EvilZone

If someone wants to learn, I will work hard to teach them. I don't care if they're a code kiddie right now. We're a smaller school, and I dont expect world champions right off the bat. We will work together, and the best of us will go to tournaments. People who aren't serious will drop out on their own to avoid embarrassing themselves. I'm looking for a means to teach, and progress. It'll be alright

Well it really depends what you after but say for example, in a general scope: first you want to do a lot of recon to know what you're up against with. Secondly you'd scan for vulnerabilities and see if you can use any available exploits but surely you'd have to fix them for your needs. If you've successfuly gained access to admin/root you're in a post-exploitation phase so you'd want to maintain access by placing a backdoor.

That's pretty cut and dry, like that. That basic recon at the start is a step I feel a lot of people forget to do. So far this is what I've got

-Recon and Engineering (retrieving passwords etc)
-Fuzzing, Vulnerability Scanning
-Packet and Port monitoring and manipulation
-Password cracking and injections (we will also be trying to break and manipulate websites associated with the network)
-Exploitation
-Backdoor and manipulation

College has taught some basic stuff in the security classes, but at the end of the day it isnt enough to prepare anyone for the real world at all. The team members who know the details and how to do things are people who learned on their own time and are just there for a degree.

So I just became a captain of my college's Cyber Sec team. We have a competition coming up, and most of the team is still very inexperienced. I've been working on the best way to teach what I know, as well as learn from the more experienced members of the team as well. One big thing I've seen and noticed when I do hacking work is that we follow an order of operations to test a system's security.

What is your routine/ order of operations? What do you start with, and where do you go from there? What tools or concepts do you use and how do you progress through to find as many vulnerabilities as possible?

We'll be working with networks specifically, constructed like business networks with servers, user computers, and virtual machines. Personally, I target the V-machines and try to hack away at defenses like passwords and more, but some of the more experienced members start smaller, using tools to try and access very shallow parts of a system first, and I found that fascinating. It breaks away from the brutality my cyber sec classes have taught me.

Tell me what YOU do, and what you like to use when you try to break a system!

Good lord this is wonderful

I have not found the challenges I would like, no. Sadly the dirty work is mostly things people should know how to do on computers anyway. The pay can be pretty good, but at the end of the day if the pay doesn't matter than I'm not sure if you'll find the challenges you want. It's a stupid social trope that people don't always trust people without degrees in their field despite knowledge. That being said, if staying where you are doesn't make you happy, it's worth a shot. See what you can find, don't quit your current job, and if worst comes to worst you don't lose out right off the bat if you can't find anything

And where's your quality? Hrm I can't seem to find any...

OOOOHOHOOOOO

Anyway, as someone who leaves this forum on almost all day and reads every single post, but just doesnt post much, I see absolutely no problem with the way EvilZone runs. The activity level and quality is actually really nice compared to other security forums I have been a part of. Bullcrap is dealt with quickly, the IRC remains as an active social unit, and good tutorials and posts stay where they should be. All in all, 7.5/10 for forum crunchies (needs more titties). And if users have to earn their salt by participating? I think that's great. It really doesn't take that long to ask some questions, respond to feedback, and try out some of the readily available tutorials.