Vivek Ramachandran is a world renowned security researcher and evangelist. His expertise includes computer and network security, exploit research, wireless security, computer forensics, embedded systems security, compliance and e-Governance. He is the author of the books – “Wireless Penetration Testing using Backtrack” and “The Metasploit Megaprimer”, both up for worldwide release in mid 2011. Vivek is a B.Tech from IIT Guwahati and an advisor to the computer science department’s Security Lab.
Vivek is an internationally acclaimed speaker and has spoken in dozens of conferences worldwide. Some of his well known talks include – “WEP Cloaking Exposed” at Defcon 15, Las Vegas, USA and “The Caffe Latte Attack” at Toorcon, San Diego, USA. Both these talks were covered extensively by international media including BBC Online, Network World, The Register, Mac World, Computer Online etc. He has also conducted workshops and corporate trainings around the world apart from his speaking engagements.
In 2006, Microsoft declared Vivek as one of the winners of the Microsoft Security Shootout Contest held in India among an estimated 65,000 participants.
The competition was aimed at finding leading Security Experts in India. Vivek was also awarded a Team Achievement Award by Cisco Systems for his contribution to the 802.1x and Port Security modules in the Catalyst 6500 series of switches. These are high end security features used in Enterprises
Vivek was featured in the evening edition of CBS5 news in the US where he educated the general public on the dangers of using WEP in Wireless. During this time, he has worked for and provided consulting to Fortune 500 companies in the field of Information Security. The Caffe Latte Attack discovered by Vivek and covered by CBS5 news, is now part of Wireless Security textbooks and various Wireless Penetration testing tools like Aircrack-NG.
He is well known in the hacking and security community as the founder of SecurityTube.net , a free video based computer security education portal. SecurityTube gets an estimated 80,000 monthly visitors and is considered one of top sites for security education. Vivek’s videos on Assembly Language Programming, Buffer Overflows, Metasploit etc. have received thousands of views and hundreds of appreciating comments from the community. The site also includes videos from other security researchers.
1. Can you introduce yourself to Security Kaizen Readers? (your biography, experience, …etc)
My name is Vivek Ramachandran, I am the Founder and Chief Trainer at SecurityTube.net. I discovered the Caffe Latte attack, broke WEP Cloaking, a WEP protection schema in 2007 publicly at Defcon and conceptualized enterprise Wi-Fi Backdoors. I am also the author of the book “Backtrack 5 Wireless Penetration Testing“. My book “The Metasploit Megaprimer” focussed on Advanced Metasploit usage for Pentesting and Exploit Development is up for release in June 2012.
2. Can you give us more information about your web site “securitytube.net” (its goal, services provided,…etc)
SecurityTube.net was founded in 2007 to serve as a platform for security knowledge sharing using videos. Today, we feel we are positioned to build an information security knowledge portal around securitytube which will be free for everyone to use.
3. What made you take the Free Information Sharing Route instead of selling your knowledge?
I grew up in India living with my grandparents. My grandmother was a teacher in a city school and in the evenings she used to teach poor students for free. She always felt that if quality education could be provided to one and all, without a bias towards who can afford or not, then the world would be a better place. This value system stuck with me forever and has been the guiding light to me in making quality content free to one and all. I am proud to announce that SecurityTube is the only infosec training company which provides its core content for free to everyone and only charges when you want to certify.
4. When did you start securitytube.net and how did the idea come to your mind?
During my interaction with students and infosec enthusiasts, I found that most of them could not find quality learning material for free and thus found it very difficult to enter the field. There were good quality courses and certifications available even back then, but the cost was exorbitant. I thus decided to start ST to create a free yet valuable knowledge resource.
5. What Problems did you face at the beginning?
In order of difficulty:
• I used to make large videos, but my Internet connection in India was so slow that I could not upload the videos Had to really work to bring down the video size.
• My accent was difficult to follow for many, but now I’ve managed to try and have a neutral accent as much as possible
• Hosting and Video bandwidth was very expensive and I had to really cut down on my expenses to fund the site from my own pocket.
6. When did you feel that securitytube.net idea will boom ?
I really don’t know. Infosec has become more important than ever today, and thus infosec education is definitely a MUST HAVE for most, rather than a good to have. I am just happy people enjoy the site and the videos.
7. Did you make any marketing for your website or it is just the word of mouth that brought you traffic
In the beginning, I used to cross post my videos to various forums on the Internet to get people to use. I never spent a $ on any formal marketing. Today, most of the links posted on the Internet are by our visitors and thus drives our traffic.
8. Do you have a team behind that amazing work or it’s only you?
Till the time I was running ST as a side project, I was pretty much alone with help from some community members like Amit Vartak, Vitomir, Prateek, Andrew, Bennett.
Once i decided to offer certifications, I had my old friend Shubhi Saxena join me as a partner and then we hired our first engineer Ashish to help build the site further.
We are still continuing to get part time help from our friend Bennett, Prateek and others.
In my mind, all the visitors to SecurityTube are our extended team. I really wish to meet all of them someday face-to-face.
9. can you give us some statistics about your website now e.g number of videos uploaded, number of users watch your videos per month,… etc
We get over 100,000+ unique visitors per month and have averaged around 1 million unique visitors in the past year. We have over 15,000 registered users and around 100 unique uploads per month.
10. What do you ask from Security Kaizen readers to do regarding securitytube.net ? (More comments about your videos, upload more videos ,..etc)
I would request your users to use the website, download all the free content and our courses and share them with everyone. If they are good in a particular topic in Infosec, then they could even make videos and share it with others.
11. Why did you choose Metasploit to be your first Certificate and do you get any support from Rapid7?
Our first certification was the SecurityTube Wi-Fi Security Expert (SWSE) and born out of the lack of quality practical certifications in the field of Wi-Fi security. Also, most people had a misconception that Wi-Fi Security is all about WEP cracking, when it is actually way beyond that. This is what the course illustrates.
http://securitytube-training.com/certifications/securitytube-wi-fi-security-expert/
Metasploit is a fantastic tool and we wanted to leverage it to show what are the fantastic things one can do with it during a pentest. The SecurityTube Metasploit Framework Expert (SMFE) is a SecurityTube offering, Rapid 7 or the Metasploit team has no involvement in it. We are however very thankful to them for creating such an amazing tool. With the Metasploit tool, we also launched our online live labs where we have a dozen vulnerable machines which our students can exploit and learn new techniques at their own pace.
12. What is your plan for 2012.Are you thinking of new certificate or any improvements in securitytube.net?
We are planning to line up a couple of new certifications and also re-design the whole website Stay tuned and keep coming to the site for it
13. What is your Comment about Security Kaizen Magazine? And what is needed to rank it as one of the best magazines in Information Security field in the world?
You have a fantastic magazine in place with a motivated team pushing it. I am sure that Security Kaizen will emerge as one of the better magazines in the world.
The most important task is to ensure that you create and publish new and relevant articles so that your readers look forward to every edition.
14. In your opinion, what are the top 5 magazines in the Security World?
Every magazine has its own merits and demerits. Having run a community website I know it takes a lot of effort to create something and put it in front of the world. In this spirit, I personally would like to encourage everyone rather than create a top 5 list
15. Which Security Conferences are you keen to attend every year?
Defcon for sure. I love the crew and friendly atmosphere at Brucon, SecurityZone and Hacktivity. These are definitely must-attends for me.
The author Vivek Ramachandran not only gave a Wireless Pentesting training at BruCON, but is also known for his work on wireless security.
Content:
The book has nine chapters starting with info how to build your lab, and what kind of hardware is required to more advanced attacks like Mis-Association, Caffe Latte, and breaking WPA-Enterprise.
I wouldn't compare this book to a standard book you read, because this book would be more a training manual teaching you some (basic) theory and then giving you lab exercises (or vice-versa). This is a great thing for geeks like me that remember by doing, and not by reading.
The disappointing bit was the lack of cryptographic theory. I think it is rather important to not only learn to use a tool with its command line options, but it's also important to know what the differences are between PTW and FMS attacks, and why it's possible to do ARP replays while the packets are encrypted. (Answer: because an ARP packet has a fixed length it can be recognized even being encrypted.)
As I am more experienced half of the book was a quick read, however the second half was a lot more pleasing as it taught me things I didn't know. (or forgot because of a lack of practice)
If you don't have experience with Wireless Cracking/Penetration Testing this book is definitely a must-read. I do advice however that you open Wikipedia and the site of Aircrack when reading trough WLAN Encryption Flaws (Chapter 4) to better understand the cryptographics.
Vivek is an internationally acclaimed speaker and has spoken in dozens of conferences worldwide. Some of his well known talks include – “WEP Cloaking Exposed” at Defcon 15, Las Vegas, USA and “The Caffe Latte Attack” at Toorcon, San Diego, USA. Both these talks were covered extensively by international media including BBC Online, Network World, The Register, Mac World, Computer Online etc. He has also conducted workshops and corporate trainings around the world apart from his speaking engagements.
In 2006, Microsoft declared Vivek as one of the winners of the Microsoft Security Shootout Contest held in India among an estimated 65,000 participants.
The competition was aimed at finding leading Security Experts in India. Vivek was also awarded a Team Achievement Award by Cisco Systems for his contribution to the 802.1x and Port Security modules in the Catalyst 6500 series of switches. These are high end security features used in Enterprises
Vivek was featured in the evening edition of CBS5 news in the US where he educated the general public on the dangers of using WEP in Wireless. During this time, he has worked for and provided consulting to Fortune 500 companies in the field of Information Security. The Caffe Latte Attack discovered by Vivek and covered by CBS5 news, is now part of Wireless Security textbooks and various Wireless Penetration testing tools like Aircrack-NG.
He is well known in the hacking and security community as the founder of SecurityTube.net , a free video based computer security education portal. SecurityTube gets an estimated 80,000 monthly visitors and is considered one of top sites for security education. Vivek’s videos on Assembly Language Programming, Buffer Overflows, Metasploit etc. have received thousands of views and hundreds of appreciating comments from the community. The site also includes videos from other security researchers.
INTERVIEW QUESTIONS
1. Can you introduce yourself to Security Kaizen Readers? (your biography, experience, …etc)
My name is Vivek Ramachandran, I am the Founder and Chief Trainer at SecurityTube.net. I discovered the Caffe Latte attack, broke WEP Cloaking, a WEP protection schema in 2007 publicly at Defcon and conceptualized enterprise Wi-Fi Backdoors. I am also the author of the book “Backtrack 5 Wireless Penetration Testing“. My book “The Metasploit Megaprimer” focussed on Advanced Metasploit usage for Pentesting and Exploit Development is up for release in June 2012.
I currently run the SecurityTube Wi-Fi Security Expert (SWSE) and the SecurityTube Metasploit Framework Expert (SMFE) online course and certifications which are currently being taken by students from over 40+ countries around the world. I also conduct in-person trainings in the US, Europe and Asia.In a past life, I was one of the programmers of the 802.1x protocol and Port Security in Cisco’s 6500 Catalyst series of switches. I was also one of the winners of the Microsoft Security Shootout contest held in India among a reported 65,000 participants. I had also published multiple research papers in the field of DDoS, ARP Spoofing Detection and Anomaly based Intrusion Detection Systems. My work on wireless security has been quoted in BBC online, InfoWorld, MacWorld, The Register, IT World Canada etc. places. I had spoken/trained at top conferences around the world including Blackhat USA and Abu Dhabi, Defcon, Hacktivity, Brucon, ClubHack, SecurityByte, SecurityZone, Nullcon, C0C0n etc.
2. Can you give us more information about your web site “securitytube.net” (its goal, services provided,…etc)
SecurityTube.net was founded in 2007 to serve as a platform for security knowledge sharing using videos. Today, we feel we are positioned to build an information security knowledge portal around securitytube which will be free for everyone to use.
3. What made you take the Free Information Sharing Route instead of selling your knowledge?
I grew up in India living with my grandparents. My grandmother was a teacher in a city school and in the evenings she used to teach poor students for free. She always felt that if quality education could be provided to one and all, without a bias towards who can afford or not, then the world would be a better place. This value system stuck with me forever and has been the guiding light to me in making quality content free to one and all. I am proud to announce that SecurityTube is the only infosec training company which provides its core content for free to everyone and only charges when you want to certify.
4. When did you start securitytube.net and how did the idea come to your mind?
During my interaction with students and infosec enthusiasts, I found that most of them could not find quality learning material for free and thus found it very difficult to enter the field. There were good quality courses and certifications available even back then, but the cost was exorbitant. I thus decided to start ST to create a free yet valuable knowledge resource.
5. What Problems did you face at the beginning?
In order of difficulty:
• I used to make large videos, but my Internet connection in India was so slow that I could not upload the videos Had to really work to bring down the video size.
• My accent was difficult to follow for many, but now I’ve managed to try and have a neutral accent as much as possible
• Hosting and Video bandwidth was very expensive and I had to really cut down on my expenses to fund the site from my own pocket.
6. When did you feel that securitytube.net idea will boom ?
I really don’t know. Infosec has become more important than ever today, and thus infosec education is definitely a MUST HAVE for most, rather than a good to have. I am just happy people enjoy the site and the videos.
7. Did you make any marketing for your website or it is just the word of mouth that brought you traffic
In the beginning, I used to cross post my videos to various forums on the Internet to get people to use. I never spent a $ on any formal marketing. Today, most of the links posted on the Internet are by our visitors and thus drives our traffic.
8. Do you have a team behind that amazing work or it’s only you?
Till the time I was running ST as a side project, I was pretty much alone with help from some community members like Amit Vartak, Vitomir, Prateek, Andrew, Bennett.
Once i decided to offer certifications, I had my old friend Shubhi Saxena join me as a partner and then we hired our first engineer Ashish to help build the site further.
We are still continuing to get part time help from our friend Bennett, Prateek and others.
In my mind, all the visitors to SecurityTube are our extended team. I really wish to meet all of them someday face-to-face.
9. can you give us some statistics about your website now e.g number of videos uploaded, number of users watch your videos per month,… etc
We get over 100,000+ unique visitors per month and have averaged around 1 million unique visitors in the past year. We have over 15,000 registered users and around 100 unique uploads per month.
10. What do you ask from Security Kaizen readers to do regarding securitytube.net ? (More comments about your videos, upload more videos ,..etc)
I would request your users to use the website, download all the free content and our courses and share them with everyone. If they are good in a particular topic in Infosec, then they could even make videos and share it with others.
11. Why did you choose Metasploit to be your first Certificate and do you get any support from Rapid7?
Our first certification was the SecurityTube Wi-Fi Security Expert (SWSE) and born out of the lack of quality practical certifications in the field of Wi-Fi security. Also, most people had a misconception that Wi-Fi Security is all about WEP cracking, when it is actually way beyond that. This is what the course illustrates.
http://securitytube-training.com/certifications/securitytube-wi-fi-security-expert/
Metasploit is a fantastic tool and we wanted to leverage it to show what are the fantastic things one can do with it during a pentest. The SecurityTube Metasploit Framework Expert (SMFE) is a SecurityTube offering, Rapid 7 or the Metasploit team has no involvement in it. We are however very thankful to them for creating such an amazing tool. With the Metasploit tool, we also launched our online live labs where we have a dozen vulnerable machines which our students can exploit and learn new techniques at their own pace.
12. What is your plan for 2012.Are you thinking of new certificate or any improvements in securitytube.net?
We are planning to line up a couple of new certifications and also re-design the whole website Stay tuned and keep coming to the site for it
13. What is your Comment about Security Kaizen Magazine? And what is needed to rank it as one of the best magazines in Information Security field in the world?
You have a fantastic magazine in place with a motivated team pushing it. I am sure that Security Kaizen will emerge as one of the better magazines in the world.
The most important task is to ensure that you create and publish new and relevant articles so that your readers look forward to every edition.
14. In your opinion, what are the top 5 magazines in the Security World?
Every magazine has its own merits and demerits. Having run a community website I know it takes a lot of effort to create something and put it in front of the world. In this spirit, I personally would like to encourage everyone rather than create a top 5 list
15. Which Security Conferences are you keen to attend every year?
Defcon for sure. I love the crew and friendly atmosphere at Brucon, SecurityZone and Hacktivity. These are definitely must-attends for me.
The author Vivek Ramachandran not only gave a Wireless Pentesting training at BruCON, but is also known for his work on wireless security.
Content:
The book has nine chapters starting with info how to build your lab, and what kind of hardware is required to more advanced attacks like Mis-Association, Caffe Latte, and breaking WPA-Enterprise.
I wouldn't compare this book to a standard book you read, because this book would be more a training manual teaching you some (basic) theory and then giving you lab exercises (or vice-versa). This is a great thing for geeks like me that remember by doing, and not by reading.
The disappointing bit was the lack of cryptographic theory. I think it is rather important to not only learn to use a tool with its command line options, but it's also important to know what the differences are between PTW and FMS attacks, and why it's possible to do ARP replays while the packets are encrypted. (Answer: because an ARP packet has a fixed length it can be recognized even being encrypted.)
As I am more experienced half of the book was a quick read, however the second half was a lot more pleasing as it taught me things I didn't know. (or forgot because of a lack of practice)
If you don't have experience with Wireless Cracking/Penetration Testing this book is definitely a must-read. I do advice however that you open Wikipedia and the site of Aircrack when reading trough WLAN Encryption Flaws (Chapter 4) to better understand the cryptographics.
BITCOIN RECOVERY IS REAL!!! ( MorrisGray830 At gmail Dot Com, is the man for the job ) This man is dedicated to his work and you can trust him more than yourself. I contacted him a year and a half Ago and he didn't succeed. when i got ripped of $491,000 worth of bitcoins by scammers, I tried several recovery programs with no success too. I kept on. And now after so much time Mr Morris Gray contacted me with a success, and the reward he took was small because obviously he is doing this because he wants to help persons like me who fell for crypto scam, and love his job. Of course he could have taken all the coins and not tell me , I was not syncing this wallet for a year, but he didn't. He is the MAN guys , He is! If you have been a victim of crypto scam before you can trust Morris Gray 10000000%. I thought there were no such good genuine guys anymore on earth, but Mr Morris Gray brought my trust to humanity again. GOD bless you sir...you can reach him via ( MORRIS GRAY 830 at Gmaill dot com ) or Whatsapp +1 (607)698-0239..
ReplyDelete