Security consultant and researcher
Long experience in designing and implementation of security solutions, mainly oriented on web, mobile and embedded applications. Author of penetration testing tools, recognized by OWASP organization and BackTrack Linux distribution. Researching work includes discovery of vulnerabilities of numeral applications and services, and for these, author received public apreciations by Microsoft Company.
I want to show how simple it is to find META data with few lines of code. Also sometimes during pentests you need to make tools because so many limitations and this is the great way to learn some basics.
Some photos from phishing campaign takedown. I have coordinated with providers and CERT-s.
HTTP PARAMETER CONTAMINATION (HPC) original idea comes from the innovative approach found in HPP research by exploring deeper and exploiting strange behaviors in Web Server components, Web Applications and Browsers as a result of query string parameter contamination with reserved or non expected characters.
Real world examples: Bypass Mod_Security SQL Injection rule, Bypass URLScan 3.1 DenyQueryStringSequences rule
During year 2015, 2016 and 2017 NGO "Neutrinos Company" organized many Security and Privacy Workshops around Serbia (Kragujevac, Belgrade, Novi Sad). We cover basic themes like: privacy rights, ransomware and tools for protection in cyber world.
- Phishing campaign takedown
- Privacy Wars live from Serbia
- Red Flag Fraud Game
- Dodaci za bezbedno surfovanje Internetom
- Risk 2016
- SSL Monitor Web servisa Republike Srbije
- War Game @ Balkan Computer Congress
- Printer Security PIN Hardware Bruteforcer
- WMAT - Web Mail Auth Tool
- DFF (Default files and folders) Scanner
- Http Parameter Contamination
- Overview of Serbian banks security vulnerabilities
- Serbian banks owned by public documents
- Security Researcher Acknowledgments for Microsoft Online Services
- dotCMS Multiple Cross-Site Scripting Vulnerabilities
- Security and Privacy Workshops @ Neutrinos Company
- Hands on web hacking @ BalCCon 2k13
- Demonstration of system exploatation @ BISEC
- OWASP Evening #5
- Privacy on Internet @ Z-Day