Zero to Millionaire in 60 minutes: Hacking Real Life Financial Applications
SINCON 2020 Conference Deep-Tech Track
Day 1 (2 Jan 2021)
@ Main Stage
The talk will revolve around us red-teamers bypassing and exploiting Banking Logics, Mobile wallets and Non-Banking Financial applications to get free pizzas. We will cover bugs not only in payment gateways and frameworks but also in applications that fail to implement them properly. From bypassing AES encrypted requests, exploiting net banking and core banking product implementations to logical flaws in some of the biggest product, services and NBFC websites we tested. We will walk you through each type of vulnerability with real-life PoCs. We will talk about techniques using which we were able to make recurring deposits in our account which get debited from victim's accounts, view statements of arbitrary accounts, buy products for free, pay loan instalments, credit card bills, electricity bills, telephone bills all for free, regenerate ATM pins of bank accounts at mass and most importantly getting an unlimited lifetime supply of free hoodies and pizza. All the numerous exploits will be along with real-life case studies, patches and recommendations.
About the Speakers
HIMANSHU SHARMA has been in the field of bug bounty since 2009 and has been listed in Apple, Google, Microsoft, Facebook, Adobe, Uber, AT&T, Avira, and many more with hall of fame listings as proofs. He has helped celebrities such as Harbhajan Singh in recovering their hacked accounts, and also assisted an international singer in tracking down his hacked account and recovering it. He was a speaker Botconf '13, held in Nantes, France, RSA 2018 held in Singapore. He also spoke at the IEEE Conference in California and Malaysia as well as for TedX. Currently, he is the co-founder of BugsBounty, a crowdsourced security platform for ethical hackers and companies interested in cyber services. He also authored multiple books titled "Kali Linux - An Ethical Hacker's Cookbook", " Hands-On Red Team Tactics" and "Hands-On Web Penetration Testing with Metasploit".
AMAN SACHDEV is a programmer at heart and an information security professional with 8+ years of experience in the Information Security Ecosystem having trained over 19000 individuals to date. His love for breaking challenging WAFs and AVs landed him as core Red Teamer at Bugsbounty.com as well as being invited at numerous international security conferences including RSA Singapore, HITB Amsterdam, Confidence Poland+London, Hack Miami, Sec-T Sockholm, LeHack Paris and numerous others. Aman has done his Bachelor's in Computer Applications and also holds an OSCP certification apart from his vast experience in application development, exploitation and infra PT. At BugsBounty he solves cybersecurity problems in day and creates them at night.
Himanshu Sharma and Aman Sachdev are both Co-Founders at BugsBounty.com.