- Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
- Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!
Collapse
You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:
- You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
- You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
- If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.
Logging in...
Previously on "Online red & blue attack/defense simulations"
Collapse
-
Ever thought of attending a Hack-a-thon? Essentially, a marathon for hackers... sounds like a fun way to test your skills/see the skills of others!
-
Forget tools and hacking scripts. Security is risk based. Know your environment in detail, and the threats to that environment. Understand where the risks points are, how they can be exploited and mitigate against that.
Ethical hacking is bulltulip. And trying to hack something yourself is a waste of time as it doesn’t represent a real world risk.
Buy a book on CISSP and read it.
Leave a comment:
-
-
Thanks for the replies.
@malvolio:
I agree with you in that real infrastructure is breakable and so it seems counter intuitive to leave it wide open to the internet - That's why any company offering this sort of service would need to think carefully about the underlying infrastructure (e.g. running their switches / firewalls virtually in GNS3 etc, virtual hosts that wipe after each session etc - or if that is considered too 'exposed' then perhaps a simple cut down version of clickable/CLI enterable security settings along with a 'run attack simulation' button and a summary of results). I don't believe for one moment that providing these sorts of environments would provide a training ground that hackers don't already have access to (or can very easily make themselves using readily available virtualisation technologies). I also think that knowing how you're likely to be attacked, helps you to better defend.
I haven't forgotten that I'm a contractor - bench time serves as an excellent reminder - but I disagree on your all or nothing suggestion with regards to training/professional development - I see value in pursuing knowledge outside of a full blown (and all things considered, expensive) training course, particularly as security is not my company's USP, merely a part of the package my clients benefit from. I'm not looking for CV material with this, which a training course would undoubtably be best suited for - more an improved understanding so that my next design will be more secure than my last.
@Mag:
That's a great suggestion I'd never heard of before - it does seems a little red team focussed for my needs (I'm looking to focus more on the blue team stuff) but it's definitely something I'll be having a play around with.
Leave a comment:
-
Have you checked out https://www.vulnhub.com?
Not full on networks but vulnerable OS builds for you break in to?
You could learn to exploit them and then learn to secure them and try again...
Leave a comment:
-
Quite amused at the concept that people will publish an "insecure" network so other people can practice hardening it. If you can harden something, you can also break it, which is rather the point of having security in the first place so why provide a training ground for hackers (I know you're not, but you get the point)..
You're a contractor, remember. You run a business. If the knowledge is necessary for your work, get a decent training course and do it properly; and if cyber security is what you trade in, YourCo can pick up both the bill and the expenses.
Leave a comment:
-
Online red & blue attack/defense simulations
Hi all,
I'm currently on the bench and looking to make good use of this time to deepen my practical security knowledge before the next gig. As I learn (and enjoy) best by doing, I've been googling for online red/blue style security simulations but haven't yet had much luck in finding anything that seems to fit what I'm after (i.e. there is no pre-existing network to test, I'm looking for a simulated network infrastructure that I can harden as best I can and ideally have the simulation 'attack' it once I'm finished so I can see how it holds up and learn more about anything I missed).
Anyone had any online/eLearning experiences or recommendations in this area they'd care to share (I've seen this sort of thing offered in a short course form before but it required being on site in London)? Happy to pay for a good tool but it needs to be reasonably priced as if it's too expensive I'll probably be better off homebrewing something together using virtualisation tools - and that takes a good while.
Thanks.
- Home
- News & Features
- First Timers
- IR35 / S660 / BN66
- Employee Benefit Trusts
- Agency Workers Regulations
- MSC Legislation
- Limited Companies
- Dividends
- Umbrella Company
- VAT / Flat Rate VAT
- Job News & Guides
- Money News & Guides
- Guide to Contracts
- Successful Contracting
- Contracting Overseas
- Contractor Calculators
- MVL
- Contractor Expenses
Advertisers
Contractor Services
CUK News
- Spot the hidden contractor Dec 20 10:43
- Accounting for Contractors Dec 19 15:30
- Chartered Accountants with MarchMutual Dec 19 15:05
- Chartered Accountants with March Mutual Dec 19 15:05
- Chartered Accountants Dec 19 15:05
- Unfairly barred from contracting? Petrofac just paid the price Dec 19 09:43
- An IR35 case law look back: contractor must-knows for 2025-26 Dec 18 09:30
- A contractor’s Autumn Budget financial review Dec 17 10:59
- Why limited company working could be back in vogue in 2025 Dec 16 09:45
- Expert Accounting for Contractors: Trusted by thousands Dec 12 14:47
Leave a comment: