Podcast with REAL HACKER 🖥️ Part 1 | Cyber Security & Ethical Hacking Careers in 2025

Dark Web. But now tell me about it. What is the Dark Web?

What kind of world is it? If you want guns, drugs, any kind of banned drugs, or even if you want to hire a hitman, you can find all that there. You can give money to anyone and arrange for someone's harm.

Isn't there any security layer that prevents access? No, that’s why it’s called the Dark Web—because it’s uncensored. No one has overarching control over it.

So no government regulation has reached it? It’s impossible to regulate because no one knows who is running the activities hosted on the Dark Web. Now, Rishabh is sending me a link on WhatsApp and claiming that clicking on it will hack your phone.

And this is an iPhone device. Everyone believes that iPhones are very secure. So this is you, and this is your location.

So just one click by me resulted in transferring of this much data? Yes, exactly. This is a cable that we normally use to charge our phones.

However, it’s not just a cable. While it will charge your phone, it’s also a hacking device. Oh my God!

So you mean this will charge the phone and also compromise it? Yes, if you charge your phone with this, it will be compromised. Then I can hack into your system and access all your data.

This is a Delhi Metro card, and this is a device. This is Flipper Zero, a basic device. What is this?

An ATM card? Yes. Now take out the ATM card.

No, no. Come on, I’ll show you how it works. So my ATM card can also be accessed on it?

Yes. Can wifi password be hacked easily? Yes, it’s very easy.

No matter how much security is in place? So if I want to become a hacker and hack a friend’s Facebook account, how would I do that? Welcome to our podcast.

Today’s guest is Rishabh Pandey, who has 10 years of experience in cybersecurity. We’ll learn about hacking, ethical hacking, and how things are ethically hacked. We’ll also explore the Dark Web and the online scams affecting us, such as OTP scams and loan scams.

We discussed these topics in detail with Rishabh. We also talked about how data is compromised on platforms like Facebook and Gmail and how security breaches occur. This podcast is particularly interesting because Rishabh hacked my phone during our live discussion, which was quite surprising.

He demonstrated several methods, showing how easily data can be accessed. Cybersecurity is a very interesting field. It’s an institution.

It’s an umbrella covering areas like IoT, ethical hacking, and many other fields. In MNCs, you see all these designations. If you want to enter this field, you should watch this podcast and share it with your friends and family.

It’s crucial to understand how to avoid online scams. But you must watch the podcast completely to understand all these things. So like, share, and comment on this podcast.

Your likes mean a lot, so let’s aim for 10,000 for such an interesting podcast. Let’s talk to Rishabh and learn about his journey and address the questions that are on your mind. If you want to do a podcast with me or sit with me, you can email me.

Either me or my team will reach out to you, and then we can arrange a podcast with you. Let’s talk to Rishabh. It’s going to be fun.

Rishabh, welcome to our YouTube channel. Today, I will learn about cybersecurity, hacking, ethical hacking, and online scams. We will try to understand it in detail with some examples.

But before that, your introduction. Tell us a little about where you’re from. I have many questions for you, then we will talk.

Please. First of all, thank you, Ajay, for having me on your podcast. I am from Prayagraj.

Prayagraj, formerly known as Allahabad, is a place in UP. So I am from there. I am an engineer like you.

I have been trying to learn and understand cybersecurity for the last 10 years. If I tell you the breakdown of my experience and career, I started as a freelance trainer in the initial one or two years. I began conducting workshops and seminars in different colleges and institutes.

After that, I joined a corporate job. I worked there for about 8 years, during which I worked for the government, secret services, banking, and many different corporate companies. Throughout this period, I worked in web application security, network security, mobile security, and many other domains.

I am still learning and exploring this field. I want to know one more thing. When we talk about hacking, such as hacking a Facebook account or a WhatsApp account, how feasible is it?

And do these things fall under cybersecurity? I will ask you all the questions that a beginner might have. Ajay, this is a very good question.

I get a lot of such questions. For instance, I need to hack my girlfriend's account . So Ajay, as you mentioned hacking, it involves two types: offensive security and defensive security.

Offensive security refers to hacking done with permission, also known as ethical hacking. You perform hacking with the permission of a company, government, or agency to test their system and identify weaknesses to prevent unethical hackers from exploiting them. This is ethical hacking.

And the one that is done without the permission? That is also hacking, but black hat hacking Hacking can be categorized into 2 parts. One is white hat hacking and another one is black hat hacking.

Black hat hacking is done without permission, such as hacking someone's account, website, or app. This type of hacking is illegal and increasingly common. To prevent these attacks, ethical hackers are hired by companies and agencies to protect their assets.

Sometimes, people’s Facebook accounts are easily attacked, and they can’t log in. How do these things happen? How do accounts get hacked, even YouTube or Instagram accounts?

There is someone from my known, whose Instagram page got deleted. How does this process work? I get a lot of questions like these.

I would like to say one thing here. The biggest enemy of security is human . The weakest link in the digital security chain is often the user.

So it is hacked due to your mistake. Even with large companies, there is no hacker who can directly breach their server and hack your system. It happens due to some mistake on your part.

For example, you might have clicked on a link, provided your credentials through phishing, downloaded a file, or installed malware. In some way, you must have been infected. Thus, you, being the weakest link, were hacked due to your mistake.

In most cases, such systems are compromised because of user errors. Passwords are often made very easy, and phishing examples show that clicking on a link in an email can lead to compromised information. Rishabh, I want to know about logging into Gmail and Facebook.

First, they ask for permission, and then I grant it and can log in. There are many third-party apps. As a developer integrating Gmail, I have a third-party application for Gmail.

We first ask for permission from the user before they can log in. Is my data compromised here? Since the data might eventually be sold to advertisers if I allow Facebook or Gmail, is the security being breached?

Let me relate this to my previous point: humans are the weakest link. What happens is that the party you give access to your data might misuse it. For example, if you grant access to Google, the application might only need access to your Google contacts.

However, it might also request access to your drive, photos, and gallery. If it’s a company or application that is unknown and doesn’t comply with cybersecurity laws or standards, you’re essentially providing your data to them. Even though it is difficult to hack Facebook or Google directly, similar data can be obtained and exploited from these sources.

Additionally, companies collect and sell data. They perform analysis and behavioral assessments. And then on the basis of that data, ads are shown to me.

Not just this. For example, there was a case where Facebook was accused of election manipulation. They were called by the US court and asked for justification.

It was found that they sold user data to companies interested in political parties and their mindsets. If Facebook provides data to a company, that company will analyze it and use it to influence you through targeted ads. For example, if you support a particular political party, Facebook might use that data to manipulate your views by showing you content from opposing parties, conditioning your subconscious mind over time.

Data is very important, and companies use it not just for sales but to manipulate and alter your behavior. Rishabh, I have a significant point regarding this. We are talking about Web 2.

0, where these issues arise because everything is centralized. Facebook and Instagram are centralized applications. As a developer, if I need to use these, I must grant permissions to access the application.

However, if I move to Web 3. 0, which is decentralized, the chances of data compromise are reduced because the app operates in a decentralized manner. So, how can a user stay secure?

One crucial step is to avoid granting access using your personal account. Instead, create a developer account with limited access, meaning it will have restricted information, and your personal data will not be exposed. If this account is compromised, only that specific account will be affected.

Additionally, when developing and integrating third-party apps, use isolated systems or virtual machines (VMs). If there is any compromise,then, the things in the VM will be compromised, but your main system and your personal data will be safe for a long time. For common users like my mom and dad, who are running normal Facebook and Instagram, how is that?

That is the right way; they have to do that. Again, security awareness is very much needed. You have to aware them of what should be done, what should not be done, what should be clicked on, and what should not be clicked on.

See, the scammers also see the age group and target people. For example, one case came to me: let’s say Ajay, you are going out, and your mom gets a call saying that Ajay has an accident or Ajay has been kidnapped. The caller uses AI to mimic your voice, saying, "Mom, send me money; I need it very much.

" The caller might also pretend to be a police officer, saying, "Give me money, and then I will release them. " There are a lot of scams in the world, and along with AI, scammers are also getting smarter. So, what happens is that old-age people, who don't know much about technology, might not realize that someone can talk in someone else's voice or call from someone else's number.

They will trust them. As technology gets better, cyber risk also increases. Humans will also have to be smart with technology.

You made a very valid point. Nowadays, all the apps around us—Web 2. 0 applications like Facebook and Instagram—ask for permissions.

You grant these permissions, but you need to be smart. Your password should be very protective; don’t use an easy password. This way, you can avoid external attacks.

Even though you have worked on government sites, do you think it is easier to get attacked on government sites and that they are less secure? There are a lot of reasons why they are less secure. Let's discuss those reasons one by one.

The first is the legacy system. Government applications often run on legacy systems. Even today, they use PHP servers, and some development is going on with old ASP systems and outdated servers that are obsolete and never updated.

The government doesn’t see a difference because there is no rule in India for data protection. Do you think there is a lack of awareness? There is no lack of awareness; there is a lack of accountability.

Because there is no accountability in the bureaucracy tree, one department blames another, and so on. For example, some time ago, Aadhaar card data was hacked. You must have heard about 1.

1 billion user information being on the dark web. Aadhaar’s website was attacked? Yes, I am telling you how.

The attack happened when COVID was going on. We all used to put our details and get vaccinated, remember? There was a Covin app where we put details and got vaccinated.

Aadhaar’s data went to Covin, so that data got compromised from Covin. The government doesn’t believe it, but this data is on the dark web. You can download and see the real data.

But again, lack of accountability. Government isn't accepting at all that they made a mistake. If you won't accept it, then how will you prevent it?

One reason is the legacy system, second is accountability, third is the bureaucracy structure. There is no accountability, and there is no liability. The fourth main point is hackers have a lot of interest in these systems.

For example, Indian government websites are targeted by people from different countries, like Pakistan, China, and other neighboring countries. For them, Indian government websites are very juicy targets. They target Indian websites.

Someone learned something and started targeting Indian websites, so there are a lot of attacks on these websites. If the type of attack is very high, there should be a prevention mechanism. Your system should be that secure, but these are not all.

Fifth point: I have worked with government NIC and many other government entities. They have to get their application security tested; this is a must. If you don’t get your security tested, then your application won’t be hosted.

Now, here, the companies that are testing are not very good at cybersecurity. They are small companies, not very good at cybersecurity, but they are doing audits. If there are issues in audits, the government is not doing anything.

They are not fixing the issues; they are just trying to make the application work. These are the reasons why government websites are still unsafe. Now, you have used the term dark web.

Tell me about it. What is the dark web? The dark web is a simple internet, like we use Google, Facebook, and all these things.

We put Google. com on the browser, or Facebook. com, and all these websites open on the browser.

This is the open internet or open network. We can access all these websites. The dark web is a standalone network that is different from this internet segregation.

Let’s say our internet is here; the dark web is a different segment. We can access the internet, but we can’t access the dark web. To access the dark web, we need a special tool like Tor.

Tor is a kind of browser. As soon as you open the browser, you will be connected to that network. Since it’s a standalone network, you will need a gateway to access it.

As soon as you turn on Tor, the gateway will open. Now, let’s talk about the dark web. So what is the dark web actually?

As the name suggests, dark. The dark web is a standalone network that is not under the supervision of any country or any agency. It is isolated—servers, systems, data are not under the supervision of any government.

So it has a lot of illegal things, like guns, drugs, any kind of banned drugs, or even hitmen. You can hire a hitman, give some money to anyone, and they can kill someone. Things like this can’t be tracked by the government.

Do people use the dark web? A lot. Have you used it?

I have been using it for a long time. I am actually doing it. So, how dangerous is it in terms of how many illegal things are happening there?

Is it safe? No, it is not safe. If you want to use the dark web for information gathering or learning, then use it.

I will use the normal web, which I normally do. But if you want censored information or leaked papers from some government, like the Panama Papers, there are lots of such leaks. If you want uncensored information, there are lots of books that the government has banned.

So everything will be there. There is no security layer to prevent people from accessing it. No government regulation has reached there.

It can’t be there because no one knows who is running the things being hosted on the dark web. For example, let’s say my phone is running, and the dark web is running on it, and this is a dark web system that people are accessing, and I am serving illegal data here. The dark web is a complex thing, but if we understand it simply, it is a different part of the internet that we can’t access normally, and it is used a lot for illegal things.

So I often get calls and messages on WhatsApp from strange numbers. What is all this? Is it part of an online scam, or is it trying to trap me?

Like you must have seen on WhatsApp, we get messages/calls from some foreign number, and many times I get phone calls asking for OTPs. I think you must have experienced it? I have had many such cases.

Today I will discuss some cases. And please tell me how to escape from online scams. You gave your data; your data was leaked; your WhatsApp number was leaked.

The easiest target for hackers is to send something like this on WhatsApp, and people will click on it. If someone sends something to your email, you might not pay attention to it or click on it. But if something comes on WhatsApp, you might click, and your phone or data might get compromised.

We will see an example of this. Please show it if you can. So, what are you going to show?

I will send you a simple link on WhatsApp. You will click on it, and I will access your system. What are you talking about?

Which phone do you have? I have an iPhone. Okay, I will bring it.

I have brought my phone. Meanwhile, I am setting up my server. So, you will send me a link, and as soon as I click on it, the phone will get hacked.

Yes. People ask what happens if you click on the link, so today we will demonstrate what happens if you click on the link. I am getting scared.

I will give you a link. Open it in incognito. Is it safe there?

It is not safe anywhere. So now you are setting up your server on your mobile? Okay, so now Rishabh is sending me a link on WhatsApp, and he is saying that as soon as I click on it, my phone will get hacked.

This is an iPhone device, and as we all think, iPhone is very safe. Sir, whatever you do, please remove it later. There is a lot of personal data in this.

This podcast will be expensive for me. No, no, just for demonstration purposes. I do not recommend this to anyone.

So I have sent you a link. Open it now. You tell the camera what all things it is asking, what permissions it is asking.

I just got a URL. Let’s copy it. Where should I open it?

You can open it in your browser. If you want to do it in incognito. Okay, I will do it there.

Will it be safe or not? Let’s see. I got a popup.

Open youtube. replit. app.

It is asking to allow. Should I do it? Basically, you allow.

Camera access, allow. So this is you, and this is your location, this is your phone details, and all those. Oh my God, Sir!

Did you just get that with one click? Yes, your exact location. Guys, look at this.

All my pictures are here. And my location, everything from the iPhone. .

Even the battery percentage. And there's so much more we can do. This is just a demonstration.

I can record your microphone. I can record your videos. Now close the incognito tab.

Close it. This permission is over. Is it safe now?

Okay. I’m scared. No, it’s not closed yet.

Close it again. Close all the browsers you have opened. Because I still have access to your system.

Right. I’ve closed everything. Okay.

So, this is how it happens. You click on a link, and you can get hacked. No, I mean, all my pictures are here.

And all the data. Like, which phone, the battery, everything. Yes.

And this happened with an iPhone. Android is open source; you can manipulate it however you want. But this happened on iOS too.

So now, let me explain. Is this phishing? No, this isn’t phishing.

We used social engineering. You clicked on a link, and it asked for permission. It needed camera access and other permissions.

So, you granted them. Now, as soon as you did that, all the cameras on your phone started recording, the microphone started recording, and it gave access to your GPS location. It captured that permission and sent all the data.

So, this was social engineering. I gave you a link using social engineering, and you clicked on it. Phishing is a bit different.

In phishing, I send you a link and tell you that I’m from Facebook, and your account is compromised, so you need to recover it. Or, your ad account is about to be suspended, so you need to secure it. That’s the use case.

Sometimes, I get messages from the bank, saying that ₹10,000 has been deposited into my account, so I should click to verify it and receive the money. When you click on it, it looks like the SBI page if my account is in SBI. That’s phishing.

Phishing means it’s similar. And what kind of attack is this, the one you just mentioned? It’s a social engineering attack.

We provided a link, you clicked on it, and gave permission. But this is very dangerous. The hacker can see everything—how you're sitting, how you look—because all the pictures keep coming in.

People use it to do a scam. I mean, there are many scams. Your screen has been recorded, your personal moments have been recorded, and your voice has been recorded.

So, what happens is that this kind of attack is common among high-profile people. Let’s say they’re going to a meeting. The hacker or big agencies want access to your phone, your microphone, so they can hear what confidential things you’re discussing in the meeting.

Right? That’s why, in highly classified meetings—even when I worked with security services—phones aren’t allowed on the premises. If you’re going to have an important classified meeting, all devices stay outside.

You can't even take your watch in there. So, to avoid such situations. .

. I don't know who clicked the link. I can't seem to get out of it.

So, let me show you another demo. Don't send me the link; you try it yourself. I’ll do it now.

So, in this demo, let's say there are many cases where people's photos/videos gets uploaded on p*rn websites. Right. And those pictures or videos appear in many places.

Now, I can't identify where all these photos or videos are available. Okay. Because you can’t search for them through Google or a normal search engine.

Google searches by human means—like, if I will search you through google lens, I will get link to your shirt. Yes. So, I have a tool that.

. . Is this tool publicly accessible?

Yes, it is publicly accessible, but it’s paid. Paid. I’ll scan your face, and then wherever your photos are available on the internet, this tool will find them.

It will find them in videos, too, and extract them from there. Basically, it reads the geometry of the face, around 20 points, and finds similar structures. It will pull out all the photos on the internet with those similar structures.

Okay. So, this is how we handle p*rn cases and scams as well— By getting them shut down so people can’t see those things? Right.

Now, I’ll tell you about a case. A scammer tried to scam me. I sent him a link and got his photo.

Now, I want to know who he is. So, I scan him this way and get his identity. No, no.

You’ll get a lot of information this way. A lot. This is a very critical thing.

Shall we do a demo? Yes, Sir. I’ve done many podcasts, Rishabh, but this is a very practical one.

I have so much to show you. I haven’t even brought my hacking tools. We’ll talk about things that I can do with my phone.

Guys, you’re watching this podcast. If we missed something, write it in the comments. We’ll invite Rishabh again, and he’ll answer all your questions.

Ajay, let’s do a demo of this. Take out your specs. I’ll take a live photo of you.

Okay, Sir. And I’ll try to search for you. Okay.

That’s it? Yes, that's it. So, I’m doing some searches.

Now, look at this. Tell me if there’s anyone here that looks like you. It's me.

We use these pictures on my YouTube thumbnails, but yes, everything has come up. Guys, I can show you. Look at this.

I mean, I can see all my pictures. I think these pictures are clickable. Yes, you can click on the link to see where the picture is uploaded.

Even old pictures have come up. From your face structure, all your pictures have been pulled up. And we can do a deep analysis of this.

If your picture is on the dark web, we’ll find it and remove it. Let’s say if people create fake accounts, they often upload them to the dark web or Telegram. So, we find pictures from there and delete them by talking to the admin.

And secondly, these tools are also useful in investigations. No, no, Rishabh, this is very insightful. I’ve learned a lot from you in this podcast.

Any other demo, Sir? Let’s do it. Okay, no more demos.

I’ll show you two more things. Please. What is this, Ajay?

Sir, this is a cable we usually use for phone charging. It’s just a cable, Sir. Okay.

So basically, this is an iPhone cable, and this one is for Android. But if I tell you that this isn’t just a cable. .

. It’ll charge your phone, but it’s not just a cable. It’s a hacking device.

Oh my God. What do you mean? It’ll charge your phone, and at the same time.

. . If you charge your phone with this, your phone will be compromised.

I can hack into your system and access all your data. Whether you’re charging an Android or an iPhone. You won’t be able to tell the difference.

But this phone. . .

There’s a small chip inside this cable. It’s running a server, and there’s an exploit payload running on it. So as soon as you connect it, the exploit will be triggered.

Let’s say you connect it to an iPhone. The iPhone will be hacked, and I’ll get a connection to your phone on my server. The same thing would happen with Android.

This is called an OMG cable. It’s not available in India. But you can get it for around $200.

Please keep it with you. So if I plug my phone into this right now, my phone's data will be compromised. Yes, you connect your phone, and I just need to turn on my laptop to start the server and deliver the payload.

Your data will then be accessible to me. You’ve probably heard that you shouldn’t charge your phone in public places. Don’t plug it in there.

Now, also know this: don’t take a charger from anyone. Don’t even accept a cable. It looks so simple.

See, when you asked me about the cable, it looks like a charging cable. But what’s the story inside it? Okay.

Now, we use this a lot to hack into corporate systems. We give this type of cable to corporate employees. Even a technical person can get trapped into this.

This isn’t a USB drive that you won’t bring into your system. It’s a simple cable. As soon as you plug it into the system, the system will be compromised, and the network will be compromised.

After that, we can go deeper into the system and further compromise it. Right. I'll keep this, then.

Please do. So, this is one more device. Okay.

Let’s do one more demo. Is this the last demo? I’m getting so many demos today.

There are many more, but we’ll also save some for the next podcast. Okay. Let’s do this.

I have a metro card. Metro card. Yes.

And this is the device. Okay. Look at the front as well.

Tell me. So, basically, I’ve just come from the metro. This is the Delhi Metro card, and this is the device.

This is Flipper Zero. It’s a basic device that can capture almost all kinds of frequencies. Now, this metro card works on an NFC frequency.

It has a chip inside it that holds your data, including your balance. Right. So, what will I do now?

Ajay, I'll place your card on this device, and I now have access to your card. And now you can keep your card. I can use this to make payments by going to the metro.

Okay. Now I can use this to open the metro system. So if you use my money there, the money will be deducted.

Yes, I've cloned your card. Oh. Sir, can this be done with ATM cards too?

Yes, now take out your ATM card. No, come on. I'll do this too.

I mean, even my ATM card can be accessed with this. Yes. Now watch this demo.

First, show me the card. Yes, the card is fine. The real card.

Yes. So, this also works on NFC. So now I'll turn on the reading and place it on this.

Oh. Oh wow, Sir. So in the metro, all these things.

. . Guys, look at this.

Oh. The details of this card have been captured by this machine. So now I don't need this card.

I can use this directly. Yes, with some cards. Not all cards work, but yes, some cards.

. . I can clone and pay.

But I can see all the details stored in the card. Yes, I can see all that. Yes.

So basically, this is NFC cloning. NFC. .

. These cards work on NFC. This metro card works on NFC.

Your office access card works on NFC. The one you tap. There are some cards that work on RFID.

Some cards work on RFID. So I can capture all those things and replay them. Right?

So now, imagine one scenario. You are going to the metro. You are in a line.

You have kept your wallet behind you. And I will take this device and place it on your wallet. I’ve placed it on my wallet.

It's done. It's done. And I will say, where is my money going?

With the metro card. So friends, if you want to avoid such attacks. .

. These card cloning attacks. .

. Some special pockets/bags are there. Which block this kind of frequency.

So, you can use those pouches to store your credit cards in them. I think that’s enough for the demo. No sir, I couldn’t even get out of the demo.

But this was a very insightful podcasts about security, hacking, ethical hacking, and the dark web. There was a lot of information. I want to know a little bit about ethical hacking, the kind that’s done with rules and regulations in mind, with proper permissions.

There's something called as Kali linux. I think many students must have heard about it. So, tell us a little about the tools available if hacking is done properly.

Okay. See, if you’re doing ethical hacking and have permission, even if you don’t have permission, you can still hack. But you shouldn’t hack companies or agencies.

There are many demo applications, vulnerable apps, APIs, and systems like Hack the Box and World Machine. There are a lot of places like this where you can test your skills. There are post-exploitation labs where you can hone your skills.

Okay, now let's talk about Kali Linux. Basically, Kali Linux is an operating system designed with hackers in mind. This operating system comes with almost all the necessary tools.

Let’s say you want to learn web application hacking; it has Burp Suite, Web App, and countless other tools. I can’t even name them all. I guess there are thousands of tools.

Whether you want to hack Wi-Fi or networks. . .

Can you hack a Wi-Fi password? Very easily. No matter how much security is there.

Yes. No matter how much security is there, Wi-Fi hacking is very easy. I mean, it’s not that it’s extremely easy, but if the Wi-Fi is highly secure, we can use advanced methods to hack it.

It’s not something that can be hacked with just a script. It depends on the kind of Wi-Fi security you’re using, the frequency, whether it’s 2GHz Wi-Fi or 5GHz Wi-Fi, how strong your password is, and what kind of encryption you’re using. And again, humans are the weakest link.

You yourself will give me your wifi password? Okay, tell me one thing. I’ll give you an example.

You have a very strong Wi-Fi password, right? And suddenly, I do a deauth attack. It’s an attack—a deauthentication attack.

It sends a packet, and your phone will disconnect from your Wi-Fi, okay? It’s disconnected. And along with that, I create a similar Wi-Fi network.

Let’s say your Wi-Fi name is Ajay. So, I create 20 Wi-Fi networks with the name Ajay. This is called an Evil Twin Attack.

I create identical Wi-Fi networks. Now, when you click on that Wi-Fi, it will ask for the password. You might think you’ve forgotten your Wi-Fi password, or you might think your Wi-Fi has been reset, so you enter your Wi-Fi password.

It’s the same name, so you enter it. It’s the same name, so anyone could fall for it. So, I didn’t have to hack the Wi-Fi system.

I just deauthed it and gave you a fake Wi-Fi, a rogue Wi-Fi. You entered your information into it, and very easily, I got the Wi-Fi password. Simple.

I mean, as the internet grows, awareness is increasing, and social media is expanding rapidly, so as individuals, we need to become smarter about our actions. We were talking about ethical hacking. So, if someone wants to become an ethical hacker in a company, many MNCs require ethical hackers.

There are different designations like Application Security Expert. So, what would be the roadmap for this? If someone wants to enter the cybersecurity field and focus on ethical hacking, what path would you suggest?

As I mentioned earlier, there are two main areas: Offensive Security and Defensive Security. Offensive Security includes ethical hacking and penetration testing. Defensive Security includes the Blue Team and SOC (Security Operations Center).

Let’s talk about each of them one by one. If you want to enter Offensive Security, where you need to hack, break things, and you know nothing—like most of the audience, who are just starting their learning and are very new to the field—first of all, you need to understand the basics of networking, the OSI layer, how it works, how messages are transmitted, how data is transferred from one layer to another, what protocols exist, what services are available, what vulnerabilities exist in which protocol, how encryption works, and how cryptography functions. Once you’ve done the basics, you’ll understand basic networking and data flow.

Now, let’s move forward. Pick up one or two programming languages. I recommend learning Bash and Python, or shell scripting and Python.

You don’t need to learn them at a developer level; just enough to tweak your tools and automate some tasks. Learn just enough so that if you come across a code, you understand the flow and what the code is trying to convey. Anyway, there’s AI too, where you can input code and ask questions, but still, you should know some things like this.

Now again, Kali Linux is very important. So, go to Kali Linux and learn some tools. Where do you learn the tools?

There are many labs like Post-Exploitation Labs, World Hub, and Hack the Box. You can apply your learning there and hack in a safe environment. In a few days, you’ll gain confidence, having learned the tools, understood the basics, and being able to identify vulnerabilities and crack CTFs (Capture the Flag).

Now, in the fourth phase, you need to start with bug bounties. There are two types of bug bounties: Paid Bug Bounty, where you’re paid to find bugs, and Free Bug Bounty. If you’re new, focus on value addition—hacking real websites after practicing in labs.

Where can you find real websites if you’re not associated with any company? You can start with bug bounties. Now, I’ll add some certifications.

In this 6-8 month process, for networking, you can do CCNA, CompTIA Security+, or CEH. These are three basic certifications. If you do any two of these, it will be beneficial.

It will make your resume stand out and strengthen your skills, helping you crack interviews. After doing this, you can apply for a penetration tester job and start your career. There are many opportunities available.

Many companies offer internships in cybersecurity. Google has cybersecurity internships, Flipkart has internships, and many other places do too. You can gain industry experience and learn how work is actually done in the industry.

In my personal opinion, Rishabh, people tend to gravitate more toward web development, app development, and software testing. They tend to lean more toward these fields. Cybersecurity awareness is still somewhat limited.

Do you agree with this? Yes. Right?

Yes. Because I’ve observed that people often move toward these fields. In fact, I’m fascinated by many things here.

Actually, there’s a reason people go into development. See, in any company, like the one you come from, there must be many developers. So, there are a lot of jobs and market presence.

Aren’t there jobs in cybersecurity? No. If there are 100 developers in a company, there might only be two or three security experts.

That’s why there’s less market presence. But the pay is excellent. And if you have a passion for it, if you’re enthusiastic, you should pursue it.

Right. It’s all about your interests. Yes.

Now, you mentioned salary. How much can a fresher expect to earn if they start their career in cybersecurity? The path I outlined—learning the basics, doing some bug bounties, and obtaining credentials—doesn’t require extensive certification.

But after doing that, you can apply and should be able to crack an interview. There’s a demand for these skills everywhere? Yes everywhere.

Like in development, who will test what you develop? Right. There’s a process in place.

Developers develop, but before going to production, every app, device, and server undergoes security testing. That’s done by the security testing team. Now, let’s talk about the salary for freshers.

It’s not a lot—around 6-10 lakhs for freshers in this field, in a good company. With 6-7-8 years of experience, you can earn a package of around 50 lakhs in India. Okay.

And if you go abroad, you can earn around 300k. 300k in euros, pounds, or dollars? Dollars.

I’m talking about the US. Yes, you can earn around 250k to 300k. That’s approximately 2.

25 crores. Easily. You’ve talked a lot, Rishabh, and shared many examples.

We’ve understood ethical hacking and the ethical hacking field. Brother, I want to become a hacker. Is there a path for that?

Is there a different path to becoming a hacker? No. To become a hacker, first of all, you need to understand that hacking is a scientific process.

It’s a process. For example, people come to me and say they want to learn Facebook hacking. They say they want to become a hacker.

I ask them, “Okay, what do you want to learn? ” They reply, “Facebook hacking. ” I tell them to go ahead.

Hacking is a whole scientific process. You need to learn the basics. It’s essential to go through all these steps.

I believe it’s all about practice—the more you practice, the better you’ll become. A hacker must have experimented a lot, possibly hacking a website, and only then would they have seen results. Yes, exactly.

A hacker also needs to be creative. For instance, if a hacker is testing something, they need to manage the network. There will be devices involved, applications as well.

A lot of elements come into play. So, you need to learn a wide range of things. As a hacker, you can’t just say, "I only know web application security.

" It doesn’t work like that. While you might land a job initially, in the long run, you’ll need to work across almost all verticals if you want to reach the architect level in hacking or aim for the CSO level. Okay, Rishabh, I really enjoyed our conversation, especially your insights on hacking, ethical hacking, and online scams.

Right. Before we wrap up, I’ll definitely invite you again. Based on the feedback from our viewers, we’ll bring you back for another session.

But before we go, do you have any advice or practices to share with our viewers, especially for those watching who are just regular users or children? You’ve already provided a great roadmap, but how can we make ourselves more secure? You mentioned that individuals are often the weak link.

Yes. So, what steps can we take to protect ourselves, especially considering the number of social media accounts being hacked these days? Right.

What advice would you give to our audience, from your 8-10 years of experience? Well, to stay secure, the first thing you need to adopt is a zero-trust policy. Don’t trust anyone.

Don’t trust any link, even if it’s sent by someone you know. Don’t click on it right away. If you must click, use a disposable browser.

Open the link in a disposable browser by copying and pasting it. This way, your system won’t be compromised. If someone sends you a file and you need to open it, open it in Google Drve instead of opening it on your system.

Don’t open it on your phone either. Whether it’s a PDF or a document, open it in the drive. This will keep your phone and system safe.

And most importantly, don’t use the same password everywhere. If you use the same password across different accounts, it will be reused attack. If I know your email ID, I can find out what your old password was, where it was compromised, and if you’ve reused that password somewhere.

A hacker will try that password on Facebook, Google, and other platforms. And it might just work. That’s why I recommend using a password manager if you can’t remember different passwords.

There are many options available. But yes, don’t trust easily. And the final word for this podcast is this: Humans are the weakest link.

Stay safe. Thank you so much, Rishabh. It was great talking to you.

I learned a lot. I hope you’ve all learned something new today as well. If you did, please like this podcast.

Share it. Comment on it. Help us reach 10,000 likes for more such interesting podcasts.

I’ll see you in another exciting episode. Until then, take care of yourself. Thank you so much.

Thank you.