HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 50 guests online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Volunteers for penetration testing/Ethical hacking research
EH-Net
May 21, 2013, 12:04:16 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Volunteers for penetration testing/Ethical hacking research  (Read 7526 times)
0 Members and 1 Guest are viewing this topic.
s_a_s_dude
Newbie
*
Offline Offline

Posts: 1


View Profile
« on: February 24, 2007, 01:34:24 PM »
Hi,

I am doing research project on penetration testing/ ethical hacking. The Project theme is based on improving ethical hacking (e.g. penetration testing) process for increased security in Wi-Fi networks. If anyone has any experience in ethical hacking / penetration testing can u please message me. I desperately need help from some experts. I promise i wont take more then few minutes of your time. Would really appreciate it.

THANKS
Logged
Negrita
Sr. Member
****
Offline Offline

Posts: 299



View Profile
« Reply #1 on: February 24, 2007, 03:10:05 PM »
I don't really have any experience as an Ethical Hacker/Pen Tester, but I do have some experience with troubleshooting wireless network issues.

See the PM I sent you.
Logged
CEH, CCSA NG/AI, NNCSS, MCP, MCSA 2003

There are 10 kinds of people, those that understand binary, and those that don't.
Kev
Guest
« Reply #2 on: February 24, 2007, 06:42:55 PM »
I just responded also and would be happy to help.
Logged
LSOChris
Guest
« Reply #3 on: February 24, 2007, 10:34:56 PM »
i did the survey...

i have a question for the other members...

when you are doing  "wireless audit"  are you auditing the "wireless only" portion, like cracking WEP, WPA , default SSID, etc or do you include the "network" portion too?

i havent had the opportunity to do any wireless audits, but i would think that once you are given/have  an IP on the network it pretty much runs like a regular wired audit and it ceases to be a "wireless audit"

thoughts on that?
Logged
Cutaway
Jr. Member
**
Offline Offline

Posts: 96


Cutaway


View Profile WWW
« Reply #4 on: February 25, 2007, 01:30:14 AM »
During the wireless audits I have done, once I was on the network I did an assessment of all systems on the network (as was the level of permission for that particular audit).  The point was to show what could be seen and the vulnerabilities associated with them.  We wanted to avoid people saying that getting onto the network was no big deal.  Logging into routers and vulnerability testing development servers really opened their eyes.

We also noted any systems with WEP encryption and did not try to break the encryption (mainly because of time and the scope of the audit).  By the time of the audit it was pretty well known that WEP could be broken over time.  We then just asked for the network diagram associated to the AP in question.  We then pointed to the other evidence we had obtained from the unencrypted network and let them make the correlation (which, thankfully, they did).

Had this been an all out penetration test, well, we would have had even more fun.  Grin

Hope that helps,
Cutaway
Logged
Go forth and do good things,
Cutaway
Kev
Guest
« Reply #5 on: February 25, 2007, 08:30:07 AM »
The work I have done has always required more than just gaining access to the network. The attitude I have encountered was that they didn’t like it if you could break into their wired network, but they also didn’t see it as the end of the world. They were worried more about what you could do after that, as far as stealing sensitive data.  If you could access their network, but from there you were “stuck” because they had every box locked down and had a very attentive security in place, what could you do? Surf the internet? Start spamming?  Yes that and some other things, but usually not for long.  The fear was more about “hit and run” attacks.

I have actually, although rarely, encountered networks that you could breach, but from there you couldn’t do much as far as stealing data in a stealth mode. Sure you could do some malicious damage and that’s why I have always warned not to take even the slightest breach for granted. But taking down a network to prove that point is not part of a responsible pentest. 

 In my experience it’s very important to try and “own” the network after you have slipped through their wi-fi.  Plant your flag or retrieve the file they purposely placed for the test and there will be no doubt that you were there. That’s important, because some admin will try and “play down” what you did so that they don’t look bad.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.074 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.