Listen, the only folks you put your black hat on for are folks who try to phish you. And you report your findings anonymously to CISA.
That’s how the recent USPS scams, the EZ pass scam, and the AAA scam got untangled. Be safe.
You put on your black hat at work when your boss tells you to do so on objects under your teams ownership. Don’t be stupid.
Other than that, don’t be an idiot. Stick to BBPs and VDPs, Educational labs, shit you own, etc. Nothing more than a totally unglamorous fine, or worse, awaits you.
Sincerely, a veteran of cybersecurity.
If OP was actually gonna go proper black hat, this post would not exist.
You put on your black hat at work when your boss tells you to do so on objects under your teams ownership.
But that’s white hat, not black hat.
lol good point.
I’m just gonna try to hack one of my VMs
In my country, simply scanning for hosts/IP addresses could get you implicated, since IP addresses are under certain circumstances regarded as PII according to the GDPR. So… stay safe xD
Wtf really?
Unauthorized port scanning. If your job involves networking or cybersecurity, you’re contracted to do pen-testing, or your activities are limited to a network you own, you’ll be fine.
Definitely! But speaking of pen-testing, there are some “funny” stories about pen-testers getting temporarily apprehended and questioned by security or the authorities when communication between their employer and their client wasn’t done properly. I wonder if the IT Crowd at my agency would notice if I did an unsanctioned, unauthorized port scan from my office desktop…
Yep, true story. Besides from the particulars in the GDPR that affects EU citizens, I think there is a more generalized disclaimer in the nmap manual about doing certain scans.
No US laws currently criminalize port scanning.
So go learn SEToolkit instead I guess.
Rotate your MAC every 3-5 minutes on a random interval, or even more often. Stay safe.
