Do I need to hack the internet to understand attacks and their impact.

Do I need to hack the internet to understand attacks and their impact.

While developing my personal labs I discovered that in order to make a lab representative of current infrastructure you will spend more time understanding what an

administrator does not what hackers do. The labs are vulnerable, the
device is available, its one of one in more cases and causes you to
focus on the skills needed which make them great, but what about
devices that sit behind a firewall, inside a DMZ or clients that have
AV, HIPS and NIDS to protect them, all these mechanisms used to
protect a network and its clients can still be bypassed by the
black-hat that wants what you have, while trying to emulate these
extra protections take more time than bypassing them so without being
able to perform penetration testing against real world systems and
the devices, services and people that link them, how can you learn
what black-hats already know without becoming a black-hat yourself.

I have been interested in computer misuse for a number of years and have never crossed the line nor picked a hat, but one thing I have began to understand is permission
is what makes hacking legal, reports make it something management can
respond to, for the penetration tester, 'the hacker in us all' it's
not about the box but out smarting root no matter what box it is.

There are some tools that can help you to produce a lab with extra hosts, such as the live-CD's provided by Thomas Wilhelm and others, I have also included SwoothWall
distributions to add extra dimension to the penetration process, but
I bet its not the same. What would be the real harm in complying to
OSSTMM and ISSAF to produce a report for the owner(s), would this not
be a better learning platform, one just like the black-hats have only
with less mal-ware and back-doors being left.

Views: 8


You need to be a member of Dissecting The Hack to add comments!

Join Dissecting The Hack

Latest Activity

Jayson E. Street posted a blog post

The Rance-is-us List

So after the Krampus List fiasco last year. (Though one of the most nominated I seem to have had the least issue with it). I have decided to create my own list! I present to you.....The Rance-is-us List!!!!The list is easy to create submit a comment here or via a DM on Twitter and tell me who has inspired/helped/worked with you this past year in a positive manner! Rance was always there with a smile, a kind word and an idea for some shenanigans! So instead of letting some old scary creature…See More
Martin Isaksson posted a discussion

The art of catching a fraudster

If this in some way are in conflict with the forum rules, I ask for forgiveness and ask the mods (Jayson?) to remove this post and to perhaps give me another way of dealing with this. Hello friends not yet known to me!I’m writing this message because of a current situation in my immediate family, and I want to share this story and what information I got with you, because I believe and hope that you might be able to give me some more guidance in which way to tackle this problem of mine.A couple…See More
Nov 8
Martin Isaksson is now a member of Dissecting The Hack
Nov 4
Ben is now a member of Dissecting The Hack
Oct 8

© 2016   Created by Marcus J. Carey.   Powered by

Badges  |  Report an Issue  |  Terms of Service