Bhaumik Merchant

Information Security Research Consultant

Bhaumik Merchant is a Senior Cyber Security Researcher, Digital Forensics Investigator and founder of CyberNGO. He has been working in the Cyber Security domain for more than 12 years and has been an active speaker representing his Cyber Security and Threat research work in various National and International Conferences. Bhaumik voluntary served various state and central agencies of India for more than 10 years in safeguarding Government Cyber Spaces and spreading internal Cyber Awareness. He has witnessed and helped to resolve many cybercrime cases where innocent people become victims of cybercrime/Cyber frauds. He is an active author of many Cyber Security articles and research papers published in various International magazines. CyberNGO is his dream and a platform through which one can help the world fight against cybercrime.

Key Skills

  • Penetration Testing
  • Malware Analysis
  • Signature Development
  • Mobile AppSec
  • Digital Forensics
  • Vulnerability Research
  • IDS/IPS Development
  • Snort,ModSecurity
  • Cloud Computing(AWS, Azure)
  • Java,C/C++


Go to next/previous page

EC-Council's HackerHalted(Miami, USA Edition)



2012 (Feb Edition)

Cyber Crime Case Studies(Articles)

Hackin9 Magazine(June Edition)


White Papers

Go to next/previous page

WOF (Walk On The Fire) - OpenSource Contribution

Next Generation Exploitation Methods

They are Offline, But I Exploited Them

More Projects and Info


Go to next/previous page

WOF(Walk on the Fire)

Today's requirement is to secure the Web Applications without changing the existing infrastructure.But at the same time, it is a big risk in case of WAF behaviour and false positives(legitimate traffic blocking). This article will demonstrate a new concept to evaluate any WAF without taking risk of putting it into inline mode. Everything will be in learning or in passive mode. This paper describes concept of one special engine, which can be used by the end user(website owner) to evaluate any WAF with zero risk ,no matter whether its vendor supports Passive mode or not(i.e. modsecurity or naxsi).

They are Offline, But I Exploited Them

This article demonstrates a unique kind of communication technique between an attacker machine and a victim machine during the exploitation of any victim machine .In a general scenario, while an attacker exploits the remote machine and gets the remote command prompt (remote shell), the attacker is only able to execute commands till the session from the remote machine is opened (established). While exploiting the machine in a normal way, both the attacker and the victim machine should be online if the attacker wants to execute some commands in the remote machine (victim.s machine). This paper is going to demonstrate methodologies where an attacker can attack a remote victim without being online (i.e. the attacker may be online and the victim may or may not be online).

Contact Me

Go to next/previous page

Contact info

  • Vadodara, Gujarat, INDIA
  • bhaumik [dot] merchant [at] gmail [dot] com

Send me a message

Thanks for sending your message! We'll get back to you shortly.

There was a problem sending your message. Please try again.

Please complete all the fields in the form before sending.