But hacking in real-world circumstances paints a different picture that more or less isn’t far from the one painted above. Ethical hacking is a term given by a company or an individual that is said to perform by identifying, in a computer or network, potential threats. They do so, not with malicious intent, but with the sole intent of finding vulnerabilities.

The difference in methods between an ethical hacker (also see grey box penetration testing) and a regular hacker isn’t much. They both use the same technique. The only difference is in their intent. One works for the betterment of security while the other works against it. The ones that work for the betterment are called “white hats” and the ones who work with malicious intent are called “black hats”, a set of terms inspired by old western movies in which the good guy wore a white hat and the antagonists, black hats.

Ethical hacking differentiates itself by following a set of rules which include respecting the privacy of the company or the individual, not leaving a backdoor for anyone, including the hacker himself, to exploit later and also letting the ones responsible know about the vulnerabilities in the software or hardware that the company isn’t aware of.

One of the first instances of ethical hacking ever to be recorded was in the 1970s. The United States government assembled a group of experts which came to be known as the “red team”. The team was assigned to hack into their own systems. This led to the spark which that ignited the inception of a sub-industry within the information security market. It has gone on to dwell both the physical and mental aspects of a corporation’s defense line.

Today, many large companies have a team of ethical hackers; some companies have solely focused on ethical hacking alone, such as Trustwave Holdings, Inc. Trustwave Holdings specialize in penetrating ATMs and surveillance systems. The employment of ethical hackers by large companies has come under question. Many people have often voiced criticism, citing there is no such thing as ethical hacking. This is because hacking is seen as a crime and is an action commonly associated with cybercriminals. Ethical hackers are, therefore, needed to ask permission from the network’s owner to perform probing.

But one cannot undermine the importance of ethical hacking as it has led to the successful improvement of security.

The post What Is Ethical Hacking And What Is An Ethical Hacker? appeared first on Hack Talk.

So you understand black box external penetration testing. Now it’s time to move on to grey box penetration testing. Grey box testing is for a presenter with only partial knowledge of the internal structure of a network. Grey box testing is the perfect hybrid of the straightforwardness of black box testing and the code targeting of white box testing.

Because grey box testing uses the assertion method to present all the conditions of a program, it is based on requirement test case generation. In order to verify its correctness and make it easy to understand a specification language is required. Required assumptions include Activation of Methods, State Reporting and Report Testing both in Class Under Test (CUT).

Grey Box vs Black Box

While grey box testing is more focused and efficient than black box testing the code coverage is only partial and it can be difficult to associate defect identification in distributed applications. And yet, it cannot be ignored that grey box testing has the advantages of being non-intrusive, handles the intelligence testing exceptionally and maintains unbiased testing conditions required for ethical hacking engagements.

Rather than squandering hours determining elusive information, presenters can use grey box testing to focus their assessment efforts on systems with the greatest risk and value. A sort of cyber triage, if you will. The security of the system is tested by simulating an attacker with long term access to the network.

What are the Best Pen Tests for Grey Box Security Testing?

Because web applications typically require user accounts to be provided (unless the pentester can self register for user accounts) grey box security testing is best suited to web app security testing, due to the test having some knowledge of the application and typically a user or a number of user accounts to conduct the pentest against the web application. Functional of business domain testing is also ideal for grey box penetration testing. This will confirm that the software meets the defined requirements.

Grey box penetration testing is the right way to go when the tester has no access to the souse code and a non-intrusive, unbiased test is desired.

The post What is Grey Box Penetration Testing? appeared first on Hack Talk.

It is not so long ago that such activities were of dubious reputation and dubious legality. Nowadays, everything is disclosed and very respectable, even if the participants take an alias and play Bond villain. To stop the cyber-attacker, you need to think like the cyber-attacker. Hackers created Capture the Flag (CTF) contests to hone their skills where they compete for p0wn servers and gain credibility.

 Overview 

CTFs for corporate security personnel are a win-win situation for the white hats. Security personnel learn new techniques, practice dealing with challenging scenarios and network with other members of the security community. But that’s not all.

Bobby Kuzma, Director, Cyber Threat Strategy and Empowerment for IT automation and security software vendor HelpSystems, says: “I see that a respectable number of companies are actually using CTFs as part of their community outreach and recruitment strategies. They help to get people, especially students, excited about cyber security and identify promising, non-traditional candidates”.

A personal favorite resource of mine is Didier Stevens and his tools. Didier’s original specialty is tools for analyzing PDFs, Microsoft Office documents, and other complex data files, many of which are used to launch attacks. His collection is now much more diverse. They are invaluable for examining and creating malicious files.

The largest group is resource hacking. These are the resources: network scanners, static source,  decompilers, heap visualizers, packet capture, debuggers, binary analysis, hash crackers, and image editors,. All security professionals have their own preferred tool sets, but a CTF can challenge them to find new ones.

I will discuss other instruments that are more specifically geared to the CTF, but let me first discuss the two main styles of the CTF: Attack-defense and danger style.  

 Attack-Defense 

In an attack-defense competition, there are two teams, each with a computer environment that can be as simple as a single server. Each team tries to attack the other team’s systems and defend its own system from attack. Each system contains a set of information flags that the attacker tries to find and capture. Hence the name “Capture the Flag” (that and the traditional outdoor game).

The attacker, on the other hand, uses intrusion techniques to gain privileged access to the server. If the attacker can gain root access, the game is certainly over soon, but depending on the applications and services involved, more limited attacks may be sufficient.In such a scenario, the defenders have to do all the things they want to do on their own servers in the real world: Patch all software vulnerabilities, even the obscure ones; leave only the very necessary services open through the firewall; ensure that all passwords are secure and that accounts have the least necessary privileges; and so on.

 Danger style 

Jeopardy style tournaments have any number of teams and a Jeopardy style board with challenges worth different amounts of points. When a team accepts a particular challenge and finds the flag, it submits it to the point system, receives the points, and moves on to the next challenge. When time runs out, the team with the most points wins.

Because they are much easier to set up and manage, Jeopardy style contests are far more common than attack-defense.

 King of the Hill 

In a King-of-the-Hill event, each team tries to take and keep control of a server. When the clock runs out, the team that has held it the longest wins. This is a variant of the attack-defense CTF.Why would you prefer one type of competition over another? Kuzma says that “Jeopardy events are good for building problem-solving skills.” King of the Hill events are great for strengthening incident response, collaboration and planning.

 Juice Shop 

The closest thing to CTF-in-a-box is the OWASP Juice Shop. OWASP (the Open Web Application Security Project) is an organization of security experts who design tools and policies to help developers and other IT professionals create secure applications.

The Juice Shop is a fictional web-based store that sells juice, T-shirts, and other items whose details are not important. What matters is that the site is peppered with vulnerabilities of almost every known type. The website is customizable, so you can brand it as you like and change the products as you like. OWASP includes different forms like a docker image and runs with a single server instance.

The OWASP Juice Shop does not prevent users from running scriptsJuice Shop also includes the scoreboard and account management required to run a contest.

 Capturing the Flag Frames

These are some of the most popular CTF frameworks, as well as some that are a bit more opaque. CTFd is a CTF platform widely used by security vendors, universities and hacker groups. It includes the scoreboard and other infrastructure of a contest. They simply add the actual challenges, i.e. the puzzles solved by users, and their scores.

Other important frameworks are:

• The CTF frame of Facebook
• iCTF from the UC Santa Barbara computer security lab
• HackTheArch
• Mellivora
• NightShade
• LibreCTF
• picoCTF

 Capturing the Flag Tools  

Google holds some significant CTFs. It hasn’t published its entire framework, but it has published its scoreboard code and most of the challenges.

The list of helpful tools is long. Here are a few of them:

• Damn Vulnerable Web Application is an open source PHP/MySQL web application designed to highlight known and unknown vulnerabilities. The user selects a vulnerability (e.g. SQL injection) and calls it via the UI. The DVWA does not have an amusing front-end like the Juice Shop, but sometimes the easy way is the best.
• The Security Scenario Generator (SecGen) creates semi-randomized vulnerable virtual machines.

 Where to Find CTF Descriptions

The records are so detailed that with little work you can change things so that you can make the challenge your own. The main problem with the archives of records is that many of them are lists of challenges for which the record is “to do”. Another disadvantage of many transcripts is that many of the authors do not write well.

Performing a Capture the Flag event in the public cloud

Because of the volatile nature of CTFs, it is tempting to run them in a public cloud where you can allocate resources to them and then release them again, paying only for what you use. You can do this if you are careful and follow the rules.

Microsoft also has strict rules for pen testing at Azure, but they do not require pre-approval for this.

Many of the best resources, especially for Jeopardy CTFs, are the records of CTFs in the past and postmortem records of participants describing them. If you look around, you will find records of CTFs describing the challenges and how they were solved. If you find enough of them, you may already be finished. On this github CTFs page you will find a large archive of recordings as well as tools to create recordings.

Google also does not require pre-authorization, only that you comply with the Google Cloud Platform Acceptable Use Policy and the Google Cloud Platform Terms of Service.

A CTF is likely to be a popular event among employees, more so than traditional training and perhaps more useful. At a time when many security positions remain unfilled, a CTF can be a valuable recruitment tool that objectively helps you find the most qualified candidates. Think of it as a tool to maximize the skills of your team, and the fun is free. 

The post Best Tools for Running CTF Hacking Games appeared first on Hack Talk.

LiveOverflow

If you know CTF, then you probably have heard of LiveOverflow. As of this writing, he has more than 550,000 subscribers under his belt for plenty of good reasons: a great personality, awesome video content and plenty of helpful guides and analyses on CTF and beyond.

HackerSploit

If ethical hacking is your thing, then HackerSploit is your go-to guy. He has more than 500k subscribers right now thanks to his extensive explanations on various cyber security topics.

The Cyber Mentor

Formerly an accountant and now an ethical hacker, The Cyber Mentor currently has 500k+ subscribers that adore him for his free lessons regarding penetration testing, OSINT, and general topics on cyber security.

John Hammond

If you keep in touch with CTF competitions, then you know who John Hammond is. This legendary CTF player that provides his own challenges for the viewers and even does extensive analyses on how challenges are properly made.

STOK

If you prefer a fun yet relaxed vibe on bug bounty hunting, STOK is a guy that provides just that. This former IT consultant is an up and coming cybersecurity YouTuber has made bug bounty more interesting for its viewers and also provides some fun videos on the topic.

Ceos3c

He’s slowly rising up the subscription ranks thanks to his effective tutorials on bug bounties, OSINT, and challenge walkthroughs. Ceos3c is a no-frills personality who can be your best buddy when it comes to explanations on certain topics like pen testing and CTF.

NahamSec

Finally, we have NahamSec – a bug bounty hunter who made a large influence in the bug bounty community. He is mostly known for interviewing well-known bug bounty hunters, live hack streaming, and cyber security podcasts.

Subscribe if You Haven’t 

These guys don’t just provide you with helpful knowledge; they are very fun to watch too. If you haven’t subscribed yet, we highly suggest you do.

The post Best Bug Bounty YouTube Channels appeared first on Hack Talk.