Hey guys, I'm a systems security engineer at a local startup. I've been into infosec since 8th grade. I'm (obviously) still learning, and gearing towards an OSCP. Ask me anything!
Hey guys, I'm a systems security engineer at a local startup. I've been into infosec since 8th grade. I'm (obviously) still learning, and gearing towards an OSCP. Ask me anything!
For further actions, you may consider blocking this person and/or reporting abuse
Hello. From your experience, what advice would you give to people at young age (say, 13-18 years old) who want to get into tech industry?
The "tech industry" is an extremely generic term. What field in tech, specifically?
I would really like to look into this part of the industry and networks are my weakest point, so I should start from there.
But out of curiosity do you have any books or courses to begin with the "and how they tie together" part of your answer?
I didn't really follow any book/course to learn that bit, mostly just hands-on. But, I actually liked the RITx Network Security course on edX. YMMV, though.
Indeed, my bad. Can you give us advice on getting into information security? Thanks!
Getting started with infosec would require a basic understanding of how a computer itself functions at a primitive level, networking and protocols (and how they tie together), operating systems, web technologies. Some programming knowledge wouldn't hurt either; scripting in Python, Ruby, shell.
I love telling people that you should learn to make stuff, before learning to break stuff :)
Above all, security and hacking, in general, requires a creative mindset with out-of-the-box thinking. There is no single checklist to be followed, ever!
That is actually a great way to look at it! Thank you for sharing your experiences with us :)
Were there any key moments or fun stories that specifically drew you towards security?
Have you made any independent security findings/disclosures that you're able to share?
What drew me towards security would probably be my love for computers, paired with my love for breaking things. Taking stuff apart and messing with their internals :D
I sadly, do not have any 0-days/CVEs under my name, but I have made some disclosures. One of them was particularly interesting.
I'd been asked to pentest an incubation centre's website. Essentially, where startups submit their pitch and get funding/materials etc.
Browsing through the site for a while, and I instantly found an SQL injection vulnerability, threw the vulnerable URL into
sqlmapand within 15mins, dumped the entire database containing user credentials, personal data, and most importantly, the startup ideas themselves. I reported this to the team behind the website. The devs being the lazy bums they were, figured they'd fix it later and just push the site to prod (the absolute madmen). Within a week of having deployed to public, they got hacked, and the hackers were selling the startup ideas on campus!It's incredible that you were asked to pentest the website, and then they ignored your findings! Insane.
It's understandable, because it was management that had asked me to pentest and the devs weren't really prepared. They already had a lot on their plate, as they were getting ready to go live.
They could've taken more time though, and ironed out the issues with the site. Maybe a week extra. Would've saved them all the trouble.
Yeah, but a security vulnerability on that scale should not be ignored no matter what. People just never seem to learn.
Sometimes people choose earlier launching to not lose the business.
I understand the balance act from the business side, as I work in the real world for large company. But given what happened, it is a go to example of why you shouldn't ignore large and obvious security flaws for any length of time. In the context of the story. The company hired security testers. Found out there was a huge (and relatively simple) problem. Did not fix it and experienced a worse case scenario. Which doesn't help in the "not lose business" side of things. You point is very valid and those business decisions can be difficult at times. But in the context of the story shared it is a prime example of the wrong choice.
Do you have good resources you can share with us ? I'm a newbie and I try to find some trusted sources posting news, tutorials or whatever is intersting about security. I'm interested to know how things work (in-depth) and it's not gonna help at all if the stuffs I find online aren't reliable.
Hey! I've noticed that in this post you use "guys" as a reference to the entire community, which is not made up of only guys but a variety of community members.
I'm running an experiment and hope you'll participate. Would you consider changing "guys" to a more inclusive term? If you're open to that, please let me know when you've changed it and I'll delete this comment.
For more information and some alternate suggestions, see dev.to/seankilleen/a-quick-experim....
Thanks for considering!
Hello, I am also starting with infosec, most specifically secure development. About automatized security test (static code analisys, for example), the biggest problem I found was high number of false-positive result generated by commercial tools. Any advise of how deal with this?
Ah I don't think I can answer this one. I haven't ever done code analysis, and I probably never will. Sorry!
What are the first few things you check for on a website? Anything that most websites should always have, but usually don't?
First thing I do is enumerate all the API endpoints that are being hit, on all pages of the website. I then take a look at the requests themselves, what headers are being sent, the response from the server, etc. I try messing around with these.
Most websites, from what I've seen, always tend to overlook the possibility of CSRF or Cross-Site Request Forgery. You can read more about it here.
I've been wanting to get into infosec for a while, where would you suggest starting?
I've answered a similar question here in this thread. Perhaps that's what you're looking for too? If not, feel free to clarify.
Can you hack iOS?
I'm not sure if you're being serious :')
No, I wasn’t )
But, however, I wonder if it is really so secure as thay say. Compared to android, ms, mac, linux and so on. I’m interested in you opinion as professional.
Well, nothing is ever completely secure or "unhackable". iOS has had its fair share of vulnerabilities, just like every other OS out there.
What is your main workflow and which tools do you use?
I first do basic recon, nmap scanning, Shodan.io, and the usual OSINT techniques. Note down whatever I find in a Markdown doc. Most of my engagements so far have been on web based applications, so Burp Suite is the go-to tool for that. I automate (potential) SQLi using
sqlmap.Actual exploitation of services and such, I use Metasploit. Which in my experience, has been quite rare.
Otherwise, most of my work is just ops, monitoring our systems, logs etc.
Where would you recommend a complete beginner to start and where can you get better (like solving real world scenarios)?
I am trying to break into this domain..
Best of luck with your startup!
Answer for the complete beginner, here. With regard to solving real world scenarios, I'd definitely suggest trying out some CTFs on platforms like HackTheBox and RootMe.
And thank you!