PebHmong Discussion Forum

Life & Living => Work Avenue => Topic started by: Risingstars on April 08, 2019, 10:43:53 AM

Title: When your boss asks you to use KaliLinux to do some hacking.
Post by: Risingstars on April 08, 2019, 10:43:53 AM
So, I have been approved to hack our network and do some testing. We have a vendor that is suppose to help and call use if they see suspicious activities like this and now we stopped getting support from them. So the boss and the CIO wants to test out if our vendor is worth it. My part is to make it seems like I'm doing things but need to not make so much noise. Has anyone used KaliLinux before?
Title: Re: When your boss asks you to use KaliLinux to do some hacking.
Post by: YAX on April 08, 2019, 02:28:46 PM
Never used it.  Good luck with that, but from what I've seen, usually when you get someone to do some pentesting on your org, they get as much info as they can from you, then make sure they have some paperwork to prove they're doing the pentest.  That way, if they get caught, they can explain themselves.  Make sure you have one of those agreements or something written from your boss before you start.  This way, there's no confusion and you don't get fired by mistake.

Secondly, whenever they do pentests, I've seen that the easiest way is to send a phishing email to everyone in the company and hopefully get some bites so you can get some account information, then use that user's acct to break in.  In your case, you may not need to go as far as using their account. Getting their account info via the phishing email should suffice that you have some weakness.  Good luck!