Madhu is a security ninja, security and devops researcher with extensive experience in the industry ranging from client facing assignments building scalable and secure infrastructure, to publishing industry leading research to running training sessions for companies and governments alike.

Madhu’s frequently speaks and runs technical sessions at security events and conferences around the world including Defcon (26, 24), Blackhat USA 2018, USENIX LISA 2018, Appsec EU 2018, All Day DevOps (2018, 2017, 2016), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2018, 2017), Serverless Summit ToorCon, DefCamp, SkydogCon, NolaCon and null, etc. Madhu was a keynote speaker for the National Cyber Security conference at Dayananda Sagar College in Feb 2016

When he’s not working with Appsecco’s clients or speaking at events he’s actively involved in researching vulnerabilities in open source products/platforms such as WordPress, Ntop, Opendocman etc. and is also a contributing bug hunter with Code Vigilant (a project to Secure Open Source Software). His research has identified many vulnerabilities in over 200 organisations including US Department of Homeland Security, Google, Microsoft, Yahoo, Adobe, LinkedIn, Ebay, At&t, Blackberry, Cisco, Barracuda etc. He is also an active member with Bugcrowd, Hackerone, Synack etc.

Madhu has trained over 5000 people in information security for companies and organisations including the Indian Navy and the Ministry of e-services in a leading Gulf state. He is co-author of Security Automation with Ansible2 book published by Packt Publishing in December 2017, which is listed as a resource by the RedHat Ansible itself.

Publications

Details of my security advisories.

CONTINUE READING

Details of my security vulnerabilities acknowledgements.

CONTINUE READING

Projects

Ubercool Stuff

Hacked Emails

Command line utility for hacked-emails

Introduction to Containers

An Introduction to Containers using Docker and using it for Security Automation - null Bangalore Puliya

Awesome DevSecOps

An authoritative list of awesome devsecops tools with the help from community experiments and contributions. http://devsecops.org

Code Vigilant

Code Vigilant project is created out of the need to have a more secure open source software.

Docker Data Science ToolBox

Data Science Command Line Toolbox in a docker container

Markdown Automation

Automating Documentation, Presentation, Knowledge base using Markdown (Zero to Hero)

Security Automation with Ansible2

This repository contains all the code, playbooks, details regarding the book on Security Automation with Ansible2.

Windows CLI gems

wincmdfu project is for windows one line commands that make life easier, shortcuts and command line fu. This is combination of all tweets from @wincmdfu

Trainings

I deliver trainings on following courses

  • Secure DevOps
  • Cloud Security
  • Container Security
  • Automated Defence for AWS, Azure and GCP
  • Web Application Security Testing

Recent & Upcoming Talks

More Talks

Container Security Monitoring using Open Source
Oct 17, 2018 4:00 PM
Attacking & Auditing Docker Containers
Oct 30, 2018 4:00 PM
Attacking & Auditing Docker Containers Using Open Source
Aug 13, 2018 6:00 PM