Aditya K Sood (Ph.D.) is a cybersecurity advisor, practitioner, researcher, and consultant. With the experience of more than 13 years, he provides strategic leadership in the field of information security covering products and infrastructure. He is well experienced in propelling businesses by making security a salable business trait. Dr. Sood is well versed in designing algorithms by harnessing security intelligence and data science. During his career, he has worked with cross functional teams, management and customers thereby providing them with the best of the breed information security experience. Dr. Sood has research interests in cloud security, IoT security, malware automation and analysis, application security, and secure software design. He has worked on a number of projects pertaining to product/appliance security, networks, mobile, and web applications while serving Fortune 500 clients for IOActive, KPMG and others. He has authored several papers for various magazines and journals including IEEE, Elsevier, Crosstalk, ISACA, Virus Bulletin, and Usenix. His work has been featured in several media outlets including Associated Press, Fox News, The Register, Guardian, Business Insider, CBC, and others. He has been an active speaker at industry conferences and presented at Blackhat, DEFCON, HackInTheBox, RSA, Virus Bulletin, OWASP, and many others. Dr. Sood obtained his Ph.D. from Michigan State University in Computer Sciences. Dr. Sood is also an author of "Targeted Cyber Attacks" a book published by Syngress.
He held positions such as Senior Director of Threat Research and Security Strategy, Head (Director) of Cloud Security, Chief Architect of Cloud Threat Labs, Lead Architect and Researcher, Senior Consultant, and others while working for companies such as F5 Networks, Symantec, Blue Coat, Elastica, IOActive, Coseinc, and KPMG.
Mercury Learning • April 2021
This book is designed for security and risk assessment professionals, DevOps engineers, penetration testers, cloud security engineers, and cloud software developers who are interested in learning practical approaches to cloud security. It covers practical strategies for assessing the security and privacy of your cloud infrastructure and applications and shows how to make your cloud infrastructure secure to combat threats, attacks, and prevent data breaches. The chapters are designed with a granular framework, starting with the security concepts, followed by hand-on assessment techniques based on real-world studies, and concluding with recommendations including best practices.More details can be found here: https://empirical-cloudsecurity.adityaksood.com/
Syngress• April 2014
Cyber-crime increasingly impacts both the online and offline world, and targeted attacks play a significant role in disrupting services in both. Targeted Cyber Attacks examines real-world examples of directed attacks and provides insight into what techniques and resources are used to stage these attacks so that you can counter them more effectively.
Syngress published this book (ISBN-10: 0128006048 | ISBN-13: 978-0128006047) and it is available at : Amazon, Elsevier Store, Barnes and Nobles and others. Third-party reviews about the book is available at : Help Net Security and RSA Conference Blog. Search Security Techtarget has displayed a one chapter of the book here : Bookshelf. The book is also hosted in the Toronto Public Library. The book is also available through Google Play.
Chinese transaltion is available at Amazon Bookstore.
".the book works its way through how attacks are planned and executed, following by a description of protective measures and concluding with a bit of myth-busting in order to leave readers with a clear and accurate picture of what the threat really means for them.you get a very sharp sense of how and why these attacks are possible."Network Security
"The most complete text in targeted cyber attacks to date. Dr. Sood and Dr. Enbody are able to present the topic in an easy to read format that introduces the reader into the basics of targeted cyber attacks, how the attackers gather information about their target, what strategies are used to compromise a system, and how information is being exfiltrated out from the target systems. The book then concludes on how to build multi-layer defenses to protect against cyber attacks. In other words, the book describes the problem and presents a solution. If you are new to targeted attacks or a seasoned professional who wants to sharpen his or her skills, then this book is for you."Christopher Elisan, Principal Malware Scientist, RSA -The Division of EMC
"Sood and Enbody have taken a systematic, step by step approach to break down a pretty complex topic into bite-sized chunks that are easily digestible. They cover everything from the basics and 'need to know' of targeted attacks to the more advanced insights into the world of exploit packs, attack techniques and more."Dhillon Andrew Kannabhiran, Founder/Chief Executive Officer, Hack In The Box
"Targeted Cyber Attacks is by far the perfect manual to dive into the dark borders of cybercrime. The book thoroughly describes the model and the mechanisms used by criminals to achieve the cyber attack to exfiltrate information or steal money. From a pen-tester’s perspective, the ethical hackers will certainly find the fundamental factors to prepare a better approach to conduct high level penetration testing. Aditya and Richard deliver the secrets used by cyber-criminals to get inside the most secured companies. I learned a lot from this stunning publication authored by a BlackHat Arsenal Jedi."Nabil Ouchn, Founder of ToolsWatch.org and Organizer of BlackHat Arsenal
A number of vulnerabilities have been disclosed under the hood of "Responsible Disclosure" and cannot be disclosed due to business and legal constraints. A number of disclosed vulnerabilities are listed below but not limited to:
Reported many vulnerabilities to vendors as a part of bug bounties (entirely fun). The list of vendors are presented below but are not limited to:
Hacking Botnet Command and Control PanelsConference Talk
Dissecting the Design of SCADA Web HMIs: Hunting VulnerabilitiesConference Talk
Hacking Botnets Die Hard: Owned and OperatedConference Talk
The Government Can See EVERYTHING?! - Fact or FictionalConference Talk
Scammers taking advantage of Gmail, Google Drive users’ trustConference Talk
The Realm of 3rd Generation Botnet Attacks.Conference Talk
Advancements in Botnet Attacks.Conference Talk
Mangling with Botnets.Conference Talk
Education is what remains after one has forgotten what one has learned in school.Albert Einstein.
Gibbs' Rule #35: Always watch the watchers.Season 8, Episode 22 - Baltimore.
I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We’ve created life in our own image..Stephen Hawking.
Ability is what you're capable of doing. Motivation determines what you do. Attitude determines how well you do it.Lou Holtz