1. Set your goals. Know exactly what you are setting out to find - it makes little sense to start hacking blindly. You should know whether you want to see what an intruder sees on the target points of access, what he can do with that information, what the victim sees when a hack occurs, etc.
2. Plan the work. Another caution against being haphazard. Make sure that the testing process and interval is specified, and the networks you need to test clearly identified. Hacking can easily lead you astray, sidetracked with a curious loophole or problem you would want to solve - but ultimately does not lead to the objective.
3. Keep a record. You would want to know how you got there, especially if you have to brute-force your way through a very tough shell of security. At the very least, this can help you in future jobs. Record everything that happens, whether or not your hack was successful. And remember to keep a duplicate of your jobs.
4. Do no harm. Remember when Dennis Nedry hacked the power supply in Jurassic Park? It wasn’t a pretty sight for him or for the rest of the park personnel. Remember to
always think twice about every exploit, considering if what you do can cause any widespread damage.
5. Use a Scientific process. This means you set goals that are quantifiable, tests that are repeatable and consistent, as well as tests that are novel - those that can impact in the long run.
6. Stick with your tools. As a new hacker, you will see several dozen different tools available for different jobs. The temptation to download each one is great. However, these tools are sometimes used differently and can spoil your hacking methodology. Once you find one that suits your style, it is best to stick to it.
7. Draw up reports. Your logs are not reports - they are for reference. Instead, create a more concise and legible report or at least a progress update, that will summarize all the important points of your stint, as well as a recommendation of how to improve the target system.
No comments:
Post a Comment