About Research and Publications

Author: ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit - September 2021

https://github.com/bhdresh/CVE-2021-33766-ProxyToken

Author: A security flaw in WhatsApp leaks IP addresses - July 2021

https://techbriefly.com/2021/07/14/this-security-flaw-in-whatsapp-could-leak-your-ip-address/

https://newsbeezer.com/colombiaeng/the-latest-version-of-whatsapp-can-filter-the-public-ip-of-anyone-who-answers-a-call/

Author: ManageEngine ADSelfService Build prior to 6003 - Remote Code Execution - 8th August 2020

https://its.ny.gov/security-advisory/vulnerability-zoho-manageengine

https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6003-release-faceid-support

https://www.exploit-db.com/exploits/48739;

Author: Wolters Kluwer TeamMate+ version 3.1 with internal version 21.0.0.0 suffers from a cross site request forgery vulnerability - 2nd September 2019

https://packetstormsecurity.com/files/154294/Wolters-Kluwer-TeamMate-3.1-Cross-Site-Request-Forgery.html;

Armory Speaker: Dejavu – Deception Simplified - 27th November 2018

https://conference.hitb.org/hitbsecconf2018dxb/hitb-armory/

Speaker: DejaVu: An Opensource Deception Framework - 31st August 2018

https://null.co.in/event_sessions/2138-dejavu-an-opensource-deception-framework

Demo Labs Speaker: DejaVU—An Open Source Deception Framework - 12th August 2018

https://www.defcon.org/html/defcon-26/dc-26-demolabs.html

Arsenal Speaker: DejaVu: An Open Source Deception Framework - 8th August 2018

https://www.blackhat.com/us-18/arsenal.html#bhadreshkumar-patel

Author: Discovered vulnerability in Microsoft Skype. - June 2018

https://www.microsoft.com/en-us/msrc/researcher-acknowledgments-online-services-archive

Speaker: Social Engineering Payloads - 17th November 2017

https://null.co.in/event_sessions/1718-social-engineering-payloads

Author: Sophos Cyberoam with firmware versions 10.6.4 and below suffer from a cross site scripting vulnerability - 7th June 2017

https://www.exploit-db.com/exploits/42062

Author: Microsoft Word RTF remote code execution proof of concept exploit - 17th April 2017

https://www.exploit-db.com/exploits/41894

Speaker: Bypassing AV & Application Whitelisting - 26th August 2016

https://null.co.in/event_sessions/970-bypassing-av-application-whitelisting

Author: NetCommWireless HSPA 3G10WVE suffers from authentication bypass and remote code execution vulnerabilities - 3rd May 2016

https://cxsecurity.com/issue/WLB-2016050006

Author: D-Link DIR-816L suffers from a cross site request forgery vulnerability - 16th November 2015

ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF

Author: HotExBilling Manager version 73 suffers from a cross site scripting vulnerability - 6th April 2015

http://packetstormsecurity.com/files/131297/HotExBilling-Manager-73-Cross-Site-Scripting.html

Author: Ammyy Admin - Hidden hard-coded option and Access Control vulnerability - 19th Jan 2014

https://www.securityfocus.com/archive/1/530827/30/0/threaded

Author: SynConnect suffers from a remote SQL injection vulnerability - 26th March 2013

http://www.exploit-db.com/exploits/24898

Author: Orbit Downloader versions causing massive SYN flooding - 25th July 2013

https://cxsecurity.com/issue/WLB-2013070198

Author: Cyberoam Finds Flaw in Facebook Authorization Likely to Trigger Malicious Attacks - 20th June 2013

https://www.businesswire.com/news/home/20130620005988/en/Cyberoam-Finds-Flaw-Facebook-Authorization-Trigger-Malicious

Author: Bitcoin malware not just limited to Skype and Bitcoin mining - 16th April 2013

https://www.cmo.com.au/mediareleases/16175/bitcoin-malware-not-just-limited-to-skype-and/