Where's the Hacking schools?

TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 2,062 ■■■■■■■■□□
I find it kinda funny there are all these formal security training courses to secure networks, but no "official" hacking training schools for the opposition. Sometimes I makes me wonder if truly intelligent people become hackers and the "less bright" become security professionals. :)
Still searching for the corner in a round room.

Comments

  • TacoRocketTacoRocket Member Posts: 497 ■■■■□□□□□□
    TechGromit wrote: »
    I find it kinda funny there are all these formal security training courses to secure networks, but no "official" hacking training schools for the opposition. Sometimes I makes me wonder if truly intelligent people become hackers and the "less bright" become security professionals. :)

    If you're looking for 'hacking' there is the OSCP and it's sister certificates to look at. Then there is the eCPPT and it's sister certificates as well. It's not who is bright and who isn't. It's more of what you want to learn. Some people like offense while others like defense. It's up to you.
    These articles and posts are my own opinion and do not reflect the view of my employer.

    Website gave me error for signature, check out what I've done here: https://pwningroot.com/
  • iBrokeITiBrokeIT GRID, GICSP, GCIP, GXPN, GPEN, GWAPT, GCFE, GCIA, GCIH, GSEC, CySA+, Sec+, eJPT Member Posts: 1,312 ■■■■■■■■■□
    Stupid thread of the day goes to...
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,926 Mod
    I have a solution. Take the Certified Ethical Hacker. Have no ethics. Then you will just be a Certified Hacker.
  • iBrokeITiBrokeIT GRID, GICSP, GCIP, GXPN, GPEN, GWAPT, GCFE, GCIA, GCIH, GSEC, CySA+, Sec+, eJPT Member Posts: 1,312 ■■■■■■■■■□
    Would they teach you when it's appropriate to use the single slit mask vs the three hole mask when hacking?
    I could never figure it out on my own so I just became a "less bright" security professional. icon_rolleyes.gif

    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops
  • 636-555-3226636-555-3226 Member Posts: 976 ■■■■■□□□□□
    To be totally honest, in my opinion, with 95% of the companies I've talked to in my region you don't need to go to hacking school to hack them. Piggyback into their facility, plug into an open network jack, run Nessus (free, very simple, YouTube walk-throughs), run Metasploit (free, very simple, YouTube walk-throughs).

    If you want credentials just call up a few people pretending to be IT (plenty of IT guys in LinkedIn will tell you their name, company, and role) until you get someone to give you their username and password so you can troubleshoot some issues you've "noticed on the back-end."

    Easy-peasy
  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 2,062 ■■■■■■■■□□
    My point is without any formal education, there are some truly gifted hackers at there doing a lot of damage. So your suggesting most hackers really are not that smart and just utilize hacking tools others wrote?
    Still searching for the corner in a round room.
  • OctalDumpOctalDump Member Posts: 1,722
    TechGromit wrote: »
    My point is without any formal education, there are some truly gifted hackers at there doing a lot of damage. So your suggesting most hackers really are not that smart and just utilize hacking tools others wrote?

    Pretty spot on. There's a small group (maybe dozens of people) that write the tools, that the 10,000's use. Not much different from most of IT. And like the rest of IT, there's idiots and gurus, competent users and the barely functional, and everything in between.

    There's a paper on Russian underground hackers, and I can't imagine the rest of the underground is much different: http://cybercrimejournal.com/holtetal2012janijcc.pdf

    As for hacking schools generally, they certainly exist for the "good guys". Most major powers have quite developed cyberwarfare capabilities.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • Danielm7Danielm7 Member Posts: 2,309 ■■■■■■■■□□
    To be totally honest, in my opinion, with 95% of the companies I've talked to in my region you don't need to go to hacking school to hack them. Piggyback into their facility, plug into an open network jack, run Nessus (free, very simple, YouTube walk-throughs), run Metasploit (free, very simple, YouTube walk-throughs).

    If you want credentials just call up a few people pretending to be IT (plenty of IT guys in LinkedIn will tell you their name, company, and role) until you get someone to give you their username and password so you can troubleshoot some issues you've "noticed on the back-end."

    Easy-peasy

    It's that the truth! We had a talk with our management about how they will spend millions on security tools but I can tailgate a different person into the building every day and gather 50 laptops before I walk out with someone holding the door for me.
  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 2,062 ■■■■■■■■□□
    OctalDump wrote: »
    Pretty spot on. There's a small group (maybe dozens of people) that write the tools, that the 10,000's use. Not much different from most of IT.

    Well that makes me feel a little better, at least I can say I'm not a complete moron, because the opposition seems to be so far ahead in the cyber war.
    Still searching for the corner in a round room.
  • 636-555-3226636-555-3226 Member Posts: 976 ■■■■■□□□□□
    That's because the opposition really is so far ahead of us. Hacking is extremely extremely easy nowadays.

    Other than knowing how to do a Google search, no experience required to make a zero-day, hire a botnet, distribute ransomware, etc.

    Tons of experience is required to secure "all the things" in an enterprise environment. I tell people that security is the culmination of all things IT in that you need to live in every IT role for a number of years in order to be able to move into a security role, and then you need to know how to secure every last bit of technology in your environment. If you miss even one system out of 5,000, there are free automated tools that will find and exploit that one computer in a matter of minutes.
  • Mike7Mike7 Member Posts: 1,101 ■■■■□□□□□□
    Danielm7 wrote: »
    It's that the truth! We had a talk with our management about how they will spend millions on security tools but I can tailgate a different person into the building every day and gather 50 laptops before I walk out with someone holding the door for me.

    Good one. I always show this to drive home the importance of security awareness training.
  • impelseimpelse Member Posts: 1,237 ■■■■□□□□□□
    "Less bright" come on, they just buy some tools and begin to run all possible test, just hopping to get shell, the "less bright" guys are the guys who really need to understand the traffic to detect something wrong, plus 636-555-3226 said.

    In one word they send us to the lower level!!!
    Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
    It is your personal IPS to stop the attack.

Sign In or Register to comment.