Sanjay Gondaliya is the IT professional since 2012 who loves to find, analyze and do reserach around vulnerability analysis and penetration testing.
As a trainer he is passionate about learning the in depth analysis of vulnerability.
Being a Software developer in past, He always include automation to do his works smartly and within limited time.
In his free time he watch movies.
Master in Computer Application, 2012
Gujarat Technological University
Bechlor of Commerce, 2009
Gujarat University
Responsibilities include:
Training
Pentesting
Web Application Penetration Testing
API Penetration Testing
Mobile Penetration Testing
Desktop Application Penetration Testing
Secure Code Review
Blogger
Developer
Recruiter
Responsibilities include:
Pentesting
Web Application Penetration Testing
API Penetration Testing
Mobile Penetration Testing
Provide the guidance to the developer to create the secure application.
Responsibilities include:
Pentesting
Web Application Penetration Testing
API Penetration Testing
Mobile Penetration Testing
Desktop Application Penetration Testing
Secure Code Review
Developer - Team Lead
Recruiter
Delivered the in Person training at BlackHat Europe 2023
Delivered the in person training at BlackHat USA 2023
Delivered the in Person training at BlackHat Asia 2023
Delivered the in Person training at BlackHat Europe 2022
Delivered the virtual training at BlackHat USA 2022
Are you ready to dive into the fascinating world of Flutter and take control of your Android app’s traffic? Look no further! In this blog, we’ll embark on an exciting journey as I walk you through the simple yet powerful steps to capture the heartbeat of your Flutter-based Android application installed on the Android Studio emulator. The entire thing devided in 3 parts Configure the Proxy in Your Android Studio Emulator Capture the Sequence Bytes of “ssl_verify_peer_cert” Function Change the Return Value of “ssl_verify_peer_cert” to True Using Frida Configure the Proxy in Your Android Studio Emulator To set up the proxy in the Android Studio emulator, the initial step involves installing the Burp certificate directly into the emulator.
In this blog, I and Amish have explained how we can capture any application network traffic in Android Studio Emulator. To begin, export the Burp certificate in the ‘DER’ format and save it to the base system, as illustrated in the following figure: Next, utilizing OpenSSL, convert the DER file to a PEM file. Afterward, rename the PEM file with the certificate hash and proceed to push the certificate to the emulator’s ‘/sdcard’ folder, as depicted in the figure below:
In this blog post, I have explained how pentesters can benefit from a good understanding of cryptography and potential weaknesses in its implementation. In particular, he talks about how to exploit ECDSA to perform a nonce reuse attack.
More information: https://notsosecure.com/ecdsa-nonce-reuse-attack
In this blog post, I have described how I got around every necessary check to conduct API/dynamic testing on an Android application.
More information: https://notsosecure.com/bypassing-hardened-android-applications
In this blog, I have explained the workings of ECDSA sign and verification. To understand this, we first require the knowledge about basic concept of cryptography. If you know the concept, then you can jump to ECDSA explanation. Disclaimer: The information provided in this blog post about the working of ECDSA signing and verification is explained to the best of my knowledge and is the result of thorough research from various reliable sources.
The tool is used to accumulate the secret keys / secret materials related to various web frameworks, that are publicly available and potentially used by developers. These secrets will be utilized by the Blacklist3r tools to audit the target application and verify the usage of these pre-published keys exploit it further.
Presented on how the padding oracle attack works under the hood.
The android application analyzer is the GUI to do the process of static analysis during the android application penetration testing with single-click support of jd-gui, apktool, MobSF, frida script hook and android logcat.
Basic components and terminology used in Blockchain
It’s command line python based tool which can be used to import multiple keys and encrypt the specific file using specificied recipient, recipient belongs to specific organization or recipient belongs to specific multiple organization.
It’s Web Interface to generate payload using various deserialization exploitation framework.
The tool is used to analyze the content of the android application in local storage.
The goal of this project is to accumulate the secret keys / secret materials related to various web frameworks, that are publicly available and potentially used by developers.
Collection information about Organization like IP Ranges, Subdomains and Operations on Subdomains.
An undisclosed link on the BIG-IP APM virtual server allows a malicious user to build an open redirect URI.