[PART 2] BSides Noida 0x02 - 22nd December 2024

BSides Noida1:06:48108 viewsPublished 2024-12Watch on YouTube ↗

Show transcript [en]

Practically, if you are a CTO of this company and you are making good money through security company, as a part of this currency your boss will be responsible for you. Any proxy mechanism or MI chain again creates some sort of IP addresses and all. So my dear friends, in cybercrime we never rely on IP addresses, we never rely on numbers. The KYC that is behind numbers, the IP addresses that are behind IP addresses, So the company that is on the address is our accountable thing. So the problem is when we take an example, when we go to the CPU, whether the company is valuable, or good, or smart, then they will take, acknowledge you, and tell you, call you, how to fix and patch,

and what exactly you need. So when there was a pizza attack, then the system stopped it. If the hacker has put a number on the tag, then it is a P.O.B. So, my opinion is that in cyber, nothing is safe, everything is vulnerable. So, the topic today which is purely based on cyber intelligence and digital forensics, what is the role of CGI and forensics in your company for prevention of national security. So the first question is that if we have a little idea in which domain we are in, in which area we are in development or we are in vulnerability analysis or we are in some sort of a stock, we use the term stock for trading or for selling or we are in some HR domain where we

have a very technical area, every area is very bound in cyber, it is working. So, dedication is very important. So, decided the idea which was there. So, what happened? Data which happened in a company with the help of same vulnerability. But, what's the name? So, what did Sorokh do? He put it on a limit. It took 3 months. He didn't pay Rs. 30 or Rs. 100. So, I found vulnerability. That's why I am liable to tell you. New York's security team started the illegal manipulation again. So what happened after 3 months? The same thing happened with the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team,

the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team,

the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the same security team, the got this person because I have to put a link to exactly who touched this server now to touch the server there are two concepts normally either active or passive actively like your IP everything passive like something like that but again simple concept that if you can use IP then first area must be

ready then it is a jail or when someone goes to rob or do any kind of theft they do theft normally so they come to my shop and they do theft So sometimes that address that basically the traffic of that particular browser you see, so one time the different IP goes to that page, VPN that page and real that page. So when you study all the logs sometimes, it can be read to the person who used that thing. And that is the science basically where you are not able to find, you are not able to like catch the hacker, you try to find who is the perpetrator behind this. For this reason that, IITs, MSU's, all the brands of IITs,

all the projects of government, they are all here. Because the reason is that the things that we are studying in college, those things are not being used in the ground. The academy is something, that is why you are here. Because you are taking something extra from your BA, that you can tell someone that I have seen this, I have seen this. So you assume that if you have a job, it seems like this at the initial level, As somebody asked me, "How to investigate?" In policing we investigate, in private we attribute, we don't investigate, we don't have power to investigate, we do attribution. That's called linkage analysis. So linkage analysis is how to study all the logs. If you understand exactly which tool like Kivana or

you can say Splunk we are using to set up and load all the So, my question was basically, when the data breach happened, due to your vulnerability, you gave a post of LinkedIn after 2 months, you thought that the POC has linked CSRF and I can attack it like this. So, you started attacking it. And when you attack, find and trace some data, you get some juicy information. And those juicy information are put on dark web. And you know what happens in dark web in India? Friends' group, telegram or WhatsApp group or in Instagram, Snapchat, Geometry's list. This is our dark web. This is a two way approach. There is a perspective which we can't track. YouTube is a mechanism

here. They don't use this data. But generally those who are pretty like, we people don't use something but we are being easily tracked. Chats, if you get a chance to subscribe, you know that chats are not a thing for the reader. It do everything. How will we subscribe to YouTube? Because all YouTube and all other things are Google products. Now we use GenMail for all the things. For all the cookies and everything. So after 2 months when you hack something and somebody quoted that that some website data breach or data theft has happened. Now they investigate and ransomware attack has happened. So let's tell you one thing when it goes to data breach and ransomware and uploaded there is who am I? The handle of that person who uploaded

that data that is called direct who am I, that is the handle or you can say avatar on social media platform. Someone tell me one thing from your perspective, investigation perspective or D.S.I.R. perspective, investigator perspective, what will you do? We will try to unmask the person behind the mask. You will try to? How you will do? You will try to mask or unmask? How you will unmask? We will talk to the social media platform if they can help us. And the platform is called rapper.com and that page is in either of my other website. So AdRank4MI is the handle which we found on Recruiter.com that is the surface web based app Unlike the brief forum got or something like that. So brief forums are those things which are

illicit market based and stuff is there. If there at the rate who and how leaked the data he said that. Now task for you is that you tell, whether by forensic or open source that exactly how it happened. Not exactly how you can initiate. Anybody? Sir they will provide the information to only law enforcement agencies. Who? Like you just said that's rapido.com. So when law enforcement means police. Don't think about it like this. When an Inspector is sent legally, to whom? To the website. To the website.com. Yes. To whom? Chief Information Security Officer. Will he get it or not? How will he get it? From where will he get it? From his official website. It's

not necessary that he will get it officially. You don't get such things. And for the first time, if that is a hacking platform, then why mention it? But still, how can you send it? Then who can you send? Think about it. So when you try to do something like that of the website, you will get what exactly? You will get some email IDs. At web.com. Clear? Done. That is one chance. What is the other one? So you need to say you do. Who is of that website? Accordingly, you have to know the domain history. Very nice answer. Class for this. Thank you. The point is that the case and the So who is the managing director and who is the CEO? He wrote this strong number 13, so that's

the key. So website perspective what is happening? So you got a video of Rapido, which was sent by the police. Point number 2, do you think that when Rapido's email is sent, they will realize? This is the reason that when you ask that the government hacks the Instagram account, then how can they collect the data? The reason is that when your account gets hacked, you can't properly report it. You can't send the report. And what happens is that nothing works as we have found. And the bit keeps on going. Am I clear? And that is the only I4C, Indian Cyber Prime, which is centered around here actually, when you report properly to the law enforcement. Law enforcement tells us that there are 50,000 companies in India, only from Instagram,

Snapchat, PUBG, TikTok, So like that, abhi aur ki chal raha hai, multiple websites, multiple activations aate hai. So my point here is that my friends, when I mentioned about Rappaport.com and the initiative which you said OSINT, OSINT aate hai kitne baad hai OSINT? Corporate Social Intelligence. That is a very important aspect. Chai Rao Saipan toh chai hai, that is also very important. Second, non-forshment perspective aur company ke jaise metan sir bohta hai ki aapne company se CTOs ko zaraahi hai. So what is happening like when you So we go to that website and we go to the company and the company may reply and the company is what exactly? That is the IP address. And the IP address is basically found on Google. You just

google the IP address and it shows which country this IP address belongs to. Or which country? ISP. But the ISP is not yours. ISP is a Google. But if I get off in a minute, I will not get the IP. So coordination and time matter exactly to get the data. That is important. And here the policing and investigating people like me do small mistakes. So now what I can say is apart from the company perspective, apart from the company's perspective, if there is a breach in the company, How will you investigate? How will you study? What exactly will go through? Touch or check? Which log did you check? Think practically, you answer so quickly and the system is long or anything. But understand this very seriously,

which data did you touch? Did you know that the activity written here, basically the daily activity, I sent this on photo feature WhatsApp, So it's like a data which is physically you can see. It's not the data which is onto the back end database. So all the data is there. Photos are here, whatever important data is there. But it's photos are basically. Like suppose I am a hacker. I was a hacker basically. I was a employee of ESET basically. I did work. So we have CCTV over here and here. They can go to check me exactly what I have done. If I do like this, which means that my camera is like this. I was scanned like this and they know exactly what I am

doing. Now this information, this IP is not in the ESET, this is my personal IP So whatever is happening in this Infra, you will not be able to search in it. Am I clear? The point is here that when we do investigation, we see any Sherlock series, web series, whatever, we have to move forward. So when we were talking about hacking, the first thing is time. What was the content data leaked? What was the content? Who was the person responsible for that? What was the content? What impact can it have? If two months ago, a person was written for that content, then what action did the company take to address that? When we talk about the content that was leaked, talk about cyber insurance

or what was its ownership? But my point is that you should know everything but you should know the main thing that is for the active institutional investigation if you are part of cyber security team the policy and guidelines this is very very important. It's not only the if you put into stressing something like you lost and if you put into attack something then you get some information. Also some other thing is very very important and that is why interview or hire someone and ask simple questions like how you prevent PDOS what is the answer on this one? any of you? intrusion prevention system, load balancing local? geobasing load balancing who said? very nice this is

one of the best answer or? CDN CDN where will you implement? We can just use the IP ranges. Ranges for the server like suppose DDoS is running on a single server. For an instant solution we can just fix the IPs so that attacker will have a specific IP to attack. No, suppose server is hosted on online or something. We are attacking that IP. But as an instant solution what we can do is we can just change the IP of the server so that the attacker who is attacking this IP that IP does not exist anymore for that server. But in a big platform, in a big platform attackers can, after looking at the real IPs, they can do anything. Apart from this network segmentation has very

nice, very nice. Rates everything is not that impactful but yes, okay. Very nice, who is capture one? Capture is good, very nice. Great, so whatever answer we have given, if we give this answer one by one then I was expecting capture. So what happens is, exactly, it's not delos, it's your decision, you know exactly how to prevent. So sometimes people say we can use R word, we can use this, we can use this thing. That is also something like that. And if I ask you an example, do you know the percentage of PINOS? And how many KPIs, GDPs, PDs, how much of that? You should ask me. So what happened? Something happened in the company. So company perspective, what kinds of instant

response are you going to take? So what is the answer to this? If you know how to hack, then only you know how to? I have never said that you should do hacking but I have said that you should get into it. They say that it is not a crime to steal. I have been in a situation where I have been robbed of my wallet. My experience is that people say that everyone has their own dark space. I have my own dark space but I don't know what my dark space is. We had some website and we get into the website, you know exactly what we have done. But you have to do the investigation

or attribution from there. So what happened? A famous college, sorry, a famous college, a famous hacker. He had some website of the college and then what he has done, he put the waiting place for Happy Birthday Pooja. Happy Birthday Pooja. Pooja. The website is not hacked, it's defused. Clear word. But what comes in the news? Pakistanis are not worried about this website. They are saying that people are worried about this website. They are worried about this website. They think that this website is a hyper-insider. Am I clear? So what is happening here is that if the website was defaced, for example, and we put the name of Happy Birthday Pooja, now you tell how you investigate it. Think, assume. Who is the Pooja? First of all, who is

the Pooja? There are many Pooja here. There is an ad. And the goal is to go there. So that is what we got for 10 names and then? Very nice. I said I will never out. I have never used tools here. I just use my common sense. I will use my tools. What? When I got a laptop of 5 people, I got things on Instagram that they keep putting green, gold, and brass. And it was a little bit of a hit. Because you know how it is nowadays? Social media is a drug. This is what happens, the entire homework is what exactly? The open source intelligence of that person who has them, the file version, laptop seeds and

all, they copy it, creating page is a very important element, there is no such page, there are no tools like that which are used in systems. It's simply fact, I don't know how can I use them on browser based system, it's not possible. So browser history should be, if we talk about Chrome, we have history files, we have Firefox, we should have placed it on SQLite file, forensically. So forensic knowledge should be somehow, we have checked if we have high AI. Was there no anomaly compared to all the indicators? So yes, this is the way and this is how we approach. But actually I've been there. And this thing burns the space, it's down everything. You know what? No, no, this is

not a psychological concept, I am thinking of something else. Yes, it is normal, yes, COC. Chirag Kastreti, yes. You know what is COC, Chirag Kastreti? Muscle standard. If you are doing data recovery with viewers or with terrorists, normally, then it is not as a big deal. First, it is very important to search, seize and without tampering, get information. That is forensics and that's not standard. So your technology is used but you haven't used the standard. So when you mix your technology with the standard, you can get job in the day. Especially in LA. But what happens is that I can hack, I can find. This is useful in providing intelligence. To take lead. Girls are very good in social engineering. Do you know who is the

most confirmed hacker in facebook? Girls. Let us act. You say, "Boss, I have been busking thinking that I can speak properly." No, you are not properly speaking. My name is Anuradha. Is there any difference here? Very common. You understand busking. They use this common concept. But our point is that, no matter how smart you are, if you don't speak properly, after 30 years, even if you are a good-for-nothing, but still you can speak because, as far as I know, you are fully captured. full respect to Westfalia and here sometime they tried to do these things. When it's sad, many people like to move and get PhD. PhD was not a good thing. So I was treated like that. So coming back to the solution which I was

trying to save. In posting perspective, website perspective, database perspective, recovery perspective, we should know all the terms that we can get. So my concept is that I found out that the data that was breached on the website of ESET was the one that was leaked. And that data was basically two data. One data, meaning photos, I had kept the file here. That photo was some important photos and the other website's credentials, which were fireballed. Now tell me, the data of the firewall and the data that I have kept here exactly, these two data were leaked. How you can further investigate and identify them, you call the perpetrator. How can we initiate? They are saying SOP team and team silo party will be

done. What else? Triple A? Okay, and? Sir, first check who has access? What was the access? Sir, we have a credential for that. Okay, what was the description? What was the description exactly? What was the description? Okay, and? What was the site? If there is a problem, then when the data is dumped from there, then you get. Okay? And? The metadata of this is very good. Very good. But you know that you sometimes get metadata, sometimes you don't. If you send the data in WhatsApp, normally, you won't get it. If you send it in Google, you can get it. If you send it in English, you can get it. So, you got DSCI 0212. It means 2 December. This is called common

sense. It's not too little back, basically. What do you know about Google Pixel? Now who uses Google Pixel? He said, "Any answer." Did I use any analytics for this? I am more like an SS. What I've used? This is basically about cyber security. So, you can go to any place as long as you don't have to go to jail or you don't have to go to jail for 2000 years. So, you can go to any jail. But as long as you don't have to go to jail, you won't be able to work out anything. So, this is what I say. Cyber security is the first thing in India, in government agencies. It's not like making PPT You should know how to create PPT as well But it's very important

how to generate fast PPT Now what content we can add, that is important If attack has been happened So we have leaked in two contents One content was ours In which we have mixed things And along with that, when you click the photo, something is written on the desktop Which is WS10394 In that it says WS0 So how much WS0 can be there? For example, this is a room. So, we took the ccp of that room and we took the ccp of the room. You know, this is a filmic thing that sometimes it works, but sometimes it doesn't work. If you look at the cookies in the ATM machine, you will see that the photos

are like that of the Aadhaar Cash. Now, there are some gadgets in it. So, my point is, principle is always remain same. Some kind of pencil may not work. So, this is the procedure. If you want to check something, then what to do? If the ccp is not good, then check it. There is a root. You should have either a sandbox or a market to check those things basically. And unfortunately, in the police, the hackers used to do it in CDR. Mac OS Xl5, CD5, CD5XL, only Xl5 comes in it. In that, there is CDR. And that Xl5, CD5 content virus, so many police station computers are compromised, they don't know it themselves. Police officers

are like humans to me. There is no security guard in the police. They tell you that you should not exploit in office. They say, "What happened to CD? What is this? Why did you exploit?" They will say, "I know who is the person. I exploit myself. How can I be caught?" But to give the data, knowledge is lost. And that's the reason only, in today's generation, people like you have gained a lot of attention. Clap for yourself. Especially the people who have done this, we have good input. But they don't want to know that sir, it will become a problem. This guy said sir, on the website, I reported this, they are not listening. This

guy said sir, this carding is basically a small scale routine. So there is influence, I don't know what can be caught. Second leak was the credential of firewall. So when team noticed that the credential is not working in present time, it means the credential has changed. It means this leak has no impact. But you can see in the information, the first order that Geeta tells is that this company is using the first order. Now if hacker finds the first order and finds that it is a zero day answer, then he will quickly write a CTR. And what will happen? Company's, you can use the word, And this is the reason why in India, not just anything, but in India the most common ransom

attack is caused by the strain of the boss. In India, the attacks are mostly done by the savage beast. In India, the ransom attack is done by the family that has the most strain of the boss. Deja Vu. You will think that I don't even remember the names of the 3-4 names of the ransom attack. What?

Tell me the ransomware basically in India which maximum we know that this is a variant of ransomware family attacker. What is the name of this? Like we have other names from our parable. Locky is very old. And? Locky. Is it correct? Yes. D-Z-A-V-U. That is the string which is maximum attack rate. The question is, what are the TDPs for D-Z-A-V-U? How that comes to the computer? Drag softwares. Microsoft Office scales people use it. Drag MS Paint, they have all different. Grad software, free software, unpatched vulnerabilities like if there is a server, they don't update these all things. If there is a firewall, they don't update these. Simple simple things like that. So the stuff which is being used, that is belongs

to yes. Simple, we read reports, we see so-codes, we see buddy-coupling. So simply it's not completely informational. Like suppose, there is a shop behind here. Or in any clothing shop, what do they do? Do they go to your database? No, they don't. Because we don't have any anti-arrest software. They also report it when they are in a circuit or in cybercrime. After studying it, they check what is what. My point is here, if you have a laser, how laser comes, you should know the symptoms, those, the degrees. So at least you can select a record or a core. Sir, you ask yourself, is there a system in the mind of office or not? 50 things,

if this is the end of the ad, not that you google how to remove ransomware, google it and find it, yes 100% short-fixed, you can download this tool, you can install it, once it was used, it was used again, and finally what happened, double ransomware tag was born, and actually, the value of data was So, I have to go to the next step. How is it? It's got SQL, it's got LOG, what is the extension of this file? Where does this file come from? For example, take a file called .json. By doing .json file, all the conditional information of the user is formed. Now you tell me, where does .json file come from? Where is it found? What server does it exist in? I mean, what

is the extension of this file? It's a file basically that, from the software, from the IIT, yes, it's 10.30. The server also has this file, so we can check it. 10-15 minutes before that, behavior, IP-997, the permissions that are given to the sales force, and if there is any other issue in SIEM, then you have to verify the data and see the user. You have to prove that how many people have the credentials of this user. It's like a second level of analysis. So this is the situation, very simple concept we are hacking. Attack, data breach, cyber security, cyber forensics, investigation, common sense. Office is ordered to write this. If you are not able to report well, reporting is not good. You don't

have to tell your team or your board of team. If the team board says what is this, you write it. If one day, it was a server that was attacked, so the hacker didn't get access. Then, when the server got access, it got interlocked with the AVJOKI. Then, there was a dub, and after a thousand times, the computer stopped working. So, yes, this should be there. But try to make a seamless report, which can be understood by you and the people, those who are in the cyber security. If this will work, everything will work. So, we are working on case studies. They have all these cyber security practices and all. Now come to my organization, that is called I4C. I4C is a cyber crime game in India.

If you have heard about state police, similar things, I4C is a cyber crime local agency for India. Cyber crime is a state subject. Haryana goes to work, Haryana goes to work. Delhi goes to work. Police are doing two plus good job as an address, not all, as an address. But till we don't help them, we won't explain to them. Some people say that they want to do something. I know this thing, just let me know. So at least law enforcement agencies, like all the agencies that are in critical and those that avoid law, they also work in cybercrime basically. So when it comes to financial fraud, any crime is happening or happening these areas are blocking and the challenge is that a fraud is happening in the good

work and the company is not working suppose call center is not giving you hiring and after taking you are getting told that you should call customer is not getting the loot and you should sell the antivirus and these crimes are happening you get a good case you have to call you have called 10 times and you got the money and you will go for it so there is no draft because today foreign They have a very common concept. They take all of your contacts and further they can use that contact for your prime perspective. For women, for females. They watch your photo and they backtrack to your Anupi Kuppa and all. And our Anupi Kuppa should

always tell us that we have a date, so tell us what it is. Cybercrime, cyber element, cyber security is very important. Charter, if you go to a good day, if you go to a good company, they will take you from the fundamentals, advance, tools, principles, new trend, what is happening, what is going on, you should know. Important. Whatever kind of contest is happening, meet, share with us, and rotate, so that we can interest you. Cyber security perspective, certain. Cyber critical assessment perspective, NCIPC. And cybercrime perspective, I4C Indian Cybercrime Governance Centre Website is called cybercrime.gov.in And the help I have is called Onet Business Here, it is for the country It has some products also It is spreading out But

it is so that things will be good because we have money left But it is not your great and shared business So that is it from my side Any questions? Anybody had any questions? You can ask

1930 is basically an online cybercrime but initially primarily it handles financial problems. What is happening? There is an explosion. Some account got hacked. Facebook account got hacked. So you don't get much impact. And if you call 1930 and say that I am going to Goa for business, I have paid the money, then it will be done quickly. It can really help. Because the company which is registered in 1930, So when we give them the number, they immediately freeze and leave. That is the perspective. But if you say that my accountant is blackmailing me, that will be a complaint. But for that, we will have to go to the police station. So that the police can examine how much the

matter is so serious. If someone is missing, if someone is taking out a report from the house, they will immediately examine how much of his gravity is there. perspective of 100k is that we have saved 3000 crore rupees in INR which is 100k per head of the perspective that is a big figure and if it was 3000 crore then there would be no money and there would be no food in college, universities, in general financial, in terrorist activities, money laundering should happen from Jimpal you are an example, you get 300k per month for doing a separate job So, you will purchase a simple app, you will purchase a good app, then if you try, you will get a good price.

So, this is a matter of human beings. I have a photo of a coffee shop. You may think that it is not a problem, it is not a big deal, there are various things. And in cyberslavery, Cambodia is a big country. You call yourself a country, if you make somebody call you a country, it is the last cyberslavery. It is the last cyberslavery that is being taught nowadays. So, the job comes from Malaysia, Singapore, or from any other country. And they say, "You are certified, you did your job, did you get the job?" Yes. They do video conferencing and interview you. After the interview, you got selected. You came from India, ISB, USB, whatever it

is, David J. They will assign you a passport, and they start saying, "What?" And you say, "This is not possible." David J. said, "All center fraud." And you will get caught. India has a lot of people, but if there are 2,500 people, then Uttar Pradesh alone is a goon. There are figures in the Ministry of Foreign Affairs, National Health, National Border. So you understand that people are going somewhere else from the city and they are not returning. So you are a youth, that is, you don't study for a job, you want a job, and you don't verify it later. What is the job? What are the taxes? So many things get mixed up. Sometimes it

happens that, there are people who take a contract and I lost Rs.1500 in the process. It's not a big amount. But when you multiply Rs.1500, multiple people lose, so it's like lakhs and crores of rupees. So like that, fees can be added. So last but not least, there is a cybercrime reporting option. You can report because there is some suspicious information that can be worked out for you. Thank you sir. Sir, then from my side, if anybody has any question, then ask. Yes, again correct, right? Yes, anybody else? Sir, the question is related to a website, ABC.com. And when we deal with it, it has other data, other data. And it's not government domain. And

the data is leaking. We found some responsible for the leak. And then in that case, where do we report? So what happens if any website, government or If you have a government website, you can tell NIC. NIC, not certain. Government-led NIC. They can work. Certain people take. If you put NIC in CC, who will take it? There are two owners of two departments. They can work. You tell only one person, what happened? My job is done by the CEO, so he is taking me in. So I am not paying. So that thing is like sometimes, sometimes, not always. But yes nowadays everybody knows that if we don't acknowledge, then they will take it for free. The website that gives you the

data, first of all, you should be certain that point number 2, if that website has a state perspective, like if it has a state perspective, then the government should tell the state government that it is superior for this particular NICB. Third, if the data is critical, then the NCI can report it. Fourth, if it is I4C, tell me. I bet if you give the information in a proper manner, we will try to connect the right person in safer, secure manner. And sometimes this kind of means would may help, yes this person is doing something good for nation. If anything comes in his state, his city or maybe we have some meetings, leave a call first

to him. So it may be you, it may be anyone. So yes people are there, they do like this and they can keep it in front. I hope you got the answer. Yes please.

Very good, what a good name. We have a very good question that if there is an APT attack, how do you know about APT attack? It is a big question, APT itself is very sophisticated. But yes, anyhow it got to the point that something happened. If there is an APT attack in a business firm or in a department, then it is the same thing. That's what APT is. But if we talk about microflavors, So often in the last phase we get to know that the data that is stolen is China for example. Non-friendly nations, they don't need money, they need only the data. See, can be like NK, they need crypto. Got a point? So data, crypto, some important assets, data that is of India,

So, if the APT factor is that the data is being stolen and the person is not adapting to it, for example, then it is known which field is it, which is the APT, which is the group, what is its narrative. So, it is known that email is being made by malicious exploit, i.e. transparent drive in Pakistan. So your ETT tells you that the simpler you miss, the more TDP it tells you how to prevent it. So their TDP is that the main action server, suppose, it only attacks the main action server or the VMware. So in that perspective, we have only the safety, precautions, and counter-blanks that it handles. It has to pay for it, it has to access its log, and how many more?

Thank you once again and the last question for you, for the video I would like to take. So tell me what is the helpline number for reporting cyber crime? Thank you so much sir, it was really a great session. We really appreciate you taking out time for us. As a moment of restitution, we would like to invite Mr. Nitish Abhinav to give you a certificate and a small half up from us because we really appreciate you taking our time for us. A huge round of applause for you. Thank you very much sir. Next, I would like to invite Mr. Anush Tiwari as a keynote speaker. He's going to be talking about Q security related concepts and whatever is going on in his mind. I would like to tell

everyone that he is the chief security advisor at Microsoft. So if you guys can interact with him and if you guys have any questions, feel free to talk about him. Good afternoon everybody. This was quite a prompt request. I am the chief security advisor for Microsoft in India and South Asia. Before this, I have been a CISO for about a decade. I was a local CISO for Lexi, Ritman and he is a GMO. And just like you, we've gone through the stairs and it's very awkward to be doing what we are doing. And I was asking just straight out of the mind what's really happening in Zara. By the way, if we don't know, Satya

is visiting India on 8th of January, right here in Delhi. And I had the opportunity to speak around with Satya right here in Zara and talk about if we have to go up, look up the Microsoft AI program, this is famous for. who knows if it will get an opportunity to succeed at the end, right? It will be the first for me by the way, that's it. That said, I know there is a lot of young crowd here and I have spoken to a few folks in terms of what to do in the career, how to move up the scale, right? And I don't think I need to teach you anything about technology. You know

probably things more hands on and better than I do. That said, I think I'll probably start just talking about some of the things that I've been asked to do. One of the things that we got asked was what's the great thing to do? And we started doing red cheating, blue cheating and all right. So my simple advice is don't get caught up with the keywords, don't get caught up with a sparingly set of technology. It's all about getting started. If you step into the cyber security world, you are a cyber dictator, you are a cyber warrior. Whether you are an adversary like other people, actually you are defending, they respect you. You are helping make

things more secure, whether it is for the nation, the company, yourself, the ecosystem. So it's all very positive. In a career zone, this essentially is going to only expand. I think globally every country has a couple of million dollars of it, if not more. If you see even the NASCAR reports, everybody is talking about this. Big short-term goal in cyber security. So you're in the right place at the right time and in the right skill. So big kudos to all of you and big round of applause to all that you have done. Like I said, this was very impromptu. So I didn't come prepared with a talk or an agenda but it's really an opportunity.

If there is any question, it's something most important. But I would rather be doing that and So, there is a careers portal careers.microsoft.com. Somebody asked me this question before, and I can tell you, if you actually go by somebody's reference, your chances of getting hacked get lower. Look up careers.microsoft.com. Yes, some people are interested in giving a nutshell, but if they move the price, it's a complicated organization. I can tell you what goes on with that, where somebody was asking me what happens when you go to this Microsoft website, that's actually a sales office. Somebody who's developing anything will send something. Microsoft today has about 34,000 engineers who work just on cybersecurity. And of course, TV itself is security. It's customer security. Out

of those 34,000 engineers, there are about 3200 of them which are engineers. You can be part of the team. Most of the people are from the regular market. So if you work on Microsoft's engine, the SIEM, the platform, all of that gets developed by a private company. the endpoints, second-year students again, either one. So those are the two big centers we have seen much at least. So more than that, we've lost. That said, I just want to, very quickly, report on what media may be seeing, right? What's the vantage point at that time? By the way, if you haven't heard, both of them, the Endpoint for End Media, has anybody heard of NNLAR, show of

hands? One person. Alright. So, uh, Microsoft is really good at keeping its secrets to itself. It doesn't work but it doesn't talk enough about it. So, APDR is Microsoft's Digital Defense Support. If you have heard of the manual support, the Verizon's, EDIR, and so on. It's like that. Essentially, it will talk about what does Microsoft see. By the way, if you did not know, Microsoft actually has a very unique content form. We get about 78 trillion sales every year. That's a 70... There's a big, big selling. No other security company in the world has that amount of technical assistance going into it. Some of it is ours, some of it is a party of our

partners. It's a large-scale ecosystem. So when somebody is sitting on an ecosystem like that, then you start getting attacked. So we get about 7,000 identity attacks per second. And when I say attacks, it's a qualified defense model. Attempted. It's an attack which has reached at least the first stage of the injury. Which means it's actually a positive attack. Might as well post an identity, you know? Our organization's biggest advice, GAP is, make sure that your IUD infrastructure is working well. Because if you put the basics right, the top few or four basic things right, most of your attacks can be over-hit. Microsoft also provides these services in terms of, you know, container services, which is

when something goes wrong, you can kind of go and call Microsoft and they will come and shoot their experts and they will kind of fix it. When we looked at the analysis of those incidents, we came up with about 4 or 5 findings. And all of these came down with the idea to take care of others. The exact thing we are trying to find out is what we think. We really talked about a lot of things. Like 99% of the attacks are high-risk attacks. Since COVID, or what I like to call as a digital transformation era, where people like to want suddenly transformed living, their friendship goes down. So, one, if you have, for example, basics like engineering,

everybody knows you should have engineering. But what really is happening is, people are deploying MFA in the parameter. For example, you have an organization, you have a VPN system or you have an application which is exposed to the internet, it will have MFA or some sort of neural network application. Only if you go one layer below, whether it's an easy app or not, an app which was not made in the spirit of the cloud, you will not have MFA. This is where the adversaries are reaching. So it's not about what your data is about, how consistently you are doing it. So MFA has to be done. We don't need to get taxed. Your basics, which is patching,

is still not finished. So what is known will always get next piece. So there are many ways now, it's just, there are the same CSS methodologies. People talk about the same CSS methodologies. Yeah, you get about it. Normal productivity, scoring system, the same thing. So the CVSS scores, essentially, will tell you from zero to ten, right? And there are, it's a very interesting research, right? The whole industry is going around, how will you patch, how much will you patch? Because in Tennessee, Microsoft has been patching the company with so many patches in it. That said, it is what it is. At least it is what it can be, right? But then there's too much to

patch, right? So how do you kind of get your meeting at your patches? How do you make the entity type? How do you make some multi-patch notifications there? And how do you make sure there is observability? So the biggest challenge today is not around what you know, the biggest challenge is what you don't know. So earlier it was the developer shadowing, today more than that, shadow AI is happening. For example, now I'm going to see some for a while, take care of it. I can tell you every time a user wants to access, let's say, an open AI, let's pick off any AI company from generic AI platforms, for example, more and more people start

using it. The biggest problem is, let's say, if you receive open AI's, privacy It very clearly says that any data that you put on their engine or L becomes their intellectual property. It can be your company secret, it can be your personal data, it can be your invoice personal data. They have the right to monetize it, they have the right to lease it, they have the right to do ad piecements on it. So, what is the trade of rights? What are you giving versus what you are giving away? So, this is a big problem. So, there, shadow AI is the biggest risk most enterprises are dealing with. I had the opportunity to meet up with Adani Stone, right? who were

advised to use quantum mining and the seasons on how things should run in the cosmological direction. This was just about to be expected. And the first thing we asked the researchers was, what is your strategy to govern artificial intelligence? Everybody was like that. Because everybody was going to talk about cyber defense, cyber offense, certifications, advances. So anybody you were working with, anybody came on working with Microsoft, Google, whatever you were like, irrespective. AI is talking to you, you cannot be a real informant.

That said, it has an advantage for the people who are doing that job. Now, a lot of people seem to be coming in from colleges and in their new careers. Look at the research from MIT, for example. ChapGV, 3.5, actually already surpassing 4.5, just 14 hours of research. So, some kind of a launch site. following the X3O for example. So essentially before that when the 3.5 model was out, 3.5 was made the active vulnerable PC, who was sort of Shodan, Shodan.com. Alright, I see a lot of folks are interested in my TV, okay. So you know Shodan can scream a lot of things, right? So also Shodan's leader was, or API was tentatively 3.5, and

it was given public address to this, and it was the artificial intelligence. was able to attack with about 67% accuracy. So it was able to actually reach. So it used to be a very big skill, right? I'm not going to force everybody asking this in the room. Should I make my career as a print machine? Should I make my career as a part of Vimika? Absolutely do. What I can tell you is, when I was at Jamil is doing the same, our money throughout, maybe 1 or 2% really, really was See the word I am using, it's a trap. It's not just about the technology, it's not just about finding a girl, it's not just

about finding a technology. You have to think a certain way. You have to continue exploring in a certain way. You can have a great day finding girls in a day, or you can have a dull day and not find a girl for a few months. When it pay your rent, when it pay your rent on the day of the day. It's a passion. So if you are really really passionate about it, do the good. The money, maybe it's not the right choice. It's what I mean when you add a little bit of capital. I'm not discouraging you, but this is just a common reality. Now I will say the chat was able to beat 67%.

That also shows that people who are prominent and do this, for example, on the big fours that you see, we used to have a lot of people who were, so there will be some level of black box for example, there will be no mother of Adam, there will be no map before he can change. Yes, those things will be made. But a lot of vulnerable things, so wide-route testing, SCAs, source code analysis, all these things will probably get pushed in from the automation, artificial intelligence, that's fine. So be mindful of that. See how you can then one-time improve the AI. Because anything that is procedural, anything that can be predicted, AI can do it a

thousand times better than you. It's faster, it's more accurate. One time is on the way. All of you would be knowing the biggest trend with the hackers is everybody wants to store everything today. And they are saying you breach a data once one time becomes available. And we are already talking of post-formal data. All of this really is a little fancy law. There's not a lot of this in reality, but it's gone far. Anybody heard of the Moore's law? Moore's law, somebody thought of it? Moore's law states that every six months, the number of transistors on a CPU will double. That's what the Moore's law states. It's very simple. If you go by the Moore's law, you are supposed to reach something known as

the PGI. Anybody know what the PGI is? Absolutely, artificial intelligence. AGI is a state where the human intelligence and the computer intelligence will converge. So as a computer is as smart as any human being. This was supposed to happen in 2014. By the recent calculation, look at Sam, what he's talking about. AGI seems to be a reality in 2022. So we have accelerated technology by almost 80 million. That is the advancement. So the challenge that I see in front of you is, how do we continue to outpace the conditions that we continue to remain? That's a big question that you have to ask yourself. If you have not started your career, just get into it. You won't wait for you to bring jobs on a fixed deadline.

I wasted about 6 months trying to get into a job at an age of 42, trying to get back, but I just started with something else. And the good news was, just after 18 months, I was able to apply for an IGP in a major job range. So it's all about giving, it's all about giving up your date and it's all about giving up your place. I feel like I should pass over and after this since there are no questions, I'm going to pause. But hey, lovey dovey, thank you. Cheers. Thank you. Now for, this is the time for your lunch. I would like to say thank you to speakers and sponsorship members and donations. Please firstly, you all go ahead from behind and you can go to the

third row for your lunch. So please now. Also there is another announcement about the giveaways. Can you tell us about the giveaways? So I am assuming that if everyone knows, they will be interested in the giveaway. So for that, you can sit down with your own attendees and tell us about Pentest Lab. So the thing is, Kuboto has been kind enough in giving us 10 giveaways for Pentest Lab subscription. And the way you guys can apply for it is basically once you go up there is going to be a standing to go to a car and over there there is going to be a person. You guys have to click on selfie with that guy or whoever it is and you

have to upload it on LinkedIn. Because then they are going to choose 10 students or 10 whoever will have taken this entry and have a hand-protein on moving day. And those 10 people will not get the 10th year SELAPI subscription. So that can be done after lunch. If you guys are interested in 10th year SELAPI zero-pay voucher, you guys now know what to do. I think please step down for now and speak to the speaker now. Everybody please, you all can go ahead.

Hello guys, everyone. You all can go for the lunch. The family behind this area and our club. Please make a line and then hold.

[PART 2] BSides Noida 0x02 - 22nd December 2024

Related talks