Summ3r 0f h4ck: internship of Digital Security 2018
Summer is just around the corner, and Digital Security announces the start of its internship - the results of the previous exceeded our expectations, so we decided to continue this pleasant and useful business. And what do the interns themselves think about the time they spent with us? Did the internship meet the expectations of the participants? Last year's reviews can be found here and here .
Once again, we were happy to see that enthusiasts and lovers of their craft are coming to us, who with interest understand interesting questions and do not retreat to difficult tasks.
So that you can more accurately understand the specifics of summer research, we suggest considering several topics that have received the hottest response from the guys.
- We use the weaknesses of monitoring systems during the pentest
- WAF study. Protection techniques, a set of rules
- Password analysis (data mining). Creating dictionaries and framework rules for hacking passwords according to specific patterns. Writing a distributed system for cracking and managing brute hashes
- Writing a converter for WPA HALF handshake for HASHCAT. Exploring the possibility of optimizing the password cracking rate
- Exploring the capabilities of the hexrays-tools plugin for the IDA Pro disassembler, porting it for new versions of IDA Pro. Considering porting a plugin from C ++ to IDAPython
- Exploring Black Magic Probe and Bitsy Cards
- Improving the algorithms of the rootkit detection tool under GNU / Linux
- Hanipot for logging interactive commands on a guest machine through a hypervisor
In addition, any trainee could offer his own theme for the discussion.
In turn, Digital Security experts shared their experience and delivered various lectures, including the following:
- What is pentesting? Network scanning and service identification. How to Nmap / Nessus / Metasploit
- How does the Web and HTTP protocol work ?
- Burp Suite Training . Introducing One of the Key Web Security Auditing Tools
- OWASP Top 10 . Examples of all major vulnerabilities
- NFC , payment cards, attacks on them
- PowerShell for dummies: home and battlefield use
- SMT, Z3, SSE, DSE , ... In The Wild
At the end of the internship, we made a kind of castling, and already the trainee guys gave lectures to us, telling about their successes and demonstrating the acquired skills. Everyone who successfully reached the end was issued a certificate from Digital Security. Do not forget about the company merchandise from our company.
But, unfortunately, the number of places we have is limited. Therefore, in order to choose the most talented, we made several changes to our profile.
For the security analysis department and the research department, two different participant profiles are now offered, which we have improved and which have added several non-standard questions. In addition, this year we decided to focus only on a local internship - there will be no possibility to internship remotely.
We expect from candidates:
- Independence, and we will be happy to provide all possible assistance in research;
- Possession of basic knowledge and the desire to understand and learn new things in various areas of information security.
Security Audit Department The Audit
Department is involved in penetration testing, security analysis of web applications and enterprise software. The department is suitable for those who like to understand how the sites are arranged, to wander around the bowels of corporate networks and to look closely at the source codes of applications. This department is suitable for those who like to break everything.
Questionnaire
Research
department The research department primarily deals with the tasks of reverse engineering, vulnerability search in binary applications and devices. If you like to sit in a disassembler or debugger, if you want to automate various tasks to find vulnerabilities, if you like to write super fuzzers, then here you are.
Application
form Application deadline is May 23, inclusive.
Duration of the internship is from July 1 to August 20.
According to the results of Summ3r 0f h4ck , employment in Digital Security is possible.