In this talk Manish & Karan will share their experiences wearing the hats of both external pentesters and mischievous "Ransomware Overlords." Their narratives aim to shed light on the professional aspects of their engagements, challenging the misconception that all web and external infrastructure pentests are dull. They will illustrate how latent vulnerabilities in internet-exposed web servers can serve as entry points for malicious threat actors, including ransomware operators, into internal networks. Through demonstrations of tactics like pivoting and network tunneling, they will showcase how attackers navigate enterprise-grade safeguards. The presentation seeks to bridge the gap between security theory and practical reality, emphasizing the importance of understanding hackers' tactics.
Karan Raheja is a seasoned security engineer, coming from a consultancy background, he has a wide range of experience with handling clients and now, handling internal stakeholders as a security engineer. His primary interest lies in Web Application Security, Network Security and Cloud Security. When not working for his day job, he loves to play around on HTB and scenarios setup in the local lab environment.