.

Volunteers for penetration testing/Ethical hacking research

<<

s_a_s_dude

Newbie
Newbie

Posts: 1

Joined: Sat Feb 24, 2007 2:22 pm

Post Sat Feb 24, 2007 2:34 pm

Volunteers for penetration testing/Ethical hacking research

Hi,

I am doing research project on penetration testing/ ethical hacking. The Project theme is based on improving ethical hacking (e.g. penetration testing) process for increased security in Wi-Fi networks. If anyone has any experience in ethical hacking / penetration testing can u please message me. I desperately need help from some experts. I promise i wont take more then few minutes of your time. Would really appreciate it.

THANKS
<<

Negrita

User avatar

Sr. Member
Sr. Member

Posts: 299

Joined: Sat Sep 10, 2005 5:45 pm

Location: /dev/null

Post Sat Feb 24, 2007 4:10 pm

Re: Volunteers for penetration testing/Ethical hacking research

I don't really have any experience as an Ethical Hacker/Pen Tester, but I do have some experience with troubleshooting wireless network issues.

See the PM I sent you.
CEH, CCSA NG/AI, NNCSS, MCP, MCSA 2003

There are 10 kinds of people, those that understand binary, and those that don't.
<<

Kev

Post Sat Feb 24, 2007 7:42 pm

Re: Volunteers for penetration testing/Ethical hacking research

I just responded also and would be happy to help.
<<

LSOChris

Post Sat Feb 24, 2007 11:34 pm

Re: Volunteers for penetration testing/Ethical hacking research

i did the survey...

i have a question for the other members...

when you are doing  "wireless audit"  are you auditing the "wireless only" portion, like cracking WEP, WPA , default SSID, etc or do you include the "network" portion too?

i havent had the opportunity to do any wireless audits, but i would think that once you are given/have  an IP on the network it pretty much runs like a regular wired audit and it ceases to be a "wireless audit"

thoughts on that?
<<

Cutaway

User avatar

Jr. Member
Jr. Member

Posts: 96

Joined: Mon Nov 20, 2006 5:02 pm

Post Sun Feb 25, 2007 2:30 am

Re: Volunteers for penetration testing/Ethical hacking research

During the wireless audits I have done, once I was on the network I did an assessment of all systems on the network (as was the level of permission for that particular audit).  The point was to show what could be seen and the vulnerabilities associated with them.  We wanted to avoid people saying that getting onto the network was no big deal.  Logging into routers and vulnerability testing development servers really opened their eyes.

We also noted any systems with WEP encryption and did not try to break the encryption (mainly because of time and the scope of the audit).  By the time of the audit it was pretty well known that WEP could be broken over time.  We then just asked for the network diagram associated to the AP in question.  We then pointed to the other evidence we had obtained from the unencrypted network and let them make the correlation (which, thankfully, they did).

Had this been an all out penetration test, well, we would have had even more fun.  ;D

Hope that helps,
Cutaway
Go forth and do good things,
Cutaway
<<

Kev

Post Sun Feb 25, 2007 9:30 am

Re: Volunteers for penetration testing/Ethical hacking research

The work I have done has always required more than just gaining access to the network. The attitude I have encountered was that they didn’t like it if you could break into their wired network, but they also didn’t see it as the end of the world. They were worried more about what you could do after that, as far as stealing sensitive data.  If you could access their network, but from there you were “stuck” because they had every box locked down and had a very attentive security in place, what could you do? Surf the internet? Start spamming?  Yes that and some other things, but usually not for long.  The fear was more about “hit and run” attacks.

I have actually, although rarely, encountered networks that you could breach, but from there you couldn’t do much as far as stealing data in a stealth mode. Sure you could do some malicious damage and that’s why I have always warned not to take even the slightest breach for granted. But taking down a network to prove that point is not part of a responsible pentest. 

In my experience it’s very important to try and “own” the network after you have slipped through their wi-fi.  Plant your flag or retrieve the file they purposely placed for the test and there will be no doubt that you were there. That’s important, because some admin will try and “play down” what you did so that they don’t look bad.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software