It was a great opportunity to explore my talent and sharp my skills and I want to share that most excited experience with you all, you people know very well I love exploiting rules and regulation always and it was the right place for me to learn that. it was 4 days workshop held at Loyola college Chennai, conducted by infySEC and SNN India together.
infySEC
infySEC is an information security company which provide information security to the clients, Research & Development and building up intellectual capital with customers across Asia, US and Europe . InfySEC conducts set of security programs joining with Chennai cyber cell such as war-driving, 3G Security and so on.
Here are some of the programs conducted by infySEC:
To know more about infySEC feel free to click here :D http://www.infysec.com/
SSN
SSN has built strategic business and technology partnerships that allows SSN Technology team to continuously evaluate new technologies with many of the CMM Level 5 Companies. For more details->> http://www.ssnindia.com/

What we leant at hackavatar?
First day we had lot of demos like how networks and internet works “the dawn of the net”, “Did you know” and so on. What is network actually? Set of machines connected together to exchange the data or information among them is called network. When the network is established data can be transmitted on that any time any we don’t know whether the data has received at the other end successfully or not, even while transmitting we don’t know who is sniffing our data, so we need to use crypto techniques to crypt the data before transmitting and receiving the data to be safe from the hackers.
What hacking and ethical hacking actually is? Hacking is the act of penetrating into a system of an individual or a company to gain information or access to attempt a malicious cause to that individual or company, and the ethical hacking is the act of using the ethics of hacking to be at safer side and prevent our self from the hacking.
Hackers who do hacking are called as black hat hackers meanwhile, ethical hackers are called as white hat or gray hat hackers. Only data files can be hacked there are no other hacks? My friend asked me, we had a demo of call spoofing and email spoofing I said!!! Sounds funny??? I m not joking guys Mr.Vinod who hosted the program showed a live demo of spoofing calls as well as the emails. He just asked mail id from a guy and send a mail from his tool and again he asked that guy to log on his mail account. What he found after loging in to his account is he has got a mail from Bill Gates and the mail id was billgates@microsoft.com as a sender we all got puzzled and the message was billgates wanted to make some business with his so wanted to meet him alone in Mumbai Taj hotel sounds funny??? Just think how many guys will drop their jobs after getting mail from Bill Gates if he ask him to join Microsoft, I asked how its possible this is the vulnerability in the SMTP protocol which I has exploited vino said. And he asked a mobile number from a girl and a guy who came along with her and after few minutes we all were amazing that girl is getting a call from that guy’s number but actually that guy is not calling. He said that it was a call from the voip tool, it modifies the caller id header and displays the id which we have morphed; if that number is stored on to receivers’ mobile he will get that name as caller very simple. And we had a long look on web camera/ip camera hacks, desktop hacks, printer hacks and so on, meanwhile the quizzes were going on and many guys took prizes along with them. At the end of the session vino showed us how to crack passwords and what are the tools used for cracking. And we had loads of cracking jokes and much more.
Second day We had learnt lot of basic hacking techniques on day one. We had a close view with Information Gathering; Foot Printing and Scanning. That is how to penetrate into the remote systems on the networks how to collect the information about that system and port scanning. Session hijacking, web server hacks, SQL injection and lot more. Oh! Yeah SQL injection and the web server hacks are very hot topics which covers most of the most of the web security because most of the dynamic websites can be hacked or cracked if it is not focused on its security very well. On October, 2000 Microsoft computer network hacked, the hackers who broke into the company's computer systems gained access to some of its key programs but did not change them, Microsoft chief executive Steve Ballmer said Friday, according to Reuters. For more info hit here
The popular microblogging site Twitter was hacked briefly by a group calling itself the Iranian Cyber Army, but the site was quickly restored after the incident early Friday. For more info hit here
These attacks were the DDOS attacks and web server hacks. We had loads of fun while doing SQL injections and it was very interesting too what SQL injection exactly is a code injection technique that exploits a security vulnerability occurring in the database layer of an application.
And the DDoS is stands for distributed denial-of-service attack (DDoS attack) it is not disk operating system. These types of attacks are used deactivate the server to all its user across the globe, which can be also meant as shutting down the server if once it is shutdown none of its user can access that page across the world. At the end of the day two vino showed us some interesting videos of Microsoft vision and cloud computing those were amazing and specially Microsoft’s future vision was very interesting. Google “Microsoft future vision” and know more about it.
http://www.youtube.com/watch?v=g9JBSEBu2q8
http://www.youtube.com/watch?v=g9JBSEBu2q8
I would like to add one more thing by myself Google for nokia morph which is the future vision of nokia and it is awesome.
Day three –pre final day after a week we again assembled together to rock on Mr.Deva was very much excited to see all of us before starting the program. The first topic on the third day was DDoS attacks and the Botnets. We clearly understand what is the botnet is. To understand botnet we should understand the bot first, bot is the tools used by the search engines to scan and copy the entire web site into the cache of the search engines. botnets are also called as remote robot network which penetrate into the remote systems and run automatically on the client side to compromise it with the bot-master. These systems are called as zombies(slave)it work based on an IRC, command and control network of compromised hosts(bots).A bot is a client program that runs in the background of the compromised zombies and watches for certain string on an IRC channel which are encoded commands for the bot. It is used to achieve DoS, ID theft, Phishing, keylogging, spam etc for the fun and profit. And then vino explained us about the Conficker which is also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. It uses flaws in Windows software and Dictionary attacks on administrator passwords to co-opt machines and link them into a virtual computer that can be commanded remotely by its authors. To be secure from this hit here
after the break capture the flag contest started, and me along with my team stepped into the contest as “RANCHIES” me, Mustafa, Aadil, and Usman logged in to the given site initially we were not able to understand what the contest actually about later vino explained as about the contest but to be honest were not able to complete the 1st question itself. Finally some other team completed 1st question and vino helped us to complete that one. Then we stepped into the 2nd question we struggled a lot to clear we were close to finish the 2nd one some other team got the prize but we dint got dispersed again we moved to question 3 it was related to the stenography and the time got over like tv serials ends at a serious climax.
Day four-final day We started continuing the capture the flag contest, it was very difficult to solve the question four but the thing is we got the answer long back along with the answer we were trying the keywords like “job”,”task “etc. finally we had done with question four and the fifth question was little technical but we people are expert in technical problems. I solved that problem by opening the given application in the olly debugger; I cracked the 5th level and now trying to solve level 6. on the last day we had a personality development program conducted by Mr.Basheer which was very useful to us since we are students currently. We got certificate finally along with a penetrating testing tool on a DVD. Due to lack of time some of the topics left uncovered such as “Tracking Wireless Networks / Chennai WiFi WarDriving”, ”Developing a port scanner using Visual Basic”, and few.
Feed backs:Need to include hardware hacks, more tools has to be added on the DVD provide to the participants, need to add wireless hacks, and much more.
The workshop was totally focused on the ethical hacking and the network security systems, hackavatar increased my knowledge up to date incidents in the cyber world.
I am now much interested to develop projects based on the security systems to support the digital information security. I would like to suggest you to hit here for more knowledge http://www.infysec.com/2010/03/viruses-and-digital-signatures/
Thank you for viewing my post
“We Work in the Dark.
We give what we can.
You may stop me.
But there are many like me.
And we are all alike! .”
C U next week
Yrs securely
S A Rahman