie

Main types ,[object Object],[object Object],[object Object]

Assembly Audit ,[object Object],[object Object],[object Object],[object Object],[object Object]

Black Box ,[object Object],[object Object],[object Object],[object Object],[object Object]

Black Box - 2 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Black Box – 3 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Black Box - 4 ,[object Object],[object Object]

Methods for Black Box ,[object Object],[object Object],[object Object],[object Object]

Open Source ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

General Guidelines ,[object Object],[object Object],[object Object]

Weitere ähnliche Inhalte

Was ist angesagt?

Volatile IOCs for Fast Incident Response

Indicator of Compromise (IOC) is a piece of information that can be used to search for or identify potentially compromised systems. openioc_scan is an open-source IOC scanner for memory forensics and implemented as a plugin of Volatility Framework. By checking IOCs in RAM images (e.g., code injection sign, used/hooked API functions, unpacked code sequences), we can detect malware faster and deeper than disk-based traditional IOCs. In this presentation, I explain how to define and improve IOCs for openioc_scan, introduce IOC examples including not only IOCs for specific malware but also ones focusing on generic traits of malware. I also show remote malware triage automation combining with F-Response.

Introduction To Exploitation & Metasploit

Raghav Bisht

Building next gen malware behavioural analysis environment

isc2-hellenic

Understand How Machine Learning Defends Against Zero-Day Threats

Rahul Mohandas

openioc_scan - IOC scanner for memory forensics

Black Energy18 - Russian botnet package analysis

Roberto Suggi Liverani

Malicious File for Exploiting Forensic Software

This presentation was created based on a sample we found. At first sight this looked to be a standard fileless cryptocurrency mining malware, however, when looking a bit further, we noted that this malware had some other tricks up its sleeve. This presentation starts with an introduction into how fileless malware works and how to detect it, a short introduction into cryptocurrency mining and of course the analysis of the sample itself.

Sans london april sans at night - tearing apart a fileless malware sample

Michel Coene

SANS Digital Forensics and Incident Response Poster 2012

Rian Yulian

Jugal Parikh, Microsoft Holly Stewart, Microsoft Humans are susceptible to social engineering. Machines are susceptible to tampering. Machine learning is vulnerable to adversarial attacks. Singular machine learning models can be “gamed” leading to unexpected outcomes. In this talk, we’ll compare the difficulty of tampering with cloud-based models and client-based models. We then discuss how we developed stacked ensemble models to make our machine learning defenses less susceptible to tampering and significantly improve overall protection for our customers. We talk about the diversity of our base ML models and technical details on how they are optimized to handle different threat scenarios. Lastly, we’ll describe suspected tampering activity we’ve witnessed using protection telemetry from over half a billion computers, and whether our mitigation worked.

BlueHat v18 || Protecting the protector, hardening machine learning defenses ...

BlueHat Security Conference

Automating malware analysis

Cysinfo Cyber Security Community

.NET for hackers

Antonio Parata

Investigating Hackers' Tools

Israel Umana

Vulnerability and exploitation framework designed to ease the burden on security professionals when it comes to performing security assessments. One of the single most useful auditing tools freely available to security professionals today Contains an extensive library of "modules.“ Each module has a function, and they are divided up into "exploits", "auxiliary", "post" (post exploitation), "payloads", "encoders", and "nops.

Metasploit (Module-1) - Getting Started With Metasploit

Anurag Srivastava

Reducing attack surface on ICS with Windows native solutions

Jan Seidl

Spo2 t19 spo2-t19

SelectedPresentations

Android Malware Analysis

JongWon Kim

One-Byte Modification for Breaking Memory Forensic Analysis

Cysinfo Cyber Security Community

Rootkit

tech2click

Basic malware analysis

Was ist angesagt? (20)

Volatile IOCs for Fast Incident Response

Introduction To Exploitation & Metasploit

Building next gen malware behavioural analysis environment

Understand How Machine Learning Defends Against Zero-Day Threats

openioc_scan - IOC scanner for memory forensics

Black Energy18 - Russian botnet package analysis

Malicious File for Exploiting Forensic Software

Sans london april sans at night - tearing apart a fileless malware sample

SANS Digital Forensics and Incident Response Poster 2012

BlueHat v18 || Protecting the protector, hardening machine learning defenses ...

Automating malware analysis

.NET for hackers

Investigating Hackers' Tools

Metasploit (Module-1) - Getting Started With Metasploit

Reducing attack surface on ICS with Windows native solutions

Spo2 t19 spo2-t19

Android Malware Analysis

One-Byte Modification for Breaking Memory Forensic Analysis

Rootkit

Basic malware analysis

Ähnlich wie Bug Finding - K.K.Mookhey

Introduction To Ethical Hacking

Raghav Bisht

Finalppt metasploit

devilback

Testingfor Sw Security

ankitmehta21

BSidesDC 2016 Beyond Automated Testing

Beyond Automated Testing - RVAsec 2016

Andrew and Zac RVA-Beyond-Automated-Testing-2016.ppt

BUSHRASHAIKH804312

Detection of vulnerabilities in programs with the help of code analyzers

PVS-Studio

Fuzz

Sunny Summer

Software testing methods

Homa Pourmohammadi

01 Metasploit kung fu introduction

Mostafa Abdel-sallam

Obfuscation Methods And Planning

tmacuk

IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach

IRJET Journal

Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates

Syed Ubaid Ali Jafri

Whittaker How To Break Software Security - SoftTest Ireland

David O'Dowd

Be Storm - Automated Application/Software Vulnerability Testing

Amit Shirolkar

Threats, Vulnerabilities & Security measures in Linux

Amitesh Bharti

Analisis Estatico y de Comportamiento de un Binario Malicioso

Conferencias FIST

BSidesJXN 2017 - Improving Vulnerability Management

Object oriented sad 6

Bisrat Girma

Introduction to Malware Analysis

Ähnlich wie Bug Finding - K.K.Mookhey (20)

Introduction To Ethical Hacking

Finalppt metasploit

Testingfor Sw Security

BSidesDC 2016 Beyond Automated Testing

Beyond Automated Testing - RVAsec 2016

Andrew and Zac RVA-Beyond-Automated-Testing-2016.ppt

Detection of vulnerabilities in programs with the help of code analyzers

Fuzz

Software testing methods

01 Metasploit kung fu introduction

Obfuscation Methods And Planning

IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach

Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates

Whittaker How To Break Software Security - SoftTest Ireland

Be Storm - Automated Application/Software Vulnerability Testing

Threats, Vulnerabilities & Security measures in Linux

Analisis Estatico y de Comportamiento de un Binario Malicioso

BSidesJXN 2017 - Improving Vulnerability Management

Object oriented sad 6

Introduction to Malware Analysis

Mehr von amiable_indian

Phishing As Tragedy of the Commons

Cisco IOS Attack & Defense - The State of the Art

Secrets of Top Pentesters

Workshop on Wireless Security

Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...

Workshop on BackTrack live CD

Reverse Engineering for exploit writers

State of Cyber Law in India

AntiSpam - Understanding the good, the bad and the ugly

Reverse Engineering v/s Secure Coding

Network Vulnerability Assessments: Lessons Learned

Economic offenses through Credit Card Frauds Dissected

Immune IT: Moving from Security to Immunity

Reverse Engineering for exploit writers

Hacking Client Side Insecurities

Web Exploit Finder Presentation

Network Security Data Visualization

Enhancing Computer Security via End-to-End Communication Visualization

Top Network Vulnerabilities Over Time

What are the Business Security Metrics?

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Mehr von amiable_indian (20)

Phishing As Tragedy of the Commons

Cisco IOS Attack & Defense - The State of the Art

Secrets of Top Pentesters

Workshop on Wireless Security

Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...

Workshop on BackTrack live CD

Reverse Engineering for exploit writers

State of Cyber Law in India

AntiSpam - Understanding the good, the bad and the ugly

Reverse Engineering v/s Secure Coding

Network Vulnerability Assessments: Lessons Learned

Economic offenses through Credit Card Frauds Dissected

Immune IT: Moving from Security to Immunity

Reverse Engineering for exploit writers

Hacking Client Side Insecurities

Web Exploit Finder Presentation

Network Security Data Visualization

Enhancing Computer Security via End-to-End Communication Visualization

Top Network Vulnerabilities Over Time

What are the Business Security Metrics?

Kürzlich hochgeladen

Boost PC performance: How more available memory can improve productivity

Principled Technologies

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

A Principled Technologies deployment guide Conclusion Deploying VMware Cloud Foundation 5.1 on next gen Dell PowerEdge servers brings together critical virtualization capabilities and high-performing hardware infrastructure. Relying on our hands-on experience, this deployment guide offers a comprehensive roadmap that can guide your organization through the seamless integration of advanced VMware cloud solutions with the performance and reliability of Dell PowerEdge servers. In addition to the deployment efficiency, the Cloud Foundation 5.1 and PowerEdge solution delivered strong performance while running a MySQL database workload. By leveraging VMware Cloud Foundation 5.1 and PowerEdge servers, you could help your organization embrace cloud computing with confidence, potentially unlocking a new level of agility, scalability, and efficiency in your data center operations.

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Principled Technologies

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...