Ethical Hacking Success
For the third consecutive year, the ethical hackers at Girls Learn Cyber (GLC) have been honored in Drexel University's Bug Bounty Hunters' "Hall of Fame." This recognition underscores the critical role that GLC plays in advancing cybersecurity through practical, ethical hacking engagements. In partnership with Drexel University, GLC’s team, including renowned bounty hunters Eve and Dr. Thomas Heverin, have demonstrated exceptional skill and diligence in identifying and mitigating potential security threats. Here’s a glimpse into the processes and tools they used to achieve success.
The Path to Recognition: Our Systematic Approach to Ethical Hacking
1. Review of Drexel Bug Bounty Commandments:
- Our first step is always to align with Drexel University's established guidelines for ethical hacking, ensuring all our activities promote security without compromising ethical standards.
2. Discovery Using Shodan "http.title:" Syntax Searches:
- Utilizing specialized search techniques, we identify exposed devices within the university's network. The "http.title:" search, a component of our toolset, helps pinpoint devices that might be overlooked but are crucial to network security.
3. Testing for Default Credential Weaknesses:
- A common vulnerability involves default usernames and passwords that remain unchanged. We rigorously test these to prevent unauthorized access that could exploit these weaknesses.
4. Accessing and Securing Central Devices:
- Successfully accessing a central device provided insights into user data and network operations. This step was vital for understanding the breadth of potential security challenges facing the university.
5. Comprehensive Vulnerability Reporting:
- Our findings are carefully documented, including screenshots and step-by-step replication advice, ensuring that Drexel’s IT team can easily address each issue. Our reports also suggest practical mitigations to enhance system resilience.
6. Rapid Recognition and Continued Engagement:
- Our submitted reports are typically recognized within days, underscoring the effectiveness and efficiency of our team. This quick turnaround is crucial for maintaining security integrity.
7. Ongoing Efforts and Future Challenges:
- The journey doesn’t end with one success; our team continues to hunt for vulnerabilities, ensuring ongoing improvements to cybersecurity practices at Drexel and other organizations too.