There are too many Russians attacking the US and other nations, and too little of the reverse, but I believe Russia is an appealing target for the following reasons:
- Wide alternate timezone - When you come back from work in the US, it would be work time for them. They will be logged in and you could respond immediately to a successful phish. Because Russia is spans many time zones, you can find a target that fits your schedule.
- Lack of legal consequence - We all know Russia won't extradite to the US, but the same is true of the reverse. Obviously, you should still use proper opsec anyways.
- Less security - Russian networks tend to be less secure than their US counterparts.
If you are a beginner, I would recommend targeting universities because of their poor security and public email addresses (for spear phishing). You can find a list of Russian universities here:
http://universities.hipolabs.com/search?country=Russian%20Federation
I ran sqlmap against the list and found numerous sql injection vulnerabilities, so you can give that a try. Ultimately though, I would recommend using spear phishing. You can use Yandex translate since it's better than Google translate.
[link] [comments]
from hacking: security in practice https://ift.tt/3uc3ByT
Comments
Post a Comment