The basic hacking techniques out there that are well known, including SQL injection, cross-site scripting, etc. People know how to test these methods generally (<script>alert(‘hacked you!’);</script>), but a pop-up box that says “Hacked You” isn’t really hacking. I can’t go back to a manager and tell them “Excuse me, sir, but you’re vulnerable to XSS”. They don’t care. But if I go back to them and say “Excuse me, sir, but your password is your kid’s name, Bobby”, that will get the picture.
This is what I mean by practical hacking. The bad guys already know how to do practical hacking. But the good guys don’t, so sometimes we don’t get taken seriously.
I want to create a series of posts on practical hacking. This includes, 1) how do I setup a testbed to make sure I’m doing it right. If you don’t already know how it works in a test environment, how are you going to know during a real test if the target just isn’t vulnerable, or if you just messed up? And 2) What is the next step?
My reasoning for this website? Simple. As I research more stuff on my own (or see other people do stuff), I want to remember it. So I’ll post it here. Because I know at some point in the future, I’ll use it again.