1. Home
  2. Freelancers
  3. Rony Das
Save

Report this freelancer

Rony Das

AppSec (Mobile, Web)
India
19 August 1998
  • Successful Projects
    0
  • Services Delivered
    0
  • Completed Services
    0
  • Services Pending
    0

Freelancer Information

I am an experienced information technology security professional with web, mobile and 0day research, more than 6+ years of corporate experience and more than a decade in the cybersecurity industry. I have a track record of discovering and reporting Android 0day security vulnerabilities to Google. Additionally, I identified, owned, and mitigated a smart grid security vulnerability, allowing an attacker to get access to state-wise electricity supply control. I have spoken at international security conferences such as NULLCON about a 0day vulnerability I reported to Google; the talk is available on YouTube, and detailed information about it can be found on Nullcon’s website. I also have experience in teaching and have launched a Kickstarter course on Ethical Hacking on Udemy, with over 300 students enrolled online and 4.4 star rating. Furthermore, I have developed security exploits and implemented security approaches for web and mobile apps for various companies, banks and more.

Awards

A
2022 Android Foreground Privilege Escalation
With the releases of Android Oreo and Pie, Android introduced some background execution limitations for apps. Google restricted the execution of background services to save energy and to prevent apps from running endlessly in the background. Moreover, access to the device’s sensors was changed and a new concept named foreground service was introduced. Preventing apps from using the device’s resources like the camera. These limitations, however, would not affect so-called foreground services because they show a permanently visible notification to the user and could therefore be stopped by the user at any time. A researcher named Thomas Sutter found a race condition bug in the Foreground Notification services in early 2019 and disclosed the same in BlackHat EU 19, which was making the concept of Foreground Notifications in Android totally ineffective. I have demonstrated how I bypassed Google's patch for the bug Thomas found and made the foreground services ineffective again. I was also rewarded $5k from Google.
C
2014 to 2017 CTF Competition by EY
This is a CTF competition hosted by Ernst and Young from 2014 in Kolkata, India. I have been winner of this competition consecutively.
$50.00 - $200.00 / hr
Message

Related Freelancers