Interview with Akash shukla A Wellknown Security Proffesional !!!!!
Who doesn’t know Akash Shukla in IT Security field?
In such a small period he has made a big impact on Cyber Security field that his hard work is highly appreciable.
1. Hello Akash Welcome to ITinformers please describe yourself for our readers?
My name is Akash Shukla, I am an Entrepreneur, Founder & CEO at RMAR Technologies Pvt. Ltd. I have spoken in DEFCON (DC91141), IIT-Delhi Infosec Conference, HATCON – LPU & various other Information Security Conferences where I presented my research paper on Facebook Message Spoofing (I have a written mail acknowledgement from Facebook as there are lot of rumor about who discovered it.), Free Shopping from Ebay, Pwning Systems Using Metasploit & Voice Over Internet Protocol Hacking Co-Authored with Avinash Singh.
I am closely working on a very highly confidential overseas Cyber Security project of NT Global Solutions who gave me a wonderful platform to explore myself at best. I have done my engineering in Computer Science. In past, I have worked with Kyrion & Virscent as an Intern Penetration Tester & Corporate Trainer respectively.
I have discovered & fixed the issue of log creation over windows in Snort – An Open Source Intrusion Detection System in 2011. I have trained more than 5000+ students and professionals within & outside India and delivered 50+ workshops on Ethical Hacking & Cyber Security in various Engineering Colleges & Companies. I am enlisted in Bitcasa Security Hall of Fame, Deutsche Telekom Security Hall of Fame, and Eclipse Security Hall of Fame & have mail acknowledgement from Google & Facebook Security Team both.
I am currently working as a Senior Security Analyst in RMAR where I handle trainings & cyber security projects along with huge documentation J
2. What you have to say about career in hacking/Security field? Is it bright future for the youth?
I am seeing a very positive atmosphere in the Cyber Security Domain for couple of years in India especially. I would rather say Cyber Security instead of hacking that India is a very promising, full of possibilities & fastest growing country in Cyber Security Domain.
As I have closely watched this field over the years & what all I can say is that Jobs have increased, opportunities increased, interest & positivity towards the Cyber Security Domain in students have increased tremendously. In fact, just a couple of weeks back RMAR had a meeting with Honorable Vice Chancellor Prof. R. K. Khandal where he himself was positive & very concerned over the Cyber Security Domain & came up with an idea to introduce Cyber Security as a subject compulsory or full-fledged course where RMAR Team is working very closely in to prepare the Course Curriculum for the same & may in future you will find a new course in Uttar Pradesh Technical University.
So yes, there is a very bright future for youngsters in this domain & moreover IT Companies are so positive after Honorable Prime Minister Narendra Modi came into power and gave a slogan of Digital India.
At last, I would like to mention the Bug Bounty Programs running by top notch MNC’s like Facebook, Google, Paypal, Microsoft & 100s of others have given an outstanding platform to Cyber Security folks, especially youngsters to prove their skills along with a handsome monetary reward. So I guess if these MNC’s aren’t taking hackers lightly then how could anyone else.
3. What is the basic difference between hackers and ethical hackers and where you put yourself in hackers or in ethical hackers?
I would like to clear the difference between Hackers & Ethical Hackers in one line that if you have a legal agreement or the party has released a public note to test its website, servers and so on then you aren’t in trouble & if not then the party has every right to bring a lawsuit against you. So be careful when you are testing anyone’s site especially Indian corporate, government, companies or government aided organizations because I have seen their heights of arrogance so better not to piss them off because it’s not USA where they send you a mail of thanks with swag even then if they aren’t running any Bug Bounty Program on their website.
I would neither like to tag myself hacker or ethical hacker but prefer An IT Security Researcher. I am still a learner & will remain forever.
4. Where did you learn the Hacking and Security?
All Credit goes to my very dear friend-cum-brother Rahul Singh who is the Chief Technical Officer of RMAR. We are friends since 1996, we completed our schooling together however pursued our Engineering in different colleges. So one day he came to my home and told me about hacking field which was completely fascinating & adventures to me because I had no personal computer or anything but was very curious about it.
You won’t believe that my first Email ID is of Yahoo! which was made by someone else. We started learning together over the internet and also did certification from Innobuzz Knowledge Solutions which wasn’t so fruitful as I guess we pushed ourselves so hard and learnt so much that there was nothing in their course to take on.
At last we decided to learn on our own. So we spent 100s of nights learning different concepts of hacking over our laptops chatting to each other on facebook so that we keep alive on both sidesJ and this interview would be incomplete if I do not mention Mr. Shubham Gupta who is our mentor, brother & teacher through this whole course of Cyber Security. He is the only person whom advice we do not forget to take.
5. How easy is it for you to compromise a website?
It is piece of cake for those who ping me and say hack this site you have one day not for me. It depends on various factors whether a website can be hacked in 2 minutes or may take 20 days or maynot be compromised but some low risk level vulnerability.
I guess in India it’s a misconception between majority of people that hacking is a magic and facebook account can be hacked in one click. So I am really sorry may be some Alien Hackers do exist who can compromise any site in just a click but not me.
6. What is your exact ethical hacker title? So there is actually a certification for a hacker?
I guess you are talking about handle name. If it is then my handle name is daichitrojan (D@IchI Tr0j@n). Yes, RMAR Certified Cyber Security Expert (RCCSE) J Jokes apart but at a professional level, I can’t name any certification but would like to say yes, there are some top class certifications which you can take but are costly. All in all I say I do not consider a Cyber Security Certification (including RMAR Certifications) a proof of excellence but your knowledge.
7. What if someone didn’t know about ethical hacking, what would they do? Where to learn it?
I would say join a full-fledged Cyber Security Training in an Infosec Institute but do a thorough search about their teaching methodology, time frame, practical knowledge of the trainer then only go for it as India is a booming sector of Infosec where 100s of Infosec companies came into existence in past few years including RMAR but most of them are unable to maintain training standards & even not registered under MCA & doing business at Corporate Level.
We are very concerned over these issues at our level and those who can’t afford a course will have to give some time on their laptops where Google & Youtube always there for your help.
8. When was the first time you started hacking? What inspired you to do so?
The very first experience was scary because I hacked into UPTU’s Official Website at counselling time which created a big scene as it published in newspaper where Police Commissioner gave statement to bring a lawsuit against the person who have done so & believe me my mother was angry like anything. She called an Uncle who is a policeman to take advice but Thank God that time UPTU Vice Chancellor Prof. Kripa Shanker mailed me and appreciated my efforts for bringing this to his attention.
So from this incident taught me a lesson to work ethically & also pushed to learn more. So Yes, this was the real first time when I had a real feel of hacking as a newbie.
9. Please give our readers Safety advice from hackers ?
There are following advices which I can give you are:
- Keep your antiviruses updated
- If you are running your own site then keep updated with latest website hacking techniques so that you can update your site before it gets hacked.
- Move your hosting & domain to a secured server rather than local hosting service providers.
- Please, do not use online banking, online shopping on public place even if it is being secured by National Security Agency (NSA) 😛 Always rely on your personal internet.
- If you have Wi-Fi then keep WPA2-psk Encryption with a very strong password because you never know if someone has a strong high end computer could possibly break the WPA Handshake file better secure your Wi-Fi with MAC filtering as well & change the default password of your router.
- If someone sends you the link over facebook or any social network site then open it in your Private browsing mode or incognito mode rather than on same window & better avoid opening if it looks suspicious to you.
10. Our most readers are bloggers so please give them some safety advice also for their blogs?
Keep updated about your CMS you are using because mostly what happens exploit releases for your theme & you forget to update or simply unaware of it. So better keep updated and check any external plugin before installing over exploit-db, packetstormsecurity.org etc. with their version in order to know whether the plugin is safe or not. If your blog is connected to BlogSpot then there are very less chances of getting hacked but still be secure.
11. What are the common loopholes that you find in websites?
I must say XSS is winning the competition over any vulnerability. I personally think that 80 out of 100 sites are vulnerable to XSS. CSRF, SQLi, Open Directory Listing, upload option with no filters are some others which are some common ones.
12. you provide Training and certification in your company, describe what are the benefit ?
Yes, we do provide training and certification & are very honest with our teaching methodology, course module & very much concerned about student/professional who is taking our course. I feel proud that our students are doing good and getting placed in top companies like TCS etc& also getting enlisted enlisted in various Security Hall of Fame pages of Facebook, Google, Deutsche Telekom, PayPal etc..
The benefit is you can take our course & become a life time partner with RMAR. If you feel like you forgot something then you can come and join any running batch again apart from that you can also get a chance to work on our live projects of Cyber Security. So far we didn’t do any marketing but through only mouth publicity RMAR is standing in a very strong position where even top security experts have appreciated our efforts & work, so this much is enough for me. I want to see the satisfaction on client and students faces after taking our service.
13. You also provide Corporate and collage trainings what are the benefits of that?
See, Workshop culture isn’t started couple of years before but has a big past but I have seen some Infosec Experts saying workshop on Ethical Hacking is useless and just to make money & I would like to counter it that when we go to colleges and deliver lecture you won’t believe that students do not know even the very basic security of their systems and various accounts over internet.
So I proud that we are training these people and making them aware about their basic security as if they won’t know all this later they will get hacked. I never ever said that in just two days we will make you He-Man of Cyber Security Domain but at least no one will be able to hack you. So these are the only benefit that on an individual level you can secure yourself from hackers as well as exposed to a new field full of opportunities to earn name, fame and money both.
14. How you feel you acknowledge by very well known companies like Google, Facebook & State University of Uttar Pradesh (GBTU)?
It feels good that you are getting appreciated by such big entities which motivates you and gives you a booster in your personal and professional life. So, Yes I guess everyone feels honored when such organization recognizes your hard work.
15. Most ethical hackers are writing their books and blogs you are also thinking for that or have you written any?
I love writing, expressing myself & talking about my point of views. None can better know this other than my Facebook Friends ha ha. They literally fed up of my statuses. So, yes I will write a book on infosec but it will take at least 3 years more because I am still learning and getting into the deep of some subjects so I don’t feel that I am the right guy to write a book on Infosec but for sure after 3 years I will publish my book.
However, I don’t deny the facts that may I can come up with a book other than infosec because I know I can write something at least for myself J So Thanks ITINFORMERS considering me for this interview, I am feeling honored but don’t know whether I was the right guy for this interview or not. Rest I have my personal website www.akashshukla.in linked to my personal blog www.daichitrojan.com where I write some articles whenever I feel like. My best wishes are always with you and your blog; I read some of the articles which are quite good so keep writing. Stay blessed.