Aditya K Sood (Ph.D) is a cyber security advisor, practitioner, researcher and consultant. With an experience of more than 11 years, he provides strategic leadership in the field of information security covering products and infrastructure. He is well experienced in propelling the businesses by making security a salable business trait. He directs the development and implementation of application security policies, procedures and guidelines to ensure that businesses are managed without security risks and security efforts are deployed inline with business strategies. He works effectively with cross-functional teams to execute information security plans including compliance, risk, secure development, security assessments including penetration testing and vulnerability assessment, and threat modeling. In addition, he is also well versed in designing algorithms by harnessing the security intelligence and data science. During his career, he has worked directly with management and customers thereby providing them with the best of the breed information security experience.
Dr. Sood has research interests in cloud security, IOT security, malware automation and analysis, application security and secure software design. He has worked on a number of projects pertaining to product/appliance security, networks, mobile and web applications while serving Fortune 500 clients for IOActive, KPMG and others. He is also a founder of SecNiche Security Labs, an independent web portal for sharing research with security community. He has authored several papers for various magazines and journals including IEEE, Elsevier, CrossTalk, ISACA, Virus Bulletin, and Usenix. His work has been featured in several media outlets including Associated Press, Fox News, The Register, Guardian, Business Insider, CBC and others. He has been an active speaker at industry conferences and presented at BlackHat, DEFCON, HackInTheBox, RSA, Virus Bulletin, OWASP and many others. Dr. Sood obtained his Ph.D from Michigan State University in Computer Sciences. Dr. Sood is also an author of "Targeted Cyber Attacks" book published by Syngress. He also sits on the review board of "CrossTalk - Journal of Defense Engineering", a publication sponsored by Department of Homeland Security (DHS) and NavAir.
He held positions such as Director of Cloud Security, Chief Architect of Cloud Threat Labs, Lead Researcher, Senior Consultant and others while working for companies such as Symantec, Blue Coat, Elastica, IOActive, Coseinc, and KPMG.
Syngress• April 2014
Cyber-crime increasingly impacts both the online and offline world, and targeted attacks play a significant role in disrupting services in both. Targeted Cyber Attacks examines real-world examples of directed attacks and provides insight into what techniques and resources are used to stage these attacks so that you can counter them more effectively.
Syngress published this book (ISBN-10: 0128006048 | ISBN-13: 978-0128006047) and it is available at : Amazon, Elsevier Store, Barnes and Nobles and others. Third-party reviews about the book is available at : Help Net Security and RSA Conference Blog. Search Security Techtarget has displayed a one chapter of the book here : Bookshelf. The book is also hosted in the Toronto Public Library. The book is also available through Google Play.
Chinese transaltion is available at Amazon Bookstore.
".the book works its way through how attacks are planned and executed, following by a description of protective measures and concluding with a bit of myth-busting in order to leave readers with a clear and accurate picture of what the threat really means for them.you get a very sharp sense of how and why these attacks are possible."Network Security
"The most complete text in targeted cyber attacks to date. Dr. Sood and Dr. Enbody are able to present the topic in an easy to read format that introduces the reader into the basics of targeted cyber attacks, how the attackers gather information about their target, what strategies are used to compromise a system, and how information is being exfiltrated out from the target systems. The book then concludes on how to build multi-layer defenses to protect against cyber attacks. In other words, the book describes the problem and presents a solution. If you are new to targeted attacks or a seasoned professional who wants to sharpen his or her skills, then this book is for you."Christopher Elisan, Principal Malware Scientist, RSA -The Division of EMC
"Sood and Enbody have taken a systematic, step by step approach to break down a pretty complex topic into bite-sized chunks that are easily digestible. They cover everything from the basics and 'need to know' of targeted attacks to the more advanced insights into the world of exploit packs, attack techniques and more."Dhillon Andrew Kannabhiran, Founder/Chief Executive Officer, Hack In The Box
"Targeted Cyber Attacks is by far the perfect manual to dive into the dark borders of cybercrime. The book thoroughly describes the model and the mechanisms used by criminals to achieve the cyber attack to exfiltrate information or steal money. From a pen-tester’s perspective, the ethical hackers will certainly find the fundamental factors to prepare a better approach to conduct high level penetration testing. Aditya and Richard deliver the secrets used by cyber-criminals to get inside the most secured companies. I learned a lot from this stunning publication authored by a BlackHat Arsenal Jedi."Nabil Ouchn, Founder of ToolsWatch.org and Organizer of BlackHat Arsenal
A number of vulnerabilities have been disclosed under the hood of "Responsible Disclosure" and cannot be disclosed due to business and legal constraints. A number of disclosed vulnerabilities are listed below but not limited to:
Reported many vulnerabilities to vendors as a part of bug bounties (entirely fun). The list of vendors are presented below but are not limited to:
Hacking Botnet Command and Control PanelsConference Talk
Dissecting the Design of SCADA Web HMIs: Hunting VulnerabilitiesConference Talk
Hacking Botnets Die Hard: Owned and OperatedConference Talk
The Government Can See EVERYTHING?! - Fact or FictionalConference Talk
Scammers taking advantage of Gmail, Google Drive users’ trustConference Talk
The Realm of 3rd Generation Botnet Attacks.Conference Talk
Advancements in Botnet Attacks.Conference Talk
Mangling with Botnets.Conference Talk
Education is what remains after one has forgotten what one has learned in school.Albert Einstein.
Gibbs' Rule #35: Always watch the watchers.Season 8, Episode 22 - Baltimore.
I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We’ve created life in our own image..Stephen Hawking.
Ability is what you're capable of doing. Motivation determines what you do. Attitude determines how well you do it.Lou Holtz