SmellsLikeML

pysec

1/22/18

Security, pentest, hacking

If the headlines over NSA leaks, election meddling, database breaches, cryptojacking, Spectre & Meltdown have told us anything, it is that we have security challenges in an infrastructure that emphsizes fast, frictionless transactions.

Responsible self-defense calls for more than choosing better passwords. It requires a proactive stance on discovering vulnerabilities and developing solutions.

While we tend to think of hacking as a highly specialized skillset, you'd be surprised at the simplicity of some methods. Automation and scale reduce success to 'a numbers game.' With the emergence of IoT, the numbers are certainly there.

And so, to improve my own security posture and to develop an apparently under-represented skill, I am learning more about security and hacking.

Some resources to consider in exploring your own attack surface: high-gain usb wireless adapter, USB rubber ducky. For $80 in hardware, you can perform a variety of attacks.

I found the introductory books 'Violent Python' and 'Python Web Penetration Testing Cookbook' helpful in learning important paradigms in performing an attack, while picking up some of the interesting history.

This repo offers some examples of the methods covered in these texts which are still conceptually relevant, implemented in python 3.