Knowing Null: pry0cc - Hacking Into Infosec

interview

#1

Welcome back to Knowing Null

Knowing Null is a series of interviews randomly conducted on the 0x00sec IRC server and compiled here for your convenience. Today’s guest is the ever present pry0cc!

But, first, a poll! Who do you want to see next time?

  • fraq
  • dtm
  • ricksanchez
  • zSec
  • sprtn
  • 0x00pf
  • Phoenix750

0 voters

1: Aight, so first off, can you tell me a bit about yourself, your infosec work, etc?

Sure
I love infosec, and for work I primarily do pentesting, vulnerability scanning, consulting and a fair amount of R & D
this involves testing new attack methods and developing inhouse tools related to our work

2: What brought you into infosec? How’d you get your start?

Well for the longest period I was into development and systems administration
I did that as a hobby for about 3 years, and then I fell in love with Linux
Naturally, I started to become familiar with people who were involved in infosec (funnily enough through Google+), and I was curious about what you can actually do
When I first began demystifying everything I was shocked how methods still worked

3: What was your first hack?

Hmmm… I think it was probably some sort of MITM. I was a skid who had managed to install dsploit on android, and I felt so clever when I replaced images and created alert boxes on peoples mobile devices

4: Do you have a degree?

Nope!
That’s 3 years I didn’t have time to waste
However
I have watched all the CS50 videos

5: What kinda tools do you typically work with now?

Tools? Well mainly koadic and empire. We have a few in-house things we use, but I’m not allowed to speak about those :slight_smile:
If you’re talking about shells
I’m using hashicorp packer, docker and kubernetes a lot for related things

6: do you do any sort of programming?

All the time!
Bash, Ruby, Python, PHP. For libraries sinatra creeps its way in sometimes.
Mainly automating things we do
nokogiri is love too

7: for the pen-testing, vuln scanning, R&D, what areas would you advise an upcoming hacker to focus on?

An upcoming hacker? If they want to do it professionally?
Hmmm
I want to say: advice for people who are hobbyists and want to get into the industy
Realize, to get an entry level job in security, you don’t need to be as good as you think you do
At least that was my problem
I always thought that I had to be this amazing god-level hacker
When you enter the industry, you realize that as long as you are happy to learn, getting an entry level job in security requires less knowledge than you’d expect
I would say, learn the buzzwords, SOW, NDA, CVA, PCI compliance, HIPPA
Learn security, and do CTF’s
And contribute to online communities like 0x00sec.org, and put them on your resume

8: Do you have a favorite CTF?

I really like the hackthebox.eu CTF’s
I bought a VIP subscription because I love them so much
The difficult level indications are super useful for beginners
And they expose you to new exploit scenario’s all the time

9: What was one of your biggest challenges?

Self confidence
I never thought I was good enough
Until I said, screw this, I’m gonna work in security if it kills me.
Then I realised I had more to offer than I ever thought

10: What’s your favorite linux distro?

I didn’t realise I had to say: Arch
But, ubuntu for servers

11: What do you do for fun? to kick back?

Drive. I love driving, cleaning my car, hitting some nice twisty roads.
I also like drinking and watching silly movies.
CTF’s play a part too
Silly movies like, Die Hard 4

“What do you drive?”

A Ford Fiesta ST-Line Red Edition
1.0 Litre that produces 140 BHP
It’s a silly fun little hatch
I plan on modifying it soon :stuck_out_tongue:

12: What’s color hat do you wear?

#DCDCDC

13: Okay. To tie this all up, is there anything else you’d like to say to the community?

YES
To the entire community: You’re amazing. Keep doing what you’re doing. You creators, you rock, everybody who comments and likes and shows their support by sharing articles and buying swag are so awesome and what make this community what it is
Because of people like you, we’re able to keep this place awesome and free
KEEP BEING AWESOME

Hell yeah. Thanks for your time, pry0cc.

:wink: np man

That’s all folks! Thanks for reading. For more content like this, come hang out in the IRC channel.

Also! Leave a comment below if there’s a question YOU want to have answered in the next interview.


#2

Awesome. Thanks for the wonderful advice. I think my biggest downfall is not thinking I’m good enough as well. It’s nice to know I’m not alone.


(Command-Line Ninja) #3

Imposter syndrome dude!

Another thing though, when you finally find your confidence and everything works out. Watch your arrogance. I am guilty of this in recent times so I’m trying my best to bring myself back to earth.


#4

@pry0cc true about HackTheBox!!


(Community & PR manager) #5

I remember @pry0cc back when he claimed that cybersec is only a hobby to him and that he could never see himself work there.

How we have evolved…


(BSD Weirdo) #6

The difference between evolution and devolution is simply a matter of perspective :slight_smile:


(Community & PR manager) #7

In the sense of my reply, I was clearly talking about a positive evolution :slight_smile:


(Frey) #8

Interesting… interesting indeed. I believe that the ‘hackers’ that don’t have a degree are the most well respected. Btw, clearly I have low esteem so I just crack a dirty joke and I feel better. lololol.