Today we are going to publish second interview of the well known Ethical hacker, Security researcher and information security professional of India.
Yeah, here we have Mr. Nipun Jaswal aka Apex with us. Who has wide experience in Information Security domain. He is the master of Metasploit and also published a worth reading book for metasploit lovers named “Mastering Metasploit”.
So Let’s start a quick and healthy discussion on some aspects of Information Security with Nipun Jaswal.
Team Hackers Interview: Hello Mr. Nipun, please introduce yourself to our readers.
Nipun Jaswal: Dear Readers, Hi! My Name is Nipun Jaswal, I can describe myself as a Security Researcher who loves challenges in the cyber domain. I have 8+ Years of experience and presently working as the technical Program manager- Cyber Intelligence at Pyramid Cyber and Forensics. I am also the author of Mastering Metasploit Edition First, Second and serve as the primary author for the Chinese translation of the book. I have worked with many law enforcement agencies throughout the world to make cyber domain a safer place to be at. I am also associated to National Cyber Defense and Research Center as a Chair Member.
Team HI: Why you’ve decided to pursue Ethical hacking as your career option?
Nipun Jaswal: Well, it all started as a hobby. I never thought I will come along so far. I never thought of being a money maker and all I wanted to do is to enjoy the field to the core. Coming along, I got some great opportunities which earned me my first job. Hence, decided to stick to the field. And they say that “if you love your job, you don’t work a single day”
Team HI: How you had started your journey in cyber world?
Nipun Jaswal: I was in 7th standard when I got fascinated seeing a hacking movie on star movies, it was “THE NET”. A few years later, a friend, who was a hacker, sent me few files and tutorials. I started reading, learning more and more about hacking while searching, torrenting and downloading content from the web. At that time, defacements were pretty cool. So, I jumped into the same with some friends and started researching, hacking, defacing or what you call the black hat thingy.
Team HI: Tell us about your experience in this field
Nipun Jaswal: Every day in this field is a new experience. If I can recall last 7 years, 80% of the time every day was something new. Every time a new scenario, a new technique, a new exploit, the only thing that remain static most of the times is the shellcode.
Team HI: What are the amazing things you did in Ethical hacking?
Nipun Jaswal: There are plenty. But the most amazing thing I did in last one month was breaking into a Wireless lighting system or which you can call IOT exploitation.
Team HI: What advice will you give to our readers to stay safe online?
Nipun Jaswal: Being safe online is a myth. You might never know which 0day gonna hit you opening your favourite site. However, there are few measures you can always take to ensure you are lil safe which are, Using a good antivirus, I would suggest Bit-Defender, Always keep your browsers, Adobe reader updated( A lot of bugs found recently), Never turn off your firewall, Do not trust your friend’s mobile phone if he wants to charge it from your laptop, Use TOR to open suspicious links
Team HI: What is the scope of ethical hacking?
Nipun Jaswal: Very bright, India is getting digitized day after day. But this also poses threats as things are moving online it is easy for attackers to attack any location remotely if the app/server is not secured properly. Hence, demand of Security researchers is on a high.
Team HI: What will you suggest to our newbies who are interested to start their career in Ethical Hacking?
Nipun Jaswal: To newbies, this field is tough. If you are interested then make sure you follow few rules- Never hurry- Be patient (You can never learn anything in 1-2 weeks), There is almost everything on the internet so while you are learning try figuring out answers to your queries yourself and stop bothering people who are already in this field, Test your skills on cyber ranges and simulation based environments like Webgoat, metasploitable, Nebula, Mutillidae and at last remember, hacking in movies and hacking in real life are two different things.
Team HI: What are the various career opportunities in Ethical hacking?
Nipun Jaswal: As a fresher, there will always be opportunities ranging from a security analyst to a security researcher. Try going for the latter as researching will enhance your skills a lot.
Team HI: What do you think what are the myths general public may have about Ethical Hacking?
Nipun Jaswal: Plenty of things such as:
- Hacking email accounts is very easy
> Not at all easy as it requires victim to interact. Also, if you are calling password reset because you know the target personally and reset his account with his DOB and city of birth its not called a hack.
- Hacker are thieves
> Most of the people think hackers are thieves. This is extremely wrong. Generally, we break into the companies so that no one else can break in
Team HI: Tell us the responsibility of a Penetration Tester?
Nipun Jaswal: A professional penetration tester responsibility includes finding out known and unknown flaws in the testable environment, ensure that no part of the scope is left behind, responsible for ensuring task completion in the designated timelines, ensuring that the bugs are manually verifiable, ensuring that the patch is applied without creating new bugs.
Team HI: What are the useful online and offline sources to learn ethical hacking?
Nipun Jaswal: I would personally suggest Open Source trainings, security tube, Corelan and fuzzy security to all the readers.
Team HI:As a master of Metasploit, what advice will you give to our readers for a better resource for making their hands dirty with Metasploit.
Nipun Jaswal: Best resource for learning Metasploit is the wiki guide available on the Metasploit github page. I would also suggest Metasploit unleashed for learning the basics. For advanced learning, you can refer my book Mastering Metasploit as well.
Team HI: What certifications will you suggest to newbies which may help them in growth and enhancing their knowledge in Information Security?
Nipun Jaswal: Most of the people think C|EH is not a worthy certification as it focuses more on the Theory rather than practical. However, for career growth it’s a must have certification and it builds upon the basics, better the basics, better is your understanding of the complex subjects. Hence, for career growth C|EH is good to have. For knowledge and practical exposure, OSCP and OSCE are the best certification to go for.
Team HI: Do you think Indian Government should implement some new rules or laws to prevent cyber crimes? If Yes, then kindly mention what it should be?
Nipun Jaswal: Yes, Indian government should establish rules and regulations to fill the gaps between the community and the govt. Govt. should pose rules on breach disclosure for the companies. Govt. should also establish a platform where patriotic hackers can exchange their findings with the government.