Vote Early and Often

Packet Storm has brought back one of the most beloved features from its earlier days. The polls are back open so cast your votes today!

You must be logged in to vote but the results remain public. Your choice, however, remains private. When logged in, simply click on an answer to choose it as your vote. For reference, your choice will be highlighted in green.

If you have a witty or interesting suggestion for a new voting question, feel free to shoot us an e-mail and be certain to include the question, a bit of text for context, and suggested answers. We do not guarantee that every submission will make it live on the site, but we welcome ideas.

Note: User data for voting is not shared with any third parties nor data-mined in any way.


Section: Voting Booths

About ()


  Page 1
  Page 1


We are looking at adding arbitrary but relevant images to the file listings for consistency. Some people believe less is more, so we want to get input from you, the users.


Should we add images to the file listings?

AnswersResults
Yes100%
No0%
Where are the games on this thing?0%

With collections and various other features being launched, the goal is to make your life easier. Nothing is ever perfect at launch but we intend to keep improving usability. Getting your input matters to us!


How do you like the new site?

AnswersResults
Love it.66%
Better than it was.0%
Hate it. 16%
Go back to all static content like in 2000.0%
My bots broke. I will never forgive you.0%
Finally, mobile usabilty.16%

Figuring out how to manipulate a flaw to your advantage is at the core of security testing. Different attacks yield different data, but all vectors have their own interesting nuances to exploitation.


What is the most fun to exploit?

AnswersResults
Cross site scripting.0%
SQL injection.14%
Code execution / command injection.57%
Memory-related bugs.14%
Race conditions.0%
People.14%

The security industry loves labeling people with hats as though life and security is black and white. Packet Storm feels this is a bit silly but some people take their hat very seriously.


What sort of hat do you wear most?

AnswersResults
White hat - I only hack for the good of humanity.25%
Gray hat - I understand there's a balance to learning.50%
Black hat - I enjoy crime and the prospect of prison.0%
Red hat - I'm just a Linux System Administrator.0%
Top hat - Why don't we bring back top hats? They used to be a thing.0%
I don't wear hats because my hair rocks.25%

Ransomware is quite evil. When you see things like a childrens' hospital unable to serve their clients because all of their computers are encrypted, it should give executives pause and a critical moment of reflection. Lack of education for employees, lack of maintaining systems and vetting software before using it, coupled with generally putting security at the bottom of your to-do list can result in catastrophic consequences.


Is ransomware going to get worse before it gets better?

AnswersResults
Yes, way worse. How many billions of dollars were stolen this year?85%
Yes, as long as people play fast and loose with data from outside their network.0%
Maybe, hopefully, all of those horrible crooks made enough money and will go away.0%
No, I think we have seen the worst of it.0%
What's a ransomware? Should we be doing backups? Where am I?0%
Wait, it can get worse?14%

Whether it's education, redesign, proactive monitoring, or otherwise, many arcane systems exist in the government sector that can be used for malice. We are only as strong as our weakest link. With government military spending being so excessive, shouldn't the bulk of this money be reallocated given modern electronic warfare?


Do you feel military spending budgets should have 50% allocated to computer security initiatives?

AnswersResults
Yes, it's the most likely attack vector in current and future wars.20%
Yes, but who can afford to lobby for it?0%
Maybe, but there has to be serious oversight and a plan for use.60%
No, kinetic weapons from weapons manufacturers make politicians happy.0%
No, we need those $20,000 toilet seat covers and you better not ruin my budget.20%

There's a lot of neat stuff out there to make life more interesting, but with it comes risk. Given that security people tend to think about risk mitigation constantly, how much do you allow to creep in to your personal life?


As a security person, how connected is your lifestyle?

AnswersResults
Everything is connected. I might even get that Internet-capable toaster.16%
I use social mediums and allow IoT in my house. Technology is fun.33%
I use social mediums but do not allow IoT in my house. My spidey sense tingles.0%
I do not use social mediums and do not allow IoT in my house. I believe in minimal attack surface.50%
I change my identity every three months, get all new credit cards, and live out of hotels constantly on the move.0%
I soldered a USB port into the back of my head.0%

Packet Storm monitors all things security. With Russia's invasion of Ukraine, the conflicts in the Middle East, and lines in the sand being clearly drawn between varying nation states, are we headed towards a new world war?


Are we headed towards a third world war?

AnswersResults
It's a very likely possibility.60%
Maybe, when everyone's water and electricity stops working.0%
No, these "conflicts" are always happening.20%
Cyberwar already started WW 3 years ago.0%
Proxy wars will remain at a high cost.20%
Wait, people are dying?0%

There's quite a bit of hype regarding zero trust solutions in the industry. To Packet Storm, it's just a repackaging of the thought strategy that should already be the driver behind information security initiatives, but what do we know?


How do you feel about the term zero trust?

AnswersResults
Isn't zero trust already implied with the Principle of Least Privilege?60%
It is a marketing term that gets us additional funding.20%
If you need these solutions, you haven't been doing your job.20%
It's what I give every site I visit on the Internet.0%
It's how I feel about my management's philosophy on security.0%
Don't talk to strangers.0%

A person's world view on security can vary greatly depending on when they first started hacking and how much context they have on technology evolving.


When did you first get into hacking and/or security?

AnswersResults
Before 1980.0%
1980 - 1989.40%
1990 - 1999.0%
2000 - 2010.60%
2011 - Present.0%
Umm, some search engine just brought me here.0%

Do you feel that governments make everyone less secure by hoarding zero day exploits or do you believe their use cases are justified?


Should governments hoard zero day exploits?

AnswersResults
If they have a zero day, others probably have it too, so we are less secure.25%
If they weren't doing it, I would be more worried.0%
Maybe, but who watches the watchers?0%
We need offensive capabilities in the ever changing threat landscape.50%
All hackers have their private toolkit, governments included.0%
Even if reported, would the vendor care enough to fix it quickly?25%

When whipping together some automation or building a tool, writing a script is common amongst engineers. In fact, the ability to script something and manipulate data is a common game changer for an engineer's value. Everyone has their preferred language.


What is your preferred scripting language?

AnswersResults
Python, it's the norm.20%
Perl, and I don't want to debate it.20%
Bash, and yes, I just do shell scripts.20%
Awk, because Perl is too new for me.40%
Javascript, because I do nothing in a shell.0%
PowerShell, because I'm a windows user.0%

Packet Storm admins worked at a Fortune 10 where the CEO never once sat down to have a candid conversation with the information security organization in over ten years. His ivory tower didn't have an elevator to get down to us. Executives conveniently ignore the fact that they have a moral and fiscal responsibility to be engaged on these topics.


How often does your CEO engage with your infosec organization?

AnswersResults
At least quarterly.20%
Annually.20%
Never has, probably never will.20%
CEOs are too important to be bothered with non-revenue generating topics like security.40%
Isn't it enough for them to say security is important on stage during product reveals?0%
Great CEOs know their egos are more important than doing the right thing.0%

With large networks having become vastly unmanageable, hackers can easily find outdated software to attack and then persist inside of networks. Many attack vectors do not end up in logs, so SOCs will not catch them.


At any given point in the past month, how many tech giant and government networks do you think are currently breached?

AnswersResults
0% — They hire only the best and are usually impenetrable.0%
10% — I'm sure some hackers get in but are quickly caught.0%
20% — I want to believe 20% is the worst it can be.75%
50% — I've worked some of these places and it's a toss up.0%
80% — It's a constant battle we are losing to ignorance and incompetence.25%
100% — Every company or agency I've worked at has been compromised for some time.0%

Mental health is an important topic for the security community. Life is about balance and many of us are focused 24x7x365 when working in the trenches. This puts our own health at risk.


How do you spend time away from thinking about security?

AnswersResults
I volunteer somewhere doing non-computer things.0%
Year and years of therapy.0%
I build or create new things.0%
I spoof my caller id, call my boss, and let out a blood curdling scream.0%
Wait, I can pause these thoughts?33%
I just have a good cry in a dark room and then get back to work.66%

Everyone has an origin story that brought them to this point. Hackers tend to have some of the most interesting stories we have heard.


How did you first get interested in hacking?

AnswersResults
Trustworthy friends.0%
I went to school and got a degree.25%
A news story telling me it paid well.0%
A unique life event that caused me to question everything.0%
I couldn't afford my phone bills.25%
I watched Wargames, Sneakers, or Hackers.50%

It's not uncommon for a large corporation to find out they have been infiltrated for years. However, corporations have a long history of sweeping issues under the rug instead of being forthright with their stakeholders. For those in the trenches, Packet Storm knows it is a more common occurance than anyone would like to admit and the damage is rarely contained properly.


What is the most likely reality if hackers have been in your network for years?

AnswersResults
Your source repo likely has backdoors everywhere.0%
You probably need to rebuild all of your servers.0%
You have to do heavy forensics and find all indicators of compromise.0%
You need to publicly acknowledge this to your consumers and shareholders.0%
All of the above.75%
You can embrace your inner arrogance and ignore it because revenue is all that matters.25%

When it comes to security tools, there are quite a few out there. We do not have room to list them all, but we can list some and get a feel for what has caused the largest impact.


Most impactful security tool of all time from this short list?

AnswersResults
Nmap — Recon is where you start.75%
Metasploit — Because, well, Metasploit.25%
Tcpdump/Libpcap/Wireshark — Show me the bits.0%
Sqlmap — All the databases will be mine!0%
John the Ripper — I enjoy cracking all the passwords.0%
OSSEC — Host security still matters.0%

Music can help people focus, but tastes can vary greatly across the industry.


What's the best music for listening when working on a security project or hacking?

AnswersResults
Trance.0%
Drum and bass.25%
Industrial.0%
House.0%
Tom Jones.50%
The hum of my hard drives.25%

People use Packet Storm for many reasons and we see daily visits from every corner of the globe (if the globe had corners).


What is your reason for being here today?

AnswersResults
Hacking is fun and I enjoy learning.25%
Security is my profession.50%
My Internet connected toaster isn't working.0%
I'm a government spy.25%
I'm a journalist.0%
I'm just here because Google sent me here.0%

Packet Storm has long believed that if you do not have an inventory of what you are trying to protect, then you are starting from a point of failure. Incidents, monitoring and scanning, access controls, and more will be impossible to manage. Gauging cost for any security initiative is near impossible without defined scope and knowing what you have to protect.


Does your company have a working asset database to track systems and applications?

AnswersResults
No, because then someone would find all of our super secret environments.75%
No, we prefer to live life on the edge and never see our families.0%
Yes, and everyone is forced to use it.25%
Yes, but no one is required to use it.0%
It's too hard to get agreement on what constitutes an asset.0%

The folks at Packet Storm have seen a lot of bizarre behavior in the security sector over the past few decades. The one constant is that corporations do not like being honest with the public and it can be frustrating.


What percentage of corporate compromises do you feel are reported and disseminated publicly?

AnswersResults
Wait, there are legal reporting requirements?0%
If there wasn't user data involved, it doesn't matter right?0%
I'm certain corporations only tell us what we need to know.25%
0% — 1%.25%
50% — 100%.0%
2% — 50%.50%

Destruction of bits is a security topic rarely discussed. And when it is, it can be quite frustrating coming to agreement on a solution.


What is the best way to destroy data on physical media?

AnswersResults
Taco maker.50%
Large magnets.0%
Nail gun.0%
Thermite.25%
Lasers.0%
Launch it into outer space.25%

We are looking at adding arbitrary but relevant images to the file listings for consistency. Some people believe less is more, so we want to get input from you, the users.


Should we add images to the file listings?

AnswersResults
Yes100%
No0%
Where are the games on this thing?0%

With collections and various other features being launched, the goal is to make your life easier. Nothing is ever perfect at launch but we intend to keep improving usability. Getting your input matters to us!


How do you like the new site?

AnswersResults
Love it.66%
Better than it was.0%
Hate it. 16%
Go back to all static content like in 2000.0%
My bots broke. I will never forgive you.0%
Finally, mobile usabilty.16%

Figuring out how to manipulate a flaw to your advantage is at the core of security testing. Different attacks yield different data, but all vectors have their own interesting nuances to exploitation.


What is the most fun to exploit?

AnswersResults
Cross site scripting.0%
SQL injection.14%
Code execution / command injection.57%
Memory-related bugs.14%
Race conditions.0%
People.14%

The security industry loves labeling people with hats as though life and security is black and white. Packet Storm feels this is a bit silly but some people take their hat very seriously.


What sort of hat do you wear most?

AnswersResults
White hat - I only hack for the good of humanity.25%
Gray hat - I understand there's a balance to learning.50%
Black hat - I enjoy crime and the prospect of prison.0%
Red hat - I'm just a Linux System Administrator.0%
Top hat - Why don't we bring back top hats? They used to be a thing.0%
I don't wear hats because my hair rocks.25%

Ransomware is quite evil. When you see things like a childrens' hospital unable to serve their clients because all of their computers are encrypted, it should give executives pause and a critical moment of reflection. Lack of education for employees, lack of maintaining systems and vetting software before using it, coupled with generally putting security at the bottom of your to-do list can result in catastrophic consequences.


Is ransomware going to get worse before it gets better?

AnswersResults
Yes, way worse. How many billions of dollars were stolen this year?85%
Yes, as long as people play fast and loose with data from outside their network.0%
Maybe, hopefully, all of those horrible crooks made enough money and will go away.0%
No, I think we have seen the worst of it.0%
What's a ransomware? Should we be doing backups? Where am I?0%
Wait, it can get worse?14%

Whether it's education, redesign, proactive monitoring, or otherwise, many arcane systems exist in the government sector that can be used for malice. We are only as strong as our weakest link. With government military spending being so excessive, shouldn't the bulk of this money be reallocated given modern electronic warfare?


Do you feel military spending budgets should have 50% allocated to computer security initiatives?

AnswersResults
Yes, it's the most likely attack vector in current and future wars.20%
Yes, but who can afford to lobby for it?0%
Maybe, but there has to be serious oversight and a plan for use.60%
No, kinetic weapons from weapons manufacturers make politicians happy.0%
No, we need those $20,000 toilet seat covers and you better not ruin my budget.20%

There's a lot of neat stuff out there to make life more interesting, but with it comes risk. Given that security people tend to think about risk mitigation constantly, how much do you allow to creep in to your personal life?


As a security person, how connected is your lifestyle?

AnswersResults
Everything is connected. I might even get that Internet-capable toaster.16%
I use social mediums and allow IoT in my house. Technology is fun.33%
I use social mediums but do not allow IoT in my house. My spidey sense tingles.0%
I do not use social mediums and do not allow IoT in my house. I believe in minimal attack surface.50%
I change my identity every three months, get all new credit cards, and live out of hotels constantly on the move.0%
I soldered a USB port into the back of my head.0%

Packet Storm monitors all things security. With Russia's invasion of Ukraine, the conflicts in the Middle East, and lines in the sand being clearly drawn between varying nation states, are we headed towards a new world war?


Are we headed towards a third world war?

AnswersResults
It's a very likely possibility.60%
Maybe, when everyone's water and electricity stops working.0%
No, these "conflicts" are always happening.20%
Cyberwar already started WW 3 years ago.0%
Proxy wars will remain at a high cost.20%
Wait, people are dying?0%

There's quite a bit of hype regarding zero trust solutions in the industry. To Packet Storm, it's just a repackaging of the thought strategy that should already be the driver behind information security initiatives, but what do we know?


How do you feel about the term zero trust?

AnswersResults
Isn't zero trust already implied with the Principle of Least Privilege?60%
It is a marketing term that gets us additional funding.20%
If you need these solutions, you haven't been doing your job.20%
It's what I give every site I visit on the Internet.0%
It's how I feel about my management's philosophy on security.0%
Don't talk to strangers.0%

A person's world view on security can vary greatly depending on when they first started hacking and how much context they have on technology evolving.


When did you first get into hacking and/or security?

AnswersResults
Before 1980.0%
1980 - 1989.40%
1990 - 1999.0%
2000 - 2010.60%
2011 - Present.0%
Umm, some search engine just brought me here.0%

Do you feel that governments make everyone less secure by hoarding zero day exploits or do you believe their use cases are justified?


Should governments hoard zero day exploits?

AnswersResults
If they have a zero day, others probably have it too, so we are less secure.25%
If they weren't doing it, I would be more worried.0%
Maybe, but who watches the watchers?0%
We need offensive capabilities in the ever changing threat landscape.50%
All hackers have their private toolkit, governments included.0%
Even if reported, would the vendor care enough to fix it quickly?25%

When whipping together some automation or building a tool, writing a script is common amongst engineers. In fact, the ability to script something and manipulate data is a common game changer for an engineer's value. Everyone has their preferred language.


What is your preferred scripting language?

AnswersResults
Python, it's the norm.20%
Perl, and I don't want to debate it.20%
Bash, and yes, I just do shell scripts.20%
Awk, because Perl is too new for me.40%
Javascript, because I do nothing in a shell.0%
PowerShell, because I'm a windows user.0%

Packet Storm admins worked at a Fortune 10 where the CEO never once sat down to have a candid conversation with the information security organization in over ten years. His ivory tower didn't have an elevator to get down to us. Executives conveniently ignore the fact that they have a moral and fiscal responsibility to be engaged on these topics.


How often does your CEO engage with your infosec organization?

AnswersResults
At least quarterly.20%
Annually.20%
Never has, probably never will.20%
CEOs are too important to be bothered with non-revenue generating topics like security.40%
Isn't it enough for them to say security is important on stage during product reveals?0%
Great CEOs know their egos are more important than doing the right thing.0%

With large networks having become vastly unmanageable, hackers can easily find outdated software to attack and then persist inside of networks. Many attack vectors do not end up in logs, so SOCs will not catch them.


At any given point in the past month, how many tech giant and government networks do you think are currently breached?

AnswersResults
0% — They hire only the best and are usually impenetrable.0%
10% — I'm sure some hackers get in but are quickly caught.0%
20% — I want to believe 20% is the worst it can be.75%
50% — I've worked some of these places and it's a toss up.0%
80% — It's a constant battle we are losing to ignorance and incompetence.25%
100% — Every company or agency I've worked at has been compromised for some time.0%

Mental health is an important topic for the security community. Life is about balance and many of us are focused 24x7x365 when working in the trenches. This puts our own health at risk.


How do you spend time away from thinking about security?

AnswersResults
I volunteer somewhere doing non-computer things.0%
Year and years of therapy.0%
I build or create new things.0%
I spoof my caller id, call my boss, and let out a blood curdling scream.0%
Wait, I can pause these thoughts?33%
I just have a good cry in a dark room and then get back to work.66%

Everyone has an origin story that brought them to this point. Hackers tend to have some of the most interesting stories we have heard.


How did you first get interested in hacking?

AnswersResults
Trustworthy friends.0%
I went to school and got a degree.25%
A news story telling me it paid well.0%
A unique life event that caused me to question everything.0%
I couldn't afford my phone bills.25%
I watched Wargames, Sneakers, or Hackers.50%

It's not uncommon for a large corporation to find out they have been infiltrated for years. However, corporations have a long history of sweeping issues under the rug instead of being forthright with their stakeholders. For those in the trenches, Packet Storm knows it is a more common occurance than anyone would like to admit and the damage is rarely contained properly.


What is the most likely reality if hackers have been in your network for years?

AnswersResults
Your source repo likely has backdoors everywhere.0%
You probably need to rebuild all of your servers.0%
You have to do heavy forensics and find all indicators of compromise.0%
You need to publicly acknowledge this to your consumers and shareholders.0%
All of the above.75%
You can embrace your inner arrogance and ignore it because revenue is all that matters.25%

When it comes to security tools, there are quite a few out there. We do not have room to list them all, but we can list some and get a feel for what has caused the largest impact.


Most impactful security tool of all time from this short list?

AnswersResults
Nmap — Recon is where you start.75%
Metasploit — Because, well, Metasploit.25%
Tcpdump/Libpcap/Wireshark — Show me the bits.0%
Sqlmap — All the databases will be mine!0%
John the Ripper — I enjoy cracking all the passwords.0%
OSSEC — Host security still matters.0%

Music can help people focus, but tastes can vary greatly across the industry.


What's the best music for listening when working on a security project or hacking?

AnswersResults
Trance.0%
Drum and bass.25%
Industrial.0%
House.0%
Tom Jones.50%
The hum of my hard drives.25%

People use Packet Storm for many reasons and we see daily visits from every corner of the globe (if the globe had corners).


What is your reason for being here today?

AnswersResults
Hacking is fun and I enjoy learning.25%
Security is my profession.50%
My Internet connected toaster isn't working.0%
I'm a government spy.25%
I'm a journalist.0%
I'm just here because Google sent me here.0%

Packet Storm has long believed that if you do not have an inventory of what you are trying to protect, then you are starting from a point of failure. Incidents, monitoring and scanning, access controls, and more will be impossible to manage. Gauging cost for any security initiative is near impossible without defined scope and knowing what you have to protect.


Does your company have a working asset database to track systems and applications?

AnswersResults
No, because then someone would find all of our super secret environments.75%
No, we prefer to live life on the edge and never see our families.0%
Yes, and everyone is forced to use it.25%
Yes, but no one is required to use it.0%
It's too hard to get agreement on what constitutes an asset.0%

The folks at Packet Storm have seen a lot of bizarre behavior in the security sector over the past few decades. The one constant is that corporations do not like being honest with the public and it can be frustrating.


What percentage of corporate compromises do you feel are reported and disseminated publicly?

AnswersResults
Wait, there are legal reporting requirements?0%
If there wasn't user data involved, it doesn't matter right?0%
I'm certain corporations only tell us what we need to know.25%
0% — 1%.25%
50% — 100%.0%
2% — 50%.50%

Destruction of bits is a security topic rarely discussed. And when it is, it can be quite frustrating coming to agreement on a solution.


What is the best way to destroy data on physical media?

AnswersResults
Taco maker.50%
Large magnets.0%
Nail gun.0%
Thermite.25%
Lasers.0%
Launch it into outer space.25%

  Page 1
  Page 1


 About | Terms | Copyright | Privacy | BlueSky | X | Mastodon
 © 2024 - 2025
All Rights Reserved Packet Storm Security, LLC
Hosting provided by: RokaSecurity