Hello, EHN Readers. Today , We had a great talk with Ashish Mistry, Security Researcher and founder of HconSTF. Also, He is Providing Training in information security field to IT professionals, Management Professionals , IT students.
* Please introduce yourself for our readers.
hello all, i am ashish mistry, i am individual security researcher, i am training people in infosec domain since last morethan 2.5 years
i run a site called www.Hcon.in and have couple of security related projects like HconSTF - Hcon Security Testing Framework
now a days this is what i known for. besides my interrest are OS , open source intelligence , and social engg
* Can you describe more about the HconSTF?
Its a compilation of tools, scripts and customization on a browser's code base to provide easy and powerful testing environment for web testing, vulnerability analysis, code analysis and much more. and now a days i m getting more responses on HconSTF for its use as client side vulnerability testing and more. currently it is in baby project but much stable and reduces efforts to test things
* How did you get into this field?
as the base i am from electronics field and during my college 2year my professor given me chance to take lecture for bachelor in computer application students as i am a computer geek and this all started and my first lecture specifically on information security was on cryptography and linux os and as i was done with my college i m into training and research only taken lectures in different colleges and institutes and now here i am now.
* You have done any certifications?
i dont have any information security domain related certs what ever i have is my own time and love for security but i got many recognition from different people and organization for my research and things i do.
* We have heard that you started a new PenTesting Magazinge; we like to know more about it
it is one of my long awaited public projects currently the name is 'Hzine'. it will be free and pdf copy magazine may be monthly. and the idea for this magazine is to have a theme for each issue to make the magazine a quality content rich resource for beginners and security professionals .
The first call for paper(CFP) is out and theme is Operating systems and plans are to have articles on different sectors from security domain more info can be found at http://www.hcon.in/hzine.html
* What we can expect from the new release of HconSTF?
i got many request from different people for some more automated features but my point is if we are auditing mass web resourses than automation makes sense but as i already said for client side testing u have to have control in ur hands and not on automation. so the current plans are to make the base of HconSTF more stable and fast and introduce more features and semi automation so that the control is in ur hands while auditing things .
i have plans for linux version of it but, not yet finalized.
and i m also working on another project as i get time from my rituals it is a kind of a more powerful than HconSTF but, not sure when i will make it public.
but all other specific things for HconSTF is a surprise for the users but my final statement for it is you can take it as a roadmap or mission statement.
'the ultimate goal of HconSTF project is to make one stop shop for all audit process and make life easy for pentesters'
* Great. What do you think about the Young black hat hackers?
only one thing for them, stop what you are doing as this will lead you no where and eventually you will be broken and end up in jail. so choose your way accordingly
* What is your advice for newbie who interested in infosec field?
first and very important thing is to believe in your self and know what you are doing. second have a hunger for knowledge. this two will help you alot. no matter from what you start networking , OS , programming but keep this two things in mind and you will find your way eventually. as it is like a ocean no matter from where you jump into it but never stop swimming and mastering what you know
* It is nice to talk to you. What do you think about EHackingNews?
personally i find EHN more resourceful as news portal . and i m always excited for the data leak section. EHN and BTS combined makes a complete resource for my students to know the current happenings in information security domain and as a quality learning resource.
and i like thank EHN for inviting me for the interview.