Open in app

Sign in

Write

Sign in

Santosh Kumar Sha (@killmongar1996)
Santosh Kumar Sha (@killmongar1996)

1.98K Followers

Home

About

Jul 11

S3 Bucket Security Hardening Using SCP policy

Hi, everyone My name is Santosh Kumar Sha, I’m a Security researcher/ Security Engineer from India(Assam). In this article, I will be Demonstrating How I was able Hardened the S3 Bucket Security Using SCP policy to reduced the impact and Blast Radius during an Security event or During any Hacked happened. SPECIAL Note: This…

Aws Cloud Security

6 min read

S3 Bucket Security Hardening Using SCP policy
S3 Bucket Security Hardening Using SCP policy
Aws Cloud Security

6 min read


Mar 21

How I got access to Essilor International company customer PII INFO by AWS metadata access through SSRF

Hi, everyone My name is Santosh Kumar Sha, I’m a security researcher from India(Assam). In this article, I will be describing How I was able Find multiple SSRF with aws metadata access ON a Essilor International company System and Get access to there production server. I am now offering 1:1 sessions to…

Penetration Testing

4 min read

How I got access to Essilor International company customer PII INFO by AWS metadata access through…
How I got access to Essilor International company customer PII INFO by AWS metadata access through…
Penetration Testing

4 min read


Published in

InfoSec Write-ups

·Aug 28, 2022

Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaborator

Hi, everyone My name is Santosh Kumar Sha, I’m a Security Researcher/Ethical Hacker from India(Assam). In this article, I will be describing How I found Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaborator I am now offering 1:1 sessions to share my knowledge and expertise: topmate.io/santosh_kumar_sha SPECIAL Note: …

Hacking

4 min read

Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaborator
Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaborator
Hacking

4 min read


Aug 28, 2022

How I found reflected XSS on IDFC Bank with burp-suite Intruder

Hi, everyone My name is Santosh Kumar Sha, I’m a Security Researcher/Ethical Hacker from India(Assam). In this article, I will be describing How I found reflected XSS on IDFC Bank with burp-suite Intruder. I am now offering 1:1 sessions to share my knowledge and expertise: topmate.io/santosh_kumar_sha SPECIAL Note: Don’t go outside test…

Ethical Hacking

4 min read

How I found reflected XSS on IDFC Bank with burp-suite Intruder
How I found reflected XSS on IDFC Bank with burp-suite Intruder
Ethical Hacking

4 min read


Jun 14, 2022

Automating reflected XSS with burp-suite Intruder

Hi, everyone My name is Santosh Kumar Sha, I’m a Security Researcher/Ethical Hacker from India(Assam). In this article, I will be describing how i found multiple reflected XSS using burp-suite intruder. I am now offering 1:1 sessions to share my knowledge and expertise: topmate.io/santosh_kumar_sha SPECIAL COVID-19 Note: Don’t go outside without any reason…

Burpsuite

4 min read

Automating reflected XSS with burp-suite Intruder
Automating reflected XSS with burp-suite Intruder
Burpsuite

4 min read


Dec 25, 2021

HOW I Found 17 Critical and Medium Security Bug on INDUSIND Bank along AWS Metadata access

Hi, everyone My name is Santosh Kumar Sha, I’m a Security Researcher/Ethical Hacker from India(Assam). In this article, I will be describing HOW I Found 16 Critical and 1 Medium Security Bug on IndusInd Bank like SSRF aws Full access. I am now offering 1:1 sessions to share my knowledge…

Bug Bounty

5 min read

HOW I Found 17 Critical and Medium Security Bug on INDUSIND Bank along AWS Metadata access
HOW I Found 17 Critical and Medium Security Bug on INDUSIND Bank along AWS Metadata access
Bug Bounty

5 min read


Dec 25, 2021

How I got access to Maxlifeinsurance insurance company customer PII INFO by AWS metadata access through SSRF

Hi, everyone My name is Santosh Kumar Sha, I’m a security researcher from India(Assam). In this article, I will be describing How I was able Find multiple SSRF with aws metadata access ON a Maxlifeinsurance insurance company System and Get access to there production server. I am now offering 1:1 sessions to…

Bug Bounty

5 min read

How I got access to Maxlifeinsurance insurance company customer PII INFO by AWS metadata access…
How I got access to Maxlifeinsurance insurance company customer PII INFO by AWS metadata access…
Bug Bounty

5 min read


Dec 24, 2021

Exposing Millions of Investor and Startup Register details and PII INFO in STARTUPINDIA (Govt of INDIA).

Hi, everyone My name is Santosh Kumar Sha, I’m a security researcher from India(Tinsukia, Assam). In this article, I will be describing how I was able to access million of startup register details by SSRF aws metadata exploitation. I am now offering 1:1 sessions to share my knowledge and expertise: …

Pentesting

6 min read

Exposing Millions of Investor and Startup Register details and PII INFO in STARTUPINDIA (Govt of…
Exposing Millions of Investor and Startup Register details and PII INFO in STARTUPINDIA (Govt of…
Pentesting

6 min read


Dec 9, 2021

Exploiting S3 bucket with path folder to Access PII info of A BANK

Hi, everyone My name is Santosh Kumar Sha, I’m a security researcher from India(Assam). In this article, I will be describing How I Exploiting S3 bucket with path folder to Access PII info of A BANK using AWS cli . I am now offering 1:1 sessions to share my knowledge and expertise: …

Bug Bounty

6 min read

Exploiting S3 bucket with path folder to Access PII info of A BANK
Exploiting S3 bucket with path folder to Access PII info of A BANK
Bug Bounty

6 min read


Aug 14, 2021

Finding multiple SSRF with aws metadata access on A BANK system

Hi, everyone My name is Santosh Kumar Sha, I’m a security researcher from India(Assam). In this article, I will be describing How I was able Find multiple SSRF with aws metadata access ON a BANK System and Get access to there production server. I am now offering 1:1 sessions to…

Bug Bounty

4 min read

Bug Bounty

4 min read

Santosh Kumar Sha (@killmongar1996)

Santosh Kumar Sha (@killmongar1996)

1.98K Followers

Cloud Security |Security Researcher |Pentester | Bugbounty hunter|VAPT | Pentration tester | CTF player | topmate.io/santosh_kumar_sha

Following
  • Ahmad Halabi

    Ahmad Halabi

  • Chris Gethard

    Chris Gethard

  • Orwa Atyat

    Orwa Atyat

  • Larry Kim

    Larry Kim

See all (6)

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams