Your SlideShare is downloading. ×
An introduction to Digital Security - Rishabh Dangwal
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

An introduction to Digital Security - Rishabh Dangwal


Published on

A presentation which provides insights in mobile hacking, XSS, network security and digital security in general

A presentation which provides insights in mobile hacking, XSS, network security and digital security in general

Published in: Technology

1 Comment
  • The            setup            in            the            video            no            longer            works.           
    And            all            other            links            in            comment            are            fake            too.           
    But            luckily,            we            found            a            working            one            here (copy paste link in browser) :  
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Devinder Goyal Parul Khanna Rishabh Dangwal
  • 2.
    • Independent security researchers specializing in their domain .
    • We have provided corporate security solutions to the worthy .
    • Inculcated the sense of digital security in the generation of today .
  • 3.
    • Security is a misconception .
    • No Security, only opportunity.
    • Proactive security is notch better than Reactive and Preventive security.
    • Needless to say, security is directly proportional to the awareness.
  • 4.
    • Countless websites are defaced just for fun.
    • Prominent methods include SQLi, RFI, LFI, Zero-day/Zero-hour exploits
    • Massive threat if executed carefully.
  • 5.
    • Propaganda.
    • Possible server/data center access.
    • Sensitive Information disclosure.
    • Practice by script-kiddies/skids.
    • Possible botnet creation.
  • 6.
    • Upload our backdoor by any means on server.
    • Relies on php include() function . Vulnerable sites will have code like this -
    • Index.php?page=something
    • In place of “ something ” we can upload our backdoor.
  • 7.
    • Search vulnerable websites using Google dork
    • “ inurl:index.php?page=”
    • Or
    • inurl:"main.php?x="
    • Test it by inputting some parameter In the variable, if successful, exploit it.
  • 8.
    • Attacker can access all data on server by manipulation URL.
    • Directory traversal attack.
    • Manipulates php functions to get file level access.
    • passwd
  • 9.
    • Client side attack, allows to bypass client side security mechanism
    • Web 2.0 security nightmare
  • 10.
    • Persistent XSS – Inserted code is Permanent.
    • Non Persistent XSS – Inserted code is not permanent
  • 11.
    • Misuse of XSS -
    • Steal cookies
    • Log information
    • Deface pages
    • Spread misinformation
    • URL redirection
  • 12.
    • GSM/CDMA data stored at base station can be used to trace location.
    • Calls can be spoofed using commercially available spoof cards.
    • No regulation on call spoofing.
    • Google : Call Spoofing
  • 13.
    • SMS Bombing
    • Phone Explosion due to overheating of phone IC
    • Sim Cloning
  • 14.
    • Google reveals secrets, provided you know how to ask
    • Efficient manipulation of dorks
    • Automated tools
    • Find anything
  • 15.
    • One of the most exotic places on the web
    • Considered as the holy grail of all information
    • Archives of classified information available
    • Hotline/KDX access and UUCP
  • 16.
    • Protocol defying tools like Gobbler/yersinia
    • Black market has the sploits
    • Easy to setup LOIC, and spam with ddos
    • Exotic tools can be coded by efficient coders
  • 17.
    • Casual hunting through Shodan
    • Open source opens portals for security
    • Defeat latest security technologies (UTM/XTM) using custom blended attacks.
  • 18.
    • Again..The only secure computer is the one guarded by 2 guards buried 6 feet down the earth with no internet connection in power off state.
    • Obscurity is not Security.
    • Open Source rules
  • 19.  
  • 20.
    • Thank You