Tuesday, September 25, 2018

Daily Blog #489: Do you IR your pentest labs?

Hello Reader,
           Lately I've been experimenting with https://hackinthebox.eu but not for the normal reasons. I've always enjoyed the technical aspects of pentesting, and very rarely enjoyed the reporting or politics of remediation, which explains why I've done the national collegiate cyber defense competition for so long. With the hack in the box challenges though I'm not just practicing interesting techniques with a longer time frame then I normally get, I'm also getting to do some log and artifact review once I've compromised the system to see what data is being logged.

If there is one thing that most researchers would agree with is that getting good test data is hard work. With the large number of vulnerable systems setup in interesting ways I'm looking forward to sharing more of what I'm seeing. While some of the systems have logging turned off during the initial attack, once you get access there are no restrictions one changing the machine configuration to start logging the data.

To make things easier I've got a dedicated lab paid for that I'll be doing controlled testing and then in the future plan to transition the same access to the public systems to do live streamed attack detection with Matt in the future.

Always more things to try, test and do! Let me know if you are doing something similar.