GETTING STARTED IN CYBERSECURITY APPLICATIONS, ATTACKS, TOOLS 1 RAKESHELAMARAN ©Rakesh Elamaran

WHO AM I ✧ Security Engineer 2 @COMCAST ✧ Security Researcher | Licensed Penetration Tester Master | Bug Hunter ✧ SIH - 2019 Finalist | CSI - Student Icon ✧ FOUNDER - Rootecstak and SVCE CyberHub ✧ OWASP Cuddalore Chapter - Leader ✧ Mentor | Speaker | Blogger 2 ©Rakesh Elamaran

CYBERSECURITY Cybersecurity Consists of technologies, processes and controls designed to protect systems, networks, programs, devices and data from cyber attacks. 3 ©Rakesh Elamaran

MAIN PURPOSE ✧ To prevent data breaches, identity theft and cyber-attacks as well as risk management in some cases. ✧ It encompasses everything that pertains to protecting our PII Data. ✧ Software changes when its updated and modified that leads to welcome new bugs,issues, and vulnerabilities and allows for cyber attacks. 4 ©Rakesh Elamaran

CIA TRIAD ✧ Confidentiality - Data is Kept Secret ✧ Integrity - Data is trustworthy and free from tampering ✧ Availability - Data should be available to authorized users 5 ©Rakesh Elamaran

DATA BREACH ✧ The business world is not new to data breaches and cyber threats.Digital transformation has accelerated the growth of online platforms, showing us just how crucial security in the digital age is. ✧ But it’s not just the big companies and organizations that get hit.Everyday consumers experience phishing schemes, ransomware attacks, identity theft, data breaches, and financial losses. ✧ It is very easy to hack a device connected to the internet the more we rely on, the more we are prone to attacks. 6 ©Rakesh Elamaran

PROTECTION  Cyber attacks occurring every 14 seconds, firewalls, antivirus softwares and tools must be in place.  Strong security infrastructure includes multiple layers of protection.  Organizations must remain up-to-date with the emerging technologies, threat and security intelligence trends in order to design the ideal cyber- security measures.  Encryption,secure passwords, constant software upgradation helps. 7 ©Rakesh Elamaran

ETHICAL HACKING  Ethical Hacking is an authorized practice of bypassing system security to identify potential data breaches and threats in a network.  The company that owns the system or network allows Cybersecurity Engineers to perform such activities in order to test the system’s defenses. 8 ©Rakesh Elamaran

TYPES OF HACKERS ✧ WHITE HAT - Ethical hackers or Security Researchers do not intend to harm the system or organization. ✧ BLACK HAT - Contrary to an ethical hacker,they perform hacking to fulfill their selfish intentions to collect monetary benefits. ✧ GREY HAT - They hack without any malicious intention for fun. They perform the hacking without any approval from the targeted organization. 9 ©Rakesh Elamaran

PENETRATION TESTING ✧ Penetration testing is a part of ethical hacking, where it focuses explicitly on penetrating only the information systems. ✧ The ultimate goal is to identify and prioritize Security Risks. 10 ©Rakesh Elamaran

VULNERABILITY ANALYSIS/ASSESSMENT ✧ The process of identifying risks and vulnerabilities in computer networks, systems, hardware, applications. ✧ Do Evaluation, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation. ✧ Vulnerability scanners tools are used to identify threats and flaws within an organization's. 11 ©Rakesh Elamaran

ETHICAL HACKING VS PEN TESTING ✧ Ethical hacking is a practice.The skills employed by an ethical hacker allow them to practice a continuous assessment cycle of an organization’s security posture by employing the same tools, methods, and techniques of a malicious hacker. ✧ Ethical Hacking is NOT Penetration Testing! ✧ Penetration Testing is Ethical Hacking! 12 ©Rakesh Elamaran

DEMO STEGANOGRAPHY: ✧ It is the technique of hiding secret data within an ordinary, non-secret, file or message in order to avoid detection; the secret data is then extracted at its destination. ✧ Data can be audio, video, image or text file. 13 ©Rakesh Elamaran

APPLICATIONS ✧ To use the Built in Applications Virtual Box and Kali Linux / Parrot OS is Mandatory. ✧ Applications are Easy to Use. ✧ For Everything there is a tool. ( A-Z) 14 ©Rakesh Elamaran

DEMO Information Gathering Social Engineering SYSTEM HACKING 15 ©Rakesh Elamaran

INFORMATION GATHERING ✧ Process of collecting information about something you are interested in. ✧ In the digital world, a lot of information can be gathered in different ways, not with your senses, but with several methods, tools and techniques. 16 ©Rakesh Elamaran

SOCIAL ENGINEERING  Social engineering is the art of manipulating people so they give up confidential information. Attacks can happen online, in-person, and via other interactions. 17 ©Rakesh Elamaran

FOR WHO?  Young Professionals Starting their careers  Experienced professionals moving from one career into Cybersecurity  Professionals at all levels wanting to learn more about it to better protect their personal and business lives 18 ©Rakesh Elamaran

GRC VS TECHNICAL ✧ Strategic includes Governance, Risk, and Compliance (GRC), Policy, IT Audit, security frameworks and management. ✧ Tactical includes everything technical security systems administration, networking, application security, security operations, incident response, vulnerability management, and penetration testing. ✧ Pick the one where you have most strength. ✧ Caution: Don't try to do both but Be aware of the other Side . 19 ©Rakesh Elamaran

WHAT SHOULD I CHOOSE?  DEGREE  MASTERS  CERTIFICATION  JOB - HOP IN 20 ©Rakesh Elamaran

ROLES 21 ©Rakesh Elamaran

CERTIFICATIONS 22 ©Rakesh Elamaran

HOW TO START ↴ knowledge of computer and how Internet works ↴ Computer Networks - Protocols,ports,servers,etc | Basics to Advanced ↴ Linux Concepts - Learn Linux strongly and practice in Kali ↴ Cryptography and Network Security - Encryption,Decryption,Algorithms,etc ↴ CYBERSECURITY - Practice Strongly and learn new concepts ↴ Tryhackme, Hack the Box, Portswigger labs,Capture the flag challenges - To Sharpen your skills ↴ Bug Bounty - Lots of practice,patience and efforts. 23 ©Rakesh Elamaran

WHAT TO LEARN  Malware and Reverse Engineering: C,C++,C#,Embedded C,Assembly  Scripting: Python, Ruby, Perl.  Security Testing : Html,css,java script,php,java,SQL  Shell Scripting: Bash,Shell Scripting 24 ©Rakesh Elamaran

DOMAINS ✧ Web Application Security ✧ Android Security ✧ Cloud Security ✧ Cyber Forensics ✧ Malware Analysis ✧ Red Teaming ✧ Vulnerability Assessment & Exploit Development ✧ IOT and RFID Pentesting ✧ API Pentesting ✧ Blockchain & Decentralised Systems ✧ Cryptography and Network Security ✧ Hardware Security 25 ©Rakesh Elamaran

GOOD CHOICE? ✧ Unlimited Growth ✧ Set your style ✧ Easy to explore different paths ✧ Learn and EARN ✧ Engineers with cybersecurity chops and more than three years of experience can make up to Rs30 lakhs a year, HR experts said. ✧ On the other hand, a software developer with five years at a multinational firm would earn only around Rs15 lakhs a year. 26 ©Rakesh Elamaran

INTERVIEW PREPARATION ✧ Follow the Roadmap ✧ Be Strong in Basics ✧ Choose domain and prepare accordingly ✧ Stay updated in the cybersecurity industry ✧ Explain In terms of Real time and its impact ✧ Attain Value added Certifications ✧ Descent Resume - Projects,Research Works,Achievements ✧ Achievements - Hall of fame, CVES , Bounty , Recognition ✧ Be passionate and confident 27 ©Rakesh Elamaran

ATTACKS 28 ©Rakesh Elamaran

BUG ✧ Bug Bounties aka responsible disclosure programmes are setup by companies to encourage researchers to report potential issues on their sites ✧ Some companies chose to reward a researcher with money,swag, or hall of fame ✧ Values your Resume and Skills | Glory and Fame | Practical Knowledge | Money 29 ©Rakesh Elamaran

BOUNTY ✧ Platforms ✧ BugCrowd,Hackerone Synack , Intigriti ✧ Go for rvdp programs ✧ Duplicates are Painful ✧ Quality >> Quantity ✧ Patience >> Bounty - Money 30 ©Rakesh Elamaran

PARAMETER TAMPERING ✧ Parameter tampering attack relies on the manipulation of parameters changed by the user so as to change application information like user credentials and permissions and amount of product, etc. ✧ Usually, this data is passed in post request or in hidden kind fields. ✧ This vulnerability is almost present in every online shopping carts and payment gateways these days. ✧ Ex: bewakoof.com, donacakes.com 31 ©Rakesh Elamaran

SQL INJECTION ✧ SQL injection is a code injection technique that might destroy your database. ✧ It is one of the most common web hacking techniques. ✧ It usually occurs when you ask a user for input, like their username/userid 32 ©Rakesh Elamaran

ONLINE CYBER SAFETY ✧ Refrain publishing sensitive information on any social media ✧ Keep Complex Passwords and never share to anyone ✧ Printers, wifi, webcams and computers, should be shut down when not in use ✧ Don't Meet online acquaintances alone ✧ Don't Share more than necessary ✧ Check for Https lock symbol ✧ Update Device Regularly, Keep 2FA, Use antivirus ✧ Visit banks website by typing the URL in the address bar ✧ Unlink Card details from E-commerce sites ✧ Don't share Personal Emails and phone number, have backup ✧ There is no such thing as freebies. Ex: Amazon,flipkart URL's ✧ Block people you don’t want to interact with 33 ©Rakesh Elamaran

WHAT WE DO ✧ Act as a Security Professional ✧ Tests the security and identifies loopholes ✧ Conduct Threat Modeling ✧ Create Reports and analysis ✧ Authorized with proper permissions ✧ Spread Awareness to students and professionals ✧ Earns money and respect too 34 ©Rakesh Elamaran

WHERE IT ENDS ✧ Start career as Security Researcher or Associate ✧ Cybersecurity Analyst / Consultant - Penetration Tester ✧ Cybersecurity Manager / Engineer / Architect ✧ Security Director ✧ Chief Information Security officer - CISO 35 ©Rakesh Elamaran

HOW CYBERSECURITY IS NOW? ↳ Organizations Understood the Importance of security ↳ Expanding Security Teams ↳ Conducting Threat Modeling ↳ IOT and Cloud Evolving ↳ Social Engineering attacks getting smarter ↳ Rise of Ransomware and security threats ↳ Data Privacy as a discipline ↳ Having Responsible Disclosure policy ↳ Appreciation | Recognition | Swags | Hall of Fame | BugBounty 36 ©Rakesh Elamaran

DISCLAIMER  Any time the word “Hacking/Hacker” that is used shall be regarded as Ethical Hacking/Hacker.  These materials are for educational and awareness purposes only.Do not attempt to violate the law with anything contained here.  If so,Speaker or College/Club is not responsible for the actions that individual violate. 37 ©Rakesh Elamaran

CONCLUSION ✧ "Choose a job you love" ✧ The number of cybersecurity jobs is increasing every single day.The key is identifying the skills and strengths. ✧ Hackers attack every 39 seconds, on an average of 2,244 times a day! When you give this a thought, you will realize how important Cybersecurity is? 38 ©Rakesh Elamaran

SOME TIPS ✧ Get Ready to deal with errors ✧ Learn how to use google and find resources like pro ✧ Stay updated and Make progress ✧ Consistency is the key to success ✧ Be Active in Linkedin,Security Forums,and communities ✧ Connect with like minded students and Infosec professionals ✧ ROOTECSTAK 39 ©Rakesh Elamaran

ANY QUERIES? 40 ©Rakesh Elamaran

REACH OUT  www.rakeshelamaran.tech  Linked In: Rakesh Elamaran  Instagram: rakesh_elamaran 41 ©Rakesh Elamaran