Introducing Hacking Archives of India

It’s been slightly more than 10 years that I have spent in the information security domain. Information Security is mostly assumed to be a very small and tightly connected community. However in these 10 years I have learned there are many persona’s active in the current industry, some very vocal, some very active yet not socially present at all. I have also always wondered how the information security industry started and proliferated in India.

Do you like what you read, What to share it

Public Release of HTML5 attack and Secure course

Now a days we are living in difficult times (covid19 and all) and one way to maintain some sanity is to involve ourselves in some shape or form of learning. In that spirit i am today opening the github repo of my HTML5 course from private to public and making all those resources that i gathered public for everyone to access.

This course was created back in 2015 when html5 was just in its infancy contains some basic attack and defense tips. I hope it can be of good use to people.

Feel free to suggest changes, submit pull requests with updated content and improvements.

URL for the repository is here :

Do you like what you read, What to share it

BH USA 2019 Behind the scenes

Another good run at BlackHat came to an end. I always wanted to write about what goes behind the scenes. This year I was leading the AIH 4-day edition and then was supposed to do a talk on DevSecOps: What why and how. most of it is outlined however I wanted to focus on behind the scene.

I always thought about writing this one behind the scene post but never had a more adventurous trip so hence writing this down this time around.

Continue reading “BH USA 2019 Behind the scenes”

Do you like what you read, What to share it

Vagrant + Ansible on windows: my experiments so far

Recently i was asked to help someone run vagrant ansible combination on windows. Its a fun experiment coz ansible never claimed to support windows as control device and the solution [partial at this point] is a series of workaround and gotcha’s that i have listed so far.
I want to make sure i don’t lose this experiment hence documenting it out in a quick blog post

Continue reading “Vagrant + Ansible on windows: my experiments so far”

Do you like what you read, What to share it

Response to : Vulnerability Disclosure, Free Bug Reports & Being a Greedy Bastard

Chris gates at Carnal0wnage wrote a thought provoking article today and raised couple of questions. This topic is something i definitely have been thinking for past couple of years. Here are my thoughts outlined with respect to various questions asked.

Before i answer these let this be very clear, the answers are my own and are not associated with any of my work or company i work for. The below answers are my own and are subjected to change if adequate reasons provided refer disclaimer here. Also the answers are from a point of view of someone who is a pentester, does public disclosures or bug hunting for opensource, did a stint in bug bounty also but i have had very little experience on the other side of bug bounty table i.e. receiving bugs found in my own applications or websites.

Continue reading “Response to : Vulnerability Disclosure, Free Bug Reports & Being a Greedy Bastard”

Do you like what you read, What to share it

Hunchly and Custom Chromium Data Directories

TL;DR: how to setup within Chromium browser along with various quirks.

Hunchly by Justin Seitz is one of the recommended tools when it comes to OSINT related work. However I was attracted to hunchly for its capabilities specially saving all browsed pages in a session. So long story short after a bunch of email exchanges with Justin it was clear that this investment will be fruitful. end result I bought hunchly. If you are a someone interested in OSINT I would definitely recommend using

Continue reading “Hunchly and Custom Chromium Data Directories”

Do you like what you read, What to share it

Monitoring HTTP and TLS Versions in use via Awstats

With all the hype and craze around HTTP/2 and various TLS Versions, there is one questions which appears every now and then. I am doing all this upgrading versions allowing new ciphers enabling https etc, but is anyone using them. Also with PCI mandate of closing TLS 1.0 and TLS 1.1 looming large, we need to be in a position to identify what TLS versions are in use on website and what about HTTP Versions.

Continue reading “Monitoring HTTP and TLS Versions in use via Awstats”

Do you like what you read, What to share it