This talk covers the fundamentals of cybersecurity, data breach, social engineering, career opportunities and RoadMap, Interview preparation, Applications, Attacks, and a short note on Bug Bounty!
Presented at Sathyabama University!
GETTING STARTED IN
WHO AM I
✧ Security Engineer 2 @COMCAST
✧ Security Researcher | Licensed Penetration Tester Master | Bug Hunter
✧ SIH - 2019 Finalist | CSI - Student Icon
✧ FOUNDER - Rootecstak and SVCE CyberHub
✧ OWASP Cuddalore Chapter - Leader
✧ Mentor | Speaker | Blogger
Cybersecurity Consists of technologies,
processes and controls designed to protect
systems, networks, programs, devices and data
from cyber attacks.
✧ To prevent data breaches, identity theft and cyber-attacks as well as risk
management in some cases.
✧ It encompasses everything that pertains to protecting our PII Data.
✧ Software changes when its updated and modified that leads to welcome
new bugs,issues, and vulnerabilities and allows for cyber attacks.
✧ Confidentiality - Data is Kept Secret
✧ Integrity - Data is trustworthy and free from tampering
✧ Availability - Data should be available to authorized users
✧ The business world is not new to data breaches and cyber threats.Digital
transformation has accelerated the growth of online platforms, showing
us just how crucial security in the digital age is.
✧ But it’s not just the big companies and organizations that get
hit.Everyday consumers experience phishing schemes, ransomware
attacks, identity theft, data breaches, and financial losses.
✧ It is very easy to hack a device connected to the internet
the more we rely on, the more we are prone to attacks.
Cyber attacks occurring every 14 seconds, firewalls, antivirus softwares
and tools must be in place.
Strong security infrastructure includes multiple layers of protection.
Organizations must remain up-to-date with the emerging technologies,
threat and security intelligence trends in order to design the ideal cyber-
Encryption,secure passwords, constant software upgradation helps.
Ethical Hacking is an authorized practice of
bypassing system security to identify potential
data breaches and threats in a network.
The company that owns the system or network
allows Cybersecurity Engineers to perform
such activities in order to test the system’s
TYPES OF HACKERS
✧ WHITE HAT - Ethical hackers or Security Researchers do not intend to harm the system or organization.
✧ BLACK HAT - Contrary to an ethical hacker,they perform hacking to fulfill their selfish intentions to collect
✧ GREY HAT - They hack without any malicious intention for fun. They perform the hacking without any
approval from the targeted organization.
✧ Penetration testing is a part of ethical
hacking, where it focuses explicitly on
penetrating only the information systems.
✧ The ultimate goal is to identify and
prioritize Security Risks.
✧ The process of identifying risks and vulnerabilities in
computer networks, systems, hardware, applications.
✧ Do Evaluation, assigns severity levels to those
vulnerabilities, and recommends remediation or
✧ Vulnerability scanners tools are used to identify
threats and flaws within an organization's.
ETHICAL HACKING VS PEN TESTING
✧ Ethical hacking is a practice.The skills employed by an ethical hacker
allow them to practice a continuous assessment cycle of an
organization’s security posture by employing the same tools, methods,
and techniques of a malicious hacker.
✧ Ethical Hacking is NOT Penetration Testing!
✧ Penetration Testing is Ethical Hacking!
✧ It is the technique of hiding secret data within an ordinary, non-secret,
file or message in order to avoid detection; the secret data is then
extracted at its destination.
✧ Data can be audio, video, image or text file.
✧ To use the Built in Applications Virtual Box and Kali Linux / Parrot OS is
✧ Applications are Easy to Use.
✧ For Everything there is a tool. ( A-Z)
✧ Process of collecting information about something you are interested
✧ In the digital world, a lot of information can be gathered in different
ways, not with your senses, but with several methods,
tools and techniques.
Social engineering is the art of manipulating people so they give up
confidential information. Attacks can happen online, in-person, and via
Young Professionals Starting their careers
Experienced professionals moving from one career into Cybersecurity
Professionals at all levels wanting to learn more about it to better
protect their personal and business lives
GRC VS TECHNICAL
✧ Strategic includes Governance, Risk, and Compliance (GRC), Policy, IT Audit, security
frameworks and management.
✧ Tactical includes everything technical security systems administration, networking,
application security, security operations, incident response, vulnerability management, and
✧ Pick the one where you have most strength.
✧ Caution: Don't try to do both but Be aware of the other Side .
WHAT SHOULD I CHOOSE?
JOB - HOP IN
HOW TO START
↴ knowledge of computer and how Internet works
↴ Computer Networks - Protocols,ports,servers,etc | Basics to Advanced
↴ Linux Concepts - Learn Linux strongly and practice in Kali
↴ Cryptography and Network Security -
↴ CYBERSECURITY - Practice Strongly and learn new concepts
↴ Tryhackme, Hack the Box, Portswigger labs,Capture the flag challenges - To
Sharpen your skills
↴ Bug Bounty - Lots of practice,patience and efforts.
WHAT TO LEARN
Malware and Reverse Engineering: C,C++,C#,Embedded C,Assembly
Scripting: Python, Ruby, Perl.
Security Testing : Html,css,java script,php,java,SQL
Shell Scripting: Bash,Shell Scripting
✧ Web Application Security
✧ Android Security
✧ Cloud Security
✧ Cyber Forensics
✧ Malware Analysis
✧ Red Teaming
✧ Vulnerability Assessment & Exploit Development
✧ IOT and RFID Pentesting
✧ API Pentesting
✧ Blockchain & Decentralised Systems
✧ Cryptography and Network Security
✧ Hardware Security
✧ Unlimited Growth
✧ Set your style
✧ Easy to explore different paths
✧ Learn and EARN
✧ Engineers with cybersecurity chops and more than three years of
experience can make up to Rs30 lakhs a year, HR experts said.
✧ On the other hand, a software developer with five years at a
multinational firm would earn only around Rs15 lakhs a year.
✧ Follow the Roadmap
✧ Be Strong in Basics
✧ Choose domain and prepare accordingly
✧ Stay updated in the cybersecurity industry
✧ Explain In terms of Real time and its impact
✧ Attain Value added Certifications
✧ Descent Resume - Projects,Research Works,Achievements
✧ Achievements - Hall of fame, CVES , Bounty , Recognition
✧ Be passionate and confident
✧ Bug Bounties aka responsible disclosure programmes are setup by
companies to encourage researchers to report potential issues on their
✧ Some companies chose to reward a researcher with money,swag, or hall
✧ Values your Resume and Skills | Glory and Fame | Practical Knowledge |
Synack , Intigriti
✧ Go for rvdp programs
✧ Duplicates are Painful
✧ Quality >> Quantity
✧ Patience >> Bounty - Money
✧ Parameter tampering attack relies on the manipulation of parameters
changed by the user so as to change application information like user
credentials and permissions and amount of product, etc.
✧ Usually, this data is passed in post request or in hidden kind fields.
✧ This vulnerability is almost present in every online shopping carts and
payment gateways these days.
✧ Ex: bewakoof.com, donacakes.com
✧ SQL injection is a code injection technique that might destroy your database.
✧ It is one of the most common web hacking techniques.
✧ It usually occurs when you ask a user for input, like their username/userid
ONLINE CYBER SAFETY
✧ Refrain publishing sensitive information on any social media
✧ Keep Complex Passwords and never share to anyone
✧ Printers, wifi, webcams and computers, should be shut down when not in use
✧ Don't Meet online acquaintances alone
✧ Don't Share more than necessary
✧ Check for Https lock symbol
✧ Update Device Regularly, Keep 2FA, Use antivirus
✧ Visit banks website by typing the URL in the address bar
✧ Unlink Card details from E-commerce sites
✧ Don't share Personal Emails and phone number, have backup
✧ There is no such thing as freebies. Ex: Amazon,flipkart URL's
✧ Block people you don’t want to interact with
WHAT WE DO
✧ Act as a Security Professional
✧ Tests the security and identifies loopholes
✧ Conduct Threat Modeling
✧ Create Reports and analysis
✧ Authorized with proper permissions
✧ Spread Awareness to students and professionals
✧ Earns money and respect too
WHERE IT ENDS
✧ Start career as Security Researcher or Associate
✧ Cybersecurity Analyst / Consultant - Penetration Tester
✧ Cybersecurity Manager / Engineer / Architect
✧ Security Director
✧ Chief Information Security officer - CISO
HOW CYBERSECURITY IS NOW?
↳ Organizations Understood the Importance of security
↳ Expanding Security Teams
↳ Conducting Threat Modeling
↳ IOT and Cloud Evolving
↳ Social Engineering attacks getting smarter
↳ Rise of Ransomware and security threats
↳ Data Privacy as a discipline
↳ Having Responsible Disclosure policy
↳ Appreciation | Recognition | Swags | Hall of Fame | BugBounty
Any time the word “Hacking/Hacker” that is used shall be regarded as
These materials are for educational and awareness purposes only.Do
not attempt to violate the law with anything contained here.
If so,Speaker or College/Club is not responsible for the actions that
✧ "Choose a job you love"
✧ The number of cybersecurity jobs is increasing every single day.The key
is identifying the skills and strengths.
✧ Hackers attack every 39 seconds, on an average of 2,244 times a day!
When you give this a thought, you will realize how important
✧ Get Ready to deal with errors
✧ Learn how to use google and find resources like pro
✧ Stay updated and Make progress
✧ Consistency is the key to success
✧ Be Active in Linkedin,Security Forums,and communities
✧ Connect with like minded students and Infosec professionals
Linked In: Rakesh Elamaran