Now you can Instantly Chat with Bhaumik!
About Me
Bhaumik Merchant is a Sr. Information Security Researcher with over 8+ Years of experience in Network and Information Security Vulnerability Research, Security Product designing and implementations, Malware Research, APT, Penetration testing, Risk...
Show MoreSkills
Positions
Portfolio Projects
Description
Technique todemonstrate a unique kind of communication technique between an attacker machine and victim machine during the exploitation of any victim system. In the general scenario, while an attacker exploits the remote system and gets the remote command prompt (remote shell), the attacker is only able to execute commands until the session from the remote machine is opened
(established). The article is going to show some ways by which an attacker can attack a remote victim without being online (attacker may or may not be online AND victim may or may not be online). To prevent direct communication between attacker and Victim we use an intermediate server (zombie) that’s up and running all time (24×7).
Description
Bhaumik Merchantworks as a Security Researcher and also serves law-enforcement as a Digital Forensics Investigator and Trainer to solve E-Crime cases. He has recently introduced an OpenSource Project "WOF" which can be used to evaluate Web Application Firewalls(WAFs). His InfoSec articles has been published in media as well as magazines like Hackin9, SecurityFocus, ClubHack, etc. and he has also been invited to speak at various Security Conferences like HackerHalted, ToorCon, ClubHack, Ground Zero Summit, etc. His major area of interest is in developing new stuff involved in exploitation phases and IDS/IPS Development. He has also developed IND 360 Intrusion Detection System.
Show More Show LessDescription
"Web application firewalls (WAF)" , The today's requirement to secure the web applications without changing the existing infrastructure.But at the same time, it is a big risk in case of WAF behaviorand false positives (legitimate traffic blocking). This talk will demonstrates a new concept to evaluate any WAF without taking risk of putting any WAFs into inline mode.Everything will be in learning or in passive mode.This project describes concept of one special engine,which can be used to evaluate any WAFs with zero risk to the end user (website owner),no matter whether its vendor supports Passive mode or not(i.e. modsecurity or naxsi).
Show More Show LessDescription
This paper demonstrates unique kind of communication technique between attacker machine and victim machine during the exploitation of any victim system. Usually, while an attacker exploits the remote system and gets the remote command prompt (remote shell), attacker is only able to execute commands till the session from the remote machine is opened (established). While exploiting the system in a normal way, attacker and the victim system both should be online, if attacker wants to execute some commands in remote machine (Victim Machine). This paper would demonstrate how an attacker can attack a remote victim without being online (attacker may or may be online AND victim may or may not be online).
Show More Show Less