I have had enough..I am very very pissed off as India has become the land of the skids & the greatest contribution to the same has been provided by imitators of Fadia business model ..And for the time being they are having good business by making fool of naive minds. Nowadays everyone I see (and meet) is a freelance security consultant, without even knowing the basics and intricacies of Security as process,acumen,method & lastly knowledge.
When I ask them, "Oh great, nice to meet you, so what you have been working on lately?"
The answer is cryptic bullshit about using Trojans, hacking Facebook profiles (using *means*..duh) , pentesting websites (using haviz/acunetix or automated tools without doing any static code analysis, or XSS'ing the website without even the hint of persistent ones) ,servers and even SEO (!).
A more advanced skid one will babble about using Backtrack/KALI and impress by using metasploit to show how exploits are run to compromise systems (insecure one, also in place of writing their own they just update it) , bit of showing connections to underground scene (wait what ?!) & having everyone by a cryptic handle in their Facebook profiles.
"Nice..So..what is *new* that you are working on lately?" I exclaim.
The media ?
Well..it goes apeshit whenever they hear about hacking prodigies. Well to uneducated media journalists, let it be known to you, RESEARCH BEFORE YOU VOMIT ANYTHING. Why don't you go through Charles Assisi's Article on Ankit Fadia and LEARN SOMETHING ?!!
Worst part - These guys are even authoring books on hacking. Go figure :/
Every time some hacking prodigy or best hacker releases a book on "guide to hacking" with age old obsolete (& mostly stolen) content, a cute bunny performs harakiri with his copy of Sn0wcrash somewhere .
Point in question is that NONE OF THE GUYS WHO PROCLAIM to be the BEST HACKERS IN INDIA have never appeared in reputable security conferences to show their mettle. Instead, they have created their own versions of DEFCON & HACKING CONFERENCES so that they can sing songs about their privates in full glory.
PS: Every time I read Norman Shark's report on an Indian APT, I have a facepalm, just saying. How on earth it was classified as an APT is beyond me.But again, not diverting too far from my point, back to Hackers.
I owe to a lot of people ; yes, every pro was a skid, I admit it, however what separates a skid or a Charlatan from a true 1337/seasoned security researcher is their attitude towards learning, reproducing, validating and then putting their own blood,sweat & tears into research to advance it.
I have met a quite a lot of talented folks in corporate world and have got the privilege to work with some extremely talented people in network security (I am looking at you fambon/jach/m0d412 =] ). Having watched the scene carefully, I wanted to make note of some of most talented folks in Indian security scene today, people who are Hackers (whether they acknowledge it or not) and are not *self proclaimed Hackers/best Hackers/leets* (guys you will find dime a dozen). Seriously guys..where is Halvar Flake of India?
I wanted to do it as they have made significant contribution to the Indian hacking scene , be it awareness,exploits,pwnage or anything, they have been doing what is needed today , rather than to create an army of skids that gave everyone a bad name.
Of course you will argue that the real guys are always hiding in the shadows (read:null) & there are a lot who are working behind the scenes,but still these are the ones you would like to know about (in no particular order).
1. Sanjay Rawat
Veteran security researcher specializing into Code optimization, Machine learning,VA,fuzzing and Network security. One of my heroes I look & greatly idolize.
2. Rahul "fb1h2s" Sasi
I have known Sasi since quite some time, & he is the current torch bearer of the face of Indian hackers, his research into HID devices-Biometrics,Datacards,IVR has recieved widespread attention and has given Indian security scene a good name.
PS: Rahul, if you are reading this , I chose this pic as this makes you resemble more like a cross between Alan Cox & Cory Doctorow, some offbeat folks I greatly admire, no kidding : P
3. Vinay "Vinnu" Katoch
Long time L0Xian has impeccable skills in exploit development, reverse engineering ,malware analysis and development. Known for his exploits in JVM,ASLR/DEP bypass and his quite nature.
4. Vivek Ramachandran
Well, how he can be even missing from this list. His famed Café Latte Attack & his latest primer on making security accessible to everyone via Securitytube has helped millions to learn security the right way, at least the nascent steps. Kudos to him.
5. Rajshekhar Murthy / Atul Alex Cherian
The Malc0n duo is quite infamous for bringing raw,uncensored malware research,development into the spotlight. Malc0n exclusively focuses on proactive malware research and analysis & the responsible folks have been instrumental in making it an international platform.
Honourable mention : Folks at n|u,g4h,SX, I always take you for granted since you have always been 1337s, you don't need a lesser mortal to define your contribution to the scene.
I hope my rant was quite clear (!) , concise and to the point, I hope the next time you will hear about some Indian hacking prodigy in your local newspaper, Facebook page or on a poster at your college campus, you will QUESTION YOURSELF TWICE & ask the goodol' folks at n|u/SX/g4h for a piece of their mind.
If you want to go through the last time I ranted about the BEST HACKERS IN INDIA, click here. You can also read more about Charlatans at Attrition.org, my favourite place to kill off time.
Just in case you might question my authority of ranting about the topic, then well, I hope you will get it someday.
0 comments:
Need to say something ? Spell it out :)