The basic hacking techniques out there that are well known, including SQL injection, cross-site scripting, etc.  People know how to test these methods generally (<script>alert(‘hacked you!’);</script>), but a pop-up box that says “Hacked You” isn’t really hacking.  I can’t go back to a manager and tell them “Excuse me, sir, but you’re vulnerable to XSS”.  They don’t care.  But if I go back to them and say “Excuse me, sir, but your password is your kid’s name, Bobby”, that will get the picture.

This is what I mean by practical hacking.  The bad guys already know how to do practical hacking. But the good guys don’t, so sometimes we don’t get taken seriously.

I want to create a series of posts on practical hacking.  This includes, 1) how do I setup a testbed to make sure I’m doing it right.  If you don’t already know how it works in a test environment, how are you going to know during a real test if the target just isn’t vulnerable, or if you just messed up? And 2) What is the next step?

My reasoning for this website?  Simple.  As I research more stuff on my own (or see other people do stuff), I want to remember it.  So I’ll post it here.  Because I know at some point in the future, I’ll use it again.