April 10, 2013 at 7:49 pm #8371jrdotyParticipant
Has anyone tried hackaserver.com?
I believe they are fairly new. It is supposed to be crowd-sourcing pen testing. I’m not positive how it works for the Sys Admin but for pen testers you sign up, prove you have the skills and you can pen test for money. Kind of like bugcrowd.com.
I’m curious if anyone has had any experience with these guys.
April 12, 2013 at 9:02 am #52614Jamie.RParticipant
I have not used it but would think it work the same way as bug crowd.
You sign up as pen tester
find issue and report them
client get report with all issue found by everyone
You get paid for issue you find as long as your the first person to find it and its in scope.
April 12, 2013 at 3:33 pm #52615impelseParticipant
I tested the training area only, there a lot of virtual machines that the users created and leave it without any configuration, only ssh.
I never attempt the certification to begin to get paid for the attacks.
April 14, 2013 at 9:40 am #52616kerosenParticipant
Marius Corici is my name “I’m guilty as charge” for HackaServer project and for that I’ll answer to you guys.
@jrdoty. We’ve started the project in 2011 (the idea) and get live on March 2012. For everybody works the same no matter if you are a sysadmin or a pentester. We didn’t differentiate pentester from sysadmins as a anonymity measure in worst case scenario. We do encourage anonymity. Beside that, to build a server on our infrastructure, of course you’ll need an account too.
Indeed looks like bucrowd (they came out after us) but not quite. While they are a simply Bug Bounty Program as a Service, HackaServer it’s a Bug Bounty Program as a Platform. That means we do offer IaaS to protect your real identity, your infrastructure and and your hardware and financial resources. You can read more about difference between BBP as a Service and BBP as a Platform on our blog. http://blog.hackaserver.com/bug-bounty-programs-part-2/
@Jamie.R +1 One small detail. You sign up as a Hackaserver user no matter if you want to find bugs on others or you want to build your setup to be tested.
@impelse Training Arena it’s there as a sand box for sys admins in order to experience how it works. On Training Arena, everybody can experiment with deploy or pentests.
@Jamie.R Indeed most of the servers in Training Arena are without any configuration. However you can use Metasploitable and WordPress servers to see how and what. They are fully prepared. In fact at this time in our infrastructure are 540 build servers and only ~40 deployed in Training Arena.
Any questions? Glad to answer.
- You must be logged in to reply to this topic.