Nikhil Wagholikar - Ethical Hacking course, Certified Professional Hacker, Certified Information Security Consultant, CEH, CHFI, Vulnerability Assessment, Source Code Review, Application Security Training, Database Security, Computer Forensics Training, Network Security, Operating System Security, Ethical Hacking Workshop, Mumbai, India, Mumbai, Delhi, Bangalore, Chennai, Hyderabad, Bahrain, Kuwait, Dubai, Riyadh, Singapore, Malaysia, Hong Kong, Europe, USA, North America

Company
- About Us
- Strengths
- Forums
- Contact Us
Training
Careers
Clients
- Testimonials
Partner with us

Testimonials

“Mr Mookhey's session was extraordinary very good.Expectations were set accordingly when Mr Nikhil took over from Mr KK.”

- Deepak

Nikhil Wagholikar

Nikhil W. is a Vulnerability Assessor, Penetration Tester, Computer Forensics Analyst and Information Security Auditor expert at NII. He is also a Certified Ethical Hacker, and has performed vulnerability assessment, penetration testing, computer forensics and security auditing exercises for some of NIIs premier customers. He has consistently impressed clients with his ability to think out of the box, and creatively attack systems and applications. He is well-versed with the OWASP, OSSTMM, Digital Forensics and ISO 27001 Standards.

He currently serves as Practice Lead of Security Assessment Team at NII Consulting focusing on Penetration Testing, Vulnerability Assessment, Computer Forensics and Information Security Audits.

His technical abilities span a very wide range of technologies across networks, operating systems, databases, web servers, mail servers, and applications; however his specialization is web applications and UNIX systems. He possesses strong analytical skills and is at the forefront of the research activities that NII undertakes.

Profile

Educational Qualification

Bachelors Engineering in Electronics and Telecommunication
University of Mumbai, India

Certifications

Certified Ethical Hacker
ISO 27001 Lead Auditor (BSI Certified)

Detailed Experience & Expertise

Application Security

Expertise in Threat Modeling, web application testing, and operational environment audit
Well-versed with the Open Web Application Security Project Top Ten security vulnerabilities.

Network Security

Worked on security for a range of operating systems, databases, web servers, mail servers, directory services and applications
Experience with an extensive range of security systems and solutions.
In-depth knowledge of TCP/IP fundamentals

Compliance & Guidelines

Is well versed with ISO/IEC 27001 Standards
OECD Guidelines for the Security of Information Systems
NIST & Microsoft guidelines for Windows Server Security
MNSCU guidelines for UNIX Security

Computer Forensics

Is well versed with Forensics tools such as Encase, Autopsy, FTK, Winhex, Rifiuti, windows file analyzer, mount image pro, userassist decryption, filealyz, e-mail investigation, windows registry recovery, rootkit analysis, internet explorer history viewer, access data password recovery toolkit, ultimate zip crack, Passware, web historian, strings, Helix, recycle bin analysis, CD/DVD inspector, CD/DVD diagnostic, Vinetto, alternate data stream, parabens registry analyzer etc.
Has knowledge about Email investigation
Learning in depth about internal structure and functionality of several file systems including FAT, NTFS, and other Journaling File Systems such as ext3. Studied details of imaging and analysis including the use of manual and automatic processes. Familiar with command line (Linux) imaging tools like dd, dcfldd. Used FTK academic bundle including FTK imager, FTK registry viewer, and FTK password recovery toolkit. Also learnt about data carving, search methods (i.e. file search vs. logical volume searches) and data reduction.
Network Forensics- Designed a secure network topology for a business/ enterprise. Knowledge about the collection, examination, and analysis of data stored on networks, as well creating pre-incident network collection plans. Examined tools used in network forensics processes such as Nmap, Ethereal/Wireshark, Nessus and Snort.

Technical Skills

Operating Systems: Windows 9x/NT/2000/XP/2003/2008/Vista, Linux, UNIX
Servers: Domain controllers (Active Directory), DNS (Microsoft DNS, BIND), DHCP, Mail Servers (QMail, Microsoft Exchange, Sendmail), Web Servers (Microsoft IIS, Apache), FTP (Microsoft FTP, vsftp, wu-ftp), Proxy Servers (Microsoft ISA, SQUID), File Servers (Microsoft built-in, SAMBA)
Databases: MS-SQL, Oracle, MySQL
Network components: Firewalls, Routers, VPN, Switches, WLAN access points
Security tools: Nmap, Nessus, Fport, Ethereal, Hping, tcpdump, whisker, nikto, ethereal, WebGoat, SARA, Netcat, Superscan, Snort, firewalk, Achilles, brutus, Paros, HTTPrint, WinHTTrack, Sam Spade, Cain and Abel, L0phcrack, Crack, WEPCrack, Kismet, forceSQL, SQLPing, John the Ripper, Dsniff, windump, Xavior etc.
Languages: C, Shell Scripting, Windows Script Host, Perl, HTML.
Firewalls: Cisco PIX, Forti-gate, Juniper

Business Skills

Communication and Interpersonal

Have good communication skills by virtue of being a public speaker and trainer
Experience in project management, and client interactions
Experience in dealing with senior and middle management, system administrators, auditors, business partners, clients, customers, employees, etc.

Project Management

Have led many of the projects executed by the company

Very strong commitment to quality of deliverables

Training

He delivers training on:

Certified Ethical Hacker (CEH)
Computer Hacking Forensic Investigator (CHFI)
Certified Professional Hacker (CPH)
Application Security
Operating System Security
Network Security
Database Security
Computer Forensics & Incident Response (Associated Trainer)
Wireless Network Security
Auditing and compliance

Security Articles & Research

Security Articles

Universal Extractor
Dare to delete my files CheckMate
Network Performance Audit (2 Part Article)
Article 1: Assessing Bandwidth Use as a Function of Network Performance
Link: http://www.theiia.org/ITAuditArchive/index.cfm?catid=21&iid=571
Article 2: Essential Aspects of an Effective Network Performance Audit
Link: http://www.theiia.org/ITAuditArchive/index.cfm?iid=575&catid=21&aid=2901

Research

Vulnerability disclosure of clear text password dumped in memory in ThunderBird Email client.

Significant InfoSec projects

Penetration and Web Application Testing for:

India's largest online share trading website
One of the largest online gifting websites
Law firm in Riyadh, Saudi Arabia
Matrimonial and dating website
Zahid Tractor
One of the largest Telecom Company in Bahrain
One of the largest Airlines Company at US
Four of the leading Indias public sector units
Two of the India's largest BPO
One of Asia Middle Easts leading IT Security Service provider
One of Asia Middle Easts government educational organization
One website hosting company
One of Asia Middle Easts largest Financial Exchange market
One of India's leading Local Search Engine
UKs largest bidding company
USAs largest vaccination company
One of Iran's Information security consulting and training company providers

Computer Forensics Projects for:

E-mail investigation for corporate organizations and individuals
Helped in tracing hackers
Forensic analysis of hard disk and volatile memory
Forensic investigation of computer where data theft has taken place
Forensic investigation of USB drives
Password cracking of all types of files
One of government organization of UAE

Wireless Penetration Testing for:

One of Largest banks in Middle East
One of Asia Middle East leading IT Security Service provider

Vulnerability Assessment Testing for:

Two of the India's largest BPO
One of India's largest banking sector
India's largest online share trading company
One of India's Mail service provider company
One of Asia Middle East leading IT Security Service provider
One of Asia Middle East largest Financial Exchange market
One of India's leading Local Search Engine

Information Security Auditing for:

One of India's sports company
One of India's largest banking sector
One of India's Mail service provider company
One of India's largest online share trading company
One of Asia Middle East leading IT Security Service provider

ISO27001 Implementation for:

One of India's online share trading company
One of India's Third Party revenue collection company
One of Asia Middle East government educational organization
One of Asia Middle East leading IT Security Service provider

Network Performance Audit for:

One of India's largest chemical engineering service provider

Application Security Audit: Performed a comprehensive application security audit for one of USAs largest vaccination companies

Mail Server Setup: Setup and configure a QMail Mail server based on Linux. QMail is considered much stable and secured Mail server in Linux world and is used by major commercial mail service providers like Gmail and Yahoo.

Domain Controller: Setup, configure and manage Windows based Domain controller (Active Directory), its policies, auditing etc.

Linux Based Firewall: Setup, configure and manage IPCOP. IPCOP is a specialized Linux based Firewall for protecting all kind of networks.

UNIX/Linux Audit: Performed a comprehensive audit of UNIX/Linux Operating System.

Security Hardening of Systems: Written scripts that would hack proof completely Oracle Database, and various Operating Systems and databases.