Danish Tariq is a young Ethical Hacker from Pakistan and living in KSA. At the moment he is studying ICS (Intermediate of Computer Sciences – Part 1), Danish is a security researcher, and he got a lot of knowledge about Hacking in early age. He loves bug hunting in web applications but now days he is not getting time for it, about 18 months ago he was a Black hat hacker (doing illegal acts) but at that time he was just a learner and learned many things from my Black hat hacker Brothers and Now his doing very well and he has helped many international companies in securing their websites and other securities issues. In this interview he is sharing his knowledge and experience, so others may learn the positive use of Hacking. I am so much grateful to Danish Tariq for giving me time to interview him.
Q: Please tell about yourself? What are your hobbies and interests and how did you started hacking?
Ans: Currently I am living in Makkah. I am living here for 14 years. I have done Matriculation level from “Al Fadhl International School and College” and studying ICS in “Pakistan International School Jeddah”. My hobbies are listening to Bohemia, Lil Wayne and also love Zombie Movies. I was a black hat hacker then I met with two great security Researcher Noman Ramzan Bhai and Sir Rafay Baloch, they guided me to leave illegal Stuff like Defacing etc. and join White Hat hackers (Security researchers) community. I never faced any kind of big difficulty due to hacking in my life.
But to be frank I did not have any certificate related to Ethical hacking but I am acknowledged by some High profiles web sites security team. I have found serious vulnerabilities in high profile websites (and also contacted with Websites security responsible team to assist them in securing these backdoors) Microsoft, Apple, Oracle, Adobe, Viadeo, Honeydocs, Gittip, Schuberg, Getcloudapp, Opera, 4shared, Braintree, Slideshare, Cisco and so on. About 5 months ago, a well known company Slideshare (Top 122’th website worldwide) offered me a job as Website security analyst but I had to reject it.
I did not only earn name and respect in Ethical hacking, I also got respected in Black Hat Hackers world too, and I am respected in Madleets forums too as a security researcher. (Yes you are right Madleets team who where behind the Security breach of Google Kenya and Burundi some days back) anyways I am not affiliated with any of illegal acts by them.
Danish’s news Published:
The credit of this starting Goes to my Brother “Abdulrehman Khan” for always encouraging me.
Q: How much time you took to learn hacking? What is the most import benefit of hacking? Did you disturb your friends after becoming a Hacker?
Ans: No one can say that he had learnt Hacking anyway, I am still a learner and will remain learner and this is my advice to all my friends out there, never say that you know everything about something, because knowledge is increasing day by day. Most Import benefit of hacking is Respect. Anyway I hate disturbing someone.
Q: How long have you been blogging? How often do you blog & Share your philosophy of Blogging?
Ans: About 8 months ago I was a blogger and I helped many peoples to join this field, I guided many newbie, I have a Facebook group with about 130,000+ members. I had leaved blogging to discover hacking, bug hunting etc but know I am thinking again to start some Cyber crime news portal soon. I was the creator of online hacking teaching blog with about 12,000+ visitors and about Alexa Rank of 120,000+.
Q: What is Ethical Hacking? From where, we can get Ethical Hacking Training? Where to contact for its certification?
Ans: We can define “Ethical hacking” as the type of Hacking in which hacking is performed to help a company or individual to identify Security threats on computer or we can say on network. An Ethical hacker then Attempts to find some Weak points in Systems/networks security that could be exploited by other hackers and then Ethical hacker will help that Organization or Individual to Patch the vulnerabilities. There are a lot of Institutions to get Ethical hacking training like Mile2, EC-council, If anyone of you want to become certified Hacker (want training) I will suggest you to choose Mile2 courses because Ec-council (CEH) got outdated stuff to teach, Mile2 training centers are available in All our the world (three training centers are also available in Pakistan) more information at http://mile2.com/authorized-training-partners.html Best of luck to those who are going to take a step.
Q: What software are required to prevent our computer from hackers?
Ans: First of all we need a Brain and knowledge to prevent ourselves from Hackers, if someone is Brain-less software can’t do anything, haha. Anyways come to topic, software required are Antivirus and Antispyware. Optional for safety: Secure file erasers like ultra shredder and CCleaner.
UltraShredder is a standalone, USB portable file shredder which deletes sensitive files by overwriting them with random characters, saving it to disk each time, and then bypasses the recycle bin, thus acting as your personal, portable file shredder. If the file were to be recovered by a data recovery program, they would only be able to see unintelligible characters on disk where the file used to be. The program is a great tool to destroy sensitive data, and is very small with a minute memory footprint, and makes no changes to your system whatsoever.
Q: Which is the best Anti-Virus, Anti-Malware & Anti-Spyware?
Ans: If you really want to Spend money on Cyber safety you Should Use Bit Defender Antivirus Plus,
or if you want me to suggest some free tools to remain secure then you can get what you want, free of cost, use Avira or Avast Antivirus (along with ZoneAlarm firewall).
Q: What is SQL injection hacking? How to be secure from it? Please suggest some tips for web masters to protect their websites from hackers?
Ans: SQL INJECTION is web attack method used by Hackers to read the sensitive data/information from DB(database) by successfully injecting SQL query via input data to web application. SQL INJECTION security hole is the result of improper coding of web site. To webmasters, if you want to remain secure from this type of attacks you must avoid constructing SQL queries with user input and try some web application firewall too. None of the website is 100% secure but there are some tips, by following them we can protect our website from hackers.
– If you are using third party content management software (like WordPress, Joomla etc) you should always apply security patches and updates released for that CMS as soon as possible to prevent security breaches.
– SQL Injection is well known hacking method in which attacker can get access to database or can manipulate your database basic step to prevent this type of security flaws parameterized queries are used by web masters.
– Webmasters should always store Password of users in encrypted form with using 1 way hashing algorithm for example “sha1”
– File uploading feature in your website can be great potential security vulnerability. Attackers can upload files which contain malicious executable script and can cause security breach to prevent these types of attacks webmaster should not rely on default file permissions settings and upload forms.
– Using SSL certificate is also recommended
I also recommend that after all these security checks webmaster should also use one automated website scanner like “Acunetix” which automatically scan website for known security flaws.
Q: Which keyloggers are used for Hacking? Please tell something about phishing, Dictionary Attack, Brute force Attack, Hybrid Attack?
Ans: Keyloggers are not only created for illegal purposes there are different types of Keyloggers and Million types of varieties are available today online. Anyways Remote keyloggers are used for purpose, about which you are talking.
Phishing is similar to fishing but instead of trying to catch fishes, phishing is used to steal victim’s personal data, in short, Phishing is the way of hacking in which attacker tries to trick victims into providing personal information.
Brute Force is one of the well-known methods of password hacking, in brute-forcing there is one tool which combines English dictionary words with thousands of varying combination. Brute-force attack always starts from a>aa>aaa and full words too like kit>kitten>kitty etc. brute force attack can create up to 50 attempts per minute to login.
In dictionary attack there is a list which is mostly called word-list it contains “words having possibility to succeed” but unlike Brute force Dictionary attacks are less likely to be succeeded.
We can say that hybrid attack is somehow modern type of method of password hacking, hybrid attack is based on dictionary attack, in hybrid attack numerals and symbols are added to dictionary words to make attack more successful
Example of hybrid : one dictionary word “Password” will be tried as “password1111” , “password1234” , “password0383” etc.
Q: Which common tools are used for hacking password? Can we hack someone’s computer files?
Ans: You are asking about tools then Keyloggers, RATS, Brute-forcers etc are used to do this job. Yes of-course. Hacking is not only done from computer. Smartphone can be used for exploiting and can be exploited.
How was your experience with companies you have reported security issues to?
Ans: Experience with all of them was alright but Adobe Security team is laziest team they take centuries to patch the security vulnerabilities in their sites, this is reason why Adobe was account about month ago and about 38 million sensitive data was compromised including Credit cards. I found a big security flaw on the website of Microsoft. I contacted the concerned Team but first time they didn’t understood how a hacker could degrade their website and harm their visitors then I created a detailed document and gave them briefing about how to overcome this security hole. Mr. Noman Ramzan Certified Security Researcher of Pakistan also cooperated in this project.
Please tell some about Hacking Competitions?
Ans: Hacking competitions/contests are Contests in which contestants (hackers) are challenged to exploit widely used Web applications or software for example CanSecWest contests (pwn2own)
Q: Which is the memorable event/day in your life?
Ans: I had many memorable days in my life but the most important one was the day when I just stepped in Ethical hacking and the day when I got 74 out of 75 marks in Physics exams (SSC-1).
Q: What are your plans for continuing your professional growth? How well you succeeded in your goals?
Ans: My plans…. nothing yet, my goals are too much higher from where I am and I will there soon (inshALLAH). This quote says it all
No matter how many goals you have achieved, you must set your sights on a higher one.