Today’s issue almost didn’t get written. The reason being I got lazy brain. Took all my training and practice to write the issue. Curious to know how I overcame this sudden bout of laziness and procrastination? Read on.

I am very clear that I want to send out this newsletter before 8 pm every Sunday.

Roughly this is what I do to make sure this gets done

  1. Write rough notes in Google Keep by Friday
  2. Write the post in Google docs/OpenOffice Writer by Saturday afternoon
  3. Remove parts that are too wordy, too abstract and replace them images made in excalidraw

Photo by Kinga Cichewicz on Unsplash

All of you need to be aware of burning out while working from home

Since the lines between home and work are blurred you may not realise it but you may be overworking yourself.

Some of the symptoms (not medical opinion) may include

  1. In the morning when it is time to start work, you don’t feel energetic. Instead you feel lethargic or slow. You may mistake it to think you are being lazy.
  2. By the time you finish work for the day, you just feel like sleeping and can’t even keep your eyes open. Instead of relaxing by playing a game or watching TV or working out or talking to your loved ones

If…


Security training on attack and defence in the AWS Cloud —Covering Beyond OWASP Top 10

Chaining application security vulnerabilities to go beyond OWASP Top 10

Please Note — Our first public batch of this training will be at Troopers20

Sign up | More information about the courseware

No matter where you are, you are probably interacting with applications and services hosted in the AWS Cloud. Not only the public infrastructure as a service (IaaS) cloud from Amazon is the most popular and used by the technical world, they keep adding new features year after year.

In our company every second application or product we end up doing security testing for is hosted in AWS. Over time we have realised that while most of the security…


Can someone design a nice logo for us?

After making a blockbuster entry at nullcon2017, HackersInSight is back

Panel Venue — Ballroom B+C on 2nd March at 4:45 PM

https://nullcon.net/website/goa-2018/schedule.php#conferenceDay2

If you attended the panel at nullcon last year, you know what a great session that was. If you are planning to be at nullcon again this year, you will be mighty pleased to know the session is definitely happening and we will share all the details here in this post.

A few photos from last year’s session


Using Google Cloud Platform to store and query 1.4 billion usernames and passwords

How we used GCP to search massive data breach dump and how you can set it up too.

NOTE: If you plan to follow this blog post and set this up, you should understand that you may incur some charges for usage of your Google Cloud Platform resources.

Recently it came to our attention that there was a combined password dump which contained passwords cracked to plaintext.

The dump, said to be one of the largest, was 42 GB in size. That is a lot of usernames and passwords! Woah!

The username and password dump came conveniently sorted alphabetically and with simple scripts to query for email addresses. It also had scripts to count the total number of entries etc. On any decent laptop/virtual machine with an SSD, the query time is mere 4–5 seconds. But we wanted to do dig a bit deeper. …


If you are an audience of nullcon, you would have definitely heard of Hackers. You may have heard of many things about us, some true some maybe not.

So a bunch of us decided that it was time to meet you face to face in real life, so that

  • We can be in your sight and you can form your own opinions & judgements about us
  • And, we can share our insights about a variety of security related topics

Why are we doing this?

  1. We are a bit sick of all the incredibly naive and inaccurate perceptions that have been built about the hacker community


We are conducting our sold out nullcon Training to Bangalore on the 13th, 14th and 15th October 2016.

We have added an extra day, complete for how does one detect vulnerabilities. Imagine learning about how to detect over 40+ vulnerabilities in a day and then using that knowledge to play a realistic war game!

Features of the training

Detect, Identify and Exploit

Learn how to detect issues, identify vulnerabilities and exploit them. Learn the tools to use, how to script the attacks and more.

Now with full day of detecting 40+ vulnerabilities including OWASP Top 10

Hands-On with training wheels

The training is fully hands-on and you get to take back all…


Building websites is easy. Building insecure websites is easy. Building secure websites can be easy as well. But it requires one basic behaviour change that most of you will find dis-concerting. There are many many things to take care of while building applications but lets start with 10 that will give a head-start in securing your applications.

  1. Don’t trust any data that comes from a form submission
  2. Don’t trust any data from a drop down box or Using drop down boxes securely
  3. When allowing uploading of files, always check the type of file on server side
  4. Any file that is…

Akash Mahajan

Author Burp Suite Essentials;Co-Founder+Director — http://appsecco.com , Community Manager @ null0x00; Ex-Chapter Lead OWASP BLR

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store