It was a great opportunity to explore my talent and sharp my skills and I want to share that most excited experience with you all, you people know very well I love exploiting rules and regulation always and it was the right place for me to learn that. it was 4 days workshop held at Loyola college Chennai, conducted by infySEC and SNN India together.
infySEC
Here are some of the programs conducted by infySEC:
To know more about infySEC feel free to click here :D http://www.infysec.com/
SSN
SSN has built strategic business and technology partnerships that allows SSN Technology team to continuously evaluate new technologies with many of the CMM Level 5 Companies. For more details->> http://www.ssnindia.com/
While information becomes data that means if any of the information is converted to digital medium it becomes very easy to use as well very hard to prevent from danger, Say for example we have a diamond and we have locked it up into a bank locker. some one has stolen that diamond using the a duplicate key, when you check the locker and if you found it empty you will guess that some one has stolen your diamond and you will complaint the police about it or what ever. At the same time you have important or secret data on your pc or any drive some one has copied that in your absence using your password or any other personal identifications, and when you come back and check for it you wont know which or whichever it is stolen since the hacker has just copied the data but not deleted it from your pc, in these cases digital security becomes a hot spot for the users where he has to be very concerned and focused about. Digital Security gives individuals the freedom to embrace the digital lifestyle – to confidently engage in everyday interactions across all digital devices. Digital security affects all aspects of the digital lifestyle, which, among others, comprises computers and the internet, telecommunications, financial transactions, transportation, healthcare, and secure access. Some one is always having eye on us and watching our step to step activities and they want us to make online transactions so that they can steal it.What we leant at hackavatar?
First day we had lot of demos like how networks and internet works “the dawn of the net”, “Did you know” and so on. What is network actually? Set of machines connected together to exchange the data or information among them is called network. When the network is established data can be transmitted on that any time any we don’t know whether the data has received at the other end successfully or not, even while transmitting we don’t know who is sniffing our data, so we need to use crypto techniques to crypt the data before transmitting and receiving the data to be safe from the hackers.
What hacking and ethical hacking actually is? Hacking is the act of penetrating into a system of an individual or a company to gain information or access to attempt a malicious cause to that individual or company, and the ethical hacking is the act of using the ethics of hacking to be at safer side and prevent our self from the hacking.
Hackers who do hacking are called as black hat hackers meanwhile, ethical hackers are called as white hat or gray hat hackers. Only data files can be hacked there are no other hacks? My friend asked me, we had a demo of call spoofing and email spoofing I said!!! Sounds funny??? I m not joking guys Mr.Vinod who hosted the program showed a live demo of spoofing calls as well as the emails. He just asked mail id from a guy and send a mail from his tool and again he asked that guy to log on his mail account. What he found after loging in to his account is he has got a mail from Bill Gates and the mail id was billgates@microsoft.com as a sender we all got puzzled and the message was billgates wanted to make some business with his so wanted to meet him alone in Mumbai Taj hotel sounds funny??? Just think how many guys will drop their jobs after getting mail from Bill Gates if he ask him to join Microsoft, I asked how its possible this is the vulnerability in the SMTP protocol which I has exploited vino said. And he asked a mobile number from a girl and a guy who came along with her and after few minutes we all were amazing that girl is getting a call from that guy’s number but actually that guy is not calling. He said that it was a call from the voip tool, it modifies the caller id header and displays the id which we have morphed; if that number is stored on to receivers’ mobile he will get that name as caller very simple. And we had a long look on web camera/ip camera hacks, desktop hacks, printer hacks and so on, meanwhile the quizzes were going on and many guys took prizes along with them. At the end of the session vino showed us how to crack passwords and what are the tools used for cracking. And we had loads of cracking jokes and much more.
Second day We had learnt lot of basic hacking techniques on day one. We had a close view with Information Gathering; Foot Printing and Scanning. That is how to penetrate into the remote systems on the networks how to collect the information about that system and port scanning. Session hijacking, web server hacks, SQL injection and lot more. Oh! Yeah SQL injection and the web server hacks are very hot topics which covers most of the most of the web security because most of the dynamic websites can be hacked or cracked if it is not focused on its security very well. On October, 2000 Microsoft computer network hacked, the hackers who broke into the company's computer systems gained access to some of its key programs but did not change them, Microsoft chief executive Steve Ballmer said Friday, according to Reuters. For more info hit here
The popular microblogging site Twitter was hacked briefly by a group calling itself the Iranian Cyber Army, but the site was quickly restored after the incident early Friday. For more info hit here
These attacks were the DDOS attacks and web server hacks. We had loads of fun while doing SQL injections and it was very interesting too what SQL injection exactly is a code injection technique that exploits a security vulnerability occurring in the database layer of an application.
And the DDoS is stands for distributed denial-of-service attack (DDoS attack) it is not disk operating system. These types of attacks are used deactivate the server to all its user across the globe, which can be also meant as shutting down the server if once it is shutdown none of its user can access that page across the world. At the end of the day two vino showed us some interesting videos of Microsoft vision and cloud computing those were amazing and specially Microsoft’s future vision was very interesting. Google “Microsoft future vision” and know more about it.
http://www.youtube.com/watch?v=g9JBSEBu2q8
http://www.youtube.com/watch?v=g9JBSEBu2q8
I would like to add one more thing by myself Google for nokia morph which is the future vision of nokia and it is awesome.
after the break capture the flag contest started, and me along with my team stepped into the contest as “RANCHIES” me, Mustafa, Aadil, and Usman logged in to the given site initially we were not able to understand what the contest actually about later vino explained as about the contest but to be honest were not able to complete the 1st question itself. Finally some other team completed 1st question and vino helped us to complete that one. Then we stepped into the 2nd question we struggled a lot to clear we were close to finish the 2nd one some other team got the prize but we dint got dispersed again we moved to question 3 it was related to the stenography and the time got over like tv serials ends at a serious climax.
Day four-final day We started continuing the capture the flag contest, it was very difficult to solve the question four but the thing is we got the answer long back along with the answer we were trying the keywords like “job”,”task “etc. finally we had done with question four and the fifth question was little technical but we people are expert in technical problems. I solved that problem by opening the given application in the olly debugger; I cracked the 5th level and now trying to solve level 6. on the last day we had a personality development program conducted by Mr.Basheer which was very useful to us since we are students currently. We got certificate finally along with a penetrating testing tool on a DVD. Due to lack of time some of the topics left uncovered such as “Tracking Wireless Networks / Chennai WiFi WarDriving”, ”Developing a port scanner using Visual Basic”, and few.
Feed backs:Need to include hardware hacks, more tools has to be added on the DVD provide to the participants, need to add wireless hacks, and much more.
The workshop was totally focused on the ethical hacking and the network security systems, hackavatar increased my knowledge up to date incidents in the cyber world.
I am now much interested to develop projects based on the security systems to support the digital information security. I would like to suggest you to hit here for more knowledge http://www.infysec.com/2010/03/viruses-and-digital-signatures/
Thank you for viewing my post
“We Work in the Dark.
We give what we can.
You may stop me.
But there are many like me.
And we are all alike! .”
C U next week
Yrs securely
S A Rahman
