Bhaumik M.

Bhaumik M.

Sr. Information Security Researcher

New Delhi , India

Experience: 9 Years

Bhaumik

New Delhi , India

Sr. Information Security Researcher

34285.7 USD / Year

  • Immediate: Available

9 Years

Now you can Instantly Chat with Bhaumik!

About Me

Bhaumik Merchant is a Sr. Information Security Researcher with over 8+ Years of experience in Network and Information Security Vulnerability Research, Security Product designing and implementations, Malware Research, APT, Penetration testing, Risk...

Show More

Positions

Portfolio Projects

Description

Technique todemonstrate a unique kind of communication technique between an attacker machine and victim machine during the exploitation of any victim system. In the general scenario, while an attacker exploits the remote system and gets the remote command prompt (remote shell), the attacker is only able to execute commands until the session from the remote machine is opened
(established). The article is going to show some ways by which an attacker can attack a remote victim without being online (attacker may or may not be online AND victim may or may not be online). To prevent direct communication between attacker and Victim we use an intermediate server (zombie) that’s up and running all time (24×7).

Show More Show Less

Description

Bhaumik Merchantworks as a Security Researcher and also serves law-enforcement as a Digital Forensics Investigator and Trainer to solve E-Crime cases. He has recently introduced an OpenSource Project "WOF" which can be used to evaluate Web Application Firewalls(WAFs). His InfoSec articles has been published in media as well as magazines like Hackin9, SecurityFocus, ClubHack, etc. and he has also been invited to speak at various Security Conferences like HackerHalted, ToorCon, ClubHack, Ground Zero Summit, etc. His major area of interest is in developing new stuff involved in exploitation phases and IDS/IPS Development. He has also developed IND 360 Intrusion Detection System.

Show More Show Less

Description

"Web application firewalls (WAF)" , The today's requirement to secure the web applications without changing the existing infrastructure.But at the same time, it is a big risk in case of WAF behaviorand false positives (legitimate traffic blocking). This talk will demonstrates a new concept to evaluate any WAF without taking risk of putting any WAFs into inline mode.Everything will be in learning or in passive mode.This project describes concept of one special engine,which can be used to evaluate any WAFs with zero risk to the end user (website owner),no matter whether its vendor supports Passive mode or not(i.e. modsecurity or naxsi).

Show More Show Less

Description

This paper demonstrates unique kind of communication technique between attacker machine and victim machine during the exploitation of any victim system. Usually, while an attacker exploits the remote system and gets the remote command prompt (remote shell), attacker is only able to execute commands till the session from the remote machine is opened (established). While exploiting the system in a normal way, attacker and the victim system both should be online, if attacker wants to execute some commands in remote machine (Victim Machine). This paper would demonstrate how an attacker can attack a remote victim without being online (attacker may or may be online AND victim may or may not be online).

Show More Show Less