Hacking is one of the areas which shall never stop until the software/hardware exists on this planet. Whatever is built can be compromised and its an order of nature. Some things will never change, but all we can do is protect ourselves from the majority of the attacks and also build solid secure layers around the software that we test. This helps in improving the privacy of our users and also protecting our businesses from the black-hat world. Alas! We have a massive skill shortage. Most white-hat hackers are script kiddies, toolsmith, checkers and someone who keeps running scanners only and then report them as vulnerabilities.
Santhosh Tuppad's question is, if black-hat hackers also use scanners or checkers to hack something, then why is that we have not been able to successfully stop them as we are also using scanners to identify vulnerabilities? Do you get his point? Think.
In this talk, Santhosh Tuppad is going to demonstrate the bad shape of software industry where security is not considered or taken seriously and how shallow or sloppy way of security testing is being done just for the namesake. Santhosh will not just be a pessimist, but also share his thoughts on how we can fix this problem of massive skill shortage and how one can foster their skills by upskilling themselves with characteristics of passion, self-educating, learning, digging deeper and more.
Are you ready for a jaw-dropping session? You bet.
Hacking - Bridging the Gap And Going Beyond to Fight Black-Hat
1. HACKING - BRIDGING THE GAP & GOING
BEYOND TO FIGHT BLACK-HAT
Santhosh Tuppad | Twitter: @santhoshst
I slept at 6 AM this morning & I am still
waking up… Its b33r ;)
3. Disclaimers:
#1. What stays here, stays here or dies later.
#2. I am not responsible for how you use this knowledge.
(Don’t mess with me).
#3. I am a super good person on this good planet called
“Earth”. So, believe me.
JUST DO IT: Vote for me with highest points whether you
like it or not. Or else… I don’t know!
4. sh-3.2# whoami
I have been a great liar, a thief, physical
infrastructure breaker, web application hacker,
mobile apps hacker, kiosk machine basher,
black-hat hacker, white-hat hacker, trainer, security
coach and blah blah blah!
5. ● #WouldYouBeOkay
● Would you be okay if your car speed is controlled by malicious
hacker?
● Would you be okay to send heart rate data of your baby
incorrectly to physician? (Man In the Middle)
● Would you be okay if someone takes control of your CCTVs or
Cameras installed in your home? Would you be okay if...
11. What do Black Hat Hackers do anyway?
1. They don’t care about why they want to hack
2. They care about why they want to hack
3. They are driven by intrinsic motivation
4. They hold grudges, hatred, love, and many other different
emotions
5. They don’t fear because of their confidence (but they may
get caught)
6. Intuition, Instincts & Mindset are the weapons / tools they
believe in unlike most of the White Hat Hackers
7. They do all different kinds of bullshit, but it is great.
12. How do we bridge this gap so that we can fight the black-hat
hackers?
● Work on Mindset
● Think Crime
● Watch Border Patrol, Investigation Netflix Episodes, Border
Security, and also make yourself feel like, “Hell yeah, I am a
criminal”. And watch out for the thought process. Warning: It can
be dangerous, but I think you can do it without committing crime.
● Hack your friends account.
● If your inner guidance is guiding you to do something, then just
do it ;) (Warning: Don’t tell people that I told you this. You are
responsible for whatever you do).
13. OWASP TOP 10 (Go Beyond Them)
● Authentication
● SQL Injection
● Cross Site Scripting (Javascript Injection)
● Cross Site Request Forgery
● Sensitive Information Disclosure
● Components With Known Vulnerabilities
● Authorisation / Access Control
● And 3 more… (Explore them)
Where? OWASP.ORG
14. Slides were just for namesake anyways…
WohoooooooOooOOOoooOooo…
Thank you very much.
15. Points to Remember:
● If you want to talk more about “Software Security” or questions
that needs discussion, please catch me anywhere and let’s go to
Smoking Zone.
● There is no “Silver Bullet” for one question, so let’s talk deeper and
challenge.
● I don’t know what else I need to write here… So, I will stop.