This topic contains 1 reply, has 2 voices, and was last updated by iCkerous 1 month ago.
- July 14, 2020 at 4:48 pm #282405
Hey, I have been “hacking” for a while now. And was wondering how companies usually react to getting attacked, if it is for the sake of finding vulnerabilities for them?
- July 14, 2020 at 4:48 pm #282406
Legal suites and pressing charges.
If you don’t have permission to test something, ask for permission or move on
- July 14, 2020 at 4:48 pm #282407
I got rewarded one or twice. Free software for finding a majorish flaw. Certificate of appreciation for finding administrator access via weak password storage at my university.
- July 14, 2020 at 4:48 pm #282408
Not well,be very careful.
- July 14, 2020 at 4:48 pm #282409
Consider from a company’s perspective. They pick up on your hacking, either through monitoring tools or you wanting to submit a bug report yourself or something.
You could be acting in good faith or you could be truly malicious. The company simply does not and can not know, so they have to assume you’re a malicious attacker, and will have to act accordingly. Even if a company is 99% sure you don’t mean harm, they’re likely not going to risk the 1% chance you’re actually just trying to help.
Just always go with bug bounty programs. They’re so widely used for a reason
- July 14, 2020 at 4:48 pm #282410
Most of of companies ignores if it is minor vulnerability if you can present it in proper way I mean bug report docs. But most of cases cold emails will nothing do much. IF bug is outside bug bounty will give you bad experiences But best for real hacker. So I will suggest stay legit with any website bug bounty program.
Bug Bounty is great choice here is some most popular ,
- July 14, 2020 at 4:48 pm #282411
You will exchange your grey hat for an orange jumpsuit.
- July 14, 2020 at 4:48 pm #282412
I would highly recommend getting contracted as a penetration tester for any company you wish to break into. The CEO or CISO will basically give you a pass if you get caught while you test so you dont get charges pressed against you.
Doing it willy nilly will get you into some serious legal issues.
- July 14, 2020 at 4:48 pm #282413
Coming from a perspective of the company that has received these….
If we did not contract you to do this and we detect you, we file a complaint. If you are a company that is doing this. We contact our attorney. Individual? FBI.
Don’t touch my network without permission. Period.
- July 14, 2020 at 4:48 pm #282414
I work in cyber security for a pretty big service industry company and we do semi-frequently do notice “attacks” that seem to be coming from vulnerability testers. If they’re not being done through our bounty program they are treated more or less like attacks, we investigate and try to make sure that person is getting blocked. I don’t remember us ever pressing charges but if we find out who you are we’ll shut down your account since you’re breaking TOS.
- July 14, 2020 at 4:48 pm #282415
Companies sometimes have policies around ethical hacking. No idea how they are made public, but I know our company allows ethical hackers on a few specific websites which were chosen so that there can’t be operational impact on the critical business sites.
- July 14, 2020 at 4:48 pm #282416
I mean you can for sure make a business out of this, but just hacking to tell them their vulnerabilities without asking them beforehand might lead to charges against you
- July 14, 2020 at 4:48 pm #282417
What you mean by being attacked, general scanning is not taken as helpful, but afaik if you have a specific flaw at the very least the it guys will feel very glad
- July 14, 2020 at 4:48 pm #282418
I feel like (and this might be an unpopular opinion) if you use software every day you should be allowed to check it’s security, if you report it and don’t use it maliciously there shouldn’t be a problem. Even if you aren’t a regular user you’re making yourself and others safer
- July 14, 2020 at 4:48 pm #282419
I think it really depends on the company. If it’s a large corporation and the vulnerability you find doesn’t really cause any real damage I don’t think they’d necessarily press charges but they might not care to praise you either. If it was a small company however, they might sue to make a point or make money out of the incident. I think the safest bet if you don’t have any ill intention is to only ever hack into a system with permission. After all, why would you need to be secret if you don’t intend on causing any harm?
You must be logged in to reply to this topic.