Crypto for Bounty Hunters


Duration: 11:30 AM to 01:00 PM Lunch Break 02:00 PM to 03:30 PM

Bug bounty is one of the common platform for security researchers to learn and earn more. There are researchers out there who sometimes miss certain domains and cryptography is one such domain which should never be forgotten. The session will talk about the basics of cryptography that a bug bounty hunter has to focus on to find cryptography related flaws. The audience will learn about how a simple cryptography flaw, once ignored, can be manipulated into a vulnerability. The audience will also get to know some common cryptography based exploits to achieve bounties. Meanwhile, the audience will also learn about different vulnerabilities and their exploitations with the help of some exercises that will be provided to them along with the explanation of each vulnerability.

Some of the vulnerabilities which will be covered are:

  • JWT misconfigurations
  • openssl based flaws
  • Oracle Padding
  • cbc-ecb mode
  • weak ssl ciphers
  • Heartbleed
  • many more...
The targeted audience is someone who has some basic knowledge in web application security along with having some enthusiasm to learn something different. "

About Trainer :

The speaker holds a Master of Science Degree in Computer Applications(MSc(CA)) from Symbiosis International University, with experience in working on blockchain technologies and conducting security reviews for Web and mobile applications, and Ethereum based Smart Contracts in her previous role as an Information Security Consultant and research intern. Currently she is independently researching on Ethereum Based Smart Contracts alongside working as a Web Application Security Analyst with the WAF Research team at Qualys. She is also the Pune Chapter Lead for the Infosecgirls community and also one of the lead for WomenWhoCode in Pune. She has also presented at conferences such as Owasp Seasides 2019, Bsides Singapore 2019, Webinars, Cyberfrat and Null Meets.