Sandeep Kamble (sensfrx.ai)
LightNews LightNews
sandeepk.bsky.social
Sandeep Kamble (sensfrx.ai)
@sandeepk.bsky.social
9 followers 7 following 31 posts
Posts Replies Media Videos
sandeepk.bsky.social
the entrepreneur track stole the show hands down the best talks I’ve seen on entrepreneurship.

BSides 0x05 💜 @BSidesNYC

Next stop, Austin back home, I'll be speaking at Lascon 2025: lnkd.in/g9FKKPKe #BSidesNYC
October 18, 2025 at 8:12 PM
sandeepk.bsky.social
NAT, firewalls, MFA all in place. Yet, I got in and walked away with sensitive data.

www.linkedin.com/posts/sandee...?
Sandeep Kamble on LinkedIn: #redteam
NAT, firewalls, MFA all in place. Yet, I got in and walked away with sensitive data. BACKGROUND: Security is often seen as a stack of technologies—firewalls,…
www.linkedin.com
February 14, 2025 at 1:07 AM
sandeepk.bsky.social
Recently, started focusing on selling before building.

My notes from the #book "the mom test" by Rob Fitzpatrick
December 30, 2024 at 4:51 AM
sandeepk.bsky.social
7 Vulnerabilities with high Severity that captured attention in 2024 from SecureLayer7 research. What are they?

www.linkedin.com/posts/sandee...
Sandeep Kamble on LinkedIn: Unauthenticated RCE in Adobe Coldfusion - CVE-2023-26360
7 Vulnerabilities with high Severity that captured attention in 2024 from SecureLayer7 research. What are they? BACKGROUND: At SecureLayer7, our research team…
www.linkedin.com
December 29, 2024 at 7:34 PM
sandeepk.bsky.social
On December 20th, I had one of the toughest day I’ve faced in a while, but I didn’t stop. Here’s why:

www.linkedin.com/posts/sandee...
Sandeep Kamble on LinkedIn: On December 20th, I had one of the toughest day I’ve faced in a while, but…
On December 20th, I had one of the toughest day I’ve faced in a while, but I didn’t stop. Here’s why: - Inaccessible giveaways SL7’s holiday gifts were left…
www.linkedin.com
December 25, 2024 at 4:45 AM
sandeepk.bsky.social
Hey security risk leaders: What if I told you there’s a way to make AI work for you without losing control?

Here’s the breakdown:

www.linkedin.com/posts/sandee...?
Sandeep Kamble on LinkedIn: Hey security risk leaders: What if I told you there’s a way to make AI…
Hey security risk leaders: What if I told you there’s a way to make AI work for you without losing control? Here’s the breakdown: BACKGROUND: - LLMs are…
www.linkedin.com
December 20, 2024 at 4:05 AM
sandeepk.bsky.social
We fired a client. Not because we wanted to

BUT

www.linkedin.com/posts/sandee...
Sandeep Kamble on LinkedIn: We fired a client. Not because we wanted to BUT because security isn't…
We fired a client. Not because we wanted to BUT because security isn't up for negotiation. Security testing companies don’t usually talk about firing…
www.linkedin.com
December 7, 2024 at 4:10 AM
sandeepk.bsky.social
I was chatting with a security practitioner, and he mentioned that Red Teaming is not a glorified pentest. Here’s why a pentester from 2010 might disagree:

www.linkedin.com/posts/sandee...
Sandeep Kamble on LinkedIn: I was chatting with a security practitioner, and he mentioned that Red…
I was chatting with a security practitioner, and he mentioned that Red Teaming is not a glorified pentest. Here’s why a pentester from 2010 might disagree: TO…
www.linkedin.com
November 27, 2024 at 4:02 PM
sandeepk.bsky.social
Vulnerabilities that aren’t really vulnerabilities. Are you still accepting these in your Pentest reports?

More details here:
www.linkedin.com/posts/sandee...
November 26, 2024 at 4:27 PM
sandeepk.bsky.social
Web firewalls, SOCs, MFA, and fraud prevention are ready for Thanksgiving Friday. Here’s why it probably won’t save you:

www.linkedin.com/posts/sandee...?
Sandeep Kamble on LinkedIn: Web firewalls, SOCs, MFA, and fraud prevention are ready for Thanksgiving…
Web firewalls, SOCs, MFA, and fraud prevention are ready for Thanksgiving Friday. Here’s why it probably won’t save you: Holiday exploitation in action: -…
www.linkedin.com
November 22, 2024 at 12:22 PM
sandeepk.bsky.social
Submitted Critical vulnerability...
Submitted High vulnerability...
Customer reviews them...
Customer says, "Not a real issue!!!"
Pentester explains again...

www.linkedin.com/posts/sandee...
Sandeep Kamble on LinkedIn: Submitted Critical vulnerability... Submitted High…
Submitted Critical vulnerability... Submitted High vulnerability... Customer reviews them... Customer says, "Not a real issue!!!" Pentester explains…
www.linkedin.com
November 19, 2024 at 11:53 PM
sandeepk.bsky.social
Goa + Bugbounty Tips & Talk + Free Wireless Headphones at @seasides_conf

youtube.com/shorts/QgVnW...
Goa + Bugbounty Tips & Talks + Free Wireless Headphones
YouTube video by SecureLayer7 Cybersecurity
youtube.com
November 18, 2024 at 12:32 PM
sandeepk.bsky.social
Is $5M ARR a success or just the start of something bigger?

www.linkedin.com/posts/sandee...?
Sandeep Kamble on LinkedIn: Is $5M ARR a success or just the start of something bigger? In 2016, I…
Is $5M ARR a success or just the start of something bigger? In 2016, I started SecureLayer7 with Kishor Desarda with a simple goal: to offer top-notch…
www.linkedin.com
November 16, 2024 at 5:10 AM
sandeepk.bsky.social
What do you think? imagine if product managers actually started including security controls while writing PRDs.

www.linkedin.com/feed/update/...
Sandeep Kamble on LinkedIn: What do you think? imagine if product managers actually started including…
What do you think? imagine if product managers actually started including security controls while writing PRDs. So, I met up with a bunch of product managers…
www.linkedin.com
November 13, 2024 at 6:52 PM
sandeepk.bsky.social
PHP symlink exploit, anyone? 😅

Was checking PTaaS platform & saw one of our pentesters found an exploit allowing access to other tenants sensitive data on cloud hosting! Yep, this reminds old symlink trick for reading config.php!

Shared hosting has come far.

www.linkedin.com/feed/update/...
Sandeep Kamble on LinkedIn: PHP symlink exploit, anyone? So, I usually routinely check BugDazz…
PHP symlink exploit, anyone? So, I usually routinely check BugDazz PTaSS platform, and one of our pentesters found a vulnerability allowing access to other…
www.linkedin.com
November 11, 2024 at 10:22 PM
sandeepk.bsky.social
Detailed analysis of CVE-2024-39877: Apache Airflow Arbitrary Code Execution

blog.securelayer7.net/arbitrary-co...
CVE-2024-39877: Apache Airflow Arbitrary Code Execution
Apache Airflow is an open-source platform for programmatically authoring, scheduling, and monitoring workflows. While it offers robust features for managing complex workflows, it has experienced...
blog.securelayer7.net
August 5, 2024 at 10:33 PM
sandeepk.bsky.social
How much money were you making when you were age of 22? It'll be interesting to read the comments.

If you ask me approx 2,000 Rs / Month by selling Games CDs, windows installations etc.
August 5, 2024 at 10:29 PM
Reposted by Sandeep Kamble (sensfrx.ai)
r-netsec.bsky.social
CVE-2024-39877: Apache Airflow Arbitrary Code Execution
CVE-2024-39877: Apache Airflow Arbitrary Code Execution
blog.securelayer7.net
August 5, 2024 at 9:39 PM
sandeepk.bsky.social
[Friday CVE Analysis Drop]

We tackled an interesting CVE, reverse engineering it to show how it works Despite many challenges including selfsigned certificates and brute-forcing with a Python script we completed a detailed analysis of PaperCut

#cybersecurity

blog.securelayer7.net/analysis-of-...
Analysis of CVE-2023-39143 – PaperCut RCE
Overview CVE-2023-39143 is a path traversal vulnerability found in Papercut MF/NG, a print management solution. This particular CVE only affects Windows installations prior to version 22.1.3. With...
blog.securelayer7.net
May 24, 2024 at 1:57 PM
sandeepk.bsky.social
Releasing methodology followed by SecureLayer7 to bypass Appdome privacy security controls. Findings reveal positive impression has been confirmed against screen overlays, keyloggers, unauthorized copy/paste, and more.

securelayer7.net/download/pdf...
securelayer7.net
May 21, 2024 at 7:31 PM
sandeepk.bsky.social
Operators of Malware-as-a-Service needs to find innovative way to takeover accounts. Chromium introduces Device Bound Session Credentials (DBSC) and where stolen cookies are worthless to attackers and one more step for privacy.

blog.chromium.org/2024/04/figh...
Fighting cookie theft using device bound sessions
Cookies – small files created by sites you visit – are fundamental to the modern web. They make your online experience easier by saving bro...
blog.chromium.org
April 6, 2024 at 9:59 AM
sandeepk.bsky.social
A thread 🧵 on a book, based on my personal experience. You will find learnings from this book.
January 1, 2024 at 2:46 PM
sandeepk.bsky.social
When a man cries it’s not because they are weak, it's because they have been strong for too long - Uchiha
January 1, 2024 at 6:58 AM
sandeepk.bsky.social
Happy New Year, Everyone!
January 1, 2024 at 5:57 AM
sandeepk.bsky.social
The Photograph of 2023….

Running a cybersecurity is tough if a company not solving the cybersecurity problem. I was with SecureLayer7’s early-stage customer. And it was great meeting with them.

www.linkedin.com/posts/sandee...
Sandeep Kamble on LinkedIn: The Photograph... Holiday Dinner with longtime customers. Yes, this i...
The Photograph... Holiday Dinner with longtime customers. Yes, this is the year of the photograph, and it took me more than 5 years to bring them in frame…
www.linkedin.com
December 31, 2023 at 1:11 PM