Wasim Halani

Certified Professional Hacker (CPH), Cisco Certified Network Associate (CCNA) – Trained

Wasim Halani currently serves as a Senior Security Analyst in the Technical Assessment team at NII Consulting. His work mainly focuses on conducting Security Audits, Vulnerability Assessment and Penetration Testing for NII’s premier clients. He has also handled some of the unique projects at NII over the past two years, like Social Engineering, Wireless Network Assessments, WAP Service testing and KIOSK Risk Assessment.

He possesses strong analytical skills and likes to keep himself involved in learning new attack vectors, tools and technologies, which allow him to conduct in-depth testing of applications during a penetration testing exercise.

During his free time, he likes to research on advance topics like Malware Analysis and Exploit Development.

He is a Certified Professional Hacker (CPH) and also provides training services at NII.

Profile

  • Bachelor of Engineering in Computer Engineering, University of Mumbai, India
  • Certified Professional Hacker (CPH)
  • Cisco Certified Network Associate (CCNA) – Trained
  • Application Security
    • Well versed with OWASP – Top Ten and WASC Threat Classifications
    • Expertise in Vulnerability Assessment and Penetration Testing of Web Applications
    • Business-Logic based application testing
    • Penetration testing of WAP/WML services
  • Network Security
    • Good knowledge of TCP/IP fundamentals
    • Worked on security for a range of Operating Systems, databases, web servers and mail servers .
    • VPN Assessment
    • Firewall and Router Configuration Review
    • Worked on security for a VoIP technology
  • Wireless Security
    • Cracking WEP encryption
    • Auditing WPA and WPA2 encryption
    • Wireless network implementation review
  • Forensics
    • Disk Imaging with Encase
    • Web Server Log Review
    • Fraud Investigation
    • Email Address Tracking
    • File Recovery
  • Penetration Testing 2.0
    • Social Engineering
    • Phishing
    • Client-side Attacks
  • Conducts trainings on the following subjects
    • Certified Professional Hacker
    • Exploit Development
    • Advance Metasploit
    • Wireless Security
    • Network Security Auditing
    • Database Security Auditing

Over the past two years, Wasim has been exposed to a variety of different applications and network environments which have helped him enhance his understanding and technical skills.

  • Operating Systems: Windows XP/2000/2003/Vista/7, Linux, Unix(Solaris), HP-Unix.
  • Databases: MS SQL Server, Oracle, MySQL
  • Servers: FTP, TFTP, DHCP, Web Servers(IIS,Apache), Mail Servers(Sendmail, SquirrelMail), Domain Controller (Active Directory)

While conducting security assessments, Wasim has familiarized himself with many of the popular tools available. Few tools he regularly uses are:

  • Nmap, Teneble Nessus, Metasploit, BurpSuite Pro,Wireshark, NetCat, Aircrack-ng suite, Cain & Abel, tcpdump, Ettercap, Pwdump/Fgdump, Brutus, John-the-Ripper, Hydra, OphCrack, Wikto, W3AF, IkeScan, IkeProbe.
  • He’s also comfortable with the Backtrack 4 Penetration Testing OS.

Wasim also has experience with the following Programming Languages

  • C, C++, HTML, Perl, JAVA, Visual Basic 6, JavaScript, SQL, Visual C#.Net, XML, PHP.
  • Wasim has good communication skills by virtue of making several presentations and trainings on topics ranging from, but not limited to, Social Engineering, Metasploit, Wireless Hacking and project-experiences, within the organization and during NULL Security meetings.
  • He has experience handling projects individually as well as working in a team.
  • He has also successfully lead teams on a few projects at NII

Significant InfoSec projects

  • Internet Trading Application
  • Description:
  • Multiple projects involving testing of web based as well as client-side trading applications used by prominent Stock Exchange Brokers in India and Middle-East

  • VPN Assessment
  • Description:
  • The project involved reviewing the security issues associated with a VPN implementation a client had done for their employees.

  • KIOSK Environment Assessment
  • Description:
  • The project involved assessing the risks to a deployed KIOSK environment. The assessment was performed keeping in mind the PCI DSS requirements. As part of the project we also demonstrated to the client loopholes in their network, system and application configurations.

  • Social Engineering
  • Description:
  • A full-fledged project which dealt with extracting the client’s confidential data by abusing the trust of its employees. The project involved unique attack vectors like Phishing, Client-side attacks, Dumpster-diving, Social-Networking etc.

  • Internal Bank Application
  • Description:
  • An internal application used by a prominent bank was to be tested for web application and business logic flaws. The project involved testing of the application based on multiple roles (Maker, Verifier, Authorizer) involved in a banking transaction.

  • Wireless Network Review
  • Description:
  • The project involved auditing the wireless network implementation at a client’s office. We tested the wireless configuration as well as wireless range exposure around the office premise.

  • Firewall and Router Configuration Audit
  • Description:
  • Multiple projects involving the audit of the Firewall configuration and rule-base.

  • Network Architecture Review
  • Description:
  • An assessment was conducted of the overall design of the client’s network infrastructure.

  • Social NetworkingApplication
  • Description:
  • The project involved testing a social networking website popular in India. The application was tested for web application flaws as well as business-logic flaws.

  • Wireless Application Protocol (WAP)
  • Description:
  • The project involved testing the security of mobile based application (WAP Portal) developed by a client.

Ethical Hacking Training

This course goes deep down into depths of networking, systems, web applications, actual exploitation & helps beginners to take their confident first step towards information security field.

  • 6 Weeks Comprehensive Training
  • Built by Experienced Professionals
  • Regularly update on tools, techniques in course content