Adding Overview Page for Pentesting Team #26
29
Policies/Pentesting_And_CTF_Team.md
Normal file
29
Policies/Pentesting_And_CTF_Team.md
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
# Overview
|
||||||
|
|
||||||
|
The AniNIX is looking to put together a penetration testing, ethical hacking, and cyber capture-the-flag team. The purpose of the group is to develop competent & ethical professionals, break down cybersecurity gatekeeping, and improve the Internet community writ large. The code name for this team is the `3NCLAVE`.
|
||||||
|
|
||||||
|
# Requirements to Join
|
||||||
|
|
||||||
|
In order to join this team, you must meet the following requirements:
|
||||||
|
|
||||||
|
* Have a Discord account and a Hack The Box account.
|
||||||
|
* Proficiency with Kali Linux or other hacking distribution, IRC, and Git.
|
||||||
|
* Have a demonstrated body of work in computing, primarily in a Linux environment.
|
||||||
|
* This can be a home lab, provided it can be demonstrated in a Discord screen share or by external access
|
||||||
|
* This can be GitHub, HackerOne, BugCrowd, etc. accounts with activity.
|
||||||
|
* This can be a career in IT -- ideally, this should be able to be validated with a coordinated challenge and answer to a professional email address or phone number
|
||||||
|
* Have a willingness to learn and ethical mindset
|
||||||
|
* Be sponsored by a current team member
|
||||||
|
* Be willing to comply with the AniNIX [User Ethics](/AniNIX/Wiki/src/branch/main/Policies/User_Ethics.md)
|
||||||
|
|
||||||
|
# Operation
|
||||||
|
|
||||||
|
This organization will function as a semi-democratic collective. The Owners group as captured in AniNIX/Foundation will retain veto powers & ownership of the IP. Otherwise, any group member may propose participating in bug bounty or capture-the-flag event through IRC & Discord -- the rest of the group can opt into this activity as they're able & interested. Proposals to changes in operation, methods, etc. will be discussed through issues on this platform & solidified through 2/3 majority approval in a merge request. Other operational procedures will be discussed in the group project repo.
|
||||||
|
|
||||||
|
When members are approved, they will be added to the appropriate project on AniNIX/Foundation. More details on our operation will be controlled to that location.
|
||||||
|
|
||||||
|
# What Do We Do
|
||||||
|
|
||||||
|
This organization is an ethical hacking group. This means that we comply, as much as possible, to ethical & legal frameworks. We will only attempt to compromise systems that we have been authorized, in writing, to inspect. These authorizations will either come in the form of lab files shared by our members to be tested in firewalled or air-gapped home labs, bug bounty postings, or official capture-the-flag events being hosted by organizations like Hack The Box. Members are specifically not authorized to test exploits & vulnerabilities on the community writ large.
|
||||||
|
|
||||||
|
When ethics conflicts with legality, ethics wins via civil disobedience. That is, if we were to receive a court order compromising the security of our members, operation will cease. If law were to outlaw cybersecurity research, we would pivot to be a bug-fixing development group instead. The fundamental rule is to do good without disrupting systems that people need and to find collaborative ways to contribute to the world.
|
Loading…
Reference in New Issue
Block a user