Practicing hacking and penetration techniques

datalol-jack said:
Next time don't swallow and move your hips more!:D

l0MYwawkhA9A8Z3zy.gif
Click to expand...

:D

Voice of experience? :p
 
Sliver said:
I think I should be the person who decides that my systems are secure. I DO NOT WANT un-autherised people hacking my accounts. Even if they have no malicious intent. It's like pooping through my letterbox, I did not ask for it and DO NOT WANT IT !
Click to expand...

You're misunderstanding. Companies will employ a hacker/penetration tester to test their own systems for security, so they can identify and close any open exploits before a malicious hacker does.

Let's put it this way, anything connected to the internet is always going to have a way in, whether that's a technical vulnerability or through social engineering.

Would you rather that was found by someone who wants to steal your accounts/money/ID, or someone doing it to prove they can, who then passes on details of the vulnerability to the organisation running the service?

It's no different to hiring an ex-burglar to go over the security on your house/office to identify weak points.

Also, if they're not malicious, then they won't be "causing trouble by violating your privacy" because chances are you won't even know about it ;)
 
Kali Linux.

Hacking with Kali Linux.

Google that and you'll get all the resources you need/want to get started with hacking and you'll be on your way.

We Mr. Robot now.
 
Sliver said:
I think I should be the person who decides that my systems are secure. I DO NOT WANT un-autherised people hacking my accounts. Even if they have no malicious intent. It's like pooping through my letterbox, I did not ask for it and DO NOT WANT IT !
Click to expand...

As others have said, I think you've missed the point.

Companies who are victim of cyber attacks (the big ones recently are Yahoo, Sony, Talk Talk, etc...) lose tens of millions of pounds as a result.

Often customer details are stolen and put online, or financial data stolen, product designs, emails intercepted (sometimes covertly), websites redirected, servers encrypted meaning that ALL data is effectively lost.

Sometimes these incidents are accompanied with threatening tweets/emails/calls or messages somewhere. There are often demands for money. All the while the business or organisation can't operate, often this means that hundreds of staff members jobs can't be performed, share prices go down, publicity damages their reputation, the UK business market becomes less attractive as some larger organisations lose confidence and go elsewhere.

Companies often employ external penetration testers. More secure businesses will also employ people to try to physically get in... e.g. A man with a high vis and a bogus lanyard will walk up to a door and say "Sorry mate, forgot my entry card". Then get in and just see where they can get to.

It's a fantastic way of truly testing your security and the awareness of staff. Same for the IT and network infrastructure. Penetration testers will then complete a report saying what they found and the weaknesses to patch up and will help the company secure themselves better.

That can only be a positive thing. It's better usually for an external business to come in and test the network, as their own staff are quite often blind to the weaknesses or too focussed on one area. Whereas independent contractors are completely fresh, have no bias, and will come back with a more balanced report.
 
I've been involved with a couple of pen tests at where I work in the last couple of years, mainly the old iL2 & 3 accreditation's and Cyber Essentials Plus accreditation.

I have also been involved with the pre-pen test work (server hardening etc) to make sure that systems are secure and up to date before the pen tests take place.

The more common tools of the trade for pen testing are;

Kali Linux
Nexpose
Metasploit
Nessus

I'm currently looking at doing the Check Team Member course at some point next year.
 
You must log in or register to reply here.
Back
Top Bottom