[EN] Hacking 50 million users using 123456

The talk will revolve around a 200day+ hack authorised by a VC on its investments as a black box red teaming where we will show some interesting business logic bypasses on payment gateways etc, patching well known tools to return more juice, bland server misconfiguration case studies, network hopping, pivoting, escalations, SQL data exfiltration and many other techniques that led us to the data of over 6 firms under the VC housing ~50 Million users. Bonus case studies collected when red-teaming a billion dollar pharmaceutical firm including the testing of Scientific Data Management Systems and Electronic Lab Notebooks where we could, in fact, reconfigure chemical formulas and sampling devices. Our journey of Pre-GDPR Carnage as red-teamers with a license to kill.

About Himanshu Shamra @Himanshu_hax

Listed in Apple, Google, Microsoft, Facebook,Uber etc Speaker at Botconf'13,Confidence 2018,RSA Singapore 2018,IEEE Conference & TedX. Also authored two books titled "Kali Linux - An Ethical Hacker's Handbook" & "Hands On - Red Team Tactics"

About Aman Sachdev