April Meeting

April 9, 2018: 1900hrs: Third Street Stuff Coffee Shop

We meet to discuss the basics of web hacking and some best practices for
documentation and evidence gathering for professional penetration testing.

We discuss differences between web applications, services, and things
specific to mobile platforms. We discuss tools such as SQLMap, BurpSuite,
Nessus, WPScan, and SSLScan & SSLStrip. However, automated vulnerability
scans are merely part of the process and not always ideal. They are "loud"
and should be tailored and limited in scope specific to the parameters
of the job. Once scans are complete, you must still perform manual tests if
you are going to deliver a thorough report to your client. For these
reasons, we find it useful to filter traffic through a proxy and use
programs like BurpSuite.

Regarding evidence gathering and documentation, we talk about which
programs to use when keeping notes (Try KeepNote if you're on Kali),
color-coding listed vulnerabilities based on severity, and ensuring
screenshots are user-friendly and provide with context. Consistency is key
in ethical hacking, just as it is in many lines of work, so keep and use
checklists to ensure you are maintaining consistent methodologies across
assignments. If you are unsure where to start when building these
checklists, OWASP is a great place to start building from.

We closed our April meeting with discussions on community service, group
project ideas, and homework for the May meeting. Create a Kali virtual
machine environment and bring it with you to the meeting to participate
in our labs! If you have a spare Raspberry Pi and want to make something
fun or useful with it, bring that too!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s