Chief Information Security Officer (CISO) with more than 20 years of experience in real-world Cyber Security. Leading advanced persistent threats hunting, with expertise on forensic and security orchestration automation response, as well as detection capabilities. An advocate of Cyber Criminology, who understands the motives of hacker strategies and response methodologies. A highly motivated security specialist with a consistent proven record of going the extra mile to meet objectives. With demonstrable experience to effectively detect, prevent, and respond to cyber threats against infrastructures.
|| Cyber Security Architect || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
Geek Traits: TISO
My first web designing team was formed in 1997. I started my first web development of Web Directories, Forums, Blogs, E-commerce, CMS and Static & Dynamic websites using multiple programming languages such as HTML, PHP, Python, JSP, ASP, C++ and Adobe suite, Photoshop, Dreamweaver, Macromedia Flash, Fireworks etc. As a webmaster, I taught my web development team how to securely build websites using STLC (Software Testing Life Cycle) methodology and how it should be implemented from the foundation of any IT infrastructure building. Code reviewing practice was the core of my web design principle and I had a special interest in networking and infrastructure security. As a versatile individual with extensive experience of vulnerability detection, prevention and incident response in all areas of the web domain including in-house web hosting infrastructure, I’m a hands-on technician.
Build a smart piSOC with MITRE ATT&CK Unified Security
The threat landscape keeps getting more complex. The trend toward cloud and hybrid environments complicate your cybersecurity posture. Many organisations building a cyberSOC may seem like an impossible task. With limited resources (time, staff, and budget), setting up an operations center supported by multiple security monitoring technologies and in real-time threat updates does seem complicated. Thankfully, I have step by step white-paper for you to start building your own DIY SOC in very cost effective way to implement and manage these different tools on an ongoing basis...Find full white-paper on:https://www.linkedin.com/pulse/build-smart-pisoc-mitre-attck-unified-security-naushad-hunter/
THE SHIFTING CYBER THREAT LANDSCAPE
As hackers become more creative in their subversive techniques, businesses need to become more proactive in educating their workforce and stepping up their cyber incident response plans. Businesses should consult with their vendors, third-party suppliers and stakeholders in every business unit to ensure continuity, mitigate risk and verify that security measures are being employed and regularly updated.
A Majority of Cyber Attacks Successfully Infiltrate Enterprise Environments Without Detection
The report summarizes the results of thousands of real attacks performed by experts from the Mandiant Security. The tests consisted of real attacks, specific malicious behaviors, and actor-attributed techniques and tactics run in enterprise-level production environments representing 11 industries against 123 market-leading security technologies — including network, email, endpoint, and cloud solutions. The report reveals that while organizations continue to invest significant budget dollars in security controls and assume that this means assets are fully protected, the reality is that a majority of the tested attacks successfully infiltrated the organizations’ production environments without their knowledge. READ MORE: attacks-successfully-infiltrate
PhD Project: CyBotic Predator
What is the Cybot, AKA CyBotic Predator : 2018
Here is my 2nd Ph.D research project, CyBotic is an Ultimate Signal Sniffing Predator, which has build in five core functionality’s
Air defence system including Drone defence
Sea defence system
Network & WiFi Defences
IDS & IPS
IoT Operations and Intelligence – IoT Innovation There are two reasons why I want to start a PhD on CyBotic Predator. I have a passion for research on signal sniffing domain itself “i mean hacking”, for developing understanding and knowledge. Also, I have a desire to be intellectually challenged and guided by a world expert in this field. My curiosity on this subject is simple can I able to push my limit to build the ultimate cyber defence system just like security orchestration. Visit dedicated site: https://cybotic.io
Ministry of Hack
M-O-H Security ecosystem provides comprehensive protection for your it infrastructure based on our unique cyber intelligence and deep analysis of attacks and incident response, along with integrated risk management which reinvent the way you manage risk. Our methodology based on adversary-centric detection and proactive threat hunting. We are military grade cyber threat hunters, with the years of experience in threat hunting.. We know how attackers think and act, and how to use tools to find them and kick them out.Visit: Ministry Of Hack
Photobox Group Hackathon 2018
We’ve just completed the 5th PhotoBox Group Hackathon! We first time demonstrated my CyBotic Project, AKA CyBotic Predator. I can’t wait to kick off. The CyBot Predator idea thrived from the original RedTeam Hail Mary toolkit developed in 2014.
I am not desperate to leave my current job but am keeping my eyes out for new opportunities.: |=See more=|
CyberWar: How can they hurt us?
What damage can cyber attacks actually do? NATO Review asks the White House’s former director of cyber infrastructure protection what we should be worried about – and how knowledge of cyber attacks’ potential may be more limited than portrayed.
My Hail Mary toolkit have 3 type of attack mode Attack mode 1: Will able to break WPA2 encryption scheme. Key to the kingdom is to tricking the 4-way handshake, This is achieved by manipulating and replaying cryptographic handshake messages in a fundamental way. Attack mode 2: Detect Long-range RFID’s over 100-120m. Attack mode 3: Long-range scanner for contactless smart card (Its embedded integrated circuits can store (and sometimes process) data and communicate with a terminal via 13.56-MHz)
Special Ops Project: Threat intelligence researchers hunting various potential spyware, adware, trojans, keyloggers, bots, worms, and hijackers, in real time. The CyberSecurity landscape has changed. No longer are we protecting against a piece of malicious code – we are defending against persistent adversaries. Find out more about APT’s or Advanced Persistent Threats. (malwaredetective.co.uk)
RedTeam Travel Kit
NHS WannaCry Attack
I am proud to have co-authored this book. Wannacry Ransomware Crowd Source Intelligence, A free resource created by the global cyber community and This is not the end but rather just the beginning of life-impacting cyber attacks. To download this document and to keep abreast of such initiatives and continue receiving reports and guidance papers please Download here
Cyber Immune System
Darktrace is a world leader in Enterprise Immune System technology for cyber security. Using new machine learning techniques based on the biological principles of the human immune system, Darktrace addresses the challenge of detecting previously unidentified cyber threats, irrespective of their origin.
What Is Red Teaming?
Red Teaming is a process designed to detect network and system vulnerabilities and test security by taking a hacker-like approach to information security system/network/data access. This process is also called “RedTeam Operation -ethical hacking” since its ultimate purpose of the red teams is to enhance security system, either by specifying the adversary’s preferences and strategies or by simply acting as a “Devil’s Advocate”. Red Team provides a more realistic picture of the security readiness than exercises.
Fifty Shades of Grey Cyber Lab
It is an art to performing a pen-test. There are various penetration testing methods available. Pen-testing should be an integral part of product SDLC cycle, and You need an Integrated Penetration Testing Tools and a Lab, ReadMore:CyberLab
Decoding Petya Ransomware
Seems I have a decoder for #Petya, but it works only if the system was not rebooted after the infection. Petya Ransomware eats your hard drives.
Ransomware is evolving — fast. The new versions of ransomware use strong asymmetrical encryption with long keys so that files cannot be decrypted without the key. The bad guys have started using TOR and payments in bitcoins for the sake of staying totally anonymous. And now there is Petya ransomware which in a certain sense encrypts the whole hard drive all at once instead of encrypting files one by one.
PUT YOUR DEFENSES TO THE TEST, OFFENSIVE SECURITY TEAMS
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Knowing the adversary’s moves helps you better prepare your defenses. Metasploit, backed by a community of 200,000 users and contributors, gives you that insight. It’s the most impactful penetration testing solution on the planet. With it, uncover weaknesses in your defenses, focus on the highest risks, and improve your security outcomes.
Arbor DDoS Solutions!
The Evolution of DDoS Attacks
Arbor solutions offer full protection and simplified network management on all interconnected environments. They provide a bigger and better overview, actionnable information and proven protection, ensuring that network threats are detected and neutralised. Availibility of the network is thus guaranteed.
Akamai Intelligent Platform
Akamai’s content delivery network- CDN is one of the world’s largest distributed computing platforms, Akamai’s Network Operations Command Center (NOCC) is used for proactive monitoring and troubleshooting of all servers in the global Akamai network. The NOCC provides real time statistics of Akamai’s web traffic. The traffic metrics update automatically and provide a view of the Internet traffic conditions on Akamai’s servers and customer websites.
Elastica CloudSOC platform
The Elastica CloudSOC platform enables companies to confidently leverage cloud applications and services while staying safe, secure and compliant. Leveraging advanced data science and machine learning, CloudSOC taps real-time user traffic, native SaaS APIs and other data sources to provide a single pane of glass for monitoring and controlling your SaaS apps.
NATO Cyber Defence
Cyber Defence Pledge
Cyber threats and attacks are becoming more common, sophisticated and damaging. The Alliance is faced with an evolving complex threat environment. State and non-state actors can use cyber attacks in the context of military operations. In recent events, cyber attacks have been part of hybrid warfare. Read More
See more about the top security events I have attended. Conferences are important events in almost every industry, giving professionals the opportunity to learn about new developments, get valuable insights from leading experts, and network with other professionals. In few fields do conferences play as important a role as they do in information security. This ever-changing industry places high demands on professionals to stay abreast of the latest best practices, trends, and research findings that impact their day-to-day responsibilities and help them perform at their best. See more
0day Exploit for Windows 10 RCE
Call Offensive Security
Call Offsec they are the very best!..Information Security Training, Ethical Hacking Certifications, Virtual Labs and Penetration Testing Services from Offensive Security, the creators of Kali Linux.
Capture The Flag-HackTheBOX
Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests. It contains several challenges that are constantly updated. Some of them simulating real world scenarios and some of them leaning more towards a CTF style of challenge.
Cyberlympic ‘Ethical Hacking’ World Championship
Hackers in the world competed in the Global CyberLympics final during Cyber Security Week in The Hague. This is an international hacking competition aimed at improving the level of national cyber security and strengthening international cooperation. “The competition this year was at the highest level we’ve ever seen due to the relevance of the challenges such as credit card cloning and cryptocurrency mining. The whole event had such amazing energy since it was in the middle of Cyber Security Week here in The Hague. Read More: https://www.naushad.co.uk/2017/10/30/cyberlympic/
GDPR Audit Checklist
The first steps towards GDPR compliance are understanding your obligations, what your current processes are and identifying any gaps. Undertaking a data protection audit is essential to achieving compliance. This checklist is intended to provide a starting point, rather than providing an exhaustive audit. Download full PDF here
AppSec Check list Mine Map
Application security encompasses measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities. From the risk management strategic point of view, the mitigation of application security risks is not a one time exercise; rather it is an ongoing activity that requires paying close attention to emerging threats and planning ahead for the deployment of new security measures to mitigate these new threats. Checklist mine map
Photobox Group Security Team
Wisdom of Crowds Lon Nov2018
|--Although you should be able to work out who I am, I don't really care, as I can work out who you are. So beware of leaving footprints.--|