null Bangalore Chapter, January 2013 Meet

1. Disclosing Vulnerabilities
FOR FUN & PROFIT
Nikhil.P.Kulkarni
www.twitter.com/nikchillz

2. Nikhil Kulkarni
(aka Intrud3r)
A 21yr old Tech Enthusiast.
A Blogger, Web Designer, Graphical
Designer
Mainly into Web App Testing
facebook.com/nikchillz
twitter.com/nikchillz

5. File Inclusion
BUG

6. FULL DISCLOSURE
VULNERABILITY
DISCLOSURE
RESPONSIBLE DISCLOSURE

9. Tools Firefox Addons:
Tamper Data
Web Developer Extensions
Proxy:
Live HTTP Headers
Burp Suite
Firebug
Web Scarab
Hackbar
Fiddler
XSS Me
And many more…!!!
And many more…!!!
Useful Tools:
IRONWASP
XENOTIX
And many more…!!!
Optional:
Camtasia Studio(Screen Recorder)
Snipping Tool(Screenshots)

10.  $100 to $20,000
$500 to $5000
 500 to $3000

11.  $500 + T-Shirt
 Unknown Price money (Approx. $50 to $10,000)

12. http://computersecuritywithethicalhacking.blogspot.in/2012/09/web-
product-vulnerabilty-bug-bounty.html

13. Normal Resume with
Resume HOF

14. Find
Broke
Bugs
Report
Party
Them
Get
Reward

15. Never go for Full Disclosure without company’s permission.
Always see that, you’ve made a Responsible Disclosure before going for
Full Disclosure.

16. KEEDA Project
A NULL Community Initiative
Highlights:
Informs the vendors and Certs about any
vulnerabilities found in the wild.
The credit is given to the bug submitter
itself.
Does not charge the vendor in return.
But at least a thank you letter from the
Vendor.
If vendor does not rectify the bug, the
FULL DISCLOSURE of the bug is done using
Keeda Portal.

21. Stored XSS in the Official Website of
DELL

23. DEMO

24. And many
XSS CSRF SQLi more

28. Kislay Bhardwaj
Prashanth.K.V
Riyaz Walikar
Amol Naik
Prasanna Kangasabai
Akash Mahajan
Sabari Selvan
Srikanth Rao
Himanshu Kumar Das
Suriya Prakash
Harsimram Walia
Lava Kumar
And the whole of NULL Bangalore Chapter.

29. Thank You
NULL Bangalore
Nikhil.P.Kulkarni
www.facebook.com/nikchillz
www.twitter.com/nikchillz