what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Friday, March 14, 2014

HACKBATTLE2013 SECOND UPDATE

One group so far has found an application they can target by using two different types of Assessments.

Currently no group has been able to interact with NastyLab DB, or any form of Internal login, system or application level.

Several testers scanning their way to blacklist.

LEAK:, types of Assessments to use

a) Covert Data Acquisition
Try steal data from all directions of the infrastructure, use Threat Intelligence and manipulate data gathered against the applications or systems

b) Advanced Persistence Threat
Polymorphic and SSLed malware use is necessary in case you wonna learn the internals of NastySalon laptops or workstations. Crafting a good methodology will help you add points in this battle.

c) Database Security Assessment

Breaking into the database, going through the information and manipulating the DB, may get you to the next stage of exploitation and access.

d) Web Application Assessment

Understanding the web and its internals is vital. Collecting as much info on the website will help you get a lead on other forms of Assessments above. Being in a position to find a publicly available CMS, will also get you more intel to gain access to NastyLab infrastructure

e) Social Engineering Assessment

Plan and execute a good social engineering attack that is believable in real world. Don't just ask for a password, that will be stupid, understand the infrastructure first and then execute.

Good luck to all teams,

Two weeks to go.

No comments: