In this video I shared my 10 most favourite Google Chrome Dev Tool features, That I believe all BugBounty hunters / Penetration testers must know and should be using on a day to day basis.
Debasish Mandal's Blog
Breathing for fun since 1989.. Breaking things to live since ~2009..
Saturday, November 21, 2020
Monday, October 19, 2020
[Video]Building a Machine Learning Based Web Application Firewall/Intrusion Prevention System From Scratch
Recently I started to play around with some machine learning stuffs, and I decided to build a small project related to cyber security. So, I decided to build a Machine Learning based Web Application firewall.
Disclaimer: I’ve worked on web application security for a few years; however, this subject (machine learning) is completely new to me. Just because I make a video guides, doesn't mean I know everything, please feel free to correct me if I'm wrong at any point. Full series here :
I've used pycaret library to develop this IPS from scratch. Here is the summary of what it does
1. A proxy intercepts all HTTP request any server.
2. An web application security scanner is fired against a dummy web application
3. The scanner ran in two modes – Crawling Mode and Scanning Mode.
4. The Intercepting proxy logs all the HTTP request generated by the scanner. The crawling and scanning http log exported from the proxy.
5. A python script parse all http request logs and extracts several features form the raw request. Those features will be used to tarin the model.
6. The exported feature data then fed to kmean’s clustering model for training. We choose to create two clusters. One for good requests and one for bad request.
7. Once the model is trained its deployed and integrated with HTTP proxy in real time.
8. From the live data the IPS tries to detect if any request falls in good cluster and bad cluster and alert user.
Wednesday, August 19, 2020
Beginner's Guide to DFIR/Threat Hunting with VirusTotal Video Series
VirusTotal intelligence allowes threat researchers to search VirusTotal's dataset for malware samples, URLs, domains and IP addresses according to binary properties, antivirus detection verdicts, static features, behavior patterns such as communication with specific hosts or IP addresses, submission metadata and many other notions. Pinpoint files similar to your suspect being studied. Samples matching search criteria can be downloaded for further study.
In this video tutorial series I tried to explain how virus total can be used effectively to hunt threats from wild. This tutorial has following chapters.
- An Introduction to VirusTotal
- Introduction to VT Intelligence
- VT Tags & AND OR NOT Search Operators
- Behaviour Based Search Modifiers
- Live/Realtime Threat Hunting with Yara Rules
- Basics of Incident Correlation with VT Graph
Tuesday, August 4, 2020
IDA Pro Video Tutorial Series for Vulnerability Researchers & Reverse Engineers[Beginners]
IDA Pro is a disassembler. A disassembler like IDA Pro is capable of creating maps of their execution to show the binary instructions that are actually executed by the processor in a symbolic representation called assembly language.
I recently started a new video tutorial series on IDA Pro for beginner reverse engineers and vulnerability researchers in specific.
So far the i've covered follwing topics: The entire playlist can be found here.
- Reverse Engineering Tutorial with IDA Pro – An Introduction
- Reverse Engineering with IDA Pro – Fixing/Rebuilding Structure/Structs (Pseudocode)
- C++ Reverse Engineering with IDA Pro – Rebuilding virtual function table (vftable)
- Reverse Engineering with IDA Pro – Function Cross Reference & Proximity Browser
- Reverse Engineering IDA Pro – How to do Binary Diffing - Patch Analysis
- Reverse Engineering IDA Pro- Code Coverage Measurement with Dynamo Rio & Lighthouse
Just because I make a video guides, doesn't mean I know everything, please feel free to correct me if I'm wrong at any point :-) I will be more than happy to learn from you :)
Monday, July 20, 2020
[Video]Virtual Machine Detection using JavaScript | Malware | Browser Exploit
Friday, July 17, 2020
[Video]Reflective Dll Injection Explained in 10 Minutes Malware Techniques
Monday, July 13, 2020
Dll Injection Explained in 10 Minutes | Video Tutorial | Basic Malware Techniques Simplified
Friday, July 3, 2020
My First $15,000 Microsoft Windows Insider Preview Bug Bounty | How to Get Started
Saturday, June 27, 2020
Dynamic Binary Instrumentation(DBI)Tutorial with Intel PIN for Reverse Engineering Video
In this video live workshop we discussed various featues of Intel PIN Tool. The playlist is available here.
Monday, June 22, 2020
Fixing Windbg Broken Stack Trace using Fake Debugging Symbol Exported From IDA Pro.
Frida Video Tutorial Series for Reverse Engineers
The playlist is availble here
- Frida Tutorial for Reverse Engineers 1 of 10: Installing Frida on Windows
- Frida Tutorial for Reverse Engineers 2 of 10: Instrumenting Your First Windows API with frida-trace
- Frida Tutorial for Reverse Engineers 3 of 10: Setting up Frida on Android for Instrumentation
- Frida Tutorial for Reverse Engineers 4 of 10: Getting Your hands Dirty with Frida's Python Binding
- Frida Tutorial for Reverse Engineers 5 of 10: Measuring Code Coverage of a Binary
- Frida Tutorial for Reverse Engineers 6 of 10: Instrument Unexported Functions using Debugging Symbol
Video Tutorial Series on Python Winappdbg for Reverse Engineers
The playlist is available here
- Python Winappdbg Tutorial for Reverse Engineers 1 of 20: : Installing Winappdbg on Windows Platform
- Python Winappdbg Tutorial for Reverse Engineers 2 of 20: Launching Your First App under Debugger
- Python Winappdbg Tutorial for Reverse Engineers 3 of 20: Attaching to Existing Process
- Python Winappdbg Tutorial for Reverse Engineers 4 of 20: Handling Debug Events
- Python Winappdbg Tutorial for Reverse Engineers 5 of 20: Setting Breakpoints
- Python Winappdbg Tutorial for Reverse Engineers 6 of 20: Accessing Registers
- Python Winappdbg Tutorial for Reverse Engineers 7 of 20: Reading Writing Process Memory
- Python Winappdbg Tutorial for Reverse Engineers 8 of 20: Enumerating Process Thread & Loaded Module
- Python Winappdbg Tutorial for Reverse Engineers 9 of 20: Hooking Windows API
- Python Winappdbg Tutorial for Reverse Engineers 10 of 20: Exception (Crash)Handling within Debuggee
- Python Winappdbg Tutorial for Reverse Engineers 11 of 20: Writing Your First Mutation Fuzzer - I
- Python Winappdbg Tutorial for Reverse Engineers 12 of 20: Writing Your First Mutation Fuzzer - II
There will be around 20 videos in this series , I've uploaded first 12 of it. If you find it helpful, you can show some support by subscribing to this channel.
Wednesday, August 8, 2018
Ranked #32 in Microsoft’s Top 100 Security Researchers - BlackHat USA 2018
In 2018 I ranked #32 for reporting issues is Microsoft Edge and Office
Great to see @thezdi contributors and researchers on the MSRC Top 100 list! pic.twitter.com/TmDDiOlfL5— AbdulAziz Hariri (@abdhariri) August 8, 2018
Thank you @msftsecresponse for this one!! 😍 pic.twitter.com/HuhD4nWzVO— Debasish Mandal - দেবাশীষ 🇮🇳 (@debasishm89) July 9, 2019
Friday, March 9, 2018
The Art of Large Scale Cumulative Binary Diffing
In 2017 December I've delivered a talk at BlackHat Europe where I've showcased many patched vulnerabilities in VMWare workstation, mostly identified using binary patch diffing different releases of VMWare workstation.
Performing BinDiffing on a huge software is very challenging specially when affected components are not known. Let's take the example of VMWare workstation. If we unpack VMWare workstation installer we find nearly 300 binary files. Among these huge number of binary files, finding the components on which security fixes were applied is very difficult and time consuming. Especially for my VMWare research I had to do this on a cumulative basis because I had to analyze each and every released security patches of last one year. Following screenshots lists out VMWare workstation releases and their version details.
To be able to identify the components modified in each workstation release and to understand the modification logic, we had to perform binary diffing like this
Manually Unpacking The Installer
Introducing MassDiffer
- IDA Pro idaq.exe & idaq64.exe
- Zynamics Binexport
- BinDiff - differ.exe & differ64.exe
2. The program traverses two directories, tries to find out files which can have binary code and create a mapping between the old version and new version of the file.
3. After the mapping is created it checks if the binary image version has changed in the new release or not. If binary images are identical in both the releases nothing will be done to those files.
4. Next, if it finds any change in binary image file version it process them. First it generates set of IDB files for both old and new version.

Source Code :
Source code is available at https://github.com/debasishm89/MassDifferReactions: |
Sunday, December 10, 2017
My BlackHat Europe 2017 Talk: THE GREAT ESCAPES OF VMWARE
Talk Abstract
Slides:
References:
- https://www.blackhat.com/eu-17/briefings.html#the-great-escapes-of-vmware-a-retrospective-case-study-of-vmware-g2h-escape-vulnerabilities
- https://www.blackhat.com/docs/eu-17/materials/eu-17-Mandal-The-Great-Escapes-Of-Vmware-A-Retrospective-Case-Study-Of-Vmware-G2H-Escape-Vulnerabilities.pdf