Big Fish or Bigger Pond? Rethinking the Future of Tech Companies
blog.anantshri.info
June 24, 2023
Challenging the status quo in tech: Could a future with numerous smaller, cooperative organisations be more beneficial than a handful of giants dominating the scene? Unity in diversity - perhaps it's time for a change
See publication
Tags: Lean Startup
Mastering the Essential Skills for the Digital Age
blog.anantshri.info
May 29, 2023
Uncover the power of four essential digital-age skills: variable speed reading, enhanced typing speed, sustained focus, and critical thinking. Learn practical tips for honing these abilities, driving productivity and success in the rapidly-evolving digital landscape.
See publication
Tags: Careers, Personal Branding, Social
PrivateGPT and CPU’s with no AVX2
blog.anantshri.info
May 24, 2023
Venturing into AI with older CPUs. My journey to run LLM models with privateGPT & gpt4all, on machines with no AVX2.
See publication
Tags: AI, Emerging Technology, Generative AI
My thoughts on the new and emerging world of GPT, AI, LLM
blog.anantshri.info
May 20, 2023
Exploring the fascinating new world of GPT, AI, and LLM. Discussing search engines, education, privacy, prompt engineering, and our perception of intelligence
See publication
Tags: AI, Generative AI
Life as a Lefty in a Right-Handed World
blog.anantshri.info
May 04, 2023
As a lefty, or southpaw, my perspective of the world has always been different from the majority. Right from being looked upon differently whenever I eat or do things with left hand to being suggested that its not the right way of doing things (pun intended). To inform those uninformed we the leftie
See publication
Tags: Social
OSINT on Decentralised / Federated Softwares (Mastodon, Pixelfed and more)
blog.anantshri.info
November 23, 2022
Decentralized federated social medium (aka fediverse) is the talk of the town especially with the twitter drama that’s unfolding right now. To know more about fediverse softwares https://fediverse.party/en/miscellaneous/ is the best list of softwares. I was curious about OSINT activities that
See publication
Tags: Cybersecurity, Digital Disruption, Emerging Technology
Individual Contributors in corporate world: my observations
Anantshri Blog
December 24, 2021
In this article I would like to explore the idea of Individual contributors and various notes and references I was able to collect so far. Continuing my observations from Richard Hamming’s “You and Your Research” . There is a section where a specific personality defect is explained termed “ego assertion“. We will explore that today.
See publication
Tags: Diversity and Inclusion, Leadership, Management
Cybersecurity: Passion or Profession
Anantshri Blog
December 21, 2021
This blog post takes notes from an excellent talk by “Richard Hamming” called “You and Your research”. Its interesting how some talks leave a mark and you derive your own conclusions and way forward when you spend enough time thinking about the topic. Over a period of time my thought’s have changed on this particular discussion and I have tried to outline those points below. A large number of people have talked about this talk in various manners so i would not like to do that again but rather point you to this and this.
There was a time when I used to refer to this to almost anyone of my fellow colleagues in the information security industry that this is a must read / watch and look at what he is talking about: It made so much sense. However, I have stopped doing that now or rather i have started to caveat it a lot before i ask people to go through it.
There are some points about that talk which I kept missing:
See publication
Tags: Cybersecurity, Leadership
Semgrep: scanning unusual extensions
blog.anantshri.info
May 14, 2021
Last few months I have been spending time with semgrep tool. As much as it has features its still a growing tool and does needs a bit of handholding. Here I will quickly explain how to hack the base code of semgrep to make it work against your specific language even though input file extension ̷
See publication
Tags: Cybersecurity, Supply Chain
My experiments with Game Capture Card
blog.anantshri.info
April 04, 2021
I have been playing on my Nintendo switch for a long time now and have thought about recording my gameplay for reference. Past few days I have been reading about how to do game streaming and / or recording. I found a lot of interesting things and a simplified way to achieve my goal. This … My
See publication
Tags: SportsTech
Quantifying Defence (Ask A CISO SE03EP09)
Horangi Cybersecurity Podcast
April 06, 2023
Join us on this episode of the Ask A CISO podcast as we discuss how to quantify defence with Anant Shrivastava, an information security professional with over 15 yrs of corporate experience and expertise in Network, Mobile, Application, and Linux Security. Along with host Mark Fuentes, he discusses looking at the big picture, why DevSecOps as a term should not exist, and the value of investing in cybersecurity.
See publication
Tags: Cybersecurity, IT Operations, Leadership
Podcast with Anant
WeHackPurple
February 09, 2023
In this episode of the We Hack Purple podcast host Tanya Janca met with Anant Shrivastava! We talked about securing the entire software supply chain (including your CI/CD and where you get your packages from), and how it is more than just buying a software composition analysis (SCA) tool. He explained the new and very different risks of securing a mobile app versus a regular web app or an API, that’s he’s more of an ops than a dev person, and how the risks are all coming together now that many of us are doing DevOps. He shared his numerous open source projects, such as: code vigilant: https://codevigilant.com/, TamerPlatform : https://tamerplatform.com/ and HackingArchivesOfIndia https://hackingarchivesofindia.com/.
See publication
Tags: Cybersecurity, DevOps, Supply Chain
Podcast with Miho
Miho
January 26, 2023
Discussion around how to convert offline trainings to online trainings.
See publication
Tags: Cybersecurity, EdTech, Entrepreneurship
How to Start Your Career in Cybersecurity : Red Teaming / Pentesting
Prabh Nair
September 09, 2022
In this Session we have covered some great topics around
1) How to start your career in cybersecurity
2) What is Penetration Testing and how its different from Red Teaming ?
3) What skills are required for becoming an Pentester and Red Team Expert ?
Useful Links
Null Discord : https://discord.gg/MMDJdaWU2U
Adversary village : https://discord.gg/ds8hCb3Jvn
Red Team Village : https://discord.gg/wWJR4DtSgb
Recon village : https://discord.gg/FUq8bvE7mV
Cloud village : https://discord.gg/rZBn7w4xG2
See publication
Tags: Cybersecurity, Security, Supply Chain
Chat with Anant
IT Chat with Abhi
December 30, 2020
a light hearted discussion around cybersecurity and how I got involved and my journey through it.
See publication
Tags: Cybersecurity, Leadership, Management
Security Then vs Now
Null Community
June 11, 2022
discussing the security scenario a decade ago and how things have evolved in the security landscape.
The panel we have are -
Anant Shrivastava (https://twitter.com/anantshri)
Prashant Mahajan (https://www.linkedin.com/in/prashant3535)
Hosted by Kumar Ashwin (https://twitter.com/0xcardinal)
See publication
Tags: Cybersecurity, Security
Discussion- Citizen confidence on his mobile device is crucial for businesses as well as governance
IAMAI
January 17, 2022
Citizen confidence on his mobile device is crucial for businesses as well as governance
Satyendra Verma, Head - Indian Citizens Assistance for Mobile Privacy & Security (I-CAMPS), IAMAI
Pani Prasad, Director, NCCS, Department of Telecommunications ( DOT ), Government of India
Sumit Monga, Head - Government Affairs, Lenovo
Subho Halder, Co-Founder & CISO, Appknox
Anuj Bhansali, Head - Trust & Safety, PhonePe
Anant Shrivastava, Project Leader - Androidtamer & Android Security Researcher
See publication
Tags: Cybersecurity, Mobility, National Security
Panel on Shift Level with CISO's Part - 1 with Anant Shrivastava and Patrick Pitchappa
SNYK
August 31, 2021
Focused discussion around practicality of Shifting left from a CISO's point of view.
See publication
Tags: Cybersecurity, DevOps, Leadership
Panel discussion: Adversary simulation, emulation or purple teaming - How would you define it?
Adversary Village @ Defcon
August 07, 2021
A deep dive discussion around emerging field of adversary emulation, purple teaming. what fits in which bucket and how things are evolving.
See publication
Tags: Cybersecurity, Emerging Technology, Supply Chain
RTV Panel: Pre-empting Attacks - Relevance Of Red Teaming In Enterprises
RedTeam Village @ Hack in the Box
February 04, 2021
Discussion around how Red Teaming is evolving
See publication
Tags: Cybersecurity, Emerging Technology, Supply Chain
RTV: Attacking Storage Services: The Lynchpin Of Cloud Services
Red Team Village @ Hack in the Box
February 04, 2021
We all agree that most organizations have some or the other service leveraged over cloud environments. To add to it, there are assets that are not linked directly to the public and not easily spotted. When it comes to Red Team Engagements it boils down to a simple statement. “Are you able to find something that wasn’t supposed to be visible in the first place ?”. Storage services by the cloud providers are usually not visible directly to the end user and are often overlooked by pentesters and Red Teamers. In this talk we will be leveraging the possibility of Storage Services of different cloud vendors and how if not properly configured could lead to a lot of Damage to the organization.
Storage services are almost always the second service started by cloud vendors after IaaS, it is done in that order for a reason. Cloud Storage irrespective of how simple it looks, is a complex deeply integrated component for cloud services. The primary purpose of storage services is to hold data of all kinds, besides its primary function it also performs multiple other actions. Storage allows building higher abstraction services on top of the it such as:
Static file hosting,FaaS or PaaS code hosting and Log storage
Due to its versatility storage is an area which should be looked at with a fine tooth comb. However the situation is far worse than what we can imagine. From exposing buckets to public, to leaking api keys or ssh keys in public. Things go from bad to worse when buckets also are leaking write access to source code leading to full account takeover scenarios. This talk will cover the following aspects around Cloud Storage Services.
1. Basics of Cloud Storage Services and why to target them
2. Attack Methodology to be followed
3. Various attack scenarios from real and bug bounty world
4. What are cloud vendors doing to protect this
5. What the developers or admins have to keep in mind
6. Question and Answer
Note: Case studies will be interspersed throughout the slides
See publication
Tags: Cloud, Cybersecurity, DevOps
DevSecOps: What why and How
BlackHat USA
August 08, 2019
Security is often added towards the end, in a typical DevOps cycle through a manual/automated review. However, with DevSecOps, security can be injected at every stage of a DevOps pipeline in an automated fashion. Having a DevSecOps pipeline enables an organization to:
* Create a security culture amongst the already integrated “DevOps” team.
* Find and fix security bugs as early as possible in the SDLC .
* Promote the philosophy “security is everyone’s problem” by creating Security champions within the organization.
* Integrate all security software centrally and utilize the results more effectively.
* Measure and shrink the attack surface.
In this talk, we shall focus on how a DevOps pipeline can easily be metamorphosed into a DevSecOps and the benefits which can be achieved with this transformation. The talk (assisted with various demos) will focus on developing a DevSecOps pipeline using free/open-source tools in various deployment platforms, i.e. on-premise, cloud native and hybrid scenarios. We will then dive into cultural aspects of DevSecOps and the changes needed to get tangible benefits. The talk will also present various case studies on how critical bugs and security breaches affecting popular software and applications could have been prevented using a simple DevSecOps approach.
See publication
Tags: Cybersecurity, DevOps, Startups
When the Internet Bleeded
RootConf by HasGeek
June 05, 2014
The talk will talk about various TLS / SSL related bugs that are identified in past year.
HeartBleed
GNUTLS Bug
Apple SSL Bug
Lucky 13
BEAST
CRIME
These bugs have shaken the core premise of Secure communication. The talk will focus on bringing a basic understanding of these issues to the administrators or developers. Besides this the talk will also focus on some burning questions that are now raised in wild. Such as
How secure are secure Socket Libraries?
Is opensource code really secure?
Is it really true that “given enough eyeballs, all bugs are shallow”?
Should we move towards higher abstract languages?
and most important.
What it really means for a Administrator / DevOps person
See publication
Tags: Cybersecurity, DevOps, Supply Chain
Security Issues in Android Custom ROM’s
Self-publishing
October 16, 2011
This paper attempts to look behind the wheels of android and keeping special focus on custom rom’s and basically check for security misconfiguration’s which could yield to device compromise, which may result in malware infection or data theft.
See publication
Tags: Cybersecurity, Mobility
Web application finger printing
Self-publishing
July 17, 2011
This Paper discusses about a relatively nascent field of Web Application finger printing, how automated web application fingerprinting is performed in the current scenarios, what are the visible shortcomings in the approach and then discussing about ways and means to avoid Web Application Finger Printing.
See publication
Tags: Cybersecurity, DevOps