In this talk Manish & Karan will share their experiences wearing the hats of both external pentesters and mischievous "Ransomware Overlords." Their narratives aim to shed light on the professional aspects of their engagements, challenging the misconception that all web and external infrastructure pentests are dull. They will illustrate how latent vulnerabilities in internet-exposed web servers can serve as entry points for malicious threat actors, including ransomware operators, into internal networks. Through demonstrations of tactics like pivoting and network tunneling, they will showcase how attackers navigate enterprise-grade safeguards. The presentation seeks to bridge the gap between security theory and practical reality, emphasizing the importance of understanding hackers' tactics.
Manish is a security consultant at MDSec. He is interested in web app sec and network Pentest, and has a love of developing vulnerable labs and web shell in his spare time.