The Ethical Hacker Network - Security Research Questions

millwalll

Guest

« on: October 31, 2011, 04:48:32 AM »

Hi all,

I wanted to see if someone could shed any light on this subject. How does one do security research without breaking any laws. How do you know that what you are doing may or may not be breaking your local law.


	Logged

cd1zz

Hero Member

Offline

Posts: 561

Re: Security Research Questions

« Reply #1 on: October 31, 2011, 08:23:09 AM »

To be safe, just make sure you're not doing things on systems or networks you don't own. Keep it all in house in labs and you'll be fine. The laws vary depending on where you live.


	Logged

OSCE | OSCP | GXPN | OSWP | CISSP
http://www.pwnag3.com
http://www.networkadminsecrets.com

MaXe

Hero Member

Offline

Posts: 669

I've just upgraded myself to a cyborg muahahaa!!1

Re: Security Research Questions

« Reply #2 on: October 31, 2011, 06:35:25 PM »

If you live in the United Kingdom (UK), and a few other countries in Europe, there's actually a few more laws that applies. In some countries it is e.g., forbidden to write viruses and trojans, even if you're just researching, and in others it is forbidden to write "hacking tools", and even have them installed! (Which is kind of a joke as telnet preinstalled in pretty much every OS, can be used for many types of hacking, including but not limited to simple buffer overflows and web application security. The time spent using this program would of course be insane compared to using more adequate and efficient alternatives of course.) Wink

Quote from: cd1zz on October 31, 2011, 08:23:09 AM

To be safe, just make sure you're not doing things on systems or networks you don't own. Keep it all in house in labs and you'll be fine. The laws vary depending on where you live.

Exactly what I would say and recommend

References:
http://tech.blorge.com/Structure:%20/2008/01/03/new-uk-hacking-laws-make-hacking-tools-illegal/
http://www.theregister.co.uk/2008/01/02/hacker_toll_ban_guidance/


	Logged

I'm an InterN0T'er

White ghost

Newbie

Offline

Posts: 36

Im a ghost from paradise

Re: Security Research Questions

« Reply #3 on: November 01, 2011, 09:13:24 AM »

same as MaXe

you must know what are you doing!!!!!!!!!!!!!!!!!!!!!!!!!


	Logged

MCITP CCENT

eth3real

Sr. Member

Offline

Posts: 309

Re: Security Research Questions

« Reply #4 on: November 03, 2011, 06:11:44 PM »

This is a great question.

I agree with cd1zz and MaXe, never test on networks other than your own, and for your own safety, it's good to stick to virtual machines, or machines that are setup specifically for your research (you don't want to unintentionally leak any personal data).

Some recently pointed out De-ICE images to me, they're Linux LiveCD images with particular scenarios already setup for you to test your skills. I haven't been able to give them a shot, yet, but they seem promising. I know there are also websites that provide testing environments for web vulnerabilities.


	Logged

Put that in your pipe and grep it!

3xban

Hero Member

Offline

Posts: 605

Re: Security Research Questions

« Reply #5 on: November 04, 2011, 09:37:09 AM »

The De-ICE images are pretty cool. They start "easy" and become much more difficult.

Jamie are you looking more for finding 0 day type stuff? For instance... you are surfing say... Target's website, and you find a flaw in the site that could allow for leaking of PII or the ability to perform an SQLi or XSS exploit. You want to notify them but you do not want to be brought up on charges for breaching the site and stealing any information. You looking for something like that?

Otherwise, yes the best method is the lab environment. If you want to research malware, the lab also applies. Getting live samples can be a bit of a chore but there are sites out there. I would advise putting on the invisibility cloak when hunting for them.


	Logged

Certs: GCWN
(@)Dewser

Pages: [1] Go Up

« previous next »