Papers Written

Malware 101: Viruses
Published: April, 2008
Location: SANS Reading Room

This paper provides new insights into establishing Incident Handling procedures for dealing with various types of malware. It also aims to give a detailed perspective into the various types of malware or malicious software and their propagation mechanisms. Malware needs to be handled in a certain way depending on its type and to do that, the different malware types and their handling procedures need to be understood. A clear handling procedure will help security personnel to quickly and efficiently handle the malware threat and reduce the impact/business disruption to the corporate users.

Securing Home Computers
Published: draft-not published

This paper is part of a community effort to help home users and students secure their personal computers. Due to lack of security awareness, a large number of users face multiple risks including virus infection, hacking, phishing, social engineering, identity theft and various other attacks. Well known security software (ones that are commonly advertised) that can protect the computers usually require some financial investment (before use and mostly have yearly recurring license cost) and certain amount of technical proficiency to use the software for protecting the system. Many users either aren't aware or may not be able to afford (students) investing in various security products. This makes them an easy target for cyber criminals and usually ends up as victims of identity theft and fraud. This paper tries to make the user aware about why and how he/she needs to protect the system they are using. It discusses methods to protect the system using freely available software and create a minimum security baseline. A brief introduction about the basic technologies involved is discussed followed by the construction of a secure network using the technologies discussed. It is concluded by giving some of the best practices that a user having personal computer(s) can follow to stay safe online and be a responsible computer user.

  Presentations Given

Introducing Opabinia
Place: Security B-Sides London

A short presentation about SSLAuditor (v4.0). It discusses about the various checks that are performed and the report generated.

Cryptography 101
Place: NCC Group Internal

In this presentation, the focus is cryptography which is the basis for the various security solutions in use. We will be looking at block ciphers, stream ciphers and the ciphers used in asymmetric cryptography including elliptical curve cryptography. We will then look at hash functions and MAC. The presentation ends with a description of digital signatures and envelopes.

PKI 201 - Key Management
Place: NCC Group Internal

In this presentation, the focus is on key management. We will be looking at the different types of keys, key life cycle and transitions and the X509 certificate format.

PKI 202 - Architecture Models and CRLs
Place: NCC Group Internal

In this presentation, the focus is on architecture models and revocation types. We will be looking at the various trust models that exist and the different revocation methods that are in use.


Web Application
v1.0 [2012 Nov]
WebApps Template Thumb
Infrastructure (External)
v1.0 [2013 Apr]
Infrastructure Template Thumb
v1.0 [2013 Apr]
Wireless Template Thumb