Welcome back to Knowing Null
Knowing Null is a series of interviews randomly conducted on the 0x00sec IRC server and compiled here for your convenience. Today’s guest is the ever present pry0cc!
But, first, a poll! Who do you want to see next time?
1: Aight, so first off, can you tell me a bit about yourself, your infosec work, etc?
I love infosec, and for work I primarily do pentesting, vulnerability scanning, consulting and a fair amount of R & D
this involves testing new attack methods and developing inhouse tools related to our work
2: What brought you into infosec? How’d you get your start?
Well for the longest period I was into development and systems administration
I did that as a hobby for about 3 years, and then I fell in love with Linux
Naturally, I started to become familiar with people who were involved in infosec (funnily enough through Google+), and I was curious about what you can actually do
When I first began demystifying everything I was shocked how methods still worked
3: What was your first hack?
Hmmm… I think it was probably some sort of MITM. I was a skid who had managed to install dsploit on android, and I felt so clever when I replaced images and created alert boxes on peoples mobile devices
4: Do you have a degree?
That’s 3 years I didn’t have time to waste
I have watched all the CS50 videos
5: What kinda tools do you typically work with now?
Tools? Well mainly koadic and empire. We have a few in-house things we use, but I’m not allowed to speak about those
If you’re talking about shells
I’m using hashicorp packer, docker and kubernetes a lot for related things
6: do you do any sort of programming?
All the time!
Bash, Ruby, Python, PHP. For libraries sinatra creeps its way in sometimes.
Mainly automating things we do
nokogiri is love too
7: for the pen-testing, vuln scanning, R&D, what areas would you advise an upcoming hacker to focus on?
An upcoming hacker? If they want to do it professionally?
I want to say: advice for people who are hobbyists and want to get into the industy
Realize, to get an entry level job in security, you don’t need to be as good as you think you do
At least that was my problem
I always thought that I had to be this amazing god-level hacker
When you enter the industry, you realize that as long as you are happy to learn, getting an entry level job in security requires less knowledge than you’d expect
I would say, learn the buzzwords, SOW, NDA, CVA, PCI compliance, HIPPA
Learn security, and do CTF’s
And contribute to online communities like 0x00sec.org, and put them on your resume
8: Do you have a favorite CTF?
I really like the hackthebox.eu CTF’s
I bought a VIP subscription because I love them so much
The difficult level indications are super useful for beginners
And they expose you to new exploit scenario’s all the time
9: What was one of your biggest challenges?
I never thought I was good enough
Until I said, screw this, I’m gonna work in security if it kills me.
Then I realised I had more to offer than I ever thought
10: What’s your favorite linux distro?
I didn’t realise I had to say: Arch
But, ubuntu for servers
11: What do you do for fun? to kick back?
Drive. I love driving, cleaning my car, hitting some nice twisty roads.
I also like drinking and watching silly movies.
CTF’s play a part too
Silly movies like, Die Hard 4
“What do you drive?”
A Ford Fiesta ST-Line Red Edition
1.0 Litre that produces 140 BHP
It’s a silly fun little hatch
I plan on modifying it soon
12: What’s color hat do you wear?
13: Okay. To tie this all up, is there anything else you’d like to say to the community?
To the entire community: You’re amazing. Keep doing what you’re doing. You creators, you rock, everybody who comments and likes and shows their support by sharing articles and buying swag are so awesome and what make this community what it is
Because of people like you, we’re able to keep this place awesome and free
KEEP BEING AWESOME
Hell yeah. Thanks for your time, pry0cc.