21 evening with white hat...hunting hacker handsomely. as an ethical hacker, and bounty hunter, i...
TRANSCRIPT
AnandPrakashisaprolificsecurityresearcherwhoisfamousfor
findingbugsinsomeoftheworld’smostpopularappsandwebsites.Hethrivesoffof“bugsbounties” — largecashprizesheearnsfromcompaniesinexchangefor
successfullyhackingtheirsystemsandshowingthemtheirsecurityflaws.Anandissupremelygoodatwhathedoes,havingdiscoveredvulnerabilitiesatcompanieslikeFacebook,Twitter,andUber.Forthepast5years,Facebook’shasrankedAnandasoneoftheirtopbountyhunters.AndonTwitter’sbountyprogram,he’sranked#3
world-wide.Anand’sreputationasahackerhasledtohimbeingfeaturedinlastyear’sForbes“30under30”forenterprisetechnologyinAsia.AndamajorIndiannewswebsitedeclaredAnand“oneofIndia’sbest
knownwhitehathackers.”
SaiKrishnaKothapalli(IITGuwahati)
SaiKrishnaKothapalliisafinalYearComputerScienceandEngineeringUndergrad,IIT
Guwahati,BugBountyHunter,andSecurityResearcher.HehasfoundsomeseriousbugsinsomepopularwebapplicationsincludingafewintheIndiangovernmentsector.HeisalsooneofthestudentsatIITGwhocampaignedforthecampusbugbountyprogramandhelpedgettingitorganizedandstarted.
AneveningwithWHITEHAT
HackersonBountyHunting
OrganizedBy:InterdisciplinaryCentreforCyber
SecurityandCyberDefenceofCriticalInfrastructures
https://security.cse.iitk.ac.in/
C3iCenter,IITKanpur March21st20185:30PMto8:30PM
Venue:L-19
AnandPrakash(Appsecure)
“Talk1:StoryofaWhiteHatHacker:HowIsavedabillionuseraccounts?”Speaker:AnandPrakashAbstract:BugsBountyprogramsworldwidehavetakenoffbecausemostcustomerfacingwebsitesandwebapplicationsareincreasinglyunderattackbyhackers.LargecompaniessuchasFacebook,twitter,google,Microsoft,aswellasmobileapps-basedcompaniessuchasUbercannotfullyguaranteethatthewebapplicationsandmobileapplicationstheirengineersproducearefreeofsecurityvulnerabilities.Therefore,theyallhaveannouncedlargemonetaryrewardprogramsforethical
TheGood,thebadandtheUgly–WhiteHat,GreyHat,andtheBlackHathackingPanelists:AnandPrakash,SaiKrishnaKothapalliModerator:SandeepK.Shukla
Inthispaneldiscussionwewilldiscusstheon-goingracebetweentheblackhathackerstoexploitinformation and critical systems while the white hat hackers try to save the day with theirrepertoireoftoolsandtechniques.Unfortunately,thiswarisoftentiltedasblackhathackersareoften parts of crime syndicates, and worse yet – recruited by the cyber army and espionagefunctionariesofvariousgovernments.Thenhowarethewhitehathackerstosavethesystemsbyfinding thevulnerabilities faster than theblackhats.Blackhatsarealsoorganized inchat roomsandforumsintheunderbelliesofthedarkweb.Arethewhitehathackersorganizedinthesameway?
1
exploits,andbasedonthecriticalitylevelofthediscovery–theyrewardthebountyhuntinghackerhandsomely.Asanethicalhacker,andbountyhunter,Ihavefoundmanyvulnerabilitiesinthesepopularsitesthatcouldhavebeendisastrousifexploitedbyablackhathacker.Theraceisonbetweenblackhathackerswhouseverysophisticatedtools,andexperience--sometimesemployedbyorganizedcrimesyndicatesaswellasroguestates,andwhitehatethicalhackerswhoalsousetheirexperienceandtoolstofindthevulnerabilitiestohelpthecompanies.Inthistalk,Iwilldiscussmyownexperienceinsavingbillionuseraccounts,andmorestoriesfromthetrenchofthisongoingduelofmindsbetweenwhitehatandblackhathackers.
“Talk2:Landscapeofbugbountyprograms”Speaker:SaiKrishnaKothapalliAbstract:Intheever-advancingDigitalAge,Indiahasplacedsomucheffortindigitizingallwalksoflife,butareweIITGhastakenthefirststepinthisdirectionby
2
takingenoughcaretoprotectourdata?beingtheonlyeducationalinstitutioninAsiatolaunchitsownresponsibledisclosurepolicy(bugbountyprogram).Thistalklaysoutthechallengesfaced,andtheresponsereceivedbyimplementingthisforIITGandhighlightswhatotherinstitutesandgovernmentorganizationscanlearnfromthem.Italsoemphasizesthenecessityandbenefitsofaresponsibledisclosurepolicyingovernmentorganizations.Itwindsupbyfocusingonsomecountry-specificcasestudieswherethingswentdownhillandfindoutwhatcouldhavebeendonetoavertwhateverhadhappened.