Search

What (Software) Industry Wants

Recently, I attended a meetup where Baishampayan Ghosh, of Helpshift spoke. BG, for those who do not know, designed ClearTrip’s flight interface, which I immediately fell in love with. He went on to found Helpshift, an In-App mobile customer support sdk. This has been installed in billions of devices, and his company is on its way to creating an unusual animal – a profitable Indian Unicorn. BG, of course is an outlier (in the same sense that if everyone followed Bruce Lees tips on training, he would still not be a Bruce Lee!). But his thoughts on the Indian Computer education system was telling. He said he dropped out of college for two years because nothing worthwhile was taught there, spent some time finding the curriculum of the best institutions in the world, got the relevant books, studied them himself, and then went and cleared exams as a formality. I am myself involved in a small way in technical education ( I guide a group of students), and my observations are grim too. The stated and actual aim of computer science education is to help people get gainful employment, yet there is no correspondence between what is required in industry and what is taught in academia. In industry, only a very small proportion of people are developers. You have development, research, project management, Business Analysts, Designers, UI, UX, devops, System administrators, DBAs, QA, cloud specialists, Data science specialists, AI and machine learning specialists. In college, we have Computer science, MCS, MCA. Msc courses. All of them teach similar things. QA is not taught, neither is UI, UX, system administration or many of the things mentioned above. This gap is filled by the NIITs and Aptechs (and increasingly, the Courseras, Udemys and Udacity’s) of the world. For too many years, in too many colleges – Computer science is still a theoretical subject, it is a science not a craft. So you have lots of tomes of all the prescribed textbooks, which students dutifully ingest, and as dutifully spew out on exam day, and pass out with flying colours – without knowing much about the art or craft of programming. Often, their first encounter with a programming exercise is at their workplace – with disastrous and predictable results. Most of the college passouts do not know basic operating system commands. They do not know how to keep their laptops in good shape. They do not know about processes, threads, sockets or memory allocation. They do not know about operating system paths, bashrc files, basic logging techniques, or debugging. They have never learnt to test the programs they have written, nor to write unit tests. Many of the students have a very fancy project on their CV. This could be on the Bluetooth protocol, steganography, the ant scheduling problem or some such. They can spew information on these areas without any doubt or uncertainty, but the same people are unable to write a small basic program. Rumours abound that many of these projects are purchased off the shelf, there is even a website where one can purchase college projects. It is a great site, with options to choose area (Ecommerce, system software, middleware, electronics etc). When will academia try to understand what Industry requires and provide that? When will they try to do what is best for their students and prepare them for a long and rewarding career? We do not require much, you know? Over the years, expectations from freshers have really reduced. We want someone who loves coding – this is the first prerequisite. We want someone who can communicate well enough to understand very quickly, what needs to be done. This need not be confused with a person with great language skills. On the contrary, technical requirements can be communicated and understood with very few words. We want someone who knows their operating system well. They should be able to navigate well throughout the system, know shortcuts for doing different things, understand what processor their laptop runs on, whether it is a 32 bit or 64 bit operating system, know how to ensure that disk space is available, defragment hard disks etc It would be great if they know their way around a shell – be it bash, or sh. They should be very comfortable with one editor or IDE They should write clean code and have knowledge of Basic OO principles, SOLID principles They should know enough to test their creations It would be desirable if they read up on software technology regularly. If they know the heroes of computer science – Ritchie, Stevens, Djikshtra etc Over the last decade and a half or so of Metadesign, I have seen a common thread amongst the best programmers that I have the privilege of working with. Most of them got a computer when they were in 6th to 9th standard, fell in love with coding, and started coding with small programs (basic perhaps), and then went to increasingly complex programs and systems. So one of my favorite interview questions is ‘When did you write your first line of code?”. If this brings a smile to their face, and sparks some memory of a computer being brought home, of writing that first line of code, and the joy thereof; then I know I am on to a good thing. So, it is a no brainer really – what universities should do to bring out more relevant programmers. First of all, they should create relevant courses. The single monolithic computer science course should give way to separate courses for development, research, Testing, system administration, UI, UX etc Admission should be granted based on aptitude and interest. General aptitude is not the same as programming aptitude, which is not the same as QA aptitude, UX aptitude or UI aptitude.There are significant differences in the wiring of a System administrators mind versus a programmers mind. Admission should be granted for people who are genuinely interested, not for those who are getting into it for the money. This is of course easier said than done. Curriculum should be devised with great care. A Business analyst need not be subjected to the rigors of computer science – perhaps she needs to know psychology, human nature, sociology, systems thinking, ethnology etc more than computer science. Colleges need to admit to the shocking truth that programming is an art/craft as well as a science. Tinkering laboratories need to be established. Students need more coding time than theory. Theory should supplement coding, rather than the other way round. Colleges should instill a love of software in kids. Currently, there is an atmosphere of terror and fear that is generated. Students are taught to fear deadlines, and failures. So kids end up having fun in non academic activities for most of the year (because of lack of interesting things to learn) and a brief period of abject terror in the last days before the exams. There should be a gentle curve. Start with some small things to do, easy wins. Gradually raise the bar till students are finally doing extremely complicated and theoretical things. NCST had a very nice curriculum, where coding, programming and algorithms were taught first, and then concepts like databases, graphics, networking and OOPs were taught. CDAC has a similar aim, but their courses while professing to teach the latest technology is heavily overloaded with theory, and too less practice. Technology coursses should leverage technology. There are innumerable online courses on MOOCs.The world’s best teachers have put videos online. Students should be informed about them and develop the habit of watching these. There should be regular online grading. There are many online graders available. They can be used to automate the task of verifying knowledge. Colleges should hold meetups and hackathons. They should become hubs of innovation, where people get together to create beautiful things, not weighed down by thoughts of commercialisation, money etc. Industry should help too. The best minds in industry should regularly spend time in colleges, educating, inspiring and learning. Worldwide, brick and mortar universities are losing relevance. Indian IT services industry with its focus on labour intensive billing is also losing relevance. Perhaps the two can get together to create something wonderful.

What (Software) Industry Wants

352
What (Software) Industry Wants

Recently, I attended a meetup where Baishampayan Ghosh, of Helpshift spoke. BG, for those who do not know, designed ClearTrip’s flight interface, which I immediately fell in love with. He went on to found Helpshift, an In-App mobile customer support sdk. This has been installed in billions of devices, and his company is on its way to creating an unusual animal – a profitable Indian Unicorn.

BG, of course is an outlier (in the same sense that if everyone followed Bruce Lees tips on training, he would still not be a Bruce Lee!). But his thoughts on the Indian Computer education system was telling. He said he dropped out of college for two years because nothing worthwhile was taught there, spent some time finding the curriculum of the best institutions in the world, got the relevant books, studied them himself, and then went and cleared exams as a formality.

I am myself involved in a small way in technical education ( I guide a group of students), and my observations are grim too.

The stated and actual aim of computer science education is to help people get gainful employment, yet there is no correspondence between what is required in industry and what is taught in academia.

In industry, only a very small proportion of people are developers. You have development, research, project management, Business Analysts, Designers, UI, UX, devops, System administrators, DBAs, QA, cloud specialists, Data science specialists, AI and machine learning specialists.

In college, we have Computer science, MCS, MCA. Msc courses. All of them teach similar things. QA is not taught, neither is UI, UX, system administration or many of the things mentioned above.

This gap is filled by the NIITs and Aptechs (and increasingly, the Courseras, Udemys and Udacity’s) of the world.

For too many years, in too many colleges – Computer science is still a theoretical subject, it is a science not a craft. So you have lots of tomes of all the prescribed textbooks, which students dutifully ingest, and as dutifully spew out on exam day, and pass out with flying colours – without knowing much about the art or craft of programming. Often, their first encounter with a programming exercise is at their workplace – with disastrous and predictable results.

Most of the college passouts do not know basic operating system commands. They do not know how to keep their laptops in good shape. They do not know about processes, threads, sockets or memory allocation. They do not know about operating system paths, bashrc files, basic logging techniques, or debugging.

They have never learnt to test the programs they have written, nor to write unit tests.

Many of the students have a very fancy project on their CV. This could be on the Bluetooth protocol, steganography, the ant scheduling problem or some such. They can spew information on these areas without any doubt or uncertainty, but the same people are unable to write a small basic program.

Rumours abound that many of these projects are purchased off the shelf, there is even a website where one can purchase college projects. It is a great site, with options to choose area (Ecommerce, system software, middleware, electronics etc).

When will academia try to understand what Industry requires and provide that? When will they try to do what is best for their students and prepare them for a long and rewarding career?

We do not require much, you know? Over the years, expectations from freshers have really reduced.

  • We want someone who loves coding – this is the first prerequisite.
  • We want someone who can communicate well enough to understand very quickly, what needs to be done. This need not be confused with a person with great language skills. On the contrary, technical requirements can be communicated and understood with very few words.
  • We want someone who knows their operating system well. They should be able to navigate well throughout the system, know shortcuts for doing different things, understand what processor their laptop runs on, whether it is a 32 bit or 64 bit operating system, know how to ensure that disk space is available, defragment hard disks etc
  • It would be great if they know their way around a shell – be it bash, or sh.
  • They should be very comfortable with one editor or IDE
  • They should write clean code and have knowledge of Basic OO principles, SOLID principles
  • They should know enough to test their creations

It would be desirable if they read up on software technology regularly. If they know the heroes of computer science – Ritchie, Stevens, Djikshtra etc

Over the last decade and a half or so of Metadesign, I have seen a common thread amongst the best programmers that I have the privilege of working with. Most of them got a computer when they were in 6th to 9th standard, fell in love with coding, and started coding with small programs (basic perhaps), and then went to increasingly complex programs and systems.

So one of my favorite interview questions is ‘When did you write your first line of code?”. If this brings a smile to their face, and sparks some memory of a computer being brought home, of writing that first line of code, and the joy thereof; then I know I am on to a good thing.

So, it is a no brainer really – what universities should do to bring out more relevant programmers.

First of all, they should create relevant courses. The single monolithic computer science course should give way to separate courses for development, research, Testing, system administration, UI, UX etc

Admission should be granted based on aptitude and interest. General aptitude is not the same as programming aptitude, which is not the same as QA aptitude, UX aptitude or UI aptitude.There are significant differences in the wiring of a System administrators mind versus a programmers mind.

Admission should be granted for people who are genuinely interested, not for those who are getting into it for the money. This is of course easier said than done.

Curriculum should be devised with great care. A Business analyst need not be subjected to the rigors of computer science – perhaps she needs to know psychology, human nature, sociology, systems thinking, ethnology etc more than computer science.

Colleges need to admit to the shocking truth that programming is an art/craft as well as a science. Tinkering laboratories need to be established. Students need more coding time than theory. Theory should supplement coding, rather than the other way round.

Colleges should instill a love of software in kids. Currently, there is an atmosphere of terror and fear that is generated. Students are taught to fear deadlines, and failures. So kids end up having fun in non academic activities for most of the year (because of lack of interesting things to learn) and a brief period of abject terror in the last days before the exams.

There should be a gentle curve. Start with some small things to do, easy wins. Gradually raise the bar till students are finally doing extremely complicated and theoretical things. NCST had a very nice curriculum, where coding, programming and algorithms were taught first, and then concepts like databases, graphics, networking and OOPs were taught. CDAC has a similar aim, but their courses while professing to teach the latest technology is heavily overloaded with theory, and too less practice.

Technology coursses should leverage technology. There are innumerable online courses on MOOCs.The world’s best teachers have put videos online. Students should be informed about them and develop the habit of watching these.

There should be regular online grading. There are many online graders available. They can be used to automate the task of verifying knowledge.

Colleges should hold meetups and hackathons. They should become hubs of innovation, where people get together to create beautiful things, not weighed down by thoughts of commercialisation, money etc.

Industry should help too. The best minds in industry should regularly spend time in colleges, educating, inspiring and learning.

Worldwide, brick and mortar universities are losing relevance. Indian IT services industry with its focus on labour intensive billing is also losing relevance. Perhaps the two can get together to create something wonderful.

pradeep

pradeep Ck

Blog Author

I am a software entrepreneur with an interest in creating software products that can change the world. I have two decades of experience - in the first, working in small and medium software product companies as a developer, and the second decade as an entrepreneur assisting similar product companies develop and maintain their products.I love working with smaller software product companies with pedigree, in assisting them build the right teams, conceptualize the right product, and choose the right technologies to bring it to fruition.Currently, I work as Founder of Metadesign Software.

Join the Discussion

Your email address will not be published. Required fields are marked *

Suggested Blogs

Evolution Of Technology, It’s Important To Life

Our conflicting views on whether technology is a boon or bane can be best described by inventor and best selling author Daniel H Wilson, when he says, “We humans have a love-hate relationship with our technology. We love each new advance and we hate how fast our world is changing”. The use of technology is what distinguishes us from other animals and this has been evident throughout history. For our evolution has been deeply linked with the evolution of technology. From discovering the technological potential of fire more than 250,000 years ago to developing watermills as a source of power in the medieval ages, technology today is so futuristic as would have been unimaginable just a few decades back. The industrial age’s greatest aspect was technology. New innovations and devices made life easier. Machines that seem mundane today like the levers, pulleys, wheel and axles, screws and wedges helped usher in an age of productivity. The industrial revolution was to an extent a worldwide phenomenon and this saw technology bringing in progress to the world as a whole. Steam engines, electricity, petroleum and other technological advancements had repercussions throughout society. Coal industry, textile industry, locomotive industry, chemical industry etc brought the world closer. Another important technological advancement was in the field of medicine. Advances in areas of anatomy and physiology enhanced life expectancy and reduced illnesses. By the end of 19th century, the importance of technology had been firmly established and it was clear that dependence on it would only grow. The 20th century saw a range of technologies that evoked both awe and fear in humankind. The airplane, rockets, electronics, antibiotics, and nuclear power managed to create a social situation that offered security but always had danger looming in the fringes. The use and abuse of natural resources brought about rapid growth and prosperity to countries but with such terrible side effects as pollution and depletion of resources. And as we go into the 21st century, technology has reached a whole different level. Communication as we knew it, has changed and has turned passive and more indirect. Pagers, desktop computers and telephones have now been replaced with laptops, tablets and smartphones. People would rather message each other on various platforms rather than talk face to face. In fact, there are almost as many cell phone subscriptions (6.8 billion) as there are people living on this planet (7 billion). By 2014 there were more than 3.8 billion email accounts and this number only keeps growing. Technology today has increased our independence. Need to know where you get the best cakes in town? Just search on the internet. Don’t know how to get to the new mall? Let your GPS take you. Even when it comes to medical care, we have become more self-reliant. The need for doctors to assess our primary health conditions has reduced dramatically with the availability of blood pressure and diabetes monitors. The greatest advantage is the creation of a boundary-less communication channel. Irrespective of your nationality, sex, race or religion, you can communicate with like-minded people from across the world. But as the old adage goes, too much of anything is not good. And this holds true for technology too. Increased use of cell phones and microwave ovens have been linked to diseases caused due to radiations. An over exposure to the virtual world has created a warped sense of reality for many. We have become so attuned to communicating via social media that any face to face communication seems awkward. Technology today does not require us to leave our house. One can work from home, shop from home and receive medical care at home. This has led to isolation, a lack of social skills and an inability to conduct ourselves in public. Technology can also be credited to the creation of a great number of couch potatoes. Video games, YouTube, and social media are robbing us of our exercise time. Depression, stress and poor sleep habits are increasingly becoming common medical occurrences. And of course, there is the question of privacy and security. With our entire life being online, our lives are being constantly snooped on. Your entire life history can be accessed by any stranger with a few entries on a website. Phishing, viruses, and hacking are the new forms of robbery which not only result in huge losses but also keep the perpetrator anonymous. Addiction, lack of empathy, more violence, development issues in children, lack of attention and many more issues have been associated with technology. But can we ignore the advantages that technology has offered and go back to the basics. Can we once again live like people did in the stone ages? That thought seems more far-fetched than anything else. The bottom line is—you cannot escape technology. So how you use it and how much you allow it to pervade your life is entirely in your hands. Whether you love it or hate it, technology is here to stay!
2057
Evolution Of Technology, It’s Important To Life

Our conflicting views on whether technology is a b... Read More

Top 10 Trending Courses in Information Technology for IT Aspirants

The best part to jump to the bandwagon of information technology or IT is, there is an enormous possibility for an individual if he or she starts studying a diploma or a degree, does either a master degree or a research course. He or she can get full-fledged engineering degree. We have listed down here in order of priority, top to down for a beginners to advanced level technical course that an IT aspirant look for. Java or J2E and Its Frameworks Java or J2EE is one of the most trusted, powerful and widely used technology by almost all the medium and big organizations around domains, like banking and insurance, life science, telecom, financial services, retail and much, much more. You have many things to learn in Java or J2EE, like the core part – J2SE, JSP, STRUTS, SPRING and/or HIBERNATE. This is one of the best and most advanced sophisticated applications. If you want to learn Java, you need to start from the ab initio to the advanced level step-by-step. There are many different frameworks as well as supporting technologies to learn for Java aspirants but the given things are must learn and highly demanding in current software market. CISCO Technologies Whether you are fascinated about learning network and switching technologies, then CISCO technologies would be your choice. You can learn CCNA, CCNP and more from CISCO academy. These types of certificates are global certifications. You will get global prospects after completing and learning these types of courses. If you are not coming from engineering backgrounds, then also you can learn CCNA or CCNP, or both. Then you need to take some ad hoc classes for non-engineering students. The great number of fresher and experienced candidate, these days, are pursuing networking courses, if you are one of them, then CISCO technologies can be your choice. A majority of CISCO institutes want degree – graduation in any discipline. SAS – Statistical Analysis System SAS is a popular course. This can be your career as SAS consultant that many medium and large organizations looking for fresher and experienced SAS qualified candidates. This is nothing but a data analytics course that can give you global exposure. The demand for SAS – data analytics is growing day-by-day and the business intelligence domain has emerged one of the most trusted and lucrative option for science graduate. These days, SAS is a’ la mode for fresher and experienced science graduate. It is an integrated system of software products that help to perform critical data-entry, data-retrieval, data-management, data-mining, report writing and graphics. DBA – MySQL – SQL Server In this highly competitive as well as dynamic Software/IT industry, there is one course the one course, which is very popular and can give you stable career is, DBA. This is a course or an ad hoc for students who are interested in learning MySQL and SQL server and like to create, manage as well as maintain the huge data files and other database flavors available in the market. DBA can be your best bet for career-oriented course, when you will be conversant with database with other supporting technologies; you can easily and quickly learn MySQL and DB2 in a much shorter period. The demand for DBA courses are increasing day-by-day and the demand shows the popular it is and the effective career you get after completing these technologies. Microsoft Technologies Microsoft technologies are high in popularity these days. You can be a database developer or a MS technology developer after passing one or multiple certifications, like MCSE, MCAD, MCSD, MCDST, MCDBA, MCAS and others. For enterprise and application development MCITP is one of the best for beginners and advanced level developers. Albeit, this type of certification is not at all a programming certification, but a system maintenance kind of, but have good future prospect. Cloud Computing Today’s biggest buzz in all small, medium and large IT town is all about cloud computing. You must use Google, Amazon etc. some of the big gun of cloud technology. If you are thinking of pursuing a course that can set your future-career in cloud computing, then IaaS, PaaS, SaaS, DaaS etc. would be learnt alpha and omega of cloud computing.
2915
Top 10 Trending Courses in Information Technology ...

The best part to jump to the bandwagon of informat... Read More

Learn Ethical Hacking From Scratch

Despite the appealing title, ethical hacking or in more technical terms, “Penetration Testing” is not something you can master by reading an article or doing a crash course. There is much more to ethical hacking! In this article, we would have a look at what hacking is, the different types of hackers, steps involved in a hacking or penetration testing activity including common tools and techniques, how the industry looks at ethical hacking and the common certifications related to hacking. Before we jump into the details, let us understand what a vulnerability is, because we would be using this term again and again. Vulnerability is any loophole or a weakness in the system that could be exploited by a hacker. What is hacking and ethical hacking? To understand hacking, let us first understand what a hacker does. Whenever we think of a hacker, we imagine a guy with a hood, sitting in a dark room, having multiple computer screens in front of him and typing something at a blazing speed! We hate to burst your bubble, but most hackers do not fit that preconceived stereotype! A computer hacker is a person with deep domain expertise in computer systems, who is well versed in various methods of overcoming defense mechanisms by exploiting vulnerabilities in a computer system or network. A hacker could be financially or politically motivated or could be working with an organization to help them strengthen their infrastructure. Hacking refers to the activities that can overpower/derail the security mechanisms of digital devices like computers, smartphones, tablets, and even entire networks. It exploits the vulnerabilities present in the system or network to gain unauthorized access to confidential information. Hacking could be for personal benefit or with malicious intent. However, in ethical hacking, the hacker exploits the vulnerability, gains access to the data, but never alters, deletes or uses it for personal or professional gain. The hacker, in this case, will disclose the vulnerability to the owner of the system with a “Proof of Concept” (PoC) and request the owner to get the vulnerability remediated. Generally, ethical hackers have explicit permission to exploit the target from the owner. Who are the different types of hackers? Hackers can be generally categorized into three types based on the kind of work they do and the intent behind their hacking. Black Hat Hackers – These are hackers who attempt to bypass security mechanisms to gain unauthorized access with a malicious intent. Generally, these hackers work with the intent of financial gain and/or causing damage to the target. They may be individuals, self-motivated groups (also known as hacktivists who aim to bring political or social change) or politically motivated groups (state sponsored hackers). White Hat Hackers – These are professionals generally working with or for a company to help strengthen its digital security systems. The white hat hacker has explicit permission from the system or the information owner to attack the system. The intent here is to fix potential vulnerabilities before the black hat hackers could exploit them. Grey Hat Hackers – These individuals operate either as   white hat hackers or black hat hackers, hence the nomenclature. What are the steps involved in hacking? Let us take a deeper dive into ethical hacking and understand the steps involved. Throughout this section, we will look at the steps involved in ethical hacking, and some commonly used tools and techniques which hackers generally use. To illustrate our explanation, let us assume an attacker, Mr. X is targeting an organization TaxiCompany Inc. 1. Reconnaissance or Foot-printing – As per the Oxford dictionary, reconnaissance means, “the activity of getting information about an area for military purposes, using soldiers, planes, etc.”. Similarly, in hacking, reconnaissance means gathering information about your target. This information includes IP address ranges, Network, DNS Records, Websites, or people working with the organization. So, in this step, Mr. X would try to find the details of the key people working for TaxiCompany Inc., its website, etc. Reconnaissance could be active or passive in nature. In active foot printing, Mr. X would directly be scanning the network of TaxiCompany, or its websites using various tools. In passive foot printing, the Mr. X would not directly interact with any infrastructure or person. He would rather look at publicly available information from social media, public websites, etc. Commonly used tools/techniques for reconnaissance:  Who Is: Who is lookup tells you details about the website, the owner, contact number of the owner, and the address where the website is registered? You can simply visit who.is and enter the domain you wish to search for. NMAP: NMAP or the Network Map is a tool widely used for recon and scanning. Hackers can use this tool to find details like IP range, active hosts, open ports, etc. A simple command is nmap to find active hosts is “nmap -sn 192.168.1.1-100”. This command will find all active hosts in the provided IP range. Social Engineering: This is a technique, whereby the attacker engages directly or indirectly with the staff of the target organization and manipulates them psychologically to reveal confidential information. Some other tools which are used for footprinting include social media sites, Nessus, Acunetix, lullar.com 2. Scanning – Once Mr. X has some basic information about the TaxiCompany, he would start to collect in-depth information which could help him penetrate the network and access confidential information. Mr. X is most likely to use port scanners, sweepers and vulnerability scanners of different types. Mr. X could now be targeting the website or the network of the organization. For websites, using scanners like Nessus and Acunetix could give loads of information about the server where the website is hosted, open ports, server version, hosting platform, etc. In case of a network, network mapping and scanning tools will help Mr. X understand the active hosts, services (ports) running on them and with some intense scans, the OS running on the active hosts and even the vulnerabilities present! Kali Linux is a distribution of Linux operating system which is widely used by hackers around the globe for hacking and penetration testing. It contains almost every tool one would need for various steps of hacking. NMAP, wireshark, ncap, metasploit, etc. are pre-loaded in Kali Linux. Now based on the information gathered in the scanning phase, Mr. X can now easily look for vulnerabilities in the OS or the hardware using databases like NVD or CVE. Commonly used tools/techniques for scanning: Apart from NMAP, the below tools are used to perform vulnerability scanning: Nessus: The most famous vulnerability scanner from Tenable, it has 100s of plugins which allows you to make sure all vulnerabilities and misconfigurations are identified. Acunetix: Acunetix is known for its features and capabilities for web application scanning. 3. Gaining Access – Now Mr. X knows the network, active hosts, services running, details of the operating system and the vulnerabilities present. Next, Mr. X would gain access to the assets of TaxiCompany. Mr. X now has several options to penetrate the network. He can send a “Phishing Mail” to some key people (contacted using social engineering) and trick them into clicking a malicious link (and seek username and password). Alternately, he could try tricking them into downloading a malicious attachment and installing a keylogger to get all the keystrokes. This is a fairly easy task. There are certain fake-mailers like zmail or emkei.cz which allow you to send email to anyone using any email ID as the source email. Emkei is a very popular and useful tool for sending fake email and running phishing campaigns. One can design a mail looking exactly like the original one from the same email ID and trick someone into clicking or downloading something. Designing a phishing page or creating a malicious file is also possible using “Metasploit”. Metasploit allows you to create an exploit and using msfvenom (or any similar tool) you can attach this exploit to an innocent looking pdf or excel file! Once the target user inside TaxiCompany opens this attachment, Mr. X gets the meterpreter shell and can now access almost everything on the target machine. Mr. X has now successfully gained the access of a system within TaxiCompany. Now he is free to navigate the system and the network to get the information he is looking for or infect more devices! Commonly used tools/techniques for gaining access: Kali Linux: A fully loaded operating system with all the tools starting from wireshark to Metasploit to burp suite, it contains everything! Phishing: A technique where the users are lured into clicking or downloading something on their computers. It is also possible by phone calls; a common example is fraudsters pretending to be from Bank and asking card details and OTP. 4. Maintaining Access – Once Mr. X has gained access; he would probably like to secure that access or create another one to ensure that he has a persistent access to that machine. This could be done by using Trojans, Rootkits and backdoors. This is generally done to ensure that more information could be gained or to launch attacks using this machine. In a case where attacker controls a machine and uses it to launch further attacks, the machine is said to be a bot. An attacker uses several of these bots, called ‘botnet’, to launch attacks such as Distributed Denial of Service (DDoS) wherein thousands of requests are sent to a server at a time, potentially consuming all the bandwidth and forcing the legitimate traffic to drop. 5. Covering Tracks – Now Mr. X has the access to the TaxiCompany’s confidential information and one of the computer systems. He now wants to make sure that he is not caught! This is generally done by corrupting or deleting the logs. While this is done at the end, some precautions need to be taken from the onset, such as using a Virtual Private Network or a VPN. VPN is a tool which encrypts any data between the source and the destination, hence making it very difficult to intercept the data. Also, VPN ensures that your actual public IP address is not visible to the target. There is always a dummy IP address which is visible to the target. So even if someone gets to know the IP of the attacker, that would actually be only the IP address of the VPN service provider! Some common free VPN tools are Hide my Ass, Nord VPN and Express VPN. How does the industry view ethical hacking? Ethical hacking is not only about CTF, HTB and bug bounties. It is much more than that. These days every company hires ethical hackers to make sure that their network, applications and data are secure from cyberattacks. Penetration testers are highly paid within an organization and they play a key role in identifying the security vulnerabilities and helping to fix them. There are various sub domains for ethical hacking which include mobile security, web application security, network penetration testing, API security and system security. Certifications related to ethical hacking If you want to pursue a career in Cyber Security, or to be more precise, in ethical hacking, having a credential is helpful. It affirms your prowess in cyber security and gives you an edge over your counterparts during the hiring process. Below are a few certifications in the field of ethical hacking that are globally acknowledged: EC-Council Certified Ethical Hacker (CEH) – The CEH, or Certified Ethical Hacker credential is the number one certification that any aspiring ethical hacker should aspire towards. The most common certification in the field of cyber security, it provides in-depth working knowledge about ethical hacking and the concepts related to it. CompTIA Security+  –  A little less technical than the CEH, CompTIA Security+ aims at imparting fundamental knowledge of security concepts and offers less focus on practical, hands-on skills. Offensive Security’s OSCP – One of the toughest and most reputed certifications in this sector that necessitates passing a 24-hour exam, it aims to test your skill set and understanding of cyber security. KnowledgeHut offers in-depth training that can help you to prep for these sought-after certification exams. Get guidance from the experts—click here to explore ways to crack these exams at your very first attempt!  
7413
Learn Ethical Hacking From Scratch

Despite the appealing title, ethical hacking or... Read More

Useful links