Knowing Null: l0k1 - From Blue to Red

Welcome to the first Knowing Null interview, a serious randomly conducted on the 0x00sec IRC server and compiled here for your convenience. Today’s guest is non other than 0x00sec’s premier benefactor, l0k1!

But! Before we jump in, who do you want to see next?

  • suser
  • fraq
  • pry0cc
  • ricksanchez

0 voters

Alright, here we go!

0: What brought you into infosec?

I was a young stupid kid, I use to download all kinds of crap, and royally mess up my computer, parents got sick and tired of fixing it, so they basically told me “Figure it out yourself”

The first time I actually got it fixed, I was hooked.
Started reading, learning as much as I could about viruses and malware. Went to Uni, got my degree, and decided on a job path.

1: What degree?

CS

2: What was your first infosec job?

Tech support

“Like helpdesk type?”

Yea

3: What about the malware, pentesting, etc side

As far as my pentesting career goes, I was in the wrong place at the right time. Was heading to an interview for a job at a small red team company, and went to the wrong floor, and basically walked into a random companies office. I got asked by some dude what I was sitting there waiting for, and I told him, he was like “Oh, they are downstairs, come talk to me when you are done your interview” I BOMBED my interview with the company.
Aparently my skillset was “too narrow”.

So I went back upstairs, and talked to who I thought was just some office clerk, turnsout it was the owner of the company. Basically told him “I failed hard at the interview, my skillset is too small for them” and he wanted me to explain what I could do, what pentesting was…etc
After explaining he asked if I would pentest his network for some stupid low fee, was like $100.00 or some shit.
I had my laptop with me.

“So l0k1, you cracked his WPA right?”

Better than that.

I was overwhelmed with what I thought was going to be a “quick nmap and google search for exploit”
Long story short, his company was a subsidiary of a larger company that handled some kind of something. They were secured up the wazoo
Best I could do what create a payload and show him how an attacker could pivot inside his network
I straight up asked him if i can run the payload on one of the workstations

“So you ask if you can run the payload, he’s like ‘hah. no. but here’s a job’?”

No, he asked what a payload was.
So I started explaining terminologies and crap, we started shooting the shit, and he asked me if I would be interested in possibly joining the company as a “security” somethingorother
Keep in mind, at the time I was a broke mofo, and needed money to pay back my studen loan

I wish I had a really cool awesome story about my first real pentest, but it wasn’t glorious, it took FAR too long for the results I got.

“How much had your degree prepared you for it?”

Not at all.

4: So this somthingorother gig, what kinda work were you doing?

At first nothing, I still didn’t know what the company was, so before he let me loose on his systems, he wanted me to shadow some of the blue team guys at the parent company so I understood how their network worked…etc
I still call him once in awhile and shoot the shit. He opened the way to a great career and life for me.

That’s where I found out that if you want the soul sucked out of you, become a blue teamer XD

5: What kinda tools and work did the blue team show you?

Mostly just how their IPS’s worked, email scanning, how their IDS logged and flagged certain events, some critical some not, depending on threat criteria
At that company is where I learned to love being a red teamer
I started writing programs to try and skirt around protections, be “stealthy” …etc

6: Did you test them?

Oh yea, I tested them. I’d write the code, compile and send an email to myself(at the company) from my personal email and see if it got delivered, if not, I’d check the logs and see why not, go back, try and rewrite to satisfy a “Clean” result

I’ll never forget the day my first “malware” made it through.

7: What’s been the biggest change in info/red teaming over the years?

The amount of skids with access to tools,

8: What do you do with your time now?

I’m retired. [so] Honestly not a whole lot. Been kind of enjoying it, traveling etc. But I’m getting restless now, so I’m working on a new project.
Also buying domains, I love buying domains, I get joy out of it XD

9: Any final words of advise for up and coming players in the infosec game?

If infosec is what you like/love to do, don’t give up on it. I’m sure you’ll get shit on more than once,oth but keep at it. Threats are evolving every day, more now than ever we need both sides of the spectrum (red and blue) to continue on. Everyone wants everything connected to the internet, including my fridge, I want people to secure my fridge, and make security a topic that is actually talked about.

That's the end, folks. Thanks for joining. For more content like this, come hang out in IRC. See you again SOON™

17 Likes

Why am I not featured in this pol?! :frowning:

Jokes aside, I think this is a really creative idea. Getting to know the regulars through interviews. Keep them coming!

4 Likes

@anon79434934, if the poll ends in a tie, I’ll do you next :wink:

Who are these scrublings? I want to see @0x00pf.

7 Likes

Agreed. I want to see @fraq and @ricksanchez, but I’m interested really to see @zSec and @sprtn, these guys are where I want to be in industry, and I don’t know their story, yet.

2 Likes

As already said in IRC yesterday: great idea @skidd0 ! I think it’ll help to create somewhat of an identity behind the of pseudonym which is nice :slight_smile:

I gladly take part in the interview if people want to know.
Otherwise adding @0x00pf, @sprtn and @zSec to the vote is a must for sure.
We probably are forgetting quite a few people (e.g. @Nitrax )

4 Likes

Just to keep in mind, on this forum you can’t modify polls after you’ve started them, so we’d need a new poll.

1 Like

me too i also want to see @0x00pf

1 Like

If @skidd0 allows me to do so, I can also take interviews with regular nullers on the IRC.

Well, I’ll be sure to add these names on the next post’s Poll. If you guys think of other notable names, please either comment them here or PM me on IRC. I don’t want to skip over anyone!

@anon79434934, I’d rather wait a bit for this ‘project’ to take off before I add another interviewer ‘voice’. I’ll keep your offer in mind, though. Thanks.

Great post… but WHY THE HELL AM I NOT ON THE POLL!!! Jk… I’m a scrub. lolololol. Jokes aside. This is really a great post and hopefully this’ll help me dox everyone… (evil laughter). :wink:

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.