Shuvo Bardhan
Head of Research And Development
Zeron
Shuvo Bardhan is the Head of R&D at Zeron (Teamcognito Solutions Pvt. Ltd.). Computer Scientist at NIST for almost five years. Passionate about cybersecurity risk estimation, offensive security research, and cyber security insurance.
Speaker sessions
VSXPLOIT : Weaponizing Remote Dev Tunnels for Red Team Operations
This talk presents VSXPloit, the first publicly available framework that:- Automates Remote Tunnel exploitation, eliminating the need for manual setup and reverse connection via other mediums for exploitation.- Generates payloads that establish tunnels stealthily across Windows and Linux environments.- Exfiltrates tunnel/session details into GitHub repositories, leveraging trusted infrastructure for communication.- Customizable to match further updates and needs for red teamers with friendly YAML based templatesBy chaining Remote Tunnel abuse with GitHub as a covert exfiltration medium, VSXPloit enables stealthy red team operations that blend into normal traffic. The talk will cover:- How VS Code Remote Tunnels work and where the blind spots lie.- How VSXPloit automates payload generation and tunnel setup.- Demonstrations of cross-platform exploitation.
- 13:00
- Tue
- 02 Dec
Stage:
Arsenal 2
Sessions Type:
Demo
HardPwn: Automated Hardware Exploitation Toolkit
HardPwn is a purpose-built hardware exploitation platform crafted for intermediate and advanced hardware hackers who want to push embedded devices, PCBs, and IoT gadgets to their limits. The toolkit elevates low-level hardware reconnaissance by automatically probing SPI, UART, I2C, and JTAG interfaces, performing chip-level reconnaissance where possible, executing NAND glitching on non-BGA chips, and dumping firmware—all with minimal setup. By automating over 90% of typical test cases, HardPwn transforms what traditionally takes months of manual exploration into a matter of hours.
- 14:00
- Wed
- 03 Dec
Stage:
Arsenal Lab
Sessions Type:
Demo
IPTI - IP Threat Intelligence
Every device connected to the internet is inherently tied to an IP address— a unique numerical identifier assigned to each device within a computer network. In real-world scenarios, especially during product development, integration with third-party services often requires IP whitelisting to allow access to internal systems. However, this practice introduces security risks, making it imperative for security engineers to audit and validate the IP address reputation beforehand.While several trusted threat intelligence platforms such as VirusTotal, AbuseIPDB, AlienVault, and ThreatBook provide IP reputation services, relying on a single source is often insufficient due to inconsistent or outdated data. To overcome these limitations, IPTI – IP Threat Intelligence Tool was developed. IPTI aggregates reputation data from multiple reputable sources and enriches the analysis with additional context such as open port detection, server metadata, privacy indicators, and PTR record evaluation. These insights are then synthesized into a comprehensive risk-based scoring system, providing a more accurate and actionable assessment. IPTI is designed to be a practical and customizable tool to support security engineers in network access control and threat validation.
- 14:40
- Wed
- 03 Dec
Stage:
Arsenal 2
Sessions Type:
Demo
HardPwn: Automated Hardware Exploitation Toolkit
HardPwn is a purpose-built hardware exploitation platform crafted for intermediate and advanced hardware hackers who want to push embedded devices, PCBs, and IoT gadgets to their limits. The toolkit elevates low-level hardware reconnaissance by automatically probing SPI, UART, I2C, and JTAG interfaces, performing chip-level reconnaissance where possible, executing NAND glitching on non-BGA chips, and dumping firmware—all with minimal setup. By automating over 90% of typical test cases, HardPwn transforms what traditionally takes months of manual exploration into a matter of hours.
- 16:00
- Thu
- 04 Dec
Stage:
Arsenal Lab
Sessions Type:
Demo