Where's the Hacking schools?

I find it kinda funny there are all these formal security training courses to secure networks, but no "official" hacking training schools for the opposition. Sometimes I makes me wonder if truly intelligent people become hackers and the "less bright" become security professionals.

Find more posts tagged with

Comments

TacoRocket

TechGromit wrote: »

I find it kinda funny there are all these formal security training courses to secure networks, but no "official" hacking training schools for the opposition. Sometimes I makes me wonder if truly intelligent people become hackers and the "less bright" become security professionals.

If you're looking for 'hacking' there is the OSCP and it's sister certificates to look at. Then there is the eCPPT and it's sister certificates as well. It's not who is bright and who isn't. It's more of what you want to learn. Some people like offense while others like defense. It's up to you.

iBrokeIT

Stupid thread of the day goes to...

cyberguypr

I have a solution. Take the Certified Ethical Hacker. Have no ethics. Then you will just be a Certified Hacker.

iBrokeIT

Would they teach you when it's appropriate to use the single slit mask vs the three hole mask when hacking?
I could never figure it out on my own so I just became a "less bright" security professional.

CRtm9K5U8AAQMBE.jpg

CRtm9LeVAAAGsDf.jpg

636-555-3226

To be totally honest, in my opinion, with 95% of the companies I've talked to in my region you don't need to go to hacking school to hack them. Piggyback into their facility, plug into an open network jack, run Nessus (free, very simple, YouTube walk-throughs), run Metasploit (free, very simple, YouTube walk-throughs).

If you want credentials just call up a few people pretending to be IT (plenty of IT guys in LinkedIn will tell you their name, company, and role) until you get someone to give you their username and password so you can troubleshoot some issues you've "noticed on the back-end."

Easy-peasy

TechGromit

My point is without any formal education, there are some truly gifted hackers at there doing a lot of damage. So your suggesting most hackers really are not that smart and just utilize hacking tools others wrote?

OctalDump

TechGromit wrote: »

My point is without any formal education, there are some truly gifted hackers at there doing a lot of damage. So your suggesting most hackers really are not that smart and just utilize hacking tools others wrote?

Pretty spot on. There's a small group (maybe dozens of people) that write the tools, that the 10,000's use. Not much different from most of IT. And like the rest of IT, there's idiots and gurus, competent users and the barely functional, and everything in between.

There's a paper on Russian underground hackers, and I can't imagine the rest of the underground is much different: http://cybercrimejournal.com/holtetal2012janijcc.pdf

As for hacking schools generally, they certainly exist for the "good guys". Most major powers have quite developed cyberwarfare capabilities.

Danielm7

636-555-3226 wrote: »

To be totally honest, in my opinion, with 95% of the companies I've talked to in my region you don't need to go to hacking school to hack them. Piggyback into their facility, plug into an open network jack, run Nessus (free, very simple, YouTube walk-throughs), run Metasploit (free, very simple, YouTube walk-throughs).

If you want credentials just call up a few people pretending to be IT (plenty of IT guys in LinkedIn will tell you their name, company, and role) until you get someone to give you their username and password so you can troubleshoot some issues you've "noticed on the back-end."

Easy-peasy

It's that the truth! We had a talk with our management about how they will spend millions on security tools but I can tailgate a different person into the building every day and gather 50 laptops before I walk out with someone holding the door for me.

TechGromit

OctalDump wrote: »

Pretty spot on. There's a small group (maybe dozens of people) that write the tools, that the 10,000's use. Not much different from most of IT.

Well that makes me feel a little better, at least I can say I'm not a complete moron, because the opposition seems to be so far ahead in the cyber war.

636-555-3226

That's because the opposition really is so far ahead of us. Hacking is extremely extremely easy nowadays.

Other than knowing how to do a Google search, no experience required to make a zero-day, hire a botnet, distribute ransomware, etc.

Tons of experience is required to secure "all the things" in an enterprise environment. I tell people that security is the culmination of all things IT in that you need to live in every IT role for a number of years in order to be able to move into a security role, and then you need to know how to secure every last bit of technology in your environment. If you miss even one system out of 5,000, there are free automated tools that will find and exploit that one computer in a matter of minutes.

Mike7

Danielm7 wrote: »

It's that the truth! We had a talk with our management about how they will spend millions on security tools but I can tailgate a different person into the building every day and gather 50 laptops before I walk out with someone holding the door for me.

Good one. I always show this to drive home the importance of security awareness training.

impelse

"Less bright" come on, they just buy some tools and begin to run all possible test, just hopping to get shell, the "less bright" guys are the guys who really need to understand the traffic to detect something wrong, plus 636-555-3226 said.

In one word they send us to the lower level!!!