Rahul Sasi (@fb1h2s) is the Founder of Machine learning based cloud security company CloudSek. He was an Admin member for Garage4hackers.com. He is ePrior to founding CloudSek he was a Sr Engineer at Citrix where he held the responsibility of making Citrix products hack proof. He started his career as a Security Researcher at iSight [currently FireEye]. People who know Sasi describe him as an eclectic and very talented hacker, his skills are impressive such his ability to transfer the knowledge. I decided to meet him for an interview.
Hi Rauhl, You are one of the most talented hackers, could you tell me what is your technical background and when you started hacking?
I personally don’t think I am a talented hacker, there are way too many folks ahead of me who deserve that title. But I am definitely ambitious and hardworking.
I was always interested in computers and security basically from movies but never had the opportunity to get involved, up until I got my first computer in my second year of college in 2008. While In college, I spent most of my time getting involved with various hacking communities building open source tools and learning what I wanted to learn. I was very passionate learning new things, but college was not helping me much, so I dropped out and went working as a Security Consultant. So everything I learned was over the Internet and professional experience.
What was your greatest hacking challenge?
It was very challenging to do the Cable TV [DVB-C] security research . Mainly because the infrastructure and resources needed to perform the research was not easily available. I managed to tie up with a cable TV operator 400 miles away from home.
The deal was to perform free security audits for them and in return I get to publish my findings. I setup a lab there and spent my weekends traveling to this facility for research. I continued this routine for almost 7 months.
What are the 4 tools that can not be missed in the hacker’s arsenal and why?
Tools I use the most are debuggers [Windbg and Ollydbg] , Burpsuite , Decompilers [JD-UI] and Wireshark.
Which are the most interesting hacking communities on the web today?
I will talk about those from India. We have both e-learning and offline communities.
Garage4hackers.com is one of the top communities focused on e-learning . G4H is quite popular for their webcast series [ http://www.garage4hackers.com/ranchoddas/ ], forums and charity initiatives.
Among offline communities the most popular is Null [https://null.co.in/] that conducts monthly security meets and free security trainings in 13 chapters in 4 different countries. Then we have securityxploded.com , a bunch of amazing folks dedicated to providing free education in Reverse engineering and malware analysis. And then we have www.is-ra.org and ClubHack doing their share of work via free magazines and security events .
Which is the industry (healthcare, automotive, telecommunication, banking, and so on) most exposed to cyber attacks and why?
The security of Banking and Telecommunication was always a concern, but their slow adaptation to newer technologies put them in a better position. Whereas on the other side we have healthcare and automotives making bold moves in the form of IOTs, Cloud and self driving cars. So the focus and importance would be on these two sectors.
What scares you more in the internet?
I fear those hackers who have a lot of free time and a good internet connection.
Rahul Sasi aka Fb1h2s
Info Security Researcher
(Security Affairs – Rahul Sasi, hacking)