frequently asked questions

Can I learn system exploitation?
Absolutely... Anyone can... It just takes practice. In reality, almost anyone can learn If they are willing to practice. The best practice is to use VMWare environments that can be guaranteed to be vulnerable before you try. Once you can consistently exploit the target, you will know when and when not to exploit...

Espionage is the thing of movies right?
No... James Bond movies are mostly fiction or the things of movies. Some of the gadgets are real and some of the bad guys are possible. The interesting thing is that many countries, such as China and Iran, are attacking large countries every day. Iran for example, attacked the United States government and financial industry many times and continues to deny involvement... Yes, they think everyone else is ignorant, but everyone knows that Iran is bulking up their Cyber Warfare capability and actively becoming the aggressor. Especially after the Stuxnet issue...

Forensics is a science. How easy is it really??
Honestly, it is not easy, but it is not hard... You just have to know what to look for. Once the “red flag” or “policy” has been violates, you just need to limit your scope or search for that exact violation to minimize your effort. It is the lawyer's or management's responsibility to limit the scope.

Do you guarantee results?
For training, yes... If you fail the test, you can re-sit the class for free, but you need to bring your previous courseware. As for consulting, we help you increase your security profile. We can only test during the “snap-shot” time frame during the test. We have had several clients defraud us by lying and changing the environment during the assessment. We will do what is needed and go beyond what is needed to make sure you have what you need. If you lie, you take on the responsibility of all damages, even ours...

Can attacking a SCADA enviroment actually cost lives?
Yes, Yes, and double yes... Hacking Attack Causes Physical Damage at German Steel Mill

Attacking your car can be an inconvenience. Sabotaging the power grid can cause a few deaths across the affected area. Changing how a chemical injector reacts in a water treatment facility can cause fluoride poisoning... A dam attack can flood a geographic area and kill thousands. A chemical plant attach can cause an explosion. A Nuclear facility cyber attack can cause a melt down... So, yes, SCADA/ICS attacks are a big deal... And Yes, they can be EASILY prevented by those that are not greedy and/or stupid...

 

Read more