About Aditya

Aditya K Sood (Ph.D) is a cyber security advisor, practitioner, researcher and consultant. With an experience of more than 11 years, he provides strategic leadership in the field of information security covering products and infrastructure. He is well experienced in propelling the businesses by making security a salable business trait. He directs the development and implementation of application security policies, procedures and guidelines to ensure that businesses are managed without security risks and security efforts are deployed inline with business strategies. He works effectively with cross-functional teams to execute information security plans including compliance, risk, secure development, security assessments including penetration testing and vulnerability assessment, and threat modeling. In addition, he is also well versed in designing algorithms by harnessing the security intelligence and data science. During his career, he has worked directly with management and customers thereby providing them with the best of the breed information security experience.

Dr. Sood has research interests in cloud security, IOT security, malware automation and analysis, application security and secure software design. He has worked on a number of projects pertaining to product/appliance security, networks, mobile and web applications while serving Fortune 500 clients for IOActive, KPMG and others. He is also a founder of SecNiche Security Labs, an independent web portal for sharing research with security community. He has authored several papers for various magazines and journals including IEEE, Elsevier, CrossTalk, ISACA, Virus Bulletin, and Usenix. His work has been featured in several media outlets including Associated Press, Fox News, The Register, Guardian, Business Insider, CBC and others. He has been an active speaker at industry conferences and presented at BlackHat, DEFCON, HackInTheBox, RSA, Virus Bulletin, OWASP and many others. Dr. Sood obtained his Ph.D from Michigan State University in Computer Sciences. Dr. Sood is also an author of "Targeted Cyber Attacks"​ book published by Syngress. He also sits on the review board of "CrossTalk - Journal of Defense Engineering", a publication sponsored by Department of Homeland Security (DHS) and NavAir.

Professional Experience

He held positions such as Director of Cloud Security, Chief Architect of Cloud Threat Labs, Lead Researcher, Senior Consultant and others while working for companies such as Symantec, Blue Coat, Elastica, IOActive, Coseinc, and KPMG.

Books

Targeted Cyber Attacks

Syngress April 2014

Cyber-crime increasingly impacts both the online and offline world, and targeted attacks play a significant role in disrupting services in both. Targeted Cyber Attacks examines real-world examples of directed attacks and provides insight into what techniques and resources are used to stage these attacks so that you can counter them more effectively.

Syngress published this book (ISBN-10: 0128006048 | ISBN-13: 978-0128006047) and it is available at : Amazon, Elsevier Store, Barnes and Nobles and others. Third-party reviews about the book is available at : Help Net Security and RSA Conference Blog. Search Security Techtarget has displayed a one chapter of the book here : Bookshelf. The book is also hosted in the Toronto Public Library. The book is also available through Google Play.

Chinese transaltion is available at Amazon Bookstore.

Reviews

  • ".the book works its way through how attacks are planned and executed, following by a description of protective measures and concluding with a bit of myth-busting in order to leave readers with a clear and accurate picture of what the threat really means for them.you get a very sharp sense of how and why these attacks are possible."

    Network Security
  • "The most complete text in targeted cyber attacks to date. Dr. Sood and Dr. Enbody are able to present the topic in an easy to read format that introduces the reader into the basics of targeted cyber attacks, how the attackers gather information about their target, what strategies are used to compromise a system, and how information is being exfiltrated out from the target systems. The book then concludes on how to build multi-layer defenses to protect against cyber attacks. In other words, the book describes the problem and presents a solution. If you are new to targeted attacks or a seasoned professional who wants to sharpen his or her skills, then this book is for you."

    Christopher Elisan, Principal Malware Scientist, RSA -The Division of EMC
  • "Sood and Enbody have taken a systematic, step by step approach to break down a pretty complex topic into bite-sized chunks that are easily digestible. They cover everything from the basics and 'need to know' of targeted attacks to the more advanced insights into the world of exploit packs, attack techniques and more."

    Dhillon Andrew Kannabhiran, Founder/Chief Executive Officer, Hack In The Box
  • "Targeted Cyber Attacks is by far the perfect manual to dive into the dark borders of cybercrime. The book thoroughly describes the model and the mechanisms used by criminals to achieve the cyber attack to exfiltrate information or steal money. From a pen-tester’s perspective, the ethical hackers will certainly find the fundamental factors to prepare a better approach to conduct high level penetration testing. Aditya and Richard deliver the secrets used by cyber-criminals to get inside the most secured companies. I learned a lot from this stunning publication authored by a BlackHat Arsenal Jedi."

    Nabil Ouchn, Founder of ToolsWatch.org and Organizer of BlackHat Arsenal




Contributing Author

Publications

Articles / Papers / Magazines / Journals

Whitepapers

Conferences

Talks

  • Embedding Security and Privacy in DevOps - Real World Case Studies SANS DevOps Summit, Denver, Colorado, 2019.
  • The State of Embedded Web Security in IOT Devices, Texas Cyber Security Summit, San Antonio, 2019.
  • IoT Botnet Chaos, ToorCon Security Conference, San Diego, California, 2018.
  • The State of IoT Botnets - The Bad and The Ugly, Hackers on Planet Earth (HOPE) Security Conference, New York, NY, USA, 2018.
  • Crimeware Chaos: Empirical Analysis of HTTP-based Botnet C&C Panels, BSides SF , San Francisco, USA, 2018.
  • The State of IoT Botnets: An Overview, IoT Security Symposium, Burlingame, CA, USA, 2018.
  • Cloud Storage Abuse and Exploitation, EDGE Security Conference, Knoxville, Tennesse, USA, 2017.
  • The Budding World of Cloud Storage Abuse and Exploitation : A Technical Deep Dive, FIRST Security Conference, Puerto Rico, USA, 2017.
  • The TAO of Automated Iframe Injectors - Building Drive-by Platforms For Fun and Profit, Virus Bulletin, Denver, USA, 2016.
  • Understanding the Crux - Abuse of Cloud Storage Apps, CSA Secure Cloud , Dublin, Ireland, 2016.
  • Delivering Security in Cloud Generation World, RSA, San Francisco, USA, 2016.
  • Sanctioned to Hack - Hunting Vulnerabilities in SCADA HMIs, Ground Zero, New Delhi, India, 2015
  • Design Flaws in Network Switches - Your Network Devices Belong to Us!, ToorCon, San Diego, CA, USA, 2015
  • Dynamics of Cloud Storage Abuse and Exploitation - One More for the Road!, ToorCon, San Diego, CA, USA, 2015
  • Applying Data Science to Cloud Services Auditing, Compliance, Monitoring and Security, PSR (Privacy Security Risk), Las Vegas, USA
  • The State of Web Security in SCADA HMIs, OWASP, San Francisco, CA, USA, 2015
  • Hunting Vulnerabilities in SCADA HMIs, DEFCON, Las Vegas, Nevada, USA, 2015
  • Exploiting Fundamental Weaknesses in Botnet C&C Panels, BlackHat, Las Vegas, Nevada, USA, 2014
  • C-SCAD - Assessing Security Flaws in ClearSCADA WebX Client,BlackHat Arsenal, Las Vegas, Nevada, USA, 2014
  • How I Hacked Your Botnet C&C Panels, ToorCon, San Diego, 2014
  • Sparty : A Tool to Audit FrontPage and SharePoint, BlackHat Arsenal,Las Vegas, Nevada, USA, 2013
  • Emerging Trends in Online Social Network Malware, Secure 360 , St. Paul, Minnesota, 2013
  • Dissecting Socioware - A Study of Online Social Network Malware, InfoSec Security Southwest (ISSW),Austin, Texas, 2013
  • Malandroid - Android Malware Mayhem, ToorCon, San Diego, 2012
  • Bust a Cap in the Mobile App, SANS AppSec, Las Vegas, 2012
  • The Realm of Third Generation Botnet Attacks, GrrCon, Grand Rapids,2012
  • Bonded with Botnets, US-CERT GFIRST, Atlanta, 2012
  • Botnets Die Hard - Owned and Operated, DEFCON, Las Vegas,2012
  • Advancements in Botnet Attacks and Malware Distribution, Hackers on Planet Earth(HOPE), New York,2012
  • Insidious Infections - Mangling with Botnets, Layer One, Anaheim, California, 2012
  • Dissecting the State of Present-day Malware, HackCon, Oslo, Norway, 2012
  • Hunting Web Malware, Hacker Halted, Miami, Florida, 2011
  • Browser Exploit Packs - Death by Bundled Exploits, Virus Bulletin, Barcelona, Spain, 2011
  • Botnets and Browsers - Brothers in the Ghost Shell, BruCon, Brussels, Belgium, 2011
  • The Good Hacker - Dismantling Web Malware, OWASP AppSec, Minnesota, Minneapolis, USA, 2011
  • Browser Exploit Packs - Exploitation Tactics, ToorCon, Seattle, Washington, 2011
  • Art of Info Jacking - Detecting Hidden Devices, Source, Seattle, Washington, 2011
  • Spying on SpyEye Botnet - What Lies Beneath, Hack-in-the-Box (HitB), Amsterdam, Netherlands, 2011
  • Eye for and Eye - SpyEye Banking Trojan, ToorCon, San Diego, California, 2010
  • Web Maniac - Hacking Trust, Hacker Halted, Miami, Florida, 2010
  • The Art of Information Extraction, OWASP AppSec, Brazil, 2010
  • Bug Alcoholic - Untamed World of Web Vulnerabilities, OWASP AppSec, Irvine, California,USA, 2010
  • Scaling Web 2.0 Malware Infections, TRISC - Texas Regional Infrastructure Security , Grapevine, Texas, 2010
  • Untamed XSS Wars - Filters vs Payloads, RSA, San Francisco, California, 2010
  • Browser Design Flaws, Troopers, Munich, Germany, 2009
  • Web Psyschic 2.0, Excalibur , Wuxi, China, 2009
  • Rumbling Infections - Web 2.0 Malware Anatomy, SecurityByte - OWASP AppSec, New Delhi, India, 2009
  • Webnoxious 2.0 - Attacking Open End Web, FOSS (Free and Open Source Software), Bangalore, India, 2009
  • Vulnerability Vectors in PDF - Synthesizing PDF Attacks, EUSecWest, London, UK, 2008
  • Rolling Balls - Can You Hack Clients?, XFOCUS XCON, Beijing, China, 2008
  • KungFoo Jacking Browsers, XFOCUS XCON / XKungFoo, Beijing, China, 2008

Presentations - Video Links

A number of videos available for the talks on the links below:

Research

Patents

  • US 20150264070 - Method and system for detecting algorithm-generated domains: A method and system for detecting algorithm-generated domains (AGDs) is disclosed wherein domain names requested by an internal host are categorized or classified using curated data sets, active services (e.g. Internet services), and certainty scores to match domain names to domain names or IP addresses used by command and control servers.

Research Projects

    Botnets and Cybercrime

  • Cybercrime at a Scale: A Practical Study of Deployments of HTTP-Based Botnet Command and Control Panels: Cybercriminals deploy botnets for conducting nefarious operations on the Internet. Botnets are managed on a large scale and harness the power of compromised machines, which are controlled through centralized portals known as C&C panels. C&C panels are considered as attackers primary operating environment through which bots are controlled and updated at regular intervals of time. C&C panels also store information stolen from the compromised machines as a part of the data exfiltration activity. In this empirical study, we analyzed many over 9000 C&C web URLs to better understand the deployment and the operational characteristics of HTTP-based botnets.

    Published: IEEE Communications Magazine
  • The Taxonomy of Domain Generation Algorithms: Domain-generation algorithms (DGAs) allow attackers to manage infection-spreading websites and command-and-control (C&C) deployments by altering domain names on a timely basis. DGAs have made the infection and C&C architecture more robust and supportive for attackers.

    Published: IEEE Security and Privacy Magazine
  • Drive-by Download Attacks: A Comparative Study of Browser Exploit Packs Features and Attack Techniques: Attackers are using domain-generation algorithms and command-and-control operations to efficiently distribute malware. A detailed taxonomy of DGAs highlights this problem in depth, improving our understanding of various attack techniques and their existing and potential trends.

    Published: IEEE IT Professional
  • An Empirical Study of HTTP-based Financial Botnets: Cyber criminals are covertly attacking critical infrastructures, and botnets are a common component of those attacks. In recent years, botnets have been shifting their focus from broad-based attacks to more targeted ones such as attacking financial institutions, especially banks.

    Published: IEEE Transactions on Dependable and Secure Computing
  • Exploiting Trust: Stealthy Attacks Through Socioware and Insider Threats: Online social networks (OSNs) provide a new dimension to people lives by giving birth to online societies. OSNs have revolutionized the human experience, but they have also created a platform for attackers to distribute infections and conduct cybercrime. An OSN provides an opportunistic attack platform for cybercriminals through which they can spread infections at a large scale.

    Published:IEEE Systems Journal
  • Cybercrime - Dissecting the State of Underground Enterprise: Cybercrime’s tentacles reach deeply into the Internet. A complete, underground criminal economy has developed that lets malicious actors steal money through the Web. The authors detail this enterprise, showing how information, expertise, and money flow through it. Understanding the underground economy’s structure is critical for fighting it.

    Published: IEEE Internet Computing Magazine
  • Targeted Cyberattacks - Superset of Advanced Persistent Attacks: Targeted cyberattacks play an increasingly significant role in disrupting the online social and economic model, not to mention the threat they pose to nation-states. A variety of components and techniques come together to bring about such attacks.

    Published:IEEE Security and Privacy Magazine
  • Crimeware-as-a-Service (CaaS) - A Survey of Commoditized Crimeware in the Underground Market: Crimeware-as-a-service (CaaS) has become a prominent component of the underground economy. CaaS provides a new dimension to cyber crime by making it more organized, automated, and accessible to criminals with limited technical skills. This paper dissects CaaS and explains the essence of the underground economy that has grown around it. The paper also describes the various crimeware services that are provided in the underground market.

    Published:International Journal of Critical Infrastructure Protection
  • The Art of Cyber Bank Robbery: Cyber criminals use botnets (malware) for a wide range of cyber crimes, and these attacks are increasing. The economics of e-crime and the related underground market have been studied which reveal a significant increase in online fraud. Internet banking (e-banking) has transformed the economic and financial culture of the world.

    Published:STSC Crosstalk - Journal of Defense Engineering
  • Exploiting Fundamental Weaknesses in Botnet C&C Panels: Bot herders deploy Command and Control (C&C) panels for commanding and collecting exfiltrated data from the infected hosts on the Internet. To protect C&C panels, bot herders deploy several built-in (software-centric) protection mechanisms to restrict direct access to these C&C panels. However, there exist fundamental mistakes in the design and deployment of these C&C panels that can be exploited to take complete control. This talk discusses about the methodology of launching reverse attacks on the centralized C&C panels to derive intelligence that can be used to build automated solutions. This research reveals how to detect vulnerabilities and configuration flaws in the remote C&C panels and exploit them by following the path of penetration testing. This talk is derived from the real time research in which several C&C panels were targeted and intelligence was gathered to attack the next set of C&C panels. A number of case studies will be discussed to elaborate step-by-step process of attacking and compromising C&C panels. This talk also demonstrates the use of automated tools authored for making the testing easier for the researchers.

    Webpage: BlackHat Research
  • Tools

  • Sparty - Sharepoint Web Application Penetration Testing Tool: Sparty is an open source tool written in python to audit web applications using sharepoint and frontpage architecture. The motivation behind this tool is to provide an easy and robust way to scrutinize the security configurations of sharepoint and frontpage based web applications. Due to the complex nature of these web administration software, it is required to have a simple and efficient tool that gathers information, check access permissions, dump critical information from default files and perform automated exploitation if security risks are identified. A number of automated scanners fall short of this and Sparty is a solution to that.

    Webpage: Sparty : BlackHat Arsenal
  • C-SCAD: Assessing Security Flaws in C-SCAD WebX Client: C-SCAD is an information gathering and penetration testing tool written to assess the security issues present in the Web-X (Internet Explorer-based web interface) client used to interact with the ClearSCADA server. WebX client is hosted on the embedded web server which is shipped as a part of complete ClearSCADA architecture. Primarily, the WebX client is restricted to perform any configuration changes but it can reveal potential information about the ClearSCADA server and associated components. Insecure deployments of WebX client can reveal potential information about the various functions such as alarm pages, SQL lists, and diagnostic checks including various reports.

    Webpage: C-SCAD : BlackHat Arsenal
  • Declarative Security Detector: Mozilla Addons Clickjacking Defense - Declarative Sec Detector and HTTP Content Security Policy Detector.

    Webpage: Declarative Security Addons

Vulnerabilities Discovered

A number of vulnerabilities have been disclosed under the hood of "Responsible Disclosure" and cannot be disclosed due to business and legal constraints. A number of disclosed vulnerabilities are listed below but not limited to:

Note: a number of vulnerabilities are in the process of getting patched and will be added once advisories are released.

Bug Bounties (*FUN*)

Reported many vulnerabilities to vendors as a part of bug bounties (entirely fun). The list of vendors are presented below but are not limited to:

  • NetFlix | PayPal | BlackBerry | Barracuda Networks | Apple | Adobe | Microsoft | ZScaler

Media




Podcasts/Webcasts

Articles

Skills / Experience

Skills

  • Executing Information Security Management Program (ISMP)
  • Security Assessments - Penetration Testing and Vulnerability Discovery
  • Cloud Security - Architectural Design
  • IOT Security Research and Algorithm Design
  • Vulnerability Research
  • Mobile Security Assessments
  • Source Code Reviews
  • Security and Privacy Risk Assessments including Impact Analysis
  • Malware Research and Analysis
  • Secure Design Reviews
  • Risk Assessments: Security and Privacy
  • Configuration Management Reviews
  • Product Management for Security Initiatives

  • Details: For consulting services, please contact via Linkedin.

Speaking Engagements

  • Details: For speaking engagements, please contact via Linkedin.

Blogs

Published Blogs

  • Blog[at]Medium

  • Malware at Stake Blog - An Official Malware Research Blog of SecNiche Security Labs. Analysis, Straight from the Hidden and Underground.
  • Pentester's Blog: An Personal Security Research Blog.


  • Twitter Stream

Evolving!

  • Education is what remains after one has forgotten what one has learned in school.

    Albert Einstein.
  • Gibbs' Rule #35: Always watch the watchers.

    Season 8, Episode 22 - Baltimore.
  • I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We’ve created life in our own image..

    Stephen Hawking.
  • Ability is what you're capable of doing. Motivation determines what you do. Attitude determines how well you do it.

    Lou Holtz