21 Evening with White Hat...hunting hacker handsomely. As an ethical hacker, and bounty hunter, I...
Transcript of 21 Evening with White Hat...hunting hacker handsomely. As an ethical hacker, and bounty hunter, I...
AnandPrakashisaprolificsecurityresearcherwhoisfamousfor
findingbugsinsomeoftheworld’smostpopularappsandwebsites.Hethrivesoffof“bugsbounties” — largecashprizesheearnsfromcompaniesinexchangefor
successfullyhackingtheirsystemsandshowingthemtheirsecurityflaws.Anandissupremelygoodatwhathedoes,havingdiscoveredvulnerabilitiesatcompanieslikeFacebook,Twitter,andUber.Forthepast5years,Facebook’shasrankedAnandasoneoftheirtopbountyhunters.AndonTwitter’sbountyprogram,he’sranked#3
world-wide.Anand’sreputationasahackerhasledtohimbeingfeaturedinlastyear’sForbes“30under30”forenterprisetechnologyinAsia.AndamajorIndiannewswebsitedeclaredAnand“oneofIndia’sbest
knownwhitehathackers.”
SaiKrishnaKothapalli(IITGuwahati)
SaiKrishnaKothapalliisafinalYearComputerScienceandEngineeringUndergrad,IIT
Guwahati,BugBountyHunter,andSecurityResearcher.HehasfoundsomeseriousbugsinsomepopularwebapplicationsincludingafewintheIndiangovernmentsector.HeisalsooneofthestudentsatIITGwhocampaignedforthecampusbugbountyprogramandhelpedgettingitorganizedandstarted.
AneveningwithWHITEHAT
HackersonBountyHunting
OrganizedBy:InterdisciplinaryCentreforCyber
SecurityandCyberDefenceofCriticalInfrastructures
https://security.cse.iitk.ac.in/
C3iCenter,IITKanpur March21st20185:30PMto8:30PM
Venue:L-19
AnandPrakash(Appsecure)
“Talk1:StoryofaWhiteHatHacker:HowIsavedabillionuseraccounts?”Speaker:AnandPrakashAbstract:BugsBountyprogramsworldwidehavetakenoffbecausemostcustomerfacingwebsitesandwebapplicationsareincreasinglyunderattackbyhackers.LargecompaniessuchasFacebook,twitter,google,Microsoft,aswellasmobileapps-basedcompaniessuchasUbercannotfullyguaranteethatthewebapplicationsandmobileapplicationstheirengineersproducearefreeofsecurityvulnerabilities.Therefore,theyallhaveannouncedlargemonetaryrewardprogramsforethical
TheGood,thebadandtheUgly–WhiteHat,GreyHat,andtheBlackHathackingPanelists:AnandPrakash,SaiKrishnaKothapalliModerator:SandeepK.Shukla
Inthispaneldiscussionwewilldiscusstheon-goingracebetweentheblackhathackerstoexploitinformation and critical systems while the white hat hackers try to save the day with theirrepertoireoftoolsandtechniques.Unfortunately,thiswarisoftentiltedasblackhathackersareoften parts of crime syndicates, and worse yet – recruited by the cyber army and espionagefunctionariesofvariousgovernments.Thenhowarethewhitehathackerstosavethesystemsbyfinding thevulnerabilities faster than theblackhats.Blackhatsarealsoorganized inchat roomsandforumsintheunderbelliesofthedarkweb.Arethewhitehathackersorganizedinthesameway?
1
exploits,andbasedonthecriticalitylevelofthediscovery–theyrewardthebountyhuntinghackerhandsomely.Asanethicalhacker,andbountyhunter,Ihavefoundmanyvulnerabilitiesinthesepopularsitesthatcouldhavebeendisastrousifexploitedbyablackhathacker.Theraceisonbetweenblackhathackerswhouseverysophisticatedtools,andexperience--sometimesemployedbyorganizedcrimesyndicatesaswellasroguestates,andwhitehatethicalhackerswhoalsousetheirexperienceandtoolstofindthevulnerabilitiestohelpthecompanies.Inthistalk,Iwilldiscussmyownexperienceinsavingbillionuseraccounts,andmorestoriesfromthetrenchofthisongoingduelofmindsbetweenwhitehatandblackhathackers.
“Talk2:Landscapeofbugbountyprograms”Speaker:SaiKrishnaKothapalliAbstract:Intheever-advancingDigitalAge,Indiahasplacedsomucheffortindigitizingallwalksoflife,butareweIITGhastakenthefirststepinthisdirectionby
2
takingenoughcaretoprotectourdata?beingtheonlyeducationalinstitutioninAsiatolaunchitsownresponsibledisclosurepolicy(bugbountyprogram).Thistalklaysoutthechallengesfaced,andtheresponsereceivedbyimplementingthisforIITGandhighlightswhatotherinstitutesandgovernmentorganizationscanlearnfromthem.Italsoemphasizesthenecessityandbenefitsofaresponsibledisclosurepolicyingovernmentorganizations.Itwindsupbyfocusingonsomecountry-specificcasestudieswherethingswentdownhillandfindoutwhatcouldhavebeendonetoavertwhateverhadhappened.