Who is this site for ?
This site was created for ethical hackers and pen testers who are individuals hired by companies to test security of there IT infrastructure. They use same skills as hackers would, but unlike hackers they have full permission from company or organizations owners. They only explore resources that are specified in the contract and they do not reveal weaknesses to anyone accept system owners specified in the agreement. Ethical hackers work strictly under contract and make sure they don’t brake in to anything they not supposed to.
Who we are ?
We are a group of security consultants that works for company called TEKYHOST. We specialize in White-Hat Hacking and Pen testing mostly on Opensource Linux based infrastructure. We document many of our projects and create some useful how to’s to share them with community of White-Hat hackers.
Code of conduct and Responsibilities
- Ethical hacker or pet tester should never target a system or network they don’t have permission to test.
- Before performing any tests on client systems you should have contract with signatures giving you permission to perform hacking activities.
- All aspects and scope of tests should be in this contract and any changes should be recorded before any tests.
- It is very important for Ethical hacker to understand and adhere to global code of conduct.
- Do not sell, transfer or give any personnel information to a third party without clients written consent.
- Keep private and confidential information secure or as specified in your contract with organization being tested.
- Be honest about any limitations in your experience. Only provide service in your areas of competence.
- Never use software or a process obtained illegally.
- Do not engage in deceptive practices such as double billing or bribery.
- Only use property of client after receiving full authorization.
- Disclose to all concerned parties of any conflicts of interests that can not be avoided.
- Do not associate with any black-hat activities.
- Ensure any risks associated with your project fully disclosed to client.
- Disclose to appropriate person or authorities potential dangers to Internet community that you reasonably believe to be associated with tested software or hardware.
Other types of Hackers
Thinks like hacker but are good guys and have full permission from owners to hack for security purposes.
Very limited knowledge. Use already made scripts and tools. They don’t always understand what they are doing and consequences of there action.
Straddle the line between good and bad. They can not be fully trusted and may engage in shady hacking activities.
They are bad guys and can not be trusted. In most cases they engage in criminal activities for personal gain.
Also bad guys that try to take down there target and in most cases they are not very concern with being detected or covering there trucks.
Three forms of pan testing
Pen tester given complete information about target systems. Typically done internally
Pen tester has very little knowledge about target system. This type of test mimics real world attacker that starts with very little knowledge regarding systems being attacked.
Some information regarding target given to pen tester. This test mimics someone that has some knowledge about target but not complete.
Typical steps that make up hacking process
Passive methods to gather information from a target. Keeping interaction to minimum mostly gathering information.
Use information gathered during footprinting to scan your target for more precise information.
Extract useful information from data gathered by previous step – scanning.
Plan and start attack based on information gathered with enumeration.
Escalation of privilege
Hacking your way from lower level accounts like guest to accounts with higher privileges.
Removing any evidence of your presence on hacked system
Planting of backdoors
Enabling your come back to hacked system