Business Intelligence- A Students Perspective
January 17, 2012
This week I got to do the first module in the “Reconnaissance” module, “Business Intelligence” and I have to admit, I was blown away.
In this module we covered various ways to gather intelligence about a target (business), and I learned a lot of methods that I didn’t know previously. I knew some of the more basic techniques such as looking at LinkedIn profiles and looking at job posts, but this module took it to the next level. I had never heard of EDGAR, I had never thought about going through archived mailing lists, in my world “theHarvester” was a syslog gatherer (It’s actually a cool tool that polls search engines results to get email addresses for various social engineering schemes), and then there is Maltego. I learned a lot of great methods and tools in this module that I will have to employ against my employers to gather info (For white hat purposes obviously).
And then, there was the lab. Man, I think this was the longest lab to date. It really caught me off guard how much time it would take. The lab in this module was to do business intelligence gathering on four targets. And expect to spend 90-120 minutes minimum per target. Yeah, that’s 6 hours minimum. But, it did definitely teach me two key things: It is scary how much information you can gather on a target from just the Internet, and the importance of note taking. I can’t stress the importance of note taking enough (And neither can The Hacker Academy, as it’s come up in multiple modules). Even though the lab took some time to complete, it was a lot of fun and it was extremely eye-opening.
Looking forward to the next module: Network Intelligence!
Professional Penetration Testing
January 4, 2012
For the longest time, I’ve always wanted to be a penetration tester. That, to me, would be my dream job. This module was focused on the beginning steps of becoming a penetration tester. There was a lot of great knowledge passed down by the instructor in this module. What separates an entry level, good, and great penetration tester? The answers may surprise you because what separates good from great really intrigued me. The instructor also provided some insight into what to expect from the job (Don’t expect to only work from a basement hacking companies with techno blasting and drinking Jolt). This disclaimer was very helpful, and is pretty much what I expected.
The lab was pretty simple: Doing research and answering some questions on your career goals. While these questions are simple on the surface, they are really important questions you should be asking yourself in general. Having a concrete plan of what you wish to accomplish in your career and thinking through the steps to achieve it has served me immensely, and I recommend for anyone else to do the same.
This concludes me working through the “Hacking Fundamentals” course. These weren’t technical modules, but they were still very valuable to me because they changed the way I thought about penetration testing and my career as a whole. While browsing through the material, I can see there are plenty of technical modules I’ll get to later. But right now I’m appreciative of the difficult-yet-simple things I learned; Such as, what makes a great penetration tester? What makes you great overall? Have an insatiable curiosity, the importance of CIA++, STRIDE, different types of learning, the importance of interfacing with the customer. These are the fundamental things that will play a role no matter what facet of security you work in, and I’m glad I spent the time to reflect on them.
