Aakash Madaan

Aakash Madaan

Aakash is an aspiring Red Teamer associated with Ernst & Young (EY) India's Cyber security practice. He has been recognized by various companies for identifying and responsibly reporting critical vulnerabilities in their applications. Stood out as one of the top 15 researchers who identified and reported critical vulnerabilities to National Critical Information Infrastructure Proctection Centre (NCIIPC) for the First Quarter, 2021. He performed VAPT for large scale organisations and identified critical issues. He has contributed to a continuous automated VAPT platform leveraging several popular and commercial tools, this platform is currently deployed for large scale manufacturing organisations. His core skills involve Red Teaming on Active Directory Environments, VAPT for Web and Mobile applications, Social Engineering and Cloud Security Assessment. He is familiar with coding in Python, C, C++, Bash Scripting and JavaScript. He has published exploits for previously identified vulnerabilities on Exploit-DB. He currently holds "Guru" Rank at Hack The Box, an advanced network security simulation and training range. He has also trained several professionals from the Banking and Financial sector on Application Security.

Talk / Workshop
Description
Talk

h0neytr4p - How to catch the external threat actors with an easy to configure Honeypot.

Working for large clients, we realised that large enterprises don't have any mechanism to trap external threat actors primarily exploiting web vulnerabilities. They are still reliant on threat intel firms to block potential attacker IPs. Sure, there are honeypots but it's really hard and time taking to configure. The turnaround time for SOC teams to configure a honeypot for a recently disclosed vulnerability is very high, discouraging the use of the same. We aim to fix this by introducing a template based honeypot. Honeytrap is stateless, it understands patterns and it can be configured to catch complicated 0day or 1day vulnerability exploitation attempts within minutes. It empowers and encourages blue teams to put an active honeytrap network around the network which can be used to capture Indicators of compromise that can be used to block at the perimeter firewall. h0neytr4p comes in a light weight single binary deployment mode, takes either one or multiple templates as input and has csv output mode which can be easily piped onto custom tools. Currently, it supports HTTP only but the plan is to make it a unified platform that supports SSH, RDP or any other protocols spanning multiple scenarios.

Subscribe and get our news and updates.