Do I need to hack the internet to understand attacks and their impact.

Do I need to hack the internet to understand attacks and their impact.

While developing my personal labs I discovered that in order to make a lab representative of current infrastructure you will spend more time understanding what an

administrator does not what hackers do. The labs are vulnerable, the
device is available, its one of one in more cases and causes you to
focus on the skills needed which make them great, but what about
devices that sit behind a firewall, inside a DMZ or clients that have
AV, HIPS and NIDS to protect them, all these mechanisms used to
protect a network and its clients can still be bypassed by the
black-hat that wants what you have, while trying to emulate these
extra protections take more time than bypassing them so without being
able to perform penetration testing against real world systems and
the devices, services and people that link them, how can you learn
what black-hats already know without becoming a black-hat yourself.

I have been interested in computer misuse for a number of years and have never crossed the line nor picked a hat, but one thing I have began to understand is permission
is what makes hacking legal, reports make it something management can
respond to, for the penetration tester, 'the hacker in us all' it's
not about the box but out smarting root no matter what box it is.

There are some tools that can help you to produce a lab with extra hosts, such as the live-CD's provided by Thomas Wilhelm and others, I have also included SwoothWall
distributions to add extra dimension to the penetration process, but
I bet its not the same. What would be the real harm in complying to
OSSTMM and ISSAF to produce a report for the owner(s), would this not
be a better learning platform, one just like the black-hats have only
with less mal-ware and back-doors being left.

Views: 7

Tags: attacks, labs, real-world


You need to be a member of Dissecting The Hack to add comments!

Join Dissecting The Hack

Latest Activity

Cole is now a member of Dissecting The Hack
Profile IconKammi and David Stanfill joined Dissecting The Hack
Nov 22
Faraday updated their profile photo
Nov 12
Faraday posted a blog post

Hacking Airline Ticket Seating - Not all Airlines are Secure!

[Will present this at local Defcon 414 in December 2015 and post slideshow here]I have successfully done this over a dozen times - once for my girlfriend on a flight, sending her the credentials via email.I MUST classify this as a "social engineering" hack despite several modifications to the boarding pass - which seems to be NOT associated with this airline's information other than flight number, date, time, and passenger name. Nobody checks, nor has the ability to check when you board the…See More
Nov 6

© 2015   Created by Marcus J. Carey.   Powered by

Badges  |  Report an Issue  |  Terms of Service