[PART 1] BSides Noida 0x02 - 22nd December 2024

Obviously, it's not just about practice, it's a mindset, right? As they say, the biggest threat to our security is thinking that someone else is going to protect it. And I actually agree with that a lot. Again, good morning everyone. It's supposed to call before we even start anything. We want to give you guys a huge round of applause for coming on a Sunday morning, especially for this event. So a huge round of applause for everyone.

Welcome everyone to Beside Noida 0x02. Whether you are a hacker at heart, a defender of data or just a type of cutting edge tech insights, you are at the right place. This isn't your average security conference, it's a collision of innovation, strategy and community. where the brightest minds in cyber security meets to tackle tomorrow's challenges today. So sit back, relax, if you guys have any notebooks, if you guys want to take notes and if you guys want to take notes, laptop and this event, just feel comfortable. It's going to be a long day. We're going to have a lot of speakers. We're going to have, we're going to talk about a lot of stuff and hopefully you guys are going to be learning everything

today. So let's dive into the world where every bite counts and every second matters. Let's secure the future together. And now before we start today's event, we would like to start by having our lamp lighting ceremony. We would like to call all our speakers and Mr. Sachin Behel as well. And we would like to start with that. So please put your hands together for them here.

So our speakers today are Mr. Harithit Singh Aroda, Mr. Abhithit Singh, Mr. Adhra Jain, Mr. Parman Siddhana and Mr. Aventya Singh.

I'm just happy to be here.

We would also like to start the event by thanking our sponsors, we would like to thank our Wendy sponsor, E-Sec Token, our Silver sponsor, Cubit World, and our platform sponsor, Commuter. Before we start, with our offers because we would very appreciate if Mr. Sachin can start the ceremony by sharing a few words with us. I don't think so, I need a mic. I hope you can hear me, guys, right? Yes, sir. Sorry, I was not ready for this speech. They just asked me to talk about it. But thank you. I think it's an honor for us for hosting this event. And I welcome all of you on behalf of B-Side Noda team and B-Side Quote team.

I'm sure it's going to be a great learning experience for you guys in this digital world. Information security is most important than ever. And these kind of events, communities give us opportunity to learn new trends, new solutions, strategies which help us to defend against evolving threats. So I'm sure, I'm very excited to be here and looking forward to discuss and share a lot of new ideas, solutions with you during the day. Let's make this day a knowledgeable experience. Thank you all of you coming here in this winter season early morning and I hope you will enjoy and you will have a learning experience today. Thank you guys. Stay safe, stay secure. So now that

I have had a very auspicious talk to you, I would like to start by

To officially kick things off, it's my honor to introduce our first speaker, Mr. Harpreet Singh Arora. Harpreet is a seasoned leader in cybersecurity with over 90 years of experience driving robust security strategies, protecting critical assets and leading high-performing teams. His passion for safeguarding organizations against cyber threats and ensuring compliance with industry standards makes him a true game changer in this field. Please give a huge amount of applause to Mr. Hadri Tsekarov. Also before we start just one thing, I'm assuming here, we have no doubt

Just to maintain some background, we want to respect your questions and we want to respect the speaker as well. So what we do is we pass the chips to each and every single one of you. If you guys have any question regarding any topic, we would highly suggest that you write those questions down along with your name and we will ensure that our team collects those chips. And after Sir is done with his presentation, he can probably address those questions about this. That will keep things professional and maintain the decorum as well. So... A very good morning. A very good morning for all of you.

Good morning, sir. Oh, I'm going to party party until the last.

be here talking among you all, cybersecurity enthusiasts and professionals regarding the ever increasing trend of attacks, ever increasing threats in cyber landscape. We know the technology is getting vast day by day with the use of AI. So as AI is getting more and more intelligent, We as the defenders, because with AI getting more intelligence, even attackers are getting more intelligence. They are now going more ways to attack their target. On the parallel basis, the parallel world, as the defenders you have to get the spark, then the attackers. They use AI to attack. You use same systems as the defenders.

So are you ready? How we can define it? What are the trends which are

step ahead that orthodox playbook?

So talking about malware, what malware actually is? The basic of every attack or corporate or even if it is an individual basic task. The basic of a task is what they want, they either want to steal your information or they want the access and not just access they want the privilege access. They want to be the root, they want the pediatry. Malware is one such tool or one such technique, one such program which was designed to cater these requirements.

How Maggaret works? The infection firstly impacts one system. They wanted to get it elevated or to cover more assets. Execution. Execution includes how they want to install payload inside systems because their target is not just one system. But system one, they are inside the system, they want to get persistent without getting caught. So although we are having SIM tools, we are having EDR, XDR and what not. If the skill set on the task is not sufficient, those tools might work against you. Once they are persistent inside your system, then what they do? There is a command and control server which is working in the background. The malware inside your system is talking to that command

and control server providing them the entire details, sharing the files of your system with them which might be used to ask for ransomware from you guys. That's okay, we have your files, if you want to get them back pay this much amount. And this is very much common nowadays even major companies like SolarWinds

have been recent victims of such ransomware or malware attacks. Damage. As we already discussed, the final goal is either they want excess, they want to steal information, or they want money. Even if they steal information, they will sell it on the dark web. The ultimate goal is money. Types. Although we are very much aware of the types in which Malwin are but they are not as it is on the plate that okay here is a virus on the system. No! You will get something like .jpg it's just a picture of it once you play over it and that they are very much aware that okay if the social engineering has been done right they know okay Harpreet

talks a lot about Nirav Kogli or something like that They will send a picture with you through phishing or social engineering attacks and will ask have you heard about his research achievement. You click over it, it is not JPG, it is actually an accessible file and as soon as you click over it, the downloading or execution of the libraries have started in the background. So this slide tells about what a different fileware does. Viruses infect and replicate, worms replicate themselves. Trojans, they are these guys' agents. They tell them they are very useful. Hey, if you want Windows 11, latest version 3 of PostClick here. It is not Windows 11 because it is not from Microsoft.

You have invited Trojan to your house. Ransomware, you click over it, your files get encrypted, you have to pay for it. Spyware, recently Pegasus was in the news to steal the information and globally the governments are using it. Adware, it generates unwanted advertisements. Click-jacking is one of the attacks which use Adware. So, you don't want to see those ads again and again. You click on the cross, it is not cutting cross, it is executing some software or program in the background. and your system gets impacted. Why we are talking about malware analysis?

Even if you go through news, every other day a new company is a target of malware related loopholes. Threat identification is important, even if you are just a normal user, you are not in SOC, So at the starting of this event, they said security is not work person's job, it is collective responsibility. So identify and understanding malware behaviors, prevention, we protect systems by detecting malware only. We will see how we would detect the malware without getting it executed. As a malware analyst, you would know in today's session only We will have a demo how to know that it is a normal file or is it some malware sitting in your system. Response. Once you know that ok this file is not a general file, it is a

malware in one form or the other, now you have to develop your response code. So it can be based on a playbook, even if you are a first time investigator, you can help other investigators by creating a playbook or runbook. so that your subs could be replicated by other team members Attribution Understanding the origin and intent behind the attacks Not all malware are there for money, not all malware are there for ransomware Some are just there to destroy your application Key stages in malware analysis We will discuss these in today's session Static analysis. The file is there, it is not executed, it is sitting on your system waiting to get executed, but you get suspicious on some behavior

or you don't know how it got downloaded. Without getting that file executed, you will get to study some of its parameters to know that is it the actual file or the legitimate file. In dynamic analysis, now it is executed, it is talking to something, it is making changes in networks, it is creating or deleting files in your system. Manual, you will use some dsemblers or debugger to find out what it actually is doing in your system. And automated, you will run that file in lab environment to see how it actually behaves. In those lab environments you have systems like Alien, you have Kupu sandbox. So those sandboxes are used to execute these files rather than

executing on your system and getting victimized. It could sound very funny if a softy member is a victim of a malware threat. So that's why we require a sandbox environment rather than actually trying it on your system. How we do static malware analysis? We inspect the file properties. There are certain tools with which you do it. Every file on the internet has an associated hash value. We need to know what those hash values are. Are these hash values flagged by some Nt-? If yes, What is the criticality level? Is it flagged by 1 or 2 antiviruses or is it flagged by more than 50 antiviruses? That will give you a clue. Disassemble the code to know what actually it is requiring. Does the code include some

redirects to some other website which is not the intent, which is not the actual intent of the user.

to identify the known signatures. So if there are known situations of some anti viruses, you provide this hash value to those anti viruses and they will show you exactly that yes this is in the list, you know that this hash value belongs to some virus environment.

Let's talk about what dynamic analysis is. In dynamic analysis, in static you were without execution you were checking the properties. In dynamic analysis, now the malware is getting executed. After being executed, where is it talking? Is it talking in the background with some other website which is not the intended website for the user? Is it creating new files? What are the tools that we use to determine these things? We have task managers or process monitors to find if they are creating new files. We have network servers like VASHA to know if it is actually talking with someone in the background.

Comparison between static and dynamic analysis. In execution part, static requires no execution, dynamic would require execution in controlled environment so that you do not lose your whole system in the process. Tools static would require disassemblers, headsetators, dynamic would require synopsis and system-oriented tools. Focus in static you will have focus on core structure, file properties, generally companies, LLCs, they have these team, all the other things different. If you are working in a started environment, you can have both the jobs in a synergy. Delaried analysis, behavior patterns and system interaction with which background process it is interacting. Efforts, static analysis is quick to perform. You can do it manually or by automated tools. We have tools like solar tube and we are good with which you can

do quick remove the false positives by manually checking. In dynamic analysis, it requires more time and resources because you have to go through all the pages of the websites rather than just going through a single code. Challenges As AI is getting evolved, marketers now do have major evasion techniques. They know how to confiscate themselves, what is confiscation. They are getting hidden inside some other program. You are downloading program XYZ and you are getting program ABC free of course. And that ABC program is nothing but malware. Volume. The sheer volume of new malware variants makes it difficult for errors to keep up. They are working 2 or 3 people in a team, but the malware they are getting from one system to the other, to 3, so

on. Sometimes it becomes very hectic for a tester or a defender to tackle all these incidents in real time. Zero text points. Malware are starting to the vulnerabilities which are still not there. Means they are not working on the lower vulnerabilities, from

the unknown. Emerging trends in market. Now market do not work on files, they hit directly on memory spaces. These markets are called fileless markets. Supply chain attacks, they talk about targeting software providers themselves. You are downloading, it is just mythical We are downloading an antivirus, I am not targeting any antivirus company here. But downloading that antivirus installs the malware inside. That malware is using supply chain.

43% the data is 2023 Small and medium businesses are being hit by markets 90% attacks are all due to phishing and social engineering attacks India is 68% increase in cyber attack instances last year 69% of the companies globally say they are understaffed in cyber off So this data is as per 20-minute source is AVG.com Now let's talk about some demo related things. We will be doing fingerprinting a malware. We will analyze the strengths. Strength will provide you an idea what is inside that malware without getting executed. The first three you are not executing it. All of these three are from static analysis. The fourth one we will talk about

dynamic analysis using wire shock and sys internal nodes. So let's start demo. DLNs. No, DLNs. DLN corruptor.

All right. So the operating system that we are currently using. Thank you.

for static analysis we are using in Flarevian our first demo would be counter

finger print So the basic details here we will be using hash file files to load. Here we will be using hash file files to load various...

Thank you.

Alright, so... We have a central wave malware with us. Let's see how we can analyse this malware. Not simply says that it is still a packed malware. You have to unpack it first. For unpacking I will just extract a terrible device. You see a file now which is without that 7D extension.

This file, again it is not an .exe file, it is one file which is

How to analyze this non-packed.instructed file? In hash my files,

I'll just open it. It will provide me all the hash value be it md5, sh1, shm56, 512. How these hash values are different, that's again another topic. That would require

Copy any of these. I'll be copying SSH 256 or say any of. I'll copy SSH 256 here.

We'll analyze it using

a tool called VirusTotal. What does VirusTotal tell me about this file? So we don't have a file, we have There is a search option where you can input your hash value. While Sotox says, how come 72, 70 empty devices, Alibaba Alicloud Avast and others, Sandinabon, CrowdStrike, Elastage, all of these have this hash value, In Redfield, they have flagged it as malicious. One of the ways you get details of this file is just click on details. You'll get all the hashed values. You'll get what is the file type.

Creation type. First scene. So it's active since 2010. What are the other names for this file? This could be called by these other names. What are the compiler names? Apart from this, after getting it, after finger printing it with hash my file, what else we can get? Analyzing strength. There is a tool here.

We call it SEMDDR. Analyzing strength means whatever information is inside this file. This file which we have just extracted. Whatever information is inside it without getting it executed. We'll be able to get that information live.

I'll just require the path where this file is present. It's here.

Okay.

The final event.

Sure. .

It is extracting static strings, analyzing

the program.

Whatever could be the information packed inside this file, we will get to save here on your screen. I have to ask you my company that has some of the information that I have covered in the chat.

Any API call it would be making any file related actions whatever it would take you will get a glimpse of it. It will floss.

It would take a time possibly 2-3 minutes

Meanwhile, I'll talk about something. We said,

in our discussion, we talked about getting user training, getting user trained, As a cybersecurity engineer, what would you do to train or to make users aware of these kinds of threats? We can send emails to them or we can use another tool called Know Before. Know Before is used for cybersecurity training. Not just... It helps you in creating phishing campaigns. The email that says, hey you are getting 100% high, congratulations. And when you click over it, congratulations, you have to do this pretty well. The same company also provides

which is called ransomware stimulator. So you have to just sign up here and provide the details and you will be able to get a stimulated ransomware.

This is the way how these security guys they share these kinds of Similarly, it appears to your system if you click on such kind of links which are very urgent, very important or which promise you something, good like or something like that. Yes, let's start with these things. Alright, meanwhile let's start with third process alongside. We will demonstrate packing and packing and combining analysis now using EXCMP Studio.

What

does EXCMP Studio do? It is 24% that we can do.

¿Qué

es lo que se llama?

This file is telling you similar information but it's telling more about that this file is executable even if you don't see .exe. This will provide you a hint that beware the file is actually an executable file rather than any .mg. Also, what else

Why didn't you this magic bytes 4d5a? First few bytes of every program are called magic bytes. They provide you a hint of what this file actually is. They provide a hint that's okay. Where do we get that hint from? For that, open Wikipedia talk about list of file signatures.

The rendering file is showing us it starts with 45k, the first friend by us.

The hex signature 45k. Alright. So it is DOS LX executable. could be found in any of these formats.

So this is one of the tool, Wikipedia, where you can see these list of file signatures while analyzing any static document.

Now let's see where our boss is. Okay.

decoded these strings it talks about land and windows for workgroup these strings okay program data

just quite sexy

Once you get information out of it, what to do next? You know that we can either use Google. Say if I have got something like VH file, it will give you an idea What this API will do, create file API, it creates or opens the file. But, when we are in AI room, when we are in AI era, would I still be using Google? I will use another tool, which is called, bar API dot i.

You talk about any API, processes, create, remove, thread, any API that you see in that string section under Floss. Search it here, click over it to know what it actually does.

So if it says that it is deleting file, click over delete file A and it will tell you what this actually means The work with documentation if you want to know more. When it was created, last updated, it's library.32.dll.

So after you are done with the static analysis part,

EXC Info 2 Another tool called EXC Info 2 Not all of us could be very sure if this file is unpacked, is it still unpacked because the extension doesn't tell you about anything. How do you check this file? Is it a mint state? For that, there is a tool called

Just share your file here.

You see this sharing, the information regarding external

it says it is not bad, it is unbacked whatever the extension is be it exe, be it mvrc if you are unaware of its actual state in current type use exe in code

another thing which is it's showing

total physical memory is nearly 4000 mb Available physical memory is 1700 file size you have to convert it into decimal, it's connected in hexadecimal If you see there's a difference between the actual size and this physical size it is showing that means something is fishy, something is not visible That makes that file suspicious. That's another thing that we check while we do the analysis part. If its actual file size doesn't match with the physical size that is showing, we should know the file is suspicious.

this static part you know that it is showing no symptoms that it is suspicious and what not. But if it is still not showing any way in which it is suspicious you are still not ready to make up your mind to classify it as malicious. Virus will say it doesn't have it because it is a zero day attack. For example For zero day, wireless control is speechless. It doesn't have any entry. So then you have to do dynamic analysis. While doing dynamic analysis, when you use packet sniffers to see if this file is talking to someone in behind, some controller in behind, some network in behind, or some website in behind. What is the wrong thing?

We will be using wire shaft here.

So, for doing this analysis part, what we are missing? Anyway, we have our channeled on, but having icon execution, do you have the executable file yet?

No, it is still .ml. Create an F.

Now, you can execute a file. How are you going to do it? Just remove this extra edition.

You have your ransomware in front of you.

You can see the traffic is flowing through this interface.

Currently it is showing the general traffic. Nothing much you will see. What if I We can decolate this malware, and underwear that this file is a malware, it is not written ransomware.com, it is written system32.exe, which is very common as malware all systems, because you might think that it is Windows file rather than some, then you shift.

Any queries are being made. Dłowieński samochód, zapisze.

You have to analyze that.

Any data that you see? I don't

want it.

You have to check what this at the beginning of the time is. Every conversation can be flat. Especially for the food comforts, if you suspect it should not go.

Thank you.

Being an

analyst or a good person

All right.

We will see other tools also where we can get a hint of what is going in the Lansomware You see we have got files created I have WannaCry here

Your ransomware is in action creating more files, the dkift files

So, if you want this technique, you can see it. Alright, it is executed now. So, you'll get a hit in your last couple of points.

and in other tools, say we talk about process monitor.

We are currently looking for

process

name. Process name can write

Can I use this?

Yes sir.

Yes sir.

And you will see all these connections. There's a thread. This is being connected. All the processes that this is executing, you will see. Processing.

Similar connection requests you will see in Wardshark that is getting connected to something in the backend that URL for IP address will be visible in the data. And then the question that generally learners are is alright we are getting this disconnection and whatever it is doing. Is there a way to get ourselves out of it if we are impacted or if we are impacted?

As a layman, just start your system if only your system is connected start in safe mode. Try to stop this process in safe mode using task languages. What else if not there? Is there some tool or some site which could be of any help? Yes.

Another tool which we can use is

NoMoreRansom. NoMoreRansom just provides the name of the ransomware you are impacted with and it will share the D-crypti key with you. Just an example, we have Ragnar, you can simply download the D-crypti key.

Comparison part, all the demo which we went through Calvary analysis is a crucial component of modern cybersecurity practices just like it was from the very first 1970s or 18th century. By combining both static and dynamic analysis techniques, we can stay ahead of Calvary developers and protect critical systems. I am sure there might be some things which you already knew about, but I am equally sure That's the end of the day of new learnings for you. Thank you and I'm happy to have any questions from you. Does anybody have any questions? If yes, you can just stand up and ask them. Just make sure you guys are just loud and quiet. Anyone?

I have a question, you spoke about fact and unpacked malware. And I'm also interested in this subject and I was studying about it. Am I right if I say that in order to analyze a fact malware you have to detonate it first, like you have to get into dynamic analysis or there are a few things I've been getting to understand it just by doing starting it with. The very first part, if it is a fact file, if it is not zip or not,

The first thing is you have to unpack it because that thing is just as simple as it's not there. As soon as you unpack it, the very first thing you will see that, okay, now it is unpacked. Does it have the potential to cause disruption in my environment? Then comes static analysis. Static analysis will provide you with the need, especially that frosting, which is provided that these are the strings it would be using. So, I don't expect that, okay, I have downloaded Windows 11. Why it is asking, say, just to name an example, you have downloaded Calibit and it is asking for permissions of your location, Calibit permissions. Why wouldn't it do that? So, that's what you...

Okay, so when you were talking about model market emerging, So how do you think so polymorphic marketers in this scenario are affecting certain attacks as compared to 5-north marketers? How do you think polymorphic marketers are available? Alright, as far as I understood the question is, with the evolution of marketers, since now we have poly and not directed to a single target, to our strategy and to save the data from that. Alright, so with every evolution in attack factor, there is an evolution in defense factor. Few of the companies which provide us a tool for the same are Darktrace, Vectra, Extrato, what they do, they analyze the behavior, the pattern If a file is not intended to go to

finance, they will immediately start a notification to some team that this file was downloaded for some other thing but the behavior is not as expected. So we can use these tools which I'll name again, Textrono, Darkrays and Weftra and they might be of help here because they use AI to detect the behavior and the noise.

They are not using the hardware space for sure, they are attacking the memory spaces all the time. So when they are attacking the memory spaces, that's where the forensics comes in place. Forensics you can be using tools like monopsies, which would tell you that This is the database where certain things are getting increased, the files which you are not downloading and it is getting increased, the space is getting utilized, so that would be the first hit for you to see that, okay, in the primary slot you are getting buffer workflow or something like that, so that would provide you to analyze that for you. Anyone else?

Again, AI ML, the three names that I provided, Darktrace, Extra Hope and Vectra, they are using AI to mitigate some malware related risks. How they are doing it? AI is analyzing the behavior of the files, whatever you are downloading. For example,

Something from your system is locking at the finance room, someone is trying to access the financial related data, which is not a normal behavior. Any cloud provider you are using, Azure, AWS or GCP, they have this inbuilt, air related, with the integration or collaboration of co-pilot or whatnot, they will provide you they will release the notification that this file which is not meant to go into the finance department, it has nothing to do with it, nor the system. Kindly check what is happening. So then as the security analyst it will be your job to analyze that file based upon the processes we have discussed. I saw one hand in the other hand. So in the granting analysis, is there any possibility that

the malware has escaped out from the

Very nice question. I was expecting this question. So the question is, we are doing the analysis part in the same environment, in sandboxing or virtual environment. Is there any risk of migrating out of it? For sure there is a risk. That's why generally companies do have network segmentation and these sandboxes have their own segment where no other devices are directly connected. So they might use a fireballing entity or the segmentation itself was brilliantly for segregating it from the other network. So yes, it might impact. Network segregation or brilliant ideas would be beneficial. One moment. So I've seen that you were using Frost 30

So for decline assessment we are using strings from Sysinternals. How is it different from Sysinternals? It's just like web providers. So, your comfort level. If you have more comfort reading cross output, you will use cross. If you are more convenient for using Sysinternals tools, you will use those tools. So, I mean doing decline assessment

How hard is it to pick on me to move to like market and artificial intelligence? Because all these tools have habitual, okay? So what is the additional piece that I have to learn in order to move to market and artificial intelligence? Cyber security domain is an means you have to consider yourself student woman particular in IT if you are in cyber security. So certification from yourself. There are certifications which are GRC specific, there are certifications which are pen testing specific, there are certifications which are malware specific. Focus on malware specific certifications, those will help you to build your knowledge around it, just to crack in your data. So I mean the knowledge, whatever the steps in the process that you have found, it is quite similar to

the math. Yes. That is how we are wrong.

One point is in the question that I just faced AI. How AI can help attackers and how AI can act as an effect. There are certain ways, for example, you don't need knowledge of coding. If you are a coder that's very nice. But using AI, you can build both the exploit also and you can build defense of that exploit also. Just use some collaborative tool or there is Google Colab also which can help you generate such kind of tools. So next, in my view, would be get familiar with AI, how it helps you.

both in meta effector and in the galaxy. Thank you. Thank you so much sir. If any other student, professional, if any other person has any other question, they can surely, I'm very sure sir will be very happy to address them. We'll move to the next speaker. Who out of all of us got into cyber security because of, you know,

So now I'd

like to welcome our second guest. Next up we have Mr. Abhijeet Singh, passionate cyber security researcher and security analyst. specializing in protecting digital environments with expertise in web, VAPT and network VAPT. Let's welcome Mr. Abhijee to the stage and let's welcome him to the big round of applause.

Good morning! Good morning sir! I am having a nostalgia that my voice is much more higher as everyone of yours compare. So let's try one more time. Good morning! Good morning sir! Now I am in an event as of now. Okay, tell me one thing of very simple and basic question I will start with. Hindi or English? Hindi

Isn't I even always uncomfortable and empty? So I'll try to go completely bilingual.

So I'll try to roast you out during the session. I don't have much things to teach you as of now. But what I will do is I'll try to make things way more interactive than beyond your imagination. But before that I will give you a small surprise. I just need a wallet here. Anyone? Sir, please. Be my guest. Okay, how many of you use Zomato and Sveiki? Cola and Uber? Pretty much everywhere I believe.

Do you know that every time you register with your new email, you usually get your coupon? Yes. Sir, I will tell you something which is pretty much related to the same thing.

Is it visible to everyone? Wait a sec.

Visible? Yes sir. How many of you are using Gmail? Oh stupid question. I believe everyone is using Gmail.

Can you please? Now can we enter another email? Put suraj.tach72

Now let's put a dot between every character text 72 at gmail.com How many of you believe these all emails are same? How many of you believe these all emails are different?

For the safety purpose, what people think, let's stand on their

myths that incognito is the only thing which every of the engineers knows because in the night time changes, incognito and brightness are off.

Okay, pixel, can we go to Gmail? Feel free to use it as your own system. But don't do it in the files, okay? Actually, I'm not sure. No, no, I don't get anything in my system. I am pretty much secure. I'm doing great times. Me?

Okay, now what you can do is, this way, like I got this idea just few moments ago. So we got a small email from Uber claiming that your email id were like abhi.singh.avi.1994

at gmail.com We are going to delete the data and the account since we haven't used it for a long time. Then I remember, okay, I have made this for free coupon. So I will tell you this method, you could use it sir. Sign in. Password? Password? How will we confirm? We will take you as another one. I have got plenty of demos. With every demo, I will teach you one lesson with it. And what I want from you is pay a focused attention to what we are doing because it can save you or it can help you in making money or it can help you in building your own career as well.

Just before you enter the password, let's just confirm with this thing. Is that email visible to everyone? Yes Sir.

That's one email. Now we'll try to login into another email claiming r. which means, after a character, we will try to put a dot between every character and we will try to log in into the gene. Try it and see, who has the key add drive? Where did the key add drive? Where did the key add drive? Oh, it was created by that. Can you go on out now? Okay guys, you will be my confirming flags that yes, this is the email or different emails. You know we have got a very good internet connection.

Guys, can you please confirm that we have got the very first two mails as something, something, something and the DT is also here. Is it visible? Yes. Is it visible? No. Okay, I don't have any other words.

Let's go back. Remove their account. Let's remove it. Now let's try your email with a dot between every ten. I am consuming it, but the ultimate result is very clear. At gmail.com. At gmail.com.

Next.

The phone is there. We live in a digital world where without confirming we don't do anything. Next. That's what we are doing by the way.

You can confirm yourself, just keep your comment. By the way, you can use Ola, Swiggy, Zomato, Uber, whatever you can register your email IDs with different emails. So you don't need to use different emails. If you need to use them, we usually refer to TAMP mail. So you can confirm that it's the same email ID? Is it the same? Let's have a big round of applause for Priyan. Now what was the learning behind it? I will tell you in a moment.

I am a little lazy to give an introduction because I don't like that I feel like my introduction is basically the feeling. By the way, who I am is a security researcher and analyst, a red teamer, a security tester, a man of offensive tradecraft. How many of you are aware about the word offensive tradecraft?

a bigger domain as compared to your rat teaming. Rat teaming is something that you have access to the system or organization via group. Either you have digitally hacked or physically hacked. But offensive train craft is much bigger. In simple terms, you have registered your system, you have used my system like Priyank where everybody? Priyank used my system for logging into. वाइट आपने आपको रहिस्टर किया हुआ है इसका डेटा कहा ब्रीच है एंड पॉसिवली दा वर्स इंग एकस्ट ओफ एवरी सिंगल डिवाइस जहां पे इसने जीमेल का यूज किया हुआ है एक्स अपने अपने आपको रहिस्टर किया हुआ है इसका डेटा कहा ब्रीच

and today's agenda will be about modern cyber threats and how your carelessness could even lead to a security breach. On today's date, every company needs security expert. One way or another way, they require a person with a knowledge that you provide your system or unit safe and secure parameter. Either physically, or digitally. Like what we do is we do security testing. Ask me if you go to the corporates and for providing security they will either refer to performing a VAPT, they will refer to either performing compliance or either they will try to perform or deploy a sim-based tool. Like you have Splunk, CyberArk and ArcSight. But what about the other parameters of security? Which means in simple terms, your

data which is in corporate, is secure.

But outside the corners to secure? How would you protect your data? What does security mean to you?

Security is completely dynamic for everyone. What does security mean to you? Protecting our assets from the

We are not protecting our assets from the attacker. Sir, what does security mean to you? Responsibility for what? Sir, with the specs. What does security mean to you? Security means, let's mean, your radar is not reached now. Everyone has a different perspective of security. What does your security mean? Sir, what does your security mean? I am driving a phone. I have all my contacts, foreign security means that. You will ask what the security means to you. He will specify that the documentation is secure. If you ask someone in a working class, they will tell you that my phone is because they use all banking transactions. Everyone has a different version of security.

On the legal terms try to breach security, provide security on the behalf. Because people think that security breach is illegal. How many of you think this thing? That security breach is illegal. I'll tell you a way for legalizing it. Do you think that hacking is illegal? How many of you feel that hacking is illegal? I'll share a small incident. When I started my cyber security career, I was in the school. and I told my parents that they are a hacker. No one is laughing at all. What I received is a very good nice slap. You know, I don't know how Punjabi family, we call it Chittar. I received a very good nice slap and a comment from a relative, Bank Lootega, jail rat.

Even today, if I tell them I am a hacker and I perform security breach on a legalized terms, again, they are the same terms.

So Indian mentality has got a different mentality or mindset for this term that is a hacker. People think hacking is illegal. But there are so many different programs out in the market that say you are a hacker. Let us know what our parameters are. One common way is bug bomb programs. Everyone is aware. But as well as red teaming programs have started. They say you breach your parameter and we will reward you. Now, how many people can cut you from a J-Bitch? Or you can breach your locks from the house? So these programs went completely for you. So when we talk about modern cyber threats, Sir explained a very good cyber threat that is malware. That's one of the major

threats. Then second is your social engineering. Third is your AI LM based supply chain models which are the most emerging way in today's video. Then we have got new risks. New risks as in APT, Advanced Persistent Health. I hope you would love it. Does anyone know about World 7 Ears Biro?

I just want you to read only one paragraph that is this highlighted one. Just read it and tell me, isn't it the APT or the Advanced Persistence Fed? I am breached in an organization system for a longer time period and that too undetected. किसी को पता भी नहीं है कि उनका system breach हो चुका है और अपर इसको स्कॉल रोगा पर आपर दोजु आप रहे हैं जिसने इसको पर लिए सिर्फ

यह पर रहे हैं

So what do you mean? Eyes on good and then enter good. Both are good. So that's a small incident which happened with the CIA's and who breaches do these breaches? These breaches are done by some threat actors. Threat actors as in you will find some hacktivists. Hacktivists are the meaning of that I am hacking and doing this for the good. In his eyes, everything is good. He is doing it for a very good reason. and the reason is that it can be bad for someone Then we have got the criminals criminals are meant that if you have to harm someone's intention they will be using it. As you have heard of the hot term, deepfake. You have got someone's image, someone's face.

Then we have got the insiders. These people are crazy. In the normal language we call it thali kha bengal. Today I opened a company and hired a person. He feels like that his work is not appreciated. He will get frustrated. What is it? My sensitive data is also outside the organization. That's what we call the insiders. And he is all the poor. Then we have got some espionage, some terrorists and some warfare. I will give you a small example of this. How many of you have heard about Angel Priya?

She is a very beautiful example of this thing. What did she say? What did Angel? I don't know who was the person behind it. Was it a male or was it a female? Richard T. Who said? If someone else has a question, take a look at Angel P.A. No, what Angel P.A. used to do was, look at this guy, targeted, he got a message, hi, can we connect on Facebook? Connect to him, 4 days later, 5 days later, 6 days, baby I want to talk to you over phone, phone does it, but, recharge it. Can you send me 50 rupees for a penny? You know, we, men are very kind souls. We try to help everyone out. So, what we do is, 50 bucks a

point. Send, $50. You have so much juice and you have passion for me. No, it's 50. If you don't do it, let me tell you, I'll not talk to you. Wait a minute, 50 more. 150 more, block. That was the one target. Now, same thing. Imagine that ID is the same thing with other male profiles. So many people failed the same thing again. They started complaining it to Mark Zuckerberg. He got frustrated. He said, you are going to see what is happening. He opened the Facebook's data center. He saw the threats came from Angel Priya. He saw someone who was spammed. Again, after one week, he got a very good incident alert that there has been so many threats. If you will not take care,

we will get over flown by. He checked and confirmed that there is an ID named as Angel Priya. And it was like a spam and people wrote that they killed you. So he did the same thing, he analyzed, he checked out and once everything is done, he removed personally the same profile Angel Pia. And I can guarantee up to 2021, you can make an angel Pia name on Facebook. He came out with one more solution, that everyone provides security and authenticity. He made a small plan and the plan was I guess you guys have 17-18 minutes note that Facebook started asking your Adhaar card for verification purpose. Is there anyone who knows? No, I did. Before launching it to India, guess your guest has sent

the first request. Someone said. No, who? Exactly, to Mr. Modi. Modi ji said. I have told you about your brother and brother. Give me two days time. Third day in the morning, they had a conference called. He said, Mr. Zuckerberg, we are ready to accept your proposal, but only on one condition. We will be sharing our Aadhaar card database with you just for the verification purpose. But in return, what we want is your social security database. Now, Abu Dazi can't explain.

No. Exactly. Please say that, sorry sir, we are going to be in the security of our own. So that information of that incident is completely related to the threat actor because threat actor was one thing where we consider most weak and vulnerable because there are so many threat actors. One of the threat actor process is a malware. I guess you might know malware pretty much as compared to me. What malware is? It's nothing but a malicious software which can harm your system to a very great extent. Or you can do a security breach. Your data is coming from here, or you can see data leak just because of malware. How many people have heard about Happn? The dating app.

He took flight in saying yes. His brother had a weapon. Now the difference was, Happn was an app, Happn was a happening incident. In which you use the same amount of salivities, the images leaked, it was just a small man. You can see all of these malware's, I guess, and say, sir, can you be certified? Aquirers, Worms, Trojans, ransomware, botnets, fileless malware, and all rootkits, botnets, and they keep on going. I guess 11 classes are different malware's. And one of my favorite malware is this one. What I used to do was, real? There is nothing personal, but you?

What I used to do was in my college time period I was good at jamming the wifi's I put my class's wifi jammed and put my key logger in the system and give my teacher a call and I am from lovely university So okay, let's go. Every single professor's email ID and pass-to-pass in my system just like

I will just slide the Priyansh's. Okay, give a promise. If you have any copy or an email, you will have a password for Priyansh's. Promise? Promise? Promise? Okay, Priyansh?

Already changed, that's good. Can you please

confirm that you are going to load? Can

you please confirm that you are going to load your password? SuperHP1 SuperHP8123 How many people from you do in the world that you use? How many? Just imagine, you have used a system

and you have typed this information in a wrong way. Imagine what could be the consequence. How many of you use paytm or phone pay which are linked via Gmail?

Totally bankrupted? How many of you use any social media which are linked via Gmail? Socially again? Like, agent, amputation, and each other, by the way, there is a conspiracy theory here. The truth is that in this story, it says one simple thing. Which country do you think is the strongest country? Russia. Okay. So, score your answer with a fact. Then I will consider it as a yes or no. Sir, Israel, why? Israel is

Someone?

How many of you say China? India? Pakistan? Afghanistan?

How many of you say Russia, Russia-wide? How many of you say America? To some extent, because most of the companies...

To some extent, okay. Now cooperate with me in answering. How many of you use iPhones? Yes, iPhones. Garib logo. iPhone belongs to Apple. Which country? US. Put it aside. How many of you use android? Which people? Android belongs to Google. Which country? US. Let's go. How many of you use Facebook here? US. Belongs to which country? US. US. Belongs to which country? US. US. Belongs to Microsoft. Which country? US.

to sign up, you require only two things. First one is email, second is number. And if preference for using email is? More, more, more. Gmail. Gmail? You do not want to use email, add number, add number. Have you ever made a comfort condition of Gmail? It's like again reading Mahabharata's wrong. What we do is we are Indians. We are good at skipping. Scroll, I accept.

They have specifically said all your kidneys are mine, all your torquies and chocolates are mine. Which means, you can use any data and use all the emails. Now, what country is the most important data? Your son. Do we use devices? Yes. Let's check it to a limited amount. Now, note that in India, a child born was All of them give us an iPad and an ID. Where is the child's ID information? And then we are again wondering why the systems are getting reached. Is this clear? We also run a smaller community with the name of Cubicon where we deliver quite good amount of

in terms of the knowledge. So you could reach us out there, you could ping us out there and we will take into consideration because we never say no to anyone who is trying to apprise in the domain of cyber. Then another cyber threat or another kind of threat is social engineering. This social engineering is pretty much hard to describe. How do you define it? Some people say it's an art, some people say it's a science, some people say it's a technique, some people say it is hacking without coding and few of them say manubulating of human mind to do some dirty words. I am just telling you what a parrass example you know. A mumbaika person right now has a case of 40, 16 and 50. He was almost

50-55 old person in Mumbai. There is a call that, sir, I'm talking to you about this company, one week you will get your cash double. Imagine, why I put this topic I will tell you, the relevance of it. One week you will get your cash double. He invested 10,000 within one week, he returned, so he got 20,000. He said, you have planned. He said, you invest again, he invested

70,000 he received 60,000. It's a good idea. He again invested almost 70 to 80,000. Can you guess what happened? He invested 70 to 80,000. He received almost double that is 150,000. This is a little odd driver. He invested almost 25 to 26 lakhs. Can you imagine what happened?

60 to 70 lakhs to return million. Now here comes the big game. He invested all of his savings that was equivalent to 1.78 crore rupees. And the lady on the phone said, he said, seven months like double. Seven months after he communicated with the organization, I don't know how much. That's a con thing. We don't know you.

I am from this bank, this operation here, I have been renewed for 2 days before. I have purchased it and it might be someone else. It's all that's gone. And I guess this is what you can do in this sense, I think, in the WhatsApp and Telegram, you will get a message from YouTube videos, reviews or help in trading cryptocurrencies. Work from

Be aware

of these kind of scams. When your money is running, you will not maintain that money because you will have a transaction. Now there is very good dialogue. By the way, let me give you a small disclaimer. I am not a racist. But I am talking this dialogue in a very positive sense.

All the women in the world

Why? A live example. Sorry, but what if you need something from your husband and he is not ready to give it, how will you ask him? People are in relationship, they can also try to answer. If your girlfriend or girlfriend wants something, Then she will start ignoring you. And you will get ignored. And now let me give you a small fact also. World's best social engineers are women. But again, most of the cyber incidents which happened due to social engineering are again initiated by

When you try to suggest this, you have a call. A scam call, and you will hear a woman say, Hello sir, I'm talking to you. I guess you all know your name. You can better understand this.

Now there is a small thing when we talk about the social engineering. I need to disconnect it for a second to show you something.

Okay. And here we are. I just saw some people who have attacked this attack, they don't

know. Are you good to go? Do you know this lady named as...

Now take it as a metaphor. I called her yesterday and I said, maybe I was missing you. Where are you? He said, sorry brother, I don't know you. What I did is,

And Spellings are same? Is the spelling same? What difference is

the spelling?

How many

results have you received? How many results? Two. Now tell me sir. Spellings are different. It's one of the very best attacks that you have 4-5 years ago on Apple. The main attack is ID and homograph attack.

Similar characters of English characters are same highlighted. Can you see them? Yeah, you don't know English, A, C, E, O, P, X, Y. But in reality, to your naked eyes, they will be English alphabet. But to computers according to the ASCA and binary codes, these are serial characters. Suppose that you use same characters and open Facebook.

Think as a hacker is thinking Because if you think normal you are as same as all the thousand others who are cyber security corporate values thinking you out of the box solution He never said that you want to do VAPT They will start hiring people and they will see who out of the box content has more content

There are so many examples of data breaches. I get a data breach example. Guess it, I will tell you two scenarios. One is a threat. How many of you know that last year AIMS also got attacked by a ransomware?

which was again uncertain. They didn't disclose it. Same attack originally that happened in Lukas hospital which is in Germany. There is a whole sequence of stories behind it. Listen carefully. Lukas hospital got opened and it was considered as fully equipped IT hospital. You will always get to see and everything digitally. An attacker came, let's say Pranay, Pranay had scanned and after the scan, he was deployed and went. He has a call, sorry, the hospital calls, Sir, 3 million dollars for the patient's life. What will the hospital prefer? Patient's life. So they paid for like 3 million dollars. He took the money, gave them the decryption key and left. Then we got second attacker, three months later. He did the same thing. He passed away and then

another person came to breach into the security and deployed another ransomware. He said, three brothers, my little brother came. You pay for a very good amount of money. I don't want much, I just want $6 million. Again, they have two options. Either money save or save the patient. What do you prefer?

3 months, 2 incidents total of 9 million dollars. 3 months later to the second attack. 1 and 3rd attack. He also did the same thing, he deployed a rubber ducky. A small pan drive type of thing up in Sujet Kurok for just 1 second, system is compromised. He inserted the rubber duck and also the reception system. The reception system is pretty much vulnerable. He came. He came. Within 10 minutes, the whole system got locked down just due to ransomware. He connected with the hospital and said, 6 months ago, I have a small friend of mine. I have a little friend of mine from 3 months ago. I have a small amount of him. What I am seeking is that

he has a small amount. He said directly 9 million dollars. How much total duration happened? 6 months. How much total losses happened? 18 million dollars. Imagine if I had a equivalent to almost 58 crore rupees.

What was the ultimate check in the hospital? They came back to pen and paper. For 6 months they were on pen and paper. After 6 months all of the compliance and check-sums were completed by various third party organizations. Then they again came back completely digital. Ask me if you have a friend or a friend. I'll ask Lucas for one more. And do let me know. I left a friend to visit Germany, he is studying in Germany. I used to visit the Lugos Hospital and tried to enter interaction with ITT. He did it, they confirmed this thing. These kinds of security breaches are done. Let's talk about some practicals, interested?

Yes. Okay, another volunteer called you. See, now we are going to talk about this. First we check our email address and see where the data will be found. So we will know everyone. What do you use? The most simple and easiest website that you can use is Have I Been On. Sir, can we have a question? No, I don't think people doubt it. What do you know about it? This is not possible. Alok Tomar, 8 at gmail.com. Let's see. Alok ji. Wait, wait, wait. How much data is the data? One. Now, where the data has been breached? Cut out. Cut out. This is all.

Okay, that's a person who is sure. Hello, can you please confirm your value? Now, I am hitting the hello photo very first time.

If we will check down here, we will tell you how much data is. What is your DP? What is the Google Map? What is the review of it? Bad experience in Roma

because I purchased a laptop and some of them. But you know why I like this tool? Due to this section. Okay? Which website I don't know about. I don't know about any website. You don't know about any website. You don't know about any website. You don't know about any website where you registered and you don't look in the room and you don't look in the room. It will tell you all those websites where you registered and have been charged. I am going to say if this thing isn't corporate. I have targeted past corporate employees and trust me, Because, you can't get a website registered on Gmail. So, that's why I'm really scared that you can't get here. I can't even get a little

data from here. But

my motive is not this thing. My motive is how many people can show up and how many people actually use it.

How many people can showdowns can you get access to other systems? ADB, ADB, that's something I showed in the Defcon from you. FTP. Do you want to see some live device hacking? It's just simple, as simple as you could ever imagine. What we need to do is we need to run a short query. Query run I will give you a link to the query fetch. That's it. The query I like most, that is all about FTP.

I am just trying to grab all the anonymous login FTP server. Anonymous login is a condition. User name is anonymous, password is blank. I will do the same thing. The first time I will try to pick it up here. Let's copy. Open the CMD. Cmd is a happy money logo. Username. Anonymous. And password is? Okay, I'll take a lifeblocks. Okay, I'll take a lifeblocks. Okay, I'll take a lifeblocks. So I'll try to find some another ID. Java is a little bit better than that.

FTP, IP address Okay, please specify the password This is the same one? This is the same one? We will work on this one Now, let's change a little bit We will go for country Do you know me?

en la ciencia y en la ciencia.