Summ3r 0f h4ck: Digital Security Internship 2018

Summer is just around the corner, and Digital Security announces the beginning of its internship - the results of the previous exceeded our expectations, so we decided to continue this pleasant and useful work. And what do the interns themselves think about the time they spent with us? Did the internship meet the expectations of the participants? Last year's reviews can be found here and here .

We were once again happy to see that enthusiasts and amateurs of their work come to us, who are interested in exciting issues and do not back down before difficult examinations.

So that you can more accurately understand the specifics of summer research, we propose to consider several topics that have received the hottest response from the guys.

• We use weaknesses of monitoring systems during pentest
• WAF study. Security Techniques, Rule Set
• Password analysis (data mining). Creating dictionaries and framework rules for accelerated password cracking of certain patterns. Writing a distributed system for hacking and managing brutal hashes
• Writing a converter for WPA HALF handshake for HASHCAT. Exploring the possibility of optimizing the password cracking speed
• Explore the capabilities of the hexrays-tools plugin for the IDA Pro disassembler, porting it for new versions of IDA Pro. Consideration of the possibility of transferring the plugin from C ++ to IDAPython
• Explore the capabilities of the Black Magic Probe and Bitsy boards
• Improving the algorithms of the rootkit detection tool under GNU / Linux
• Hanipot for logging interactive commands on the guest machine via the hypervisor

In addition, any intern could suggest his own topic for research.
')
In turn, Digital Security experts shared their experiences and read various lectures, including the following:

• What is pentesting? Network scanning and service identification. How to Nmap / Nessus / Metasploit
• How does the Web and HTTP protocol work ?
• Burp Suite Training. Familiarity with one of the primary tools for auditing web security
• OWASP Top 10 . Examples of all major vulnerabilities
• NFC , payment cards, attacks on them
• PowerShell for dummies: use in everyday life and on the battlefield
• SMT, Z3, SSE, DSE , ... In The Wild

At the end of the internship, we made a kind of castling, and already the interns gave lectures to us, telling about their successes and demonstrating acquired skills. Everyone who successfully reached the end was issued a certificate from Digital Security. Do not forget about the firm merchandise from our company.

But, unfortunately, the number of places we have is limited. Therefore, in order to select the most talented, we made several changes to our profile.

For the security analysis department and the research department, two different participant questionnaires are now offered, which we improved and to which we added several non-standard questions. In addition, this year we decided to focus only on the local internship - there will not be an opportunity to train remotely.

We expect from candidates:

• Independence, while we will be happy to provide all possible assistance in research;
• Possession of basic knowledge and desire to understand and learn new things in various areas of information security.

Security Audit Department

The audit department is engaged in penetration testing, security analysis of web applications and corporate software. The department is suitable for those who like to understand how the sites are arranged, to stray around the depths of corporate networks and closely gaze into the source codes of applications. This department is suitable for those who like to break everything.

Profile

Department of research

The research department primarily deals with reverse engineering tasks, searching for vulnerabilities in binary applications and devices. If you like to sit in a disassembler or a debugger, if you want to automate various tasks for finding vulnerabilities, if you like to write super-fuzzers, then you are here.

Profile

The deadline for submitting questionnaires is May 23, inclusive.
The duration of the internship is from July 1 to August 20.

According to the results of Summ3r 0f h4ck possible employment in Digital Security.