Souvik Kandar
IoT/OT Security Researcher | 35+ CVEs | Focus on Zero-Day Discovery
Kolkata, India
Actions
Souvik Kandar is a cybersecurity researcher specializing in IoT and OT security, with expertise in vulnerability discovery, device fingerprinting, and protocol analysis. His work has uncovered critical flaws across CCTV cameras, routers, fuel monitoring systems, seismic devices, medical IoT, smart thermostats, etc., leading to 35+ published CVEs.
His research has been acknowledged by CISA and the Idaho National Laboratory (INL), and featured in global security media. In addition to zero-day research, he contributes to bug bounty programs and shares insights through technical blogs.
Souvik is currently Lead Researcher at MicroSec (Singapore), where he focuses on scalable approaches to IoT/OT device identification and secure-by-design strategies.
Links
Area of Expertise
Topics
Targeting Global Criticals: OSINT to Zero-Day Exploits in Aviation, Warehouse Automation and Beyond
This talk delves into the alarming reality of globally exposed critical devices across the IoT and OT landscape, from consumer-grade systems to high-stakes industrial infrastructure. With 35 recently discovered CVEs to illustrate, this presentation will demonstrate how seemingly obscure, yet critical, devices are readily discoverable online, often exposing them to easy exploitation.
We will explore a diverse range of vulnerable systems, including aviation industry devices, warehouse automation robots, industrial control systems (SCADA/ICS), routers, broadcasting equipment, medical devices, and advanced surveillance systems. Through a blend of OSINT techniques and deeper analysis , we will reveal how critical vulnerabilities—ranging from authentication bypasses and RCEs to direct unauthorized control—can be identified and exploited, sometimes even leading to zero-day discoveries for these devices.
Attendees will gain a critical understanding of the pervasive exposure of these systems, the specific signatures required to locate them, and the diverse attack vectors used for exploitation. This presentation aims to empower defenders with a hacker's perspective, highlighting the urgent need for better security practices, the importance of secure-by-design principles, and why lifecycle responsibility in IoT/OT security cannot be ignored. Participants will leave with actionable insights into identifying and mitigating these widespread, high-impact threats.
From Thermostats to Seismic Monitors: Real-World Zero-Days in Critical Devices
Critical devices that underpin our daily lives — from smart thermostats and routers to seismic monitors, fuel systems, and CCTVs — are far more exposed than most realize. In this session, I’ll show how modern reconnaissance techniques combined with protocol analysis and vulnerability research revealed zero-day flaws across multiple industries.
We’ll explore cases including authentication bypasses in smart devices, remote code execution in end-of-life CCTVs, protocol-level flaws in TCF-based fuel systems, and insecure defaults in OT equipment. Each example highlights systemic design and lifecycle issues that continue to put infrastructure at risk.
Attendees will leave with insights into methodology, the importance of secure-by-design principles, and why lifecycle responsibility in IoT/OT security cannot be ignored.
SECCON 14 OpenConference Sessionize Event
Souvik Kandar
IoT/OT Security Researcher | 35+ CVEs | Focus on Zero-Day Discovery
Kolkata, India
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top