Nikhil Mittal

My talk at DEFCON 27 on abusing ACLs and Security Descriptors in Active Directory for domain dominance.

My talk at BruCON 2018 about using decoy AD objects for easy deception in Active Directory.

The talk I gave at ITDefense 2018 on how PowerShell is useful for Blue Teams.

An updated talk I gave at BruCON 2017 on bypassing Microsoft Advanced Threat Analytics (ATA). I demonstrate techniques to bypass, avoid and attack ATA in this talk.

The talk I gave at 44CON 2017 on identifying and targeting Microsoft Advanced Threat Analytics (ATA)

The talk I gave at Black Hat USA 2017 on bypassing Microsoft Advanced Threat Analytics (ATA). I demonstrate techniques to bypass, avoid and attack ATA in this talk.

Talk at x33fcon 2017 where I discuss use of PowerShell for Purple Teaming.

A detailed discussion on detection capabilities of Microsoft Anti Malware Scan Interface (AMSI). The talk have live demonstrations on how AMSI improves security of Windows 10 boxes and how it can be bypassed and avoided.

In this talk I discuss and demonstrate practical security risks posed by various CI tools to an enterprise network.

The talk I gave at Deepsec 2014. It is about using PowerShell for Client Side Attacks like forged attachments and phishing.

The talk I gave at Defocn 21 about Powerpreter, a post exploitation tool written in powershell.

The talk I gave at RSA China. It was about using USB HID to hack Windows 8 and Mac OS X Mountain Lion.

I talked about my two open source projects, Kautilya and Nishang at Black Hat USA. Nishang was demonstrated at the BHUSA Arsenal.

The workshop I did at PHDays, Moscow. It was all about using HIDs in Penetration Tests.

A presentation I gave at Troopers'12. This featured some never seen before payloads for breaking into Linux using a Teesny device.

This was a workshop I coduncted at Black Hat Europe'12. The workshop explains how to program a USB HID, Teensy in this case, for usage in offensive security.

This was my presentation at Black Hat Europe'12. This showcased improvements and some new neat attack vectors added to Kautilya.

A paper which I presented at Black Hat Abu Dhabi. In this paper a toolkit called Kautilya was introduced which aims to make pwmage easier in Penetration Tests using Teensy. Kautilya is free and open source and can be downloaded from http://code.google.com/p/kautilya/

Maareech is a PoC malware which is a combination of Teensy. Powershell scripts and executables. With limitations, this can be used as an autmoated Windows Domain takeover tool. It is an automated tool which if connected to a system in Win environment provides access to all systems in that domain.

A talk by me which highlighted usage of Teensy in a Penetration test. it included overview of current status of Penetration Test and usage of Teensy for various PT activities.

Presentation detailing a Pen Test story of highly secure environment. The client environment was totally compromised which was secure by (almost) all industry standards and no detection of intrusion was traced.

My research on Vxworks vulnerabilities which were made public by HD Moore. The paper detailed an in depth assessment of 'Indian Cyberspace' which included scanning of nearly 2.7 million IP addresses and analysis of thousands of devices. Details were shared in a short format with CERT-In, but a reply was never received.