tag:speakerdeck.com,2005:/harshbothratag:speakerdeck.com,2005:Talk/10575772023-07-29T14:14:27-04:002023-07-29T14:17:07-04:00Demystifying_Application_Security.pdfHarsh Bothra (@harshbothra)tag:speakerdeck.com,2005:Talk/9311972022-10-02T13:59:26-04:002022-10-02T14:01:30-04:00Tale of Chaining Bugs for Account TakeoverIn the 3rd Edition of Bsides Ahmedabad, I presented Account Takeover scenarios. I talked about how to chain various Low hanging and limited impact security vulnerabilities and expand their impact to perform an account takeover.
I also talked about 4 scenarios from my previous reports in different bug bounty and pentest participations.
Harsh Bothra (@harshbothra)tag:speakerdeck.com,2005:Talk/7373902021-05-27T04:55:15-04:002021-05-27T04:55:48-04:00Trending Vulnerabilities with Insights to OWASP TOP 10This talk covers information about the trending vulnerabilities with insights to OWASP TOP 10 (2017) and how to approach them in my way.Harsh Bothra (@harshbothra)tag:speakerdeck.com,2005:Talk/7235922021-04-09T03:23:05-04:002021-04-10T13:37:01-04:00Exploiting Misconfigured Jira Instances for $$$Jira is a popular issue tracking and management system. Often the custom implementation of JIRA utilizes outdated versions. These outdated versions are often known vulnerable and might have publicly available exploits. In this talk, the focus is to understand how to approach exploiting such Misconfigured JIRA Instances for easy wins.Harsh Bothra (@harshbothra)tag:speakerdeck.com,2005:Talk/7095322021-02-27T02:20:11-05:002021-02-27T02:21:42-05:00Got Cookies? Cookie Based Authentication VulnerabilitiesCookies are often found in the wild and can be seen in many web applications. This is an interesting attack vector if explored properly and can lead to multiple security risks. This talk is around various possible vulnerabilities when a Cookie Based Authentication is provided. Harsh Bothra (@harshbothra)tag:speakerdeck.com,2005:Talk/6951112021-01-09T08:50:41-05:002021-01-09T08:51:58-05:00Bug Hunting Tactics & Wins for 2021An overview about Bug Hunting Landscape, how to win bug bounties in 2021, some of the interesting attacks to follow, and discussed issues such as Account Takeovers, 2FA Bypass, and going beyond traditional security issues.Harsh Bothra (@harshbothra)tag:speakerdeck.com,2005:Talk/6861302020-11-28T04:17:58-05:002020-11-28T04:19:35-05:00Bug Hunting TacticsBug Hunting Tactics talk at UPES Dehradun with Cyber Sentinel Student Chapter. This talk covers various aspects of Bug Bounty, Approach for Manual Pentesting, Threat Mapping, Recon, Burp Suite, and Various Server-Side, Client-Side, and logical issues.Harsh Bothra (@harshbothra)tag:speakerdeck.com,2005:Talk/6783432020-10-30T02:17:35-04:002020-10-30T02:18:21-04:00Application Testing Methodology & Scope Based ReconThis talk is about how to organize your penetration testing with a proper methodology and ensure that how you maximize your potential attack surface. This will also enable you to understand more about Scope Based Recon tactics.Harsh Bothra (@harshbothra)tag:speakerdeck.com,2005:Talk/6692062020-09-26T02:55:54-04:002020-09-26T03:04:36-04:00Having Fun with RegExRegular Expression based attacks is a less travelled road due to a gap of understanding basic regex directive. This talk is about getting familiar with regex directives and how to use them to speed up the penetration testing process.Harsh Bothra (@harshbothra)tag:speakerdeck.com,2005:Talk/6675332020-09-20T09:01:19-04:002020-09-20T09:04:00-04:00Broken Cryptography & Account TakeoversApplications still utilize weak cryptography generation methodologies which may lead to severe risk. In the world of Application Security, looking for all possible points to enumerate and find out how secrets, token and encryption is happening always gives an edge. Broken & Weak Cryptography can lead severe impact and account takeover is one of them. Account takeovers involve gaining persistence access to the victim account impacting CIA completely. However, Both Broken Cryptography and Account Takeover are not just limited to a few attack vectors. In this talk, I will discuss:
1. Broken Cryptography 101
2. Endpoints to Test for Broken Cryptography
3. Quick Overview of How to test each Endpoint
4. Account Takeovers 101
5. Various Methods of Performing Account Takeovers
6. Case Studies of Real-Life Findings:
a. Broken Cryptography to Account Takeover
b. CSRF to Account Takeover
c. XSS to Account Takeover & Privilege Escalation
d. IDOR to Account Takeover
e. Account Takeovers in Password Reset LinksHarsh Bothra (@harshbothra)tag:speakerdeck.com,2005:Talk/6623662020-08-30T03:07:21-04:002020-08-30T03:08:02-04:00Pathway to AppSec - DC9140A simple roadmap for beginners to know all insights about how to start into Application Security.Harsh Bothra (@harshbothra)tag:speakerdeck.com,2005:Talk/6622682020-08-29T03:52:43-04:002020-08-29T03:54:29-04:00Scope Based Recon for Mundane {Bug Bounty Hunters}Scope Based Recon is a methodology to drive your recon process in a very streamlined manner. Along with Scope Based Recon, Project Bheem will soon be having all Scope Based Recon features. Harsh Bothra (@harshbothra)tag:speakerdeck.com,2005:Talk/6608122020-08-23T01:19:40-04:002020-08-23T01:20:51-04:00Offensive Recon for Bug Bounty HuntersOffensive Recon for Bug Bounty Hunters talks about the approach to maximize the profit using Recon methodologies. Driving Scope based Recon tactics to ensure you are looking for the right path along the way.Harsh Bothra (@harshbothra)tag:speakerdeck.com,2005:Talk/6563602020-08-01T08:27:25-04:002020-08-09T03:40:55-04:00Offensive Recon - Bug Hunter's PlaybookThe talk explains and talks about utilizing the concept of scope based Recon. How to approach different scope targets and channelize recon accordingly to maximize the efficiency, accuracy & benefits. Also, the offensive approach which can be utilized to perform Recon aggressively, automating the repetitive tasks to save your time and hack while sleeping.Harsh Bothra (@harshbothra)tag:speakerdeck.com,2005:Talk/6569912020-08-05T06:04:35-04:002020-08-09T03:41:10-04:00Weaponizing Recon - Smashing Applications for Security Vulnerabilities & Profithe process of penetration testing starts with the "Reconnaissance Phase". This phase, if performed carefully, always provides a winning situation. However, Often in the application security and bug bounty hunting, recon is mapped to finding some assets and uncovering hidden endpoints only & is somewhat under-utilized. Recon is the most crucial thing in application security and bug bounties which always keeps you separated from a competing crowd and gives easy wins.
In "Weaponizing Recon - Weaponizing Recon - Smashing Applications for Security Vulnerabilities & Profit", will cover the deepest and most interesting recon methodologies to be one step ahead of your competition and how to utilize the tools and publicly available information to map your attack surface & maximize the profit. During the talk, we will cover:
1. Introduction to Recon
2. Basic Recon 101
3. Mapping Attack Surface with Basic Recon
4. Weaponizing Recon to Hit Attack Surface
5. Recon Hacks 101
6. Practical Offensive Recon
7. Automating Recon for Profit
8. Finding Vulnerabilities with Recon
9. Creating your own Recon Map
10. Practical Examples & DemonstrationsHarsh Bothra (@harshbothra)Harsh Bothra (@harshbothra) on Speaker Deck2023-07-29T14:14:27-04:00