Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Hacking - Bridging the Gap And Going Beyond to Fight Black-Hat

Hacking is one of the areas which shall never stop until the software/hardware exists on this planet. Whatever is built can be compromised and its an order of nature. Some things will never change, but all we can do is protect ourselves from the majority of the attacks and also build solid secure layers around the software that we test. This helps in improving the privacy of our users and also protecting our businesses from the black-hat world. Alas! We have a massive skill shortage. Most white-hat hackers are script kiddies, toolsmith, checkers and someone who keeps running scanners only and then report them as vulnerabilities.

Santhosh Tuppad's question is, if black-hat hackers also use scanners or checkers to hack something, then why is that we have not been able to successfully stop them as we are also using scanners to identify vulnerabilities? Do you get his point? Think.

In this talk, Santhosh Tuppad is going to demonstrate the bad shape of software industry where security is not considered or taken seriously and how shallow or sloppy way of security testing is being done just for the namesake. Santhosh will not just be a pessimist, but also share his thoughts on how we can fix this problem of massive skill shortage and how one can foster their skills by upskilling themselves with characteristics of passion, self-educating, learning, digging deeper and more.

Are you ready for a jaw-dropping session? You bet.

  • Soyez le premier à commenter

Hacking - Bridging the Gap And Going Beyond to Fight Black-Hat

  1. 1. HACKING - BRIDGING THE GAP & GOING BEYOND TO FIGHT BLACK-HAT Santhosh Tuppad | Twitter: @santhoshst I slept at 6 AM this morning & I am still waking up… Its b33r ;)
  2. 2. SUPER WARNING: hackingPresentation = {videos: false, pictures: false, justListeningAndEnjoying: true};
  3. 3. Disclaimers: #1. What stays here, stays here or dies later. #2. I am not responsible for how you use this knowledge. (Don’t mess with me). #3. I am a super good person on this good planet called “Earth”. So, believe me. JUST DO IT: Vote for me with highest points whether you like it or not. Or else… I don’t know!
  4. 4. sh-3.2# whoami I have been a great liar, a thief, physical infrastructure breaker, web application hacker, mobile apps hacker, kiosk machine basher, black-hat hacker, white-hat hacker, trainer, security coach and blah blah blah!
  5. 5. ● #WouldYouBeOkay ● Would you be okay if your car speed is controlled by malicious hacker? ● Would you be okay to send heart rate data of your baby incorrectly to physician? (Man In the Middle) ● Would you be okay if someone takes control of your CCTVs or Cameras installed in your home? Would you be okay if...
  7. 7. F***ED UP!
  8. 8. Oh Wait! Let’s practice facing the reality and stop masking the TRUTH. WE ARE TOTALLY FUCKED UP!
  9. 9. LIVE HACKING DEMONSTRATION… Shhhhhh… Don’t tell anyone.
  10. 10. Safe1! Is this a good password?
  11. 11. What do Black Hat Hackers do anyway? 1. They don’t care about why they want to hack 2. They care about why they want to hack 3. They are driven by intrinsic motivation 4. They hold grudges, hatred, love, and many other different emotions 5. They don’t fear because of their confidence (but they may get caught) 6. Intuition, Instincts & Mindset are the weapons / tools they believe in unlike most of the White Hat Hackers 7. They do all different kinds of bullshit, but it is great.
  12. 12. How do we bridge this gap so that we can fight the black-hat hackers? ● Work on Mindset ● Think Crime ● Watch Border Patrol, Investigation Netflix Episodes, Border Security, and also make yourself feel like, “Hell yeah, I am a criminal”. And watch out for the thought process. Warning: It can be dangerous, but I think you can do it without committing crime. ● Hack your friends account. ● If your inner guidance is guiding you to do something, then just do it ;) (Warning: Don’t tell people that I told you this. You are responsible for whatever you do).
  13. 13. OWASP TOP 10 (Go Beyond Them) ● Authentication ● SQL Injection ● Cross Site Scripting (Javascript Injection) ● Cross Site Request Forgery ● Sensitive Information Disclosure ● Components With Known Vulnerabilities ● Authorisation / Access Control ● And 3 more… (Explore them) Where? OWASP.ORG
  14. 14. Slides were just for namesake anyways… WohoooooooOooOOOoooOooo… Thank you very much.
  15. 15. Points to Remember: ● If you want to talk more about “Software Security” or questions that needs discussion, please catch me anywhere and let’s go to Smoking Zone. ● There is no “Silver Bullet” for one question, so let’s talk deeper and challenge. ● I don’t know what else I need to write here… So, I will stop.