My first day of Ethical Hacking
Today I had my first day of Ethical Hacking class and it was an eyeopener.
The trainer was a professional hacker with a lot of experience in the Penetration testing and hacking field. Like most blue hat hackers (hackers who hack ethical) he started out as a red hat hacker, I hacker with the wrong intentions.
The focus of this course it Ethical hacking in the role of Penetration tester. A penetration tester (Pen-tester in the profession) test networks, computers, servers, Wi-Fi access points or other computer related hardware.
We started with the essence of the course, that was to teach us more and more to think like a hacker. And I can tell you that's harder than you would think. After that we started to explore some tools and he teaches us in which situations we could use them.
I return to that later, first something about some sites he told us about.
shodan.io
Shodan is a website where you can search devices, systems, camera's etc... anything that is connected online.
You have to have some knowledge on how to use the site, but it is really unbelievable the things you can connect to.
For instance you can search for all computers connected where the Remote Desktop Protocol is available and is published / connected to the internet. You will get the next information:
The image shows a screen-print of a server which has RDP online (and as I see it's a Windows 2008 server which is end of life). On the left side you see some information about the countries where the machines were located / found..
The picture above shows a machine found in Asia, a lot of ports are open and the vulnerabilities which are available on that machine are also shown ... So you get a lot of information in a click.
Wigle.net
With Wigle.net you can search for Wi-Fi networks. For instance you can search a street on the map and all networks (known) are shown on the map. You can also search the other way around, if you have a mac-address or SIDD name you can search it and it will show on the map (if located). That way you can resolve a address if you would want to... Quiet scary isn't it.
All the blue dots are wifi networks in the area. When you zoom in you can read the network name.
This way it's made quite easy for hackers isn't it.
hackthebox.eu
Hackthebox is a website which offers lab-environment for hacking testing. Of course you can't try a lot for real online, when you are noticed your provider can disable your account. Therefore hackthebox offers virtual environments to practice hacking on 'real' machines but where you can cause no harm.
hack-yourself-first.com
Hack yourself first is a site hosted by Troy Hunt. The site is online and real life but.......with a lot of (old) vulnerabilities in it... The task is to discover them by yourself, so real hacking skills required. I think that is so cool.... You can practice what you've learned.
Isn't that awesome??... Of course I am going to try and find all the exploits and vulnerabilities... ;) just for sports and training :)
A lot of vulnerabilities exist due to lack of awareness of people or not to take the right measures.
For instance IOT, it's is booming at the moment, most people want to yell at google and wait until the lights, heating of other stuff turns on. But people also want to have the equipment for the cheapest prices. A lot of stuff is coming from Asia, and that's no problem...But you have to reasearch if the vendor has a update strategy for it. When the don't, it would likely soon be a subject for hackers with exploits they discover and won't get fixed...
Hardware often out of the box has default passwords, when you won't change them and a hacker finds out the hardware vendor, they use a tool (john the ripper) to brute force it's password.. And when they are in.....you know....
Same with camera's for your property. It's cool that you can watch it remotely, but when you can a hacker often can too.... Very easy way to see if anybody is home...
Well, I am filled with information which I have to process for this moment, so for now....stay safe, more to come...
Have a great evening,
Peter
I am with QURATOR, are You?
I am using Esteem
They are the creators of Steemify, THE notification app for your Steemit account for IOS.
i have seen these courses advertised and was curious about them as well. I may sign up for one myself because I have been studying python but it is getting a bit dull :)
If I may give you an advise, sign up. It's really interesting and cool. And with a background in Python you have a advantage in the hacking automation :)
Thanks for mentioning eSteem app. Kindly join our Discord or Telegram channel for more benefits and offers on eSteem, don't miss our amazing updates.
Follow @esteemapp as well!
Sounds like it was a really productive day. I have went to seminars kind of similar to that in the past. It was usually a single company wanting to sell their product to you though, so that made it a bit lame. That Hack the Box site is one that I am definitely going to have to check out. That seems really cool. Thanks for sharing all of this, I am definitely going to be checking into some of these tools to evaluate my network.
It was indeed a very productive day with a lot of cool insights. It wont harm to check the network on a regular basis. I will write a post about the tooling tomorrow :) No I am processing all the information, writing it out and stuff... But there is a lot you can accomplish using the right tools :)
My wife and I thought the same thing when we started to look into real estate. It's amazing how much information out there is public and easily accessible including but not limited to who owns the property, when they bought it and how much they paid for it. Most of the time it's just about knowing where to look.
Thanks for sharing this. Bookmarked it and hope to have some time to learn more and test my skills out at a later date.
You're very welcome, And you are totally right, there is so much information public.
Thank you for your comment !!
There are some great resources here! Thank you!
Posted using Partiko Android
Hi, @verhp11!
You just got a 2.06% upvote from SteemPlus!
To get higher upvotes, earn more SteemPlus Points (SPP). On your Steemit wallet, check your SPP balance and click on "How to earn SPP?" to find out all the ways to earn.
If you're not using SteemPlus yet, please check our last posts in here to see the many ways in which SteemPlus can improve your Steem experience on Steemit and Busy.
Very interesting indeed. I would like to learn how to hack too, but since I am not tech savvy, I think it will take me a lifetime to learn, time which I don't have. lol
Hi @verhp11!
Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your UA account score is currently 3.504 which ranks you at #6938 across all Steem accounts.
Your rank has not changed in the last three days.
In our last Algorithmic Curation Round, consisting of 109 contributions, your post is ranked at #35.
Evaluation of your UA score:
Feel free to join our @steem-ua Discord server