Hello friends! As you all know basicsofhacking.com always try to enhance your knowledge related to hacking, I'm here posting interview with famous Indian hacker Mr. Rahul Tyagi who is an Ideal for me. Recently got a chance to meet him and he shared his views on Ethical Hacking.
Rahul Tyagi is a well known name in the field of Ethical Hacking, he is the Brand Ambassador of TCIL-IT Chandigarh & vice president at Cyber Security And Anti Hacking Organisation (CSAHO), first Indian to be selected as co-admin of Russia’s Biggest White Hacker’s Community United Hackers Association. Recently he has invited as speaker in DEF CON, world’s biggest hacking conference. Here are some excerpt from the interview:
- You are a big name in field of hacking, so how it all began, little bit about your background?
Well first thanks for the compliment but I am not a big name yet according to me. I am just 23 and where I am concerned yet done nothing that can really create a big blunder in information security field. Now let’s come to your second part asked I really don’t remember actually when I started hacking and all. But exactly it was 2004 when I attended a guest lecture on computer security by some speaker from CISCO, I was on school holidays in Noida that was the first time when I heard about the word HACKING and I was really surprised to see this hidden era. From that I start exploring things and now it’s now near about nine fast years I am still exploring.
- What is Ethical Hacking all about?
Well let me clear it in fast and easy manner. According to me Ethical Hacking is a way or a procedure through which we try to see that information which is not viewable by common public. Here I am not talking about some adult porn stuff ha ha. I am talking about the critical information which is not supposed to be accessible by unauthorised persons. Ethical Hacking mostly cover all techniques which are fired on a target (Known as penetration testing) to extract the desired information from it.
- If you are selected as manager of cyber security of India, how will you manage India security in optimized way?
Ha Ha, well this is a big question full of responsibility, well designing a security architecture for the whole nation and then implementing it practically is a tough task. But what I wish that universities in India should have a Cyber Security subject in there academics so that student can learn what exactly the cyber security and ethical hacking is. I am trying my best to implement it soon with some universities in future like PTU and LPU, to add one subject related to cyber security. Because it is very necessary to teach our youth that threat is coming up in future and how we can defend ourselves. In corporate sector one of our organisation i.e. Cyber Security & Anti Hacking Organisation is doing well by implementing security policies in major IT including Govt. Agencies. So in crux we are doing our best me and my mates to bring a big change in cyber space that will create a difference in our daily virtual activities.
- What you have to say about career in hacking field? Is it bright future for the youth?
Ethical hacking is of course is a great career options for the youth, but the problem is that we exactly do not know what is a real ethical hacker. These days you will find every 3rd guy hacking a website and claiming to be a hacker, let me correct here one thing that the hacking is a much reputated profession and also a HACKER. Only by hacking a website you cannot be a hacker. A hacker is a geek who has the core knowledge about every popular technology available from cell phone to GPS systems, website hacking is just a part of his vast knowledge. So if you really think that you want to be a hacker then stop thinking about hacking all, try to think how you can secure because today it’s really a noobish thing to deface any website, free tools like Havij are available to penetrate a website and performing a server rooting by putting GYN shell on it. Not a single company will hire you if you know only how to hack, they will only give u attention if along with hacking you also know how to secure that website after defacing and what countermeasures are there to prevent such type of attacks in future.
In India yes the starting package it pretty low near about 4 -6 Lac/Annual as compare to abroad, but this is the initial phase and soon as the awareness fly high, information technology era will demand for ethical hackers and it will come with a handsome salary.
- What you have to say about security of Indian Sites?
I will not talk about security of Indian Sites but I will talk about the persons who are behind the sites. In India whenever a company or a single person order a website for the development they have only one demand that please make our website very attractive by having flash , good graphics and bla bla bla..., very few people will request the webdevolper that please try use stored procedure and please secure our site from SQL Xss and other attacks. So if today our Indian websites are not updated as security concerned, then I will not blame the coder for that , but in some cases the coders skips to add the countermeasure to save time so that is the other side of the coin. So if we really want to secure our sites then stop worrying about the design factors and I personally appeal to the coders that please spend 5 minutes more to secure your code and help our cyber space. Because a common man don’t know about the hazard of website hacking and if they come to you it’s your responsibility to tell them about security and other factors related to security. (May be u can charge them a bit more for good security implementation and i am sure they will not refuse)
- You are writing a new book on hacking, what is it all about?
Yes, I am just near to finish my new book i.e. A beginner’s Guide to Penetration Testing in Backtrack 5 R1 . In 2008 after I got great response on my first book HACKING CRUX, so I decided to write another book but this time on advance corporate sector, in this book I tried to cover each possible application of Backtrack 5 R1 like Metasploit Framework 4.0, Forensic Tools and web application penetration testing techniques also. It takes me more than 2 years to study and then writing each and every attack vector. Again I promise like my last book 90% would be practical examples with HD screen Shots and only 10% theoretical will be there. I am releasing this book in OCT this year i.e. Oct-2010, so grab your copy soon on your near book stall.
- As there are many trainers who provide Ethical Hacking Training, what’s the difference between your training & others? Why people should prefer you?
It’s my 3 year in corporate ethical hacking training and as you know I am providing my services under TCIL-IT Chandigarh which is a big name in information technology. We here don’t compare ourselves with other companies which are providing ethical hacking training, but what different I tried in our training session that if students came to learn ethical hacking from Rahul Tyagi then its Rahul Tyagi himself is there who will teach them no one else. Most students just trapped into big names when they join the ethical hacking certification programmes. First on the joining time they will say to each student that ohk yes this famous hacker will teach you but on the first when they see that there is a video conferencing two times in a month with that hacker i.e. no personal interaction is there, then they feel disappointed and feel like cheated.
But in our case it’s me here may be if a single student is there I teach him/her personally. And yes even you have seen me many times I guess teaching one or two students in our company, along with that when it comes to fee structure many companies charging more than RS 35,000 for ethical hacking our course is starting from RS 6,000 only so being a Govt Enterprise we tried our best to bring the best stuff to the students in a nominal fee.
- You are going as a speaker in DEF CON which is going to held at Chennai Sep 11th, how are you feeling, tell something about DEF CON?
DEF CON is the last stop for every security geek. It’s like dream comes true when I got call from DEF CON Chennai to come as a speaker. For those who don’t know about DEF CON, well DEF CON is world’s biggest hacking conference each year held in Las Vegas where black and white hackers gathered and really explode their new hacking tricks and methods to challenge the current technology. DEF CON has Groups in every country and in India We have four groups in all big cities. I am going in DEF CON Chennai which is one of those groups.
I will be speaking there on the latest penetration testing methods through Backtrack 5 R1 with Metasploit Framework 4.0. You can download my white paper after the event from packetstormsecurity and exploit-db soon.