Contact us
Request demo →
Contact us
German website

Trends in hacking attacks, techniques and tools

by Cybersprint Blog 22 Feb 2021

Developments in cyber security travel at the speed of light. How do (ethical) hackers keep up with these developments and how eager are they to adopt new tools that help them find weaknesses in digital environments? This was one of the subjects discussed with serial winners of Hâck The Hague, Rik van Duijn and Wesley Neelen. Below a summary of their thoughts on this subject.

The use of certain tools and techniques really depend on the scope of the Hackathon, or competition, you participate in or the assignments you work on. It also depends on what you encounter. First you want to find out what you are dealing with and then determine what tools are best suited for what you want to achieve. For example, an important questions to ask yourself during the competition, is if you are dealing with on-premise applications or cloud solutions. Cloud entails entirely different issues and risks, such as subdomain takeovers.

It’s true that the web is constantly changing, but on the other hand, if you look closely, most bugs remain the same, albeit that you may find them in different settings. That means that you can use the same tools to find them. For example, the Top 10 Web Application Security Risks can still be addressed with the same tools, it mainly depends on the context in which you use them. More and more things will be virtualized, we put containers in containers and build entire browsers in an app. It’s not so much about a different type of attack, but more how you (ab-)use existing attack methods in a different way. Compare it to Lego bricks: it’s the same bricks, you just assemble them in another way.

One thing that you will see often nowadays with Docker is that if you get access to a system with an old bug, you end up in a docker container instead of the control system. Another thing is the serverless functions which are very different. You communicate with one big cloud service whilst the underlying system is managed by a cloud provider. Those are new techniques you are going to see in tests.

In the end, it depends on the person how quickly and easily you incorporate new tools and techniques in your day-to-day work as an ethical hacker. You might turn out to be someone who is curious enough to investigate new developments or that you prefer to hold on to what you already know. Thing is, you do need a certain dose of patience and perseverance in order to incorporate new techniques and tools into your daily routine. But in the end, getting to know new tools and/or ways of attacking systems can also bring many advantages to your work as an ethical hacker.

Interested to see the entire interview with Rik and Wesley?

Watch Podcast

Hâck The Hague 2021 in the media

An awesome event like Hâck The Hague is bound to grab attention in the media. How many municipalities and organisations voluntarily allow their systems to be hacked? Not that many, and definitely not by 200 hackers at the same time! From interviews with hackers, to articles about the competition. We have summarised the most remarkable coverage for you in this blog post. 

read more

Hâck The Hague 2021 Press Release

The Hague, 27 September 2021 – Today the digital infrastructure of the municipality of The Hague was scrutinised by 206 ethical national and international hackers. Among the 125 reported vulnerabilities were; unsafe access to accounts, outdated software, the ability to inject malicious code into a website and an account that could be taken over completely.

read more

Hâck The Hague programme: sneak preview

We have planned an exciting programme for Hâck The Hague that will air on 27 September. Expect fun podcasts and videos about cybersecurity in all shapes and sizes. We tested citizens of The Hague on their knowledge of cybersecurity and held exclusive interviews with both professional and student hackers. What will they share? Here's a sneak peak. 

read more

Do you have a question?

Our experts have the answers

Contact us