Create Pentesting Team #22

New Issue

DarkFeather · 2024-02-26T14:35:39-06:00

DarkFeather commented

2024-02-26 14:35:39 -06:00

We should start a team for tackling TryHackMe and HackTheBox in a collective fashion.

jml commented

2024-05-26 21:49:55 -05:00

I'm definitely out of practice but I have been wondering about joining / starting a CTF team for a while, so I'd be happy to give this a shot if you'd have me.

Something I am explicitly curious about is if there are any specific goals in mind when it comes to this?

Could be things like:

Improving Problem-Solving Skills through Practical Experience
Building a pentesting knowledge base and community
Keeping up to date with a diverse range of pentesting knowledge
Create (, contribute to) and learn from write-ups, tutorials, and discussions
Resume Building, Certifications, etc. (Professional Development)
Gaining fluency in a specific set of tools (Wireshark, Metasploit, ...)

Another thing I'm wondering about, but I think you already meet the minimum infrastructure requirements to do something like this

Actually Doing Pentesting (covered by "MSPs")
- TryHackMe
- HackTheBox
Collaboration & Communication
- IRC & Discord
- Gitea Repos & Issues
Documentation
- Gitea Wikis / in-Project Gitea Docs

And finally the edge case concerns, but which I think are practically a strict requirement for something like this.

Code of Conduct
- Might be covered by User Ethics
Legal Compliance
- Case-by-case basis
- Guaranteed to change as laws are passed or struck down
- Basically, make certain that any pentesting activities you are doing are legal under your jurisdiction.

I'm sure I've forgot about something in drafting that, and if what I have in mind seems totally off-base please let me know. I want to be clear and explicit that my intent is not to take the steering wheel and lead this issue somewhere unintended. My exact and only intent is to get back in your brain and maybe elicit some action taken on those ideas if the availability is there.

I'm definitely out of practice but I have been wondering about joining / starting a CTF team for a while, so I'd be happy to give this a shot if you'd have me. Something I am explicitly curious about is if there are any specific goals in mind when it comes to this? Could be things like: - Improving Problem-Solving Skills through Practical Experience - Building a pentesting knowledge base and community - Keeping up to date with a diverse range of pentesting knowledge - Create (, contribute to) and learn from write-ups, tutorials, and discussions - Resume Building, Certifications, etc. (Professional Development) - Gaining fluency in a specific set of tools (Wireshark, Metasploit, ...) Another thing I'm wondering about, but I think you already meet the *minimum infrastructure requirements* to do something like this - Actually Doing Pentesting (covered by "MSPs") - TryHackMe - HackTheBox - Collaboration & Communication - IRC & Discord - Gitea Repos & Issues - Documentation - Gitea Wikis / in-Project Gitea Docs And finally the edge case concerns, but which I think are practically a strict requirement for something like this. - Code of Conduct - Might be covered by [User Ethics](https://aninix.net/AniNIX/Wiki/src/branch/main/Policies/User_Ethics.md) - Legal Compliance - Case-by-case basis - Guaranteed to change as laws are passed or struck down - Basically, make certain that any pentesting activities you are doing are legal under your jurisdiction. I'm sure I've forgot about something in drafting that, and if what I have in mind seems totally off-base please let me know. I want to be clear and explicit that my intent is not to take the steering wheel and lead this issue somewhere unintended. My exact and only intent is to get back in your brain and maybe elicit some action taken on those ideas if the availability is there.

DarkFeather commented

2024-06-27 12:18:23 -05:00

@jml There is a private IRC channel, Discord role, & Gitea project set up to create the infrastructure for this space.

Goals are definitely education, career building, and fluency.

Presently, we are limiting ourselves to HTB as a testing space & something within legal compliance. If we start looking at doing bug bounties, it would be via official boards like HackerOne, BugCrowd, etc. -- this would be a major revamp, though, and I think the team is a ways off from tackling this. I'd at least want more folks Pentest+ / Cisco VEH / OffSec CEH certified prior to attempting that. For now, HTB meets the education goal.

I will work on a formal write-up for this team & an application process (should be fairly light), and then we'll look at onboarding you.

@jml There is a private IRC channel, Discord role, & Gitea project set up to create the infrastructure for this space. Goals are definitely education, career building, and fluency. Presently, we are limiting ourselves to HTB as a testing space & something within legal compliance. If we start looking at doing bug bounties, it would be via official boards like HackerOne, BugCrowd, etc. -- this would be a major revamp, though, and I think the team is a ways off from tackling this. I'd at least want more folks Pentest+ / Cisco VEH / OffSec CEH certified prior to attempting that. For now, HTB meets the education goal. I will work on a formal write-up for this team & an application process (should be fairly light), and then we'll look at onboarding you.

DarkFeather commented

2024-07-18 13:11:50 -05:00

@jml AniNIX/Wiki#26 will be the overview listed. Everything else will be detailed in the project repo. Let me know if that meets what you're interested in.

Sign in to join this conversation.