what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Friday, February 21, 2014

HOW THEY CONFUSE CLIENTS TO THINK ITS EFFECTIVE



a) We will do for you a Polymorphic Testing

There is nothing like Polymorphic Testing, there are three types of testing, Blackbox, Whitebox and Graybox. Polymorphic is part of Advanced Persistence Threat Assessment which is mainly used on  a BlackBox Penetration testing. It works together with Social Engineering Assessment, RedTeam Assessment and External Assessment.



b) We will do a BlackBox Assessment

There is nothing ever, forever ever called Blackbox Assessment. This is used by a lot of companies to justify why they can't use other Assessments to issue a full test on your organization. Its called BlackBox Penetration Testing



c) Red Team is not a part of Testing

F%^%&^&& sh%%^%!!! Red team Assessment is part of BlackBox. Blackbox comes from the word Blackhat, and who are the biggest Blackhats ever, yes; the Government. They do all this on you a lot. Protect yourself from these guys especially the Rogue Government operators.

d) We will do a Pentest in 3, 4, 5, 10 days

Holy sh*$^!! Who does that!!!!
Yes Skiddles

e) We need your IP Address and Links to perform the BlackBox

Well, Blackbox is my specialism and i know asking for IPs and system information during a blackbox Penetration testing is a NONONO!!! I have heard companies that do Security ask for these, whenever i hear this and whenever they ask for such info, yes, a Kitten dies.

f) We can do a Code Review in One Day

Actually i heard this the other day i almost puked. Unless its just 100 to 200 lines of code, this is a bullshitter bullshitting other bullshitters

g) Too Much PaperWork

Most of the Pentest reports go to techies in the firm to fix the issues. Do you think they read these reports? This is just a way to show you they worked, when everything on that report is nmap and telnet grabbing banners and the CEOs can't understand anything, so they take advantage of that.
Quality is better than anything to a client, do real Penetration testing, people are reading this blog and others and they will soon know they are getting conned, with their skirts up on the streets.

e) Internal Blackbox

There is nothing like Internal Blackbox Penetration testing. When you are working from a client office, that's either Gray Box or White Box.

KEEP IT REAL

Tuesday, February 18, 2014

HOW TO BECOME A SUCCESSFUL PENTESTER

Everyone who succeeded in everything they did in life went through handwork. They failed several times, they felt like giving up and shaking it away. They started young, but remember we have wonna-bes, they are out there, and they have money, they want to take you down, and we have people who don't want you make it in this field too.

All these will try bring you down, but if in your life, if you find everything going smooth, then know there is something wrong and you wont be as strong as you are meant to be and that you are doing nothing.

My Father once told me there are three types of people, First group, They have no idea whats going on, Second group, They at least know what going on, but they do nothing or do little. Then we have the first group, or the First class, they plan and execute. They try their best to make sure things do work. But later on, after being introduced to fitness i realized there is another group of people, these people are not just doers or walkers, they change the game.

Keep a way from people who try to Belittle your ambitions, small people always do that, people who cant do it will always try to show you its not possible.
But if you are around those people who wonna make it and have made it already, they will make you great.
Be a Wolf, be a shark, be a lion and change the game.


See you guys at #Africahackon

Monday, February 10, 2014

TYPES OF ASSESSMENTS INVOLVED IN BLACKBOX

As a specialist of Blackbox,  i have been asked by several Security Consultants and others have actually gone public against my methods of Testing due to that these methods are adequate and if Organizations and Clients  who ask for such consultations learn the real ways to do Blackbox, they would actually walk away with business and invest in a better resource of Information Risk.


So Blackbox is type of Security Testing, which is different from Graybox Penetration testing and Whitebox Penetration Testing. Though Gray box, have several similarities with Blackbox, then always remember these are not assessments, so if you hear a consultant telling you, he/she will do Blackbox Assessment, they either do not know what they are talking about, or they are just trying to find a way to con you some money, because there is nothing called Blackbox Assessment, or Gray box Assessment. Also remember company Script Kiddles will say this a lot and hide behind their company names or even certifications.

So lets list the types of Assessments that you should have on a report when you are having a Black Box Penetration Testing;

1. External Assessment
2. Redteam Assessment
3. Advanced Persistence Threat Assessment
4. Web Application Assessment
5. Social Engineering Assessment
6. Surveillance and Recovery Assessment
7. Databases Security Assessment
8. Social Media Security Assessment
9. Online Reputation Assessment (Optional, depends with the type of client)
10. Covert Data Acquisition Assessment
11. Wireless Security Assessment


What i will do, i will post each Assessment that is not clear to anyone who asks about it, as an entry of each blog in the course of the week, i will also be speaking at AfricaHaCKon about blackbox, check http://www.africahackon.com/ for more information

There is also this assumption people have about the time to be allocated when testing, personally i will insist on good time, e,g like the current blackbox we are doing started on December and we are still on it this Feb

Lets give the clients what they really need, and not what you think they want and better our country and Africa as a whole, the better we make it, the better it will be for our children and their children and we will set a good example for everyone.

Kindly,

./Chucks