Cyber Security
and
Ethical Hacking
A talk by Rahul Varale
27/11/2021
Who am I?
- Security Analyst 👨💻
- Independant Bug Hunter
- Former Club Head @InfoSec Club IIT Goa
What is Cyber Security?
Cyber Security is …
Everything is smart!
Nothing is secure!!!
Large no. of attacks happen everyday
-
Network Security
-
Application Security
-
Information Security
-
Cloud Security
-
Internet of Things Security
Cyber Security in news
MobiKwik Data Breach
“MobiKwik database of 10 crore users leaked on dark web; company denies data breach.”
Source : The Indian Express Read more
Air India Data Breach
“A cyber-attack that compromised the data of millions of passengers from across the world involved personal data registered between August 26, 2011 and February 20, 2021.”
Source : The Indian Express Read more
Domino's india Data Breach
“Domino’s India data breach allegedly exposes 1 million credit card details, 180 million order details.”
Source : Business Insider Read more
Unacademy data breach
BigBasket data breach
Kudankulam nuclear power plant data breach
Justdial data breach
and many more…
See if you’ve been part of an online data breach
https://haveibeenpwned.com/
https://monitor.firefox.com/
What is Hacking?
What is Ethical Hacking?
an authorized attempt to gain unauthorized access to a computer system, application, or data. Carrying out an ethical hack involves duplicating strategies and actions of malicious attackers.
You should be aware of cyber attacks otherwise you can also be a victim!
Types of most common cyber attacks
- Malware - Virus, Ransomeware, Spyware
- Phishing
- Man-in-the-middle attack (MITM)
- Distributed Denial-of-Service (DDoS) attack
- Web Application Attacks
OWASP: Top 10 Web Application Security Risks
How do I start my cyber security journey?
Follow the InfoSec community on social media
Capture the flag
Few sites for challenges
- https://ctftime.org/
- https://overthewire.org/
- https://portswigger.net/web-security - This is a very nice lab with a good explanation.
The very first skill you need to be a good hacker is to be able to find things by yourself.
Be good at searching for info & analyzing it so you can get the best resources on any subject.
OSINT - Open Source Intelligence
- OSINT is information collected from public sources such as those available on the Internet.
- It doesn't matter if it is located inside newspapers, blogs, web pages, tweets, social media cards, images, podcasts, or videos as long as it is public, free and legal.
- Google Dorks / Google Hacking https://en.wikipedia.org/wiki/Google_hacking
"Your mind is like an axe to chop a tree: the sharper it is, the faster it gets the job done."
Rodolfo Assis @rodoassis