This is Niranjan Patil, a Security Consultant, hacker and maker. Undercover #OPSEC proponent. A rebellious & bootstrapping entrepreneur who has survived for 18 years in the industry. I travel around the country helping businesses stay secure despite their resistance. Have interests on OSINT, Privacy, Electronics, Internet and the like.
Currently, Director at OPSEC.IN, a Security and Technology Consulting firm based out of Bangalore.
Earlier, Director of VSR Tech Solutions Pvt Ltd, co-founded Packet Verify Technologies Pvt Ltd, an information security consulting firm. Ex - Tata Consultancy Services, Sonata Software and e4e. [More]
I occasionally write in blog.outscribe.org.
A CISSP and ISO 27001:2013 Lead Auditor.If 'hacking' is defined as breaking things or adding new features but occasionally extending their life, then yes, I have earned the title.
What I Do (tl;dr)
Audit, Design & Consult on Security, Privacy and Infrastructure
- Risk Management • Threat Modeling • Cloud Security
- Payment Card Audit • SOC Implementation • Security Compliance Preparedness
- Cyber Crime Investigation • Cyber Security Training
I enjoy working with SBCs, Raspberry Pi, Arduino, WiFi/RF, computers, gadgets and sometimes people (read social engineering), making them do things not designed or intended to do.
I blabber a lot on Twitter, on uninspiring things like politics, mobile, technology, surveillance, privacy, national security, terrorism, etc. You can catch me there.
My Work (detail)
Security Audit and Consulting
- Cloud Security consulting on AWS, Azure for 50+ clients
- 120+ clients in Enterprise, SME, Startups and Government agencies across India
- Design and implement security solutions, IPS, Perimeter Security, VPN, SIEM for IT services companies
- ISO 27001 based internal security audits with IT, banking, engineering, finance and pharma domains
- Due diligence and review of applications and contracts for compliance of data privacy regulations for banking and financial firms
- PCI DSS audit and review of e-commerce systems
- Investigated cases with Corporate Espionage, IP thefts, multi-million rupee cyber-thefts
- Help with web defacements, Ransomeware and Server compromise
- Training officers of cyber police stations across Karnataka state
Web Security Audits
- Periodic audits of HRMS and payroll, billing and payment solutions
- Web audits of corporate portals, websites and ERP products of several firms
- Implemented ISMS based on ISO 27001:2013 for several medium and large clients
- Implemented full fledged ISMS based on ISO 27001:2005 in Sonata Software
- Maintained ISMS for several BFSI based clients in TCS for over two years
- Conducted Vulnerability Assessment on internal and external IT infrastructure in IT and non-IT firms
- Conducted extensive Penetration Test for several firms on exterprise web portals and Internet infrastructure
- Executed social engineering campaigns for several firms to demonstrate weakness in people and to bypass technical security controls
- More than 1500 hours of training on cyber security, SOC, DFIR, OSINT, Payment card security, security awareness, administration and policies
What kind of hacking do you do?
At work we don't really call it hacking. We test computer systems, networks, software and hardware for the security that they are built with or claim to have. We sometimes use same techniques as black hat hackers (criminals) except that we would have obtained prior permission from the system owner.
So can you hack into anything?
No. There are millions of software and hardware that we haven't laid our hands on. There are people far better than us and we learn from them to break things every day.
And yes, probably the NSA can 'hack into anything'.
Can you help me hack my girl friend/someone's email account, computer or WiFi password?
Sorry. I don't do illegal stuff. Better yet, have you tried asking them?
Can you help me fix my computer for free? Hey, I am your best friend!
Sorry. I stopped doing it for free. Have you tried fixing it yourself, lazy bone?
How much do you charge to audit my website or firm?
Sorry. There is no one-price-fits-all type of work. It helps to know the scope and depth of the application or infrastructure. Do drop me a mail.
You mentioned NSA and hack, so we are here. We want....
Hey, thanks for stopping by. Can you please help me with password from your PRISM archives for a file 'MyFavPornColln.zip' of my 2005 archives? Hint: I used Windows XP and Huawei modem.