Lutetium-
Hack Chat Transcript, Part 2
05/13/2020 at 20:03 • 0 comments![]()
@guido.giunchi we're all pretty fluid. an individual will have a specific test but we all help one another if there's something an individual is specialized in
![]()
@Phabeon I can write some bash/python but just enough to be dangerous lol![]()
Eric, I am totally fascinated by penetration testing be it software or hardware. And wanna get started with the domain. Is there a kind of todo list or something or getting started.![]()
I'd check out the OSCp certification. it's tough but really well rounded![]()
I have a pretty good experience in programming with C++ & python. But doesn't seem of much help as of now![]()
it will when you're trying to fix an exploit, automate something, or do something at a large scale![]()
i promise lol![]()
a little sqlite3 is also handy![]()
What do you find to be the most common security mistake businesses make? IOW, what one thing makes your job a piece of cake?![]()
Well, I got MySQL at hand :P![]()
@Dan Maloney single factor auth, reused password, unpatched hosts![]()
@Eric how do you avoid burnout with the massive amount of info that you have to keep digesting/trying out/etc![]()
@bprofitt working on an interesting project or deep diving into some research thing, or building tools, or just taking time off![]()
So, regarding OSCP certifications, how much better or preferred a certification is as compared to some hands on experience? Shouldn't hands on be more helpful over theoretical knowledge in this kind of domain?![]()
I'm going to punt and say both are important. However, I'd also add people skills in there too![]()
Well, yeah. Social engineering is for sure a biggest upper hand. Coz humans are more vulnerable and exploitable than machines :P![]()
I think the main goal of understanding something should be the ability to explain it to a standard human. I use my mom as an example. If i can explain an exploit, vulnerability or something to her I know i'm golden.![]()
Yeah, absolutely.![]()
What resources do you follow to stay updated with the latest security news?![]()
@Rhythm Chopra I mean just the ability to communicate effectively. It will take you farther than any haxor skill![]()
@Dhruv Mehta I love hackaday for the builds that have given me tool ideas, and I really like the podcast risky business![]()
ars technica is great too![]()
@Eric - anyone in the twitter space that you follow that helps you in your job, i.e. new ideas, hw, exploits? Btw, thanks for the awesome answers :)![]()
Eric was studying to translate from construction workers to contractors and ended up translating from nerds to normal people lol![]()
@Gabriel D'Espindula not wrong lol![]()
Thanks, Eric for the awesome answer![]()
It seems like you have to meet a minimum technical threshold. But at a point, additional technical chops hits the wall of diminishing returns and a pentester might be better served by focusing on their ability to interact with a wider body of less technical folks. Is that way off base Eric?![]()
Eric, have you ever been hacked? If so, lesson learned?bwa haha, If not is it because you are zero network connection dwelling?
![]()
@bprofitt gosh, sammy kamkar and justinsteven are great![]()
@Phabeon not that I know of. Just watch phishing emails LOL![]()
@matt thanks for the softball. you couldn't have said that any better![]()
this justinsteven:https://www.youtube.com/channel/UCCBmFvsR6sIPrmjSVVxY9ng
?
![]()
@matt yep that's the wizard!![]()
So we're almost at the end of our hour - any last-minute questions for Eric?![]()
Eric, you can't fix everthing right, nor are you hired to do so... so HOW often do you have to pick your battles? I gotta think you have no choice but to sometimes omit stuff from reports since you can't change the world overnight right?
![]()
how does that weigh on you?![]()
@Eric - so how much time to you spend writing reports and what do you use for compiling them?![]()
@Phabeon I'm lucky i don't have to fix anything I just explain how i got in and what's broken![]()
@bprofitt I spend more time then i'd like lol probably 1-2 days between qa and drafts![]()
Eric thanks for taking the time to chat with us... looks like my hunch was RIGHT, OSCP is the way to go!! here I come 2020 and 2021!!!
oNe
![]()
I also just use standard word for the reports![]()
@Eric - thanks! Try harder is more than appropriate in this field ;)![]()
yes yes it is![]()
OK, looks like our time is up and we've got to let Eric get back to work. I want to thank him sincerely for this Hack Chat, especially for coming in on short notice. I really learned a ton today, and now I regret not going into netsec ;-)![]()
Thank you so very much for this opportunity and your time. Thank you Eric. Thank you HackaDay. HackaDay rulz!![]()
Thanks everyone this was great. If you need anything feel free to hit me up on LinkedIn or twitter. I'm not super active in posting, but you can at least DM me @ericescobar
https://www.linkedin.com/in/eric-escobar/
![]()
@Dan Maloney Thank you for moderating/hosting.![]()
Thanks Eric! And thanks to all for attending today. Next week we'll change gears and talk about animatronics with Will Cogley:![]()
https://hackaday.io/event/171045-animatronics-hack-chat
Animatronics Hack Chat
Will Cogley will host the Hack Chat on Wednesday, May 20, 2020 at noon Pacific Time. Time zones got you down? Here's a handy time converter! Once the age of electronics came around, the springs that drove the early automatons and the cams that programmed their actions were replaced by motors and memory circuits.
![]()
Thanks Eric, it was great talking to you![]()
thanks @Eric![]()
Also, I'll be posting a transcript in a few minutes, in case you messed anything.![]()
Thanks Eric.![]()
Thanks @Dan Maloney and @Eric for taking the time! -
Hack Chat Transcript, Part 1
05/13/2020 at 20:02 • 0 commentsOK everyone, thanks for coming out today for the Pentesting Hack Chat. I'm Dan Maloney, I'll be moderating today. Let's all welcome Eric Escobar to the Hack Chat.
Thanks for coming along for the ride today, Eric. Maybe you can tell us a little about yourself to get things started?
![]()
Yeah absolutely! my main job is working as a pen tester for Secureworks where I break into fairly large companies and help improve their security posture![]()
I primarily do wireless security but I've been known to hop on some red teams, and conduct internal penetration tests as well![]()
in a previous life I used to be a civil engineer too!![]()
How did you get in that field from Civil engineering?![]()
I was just going to ask about that. How did you make the leap to security?![]()
sooo in college I didn't have wifi in my dorm so i bought a yagi antenna to pull wifi from library ~300 yds away.![]()
That planted the seed, and I dabbled in breaking WEP and WPA2 networks![]()
OK, now it starts getting interesting :) Are you a radio amateur as well? If not, are you using/experimenting with RF techniques on networks and devices?![]()
I was at home on summer break and at my roommates parents house, turns out his father was a director of security at a tech company and asked if I wanted to join the security team he was creating![]()
annnnnd yes I got my ham license in college!![]()
Wow, lucky break!![]()
i hopped from Barracuda security team -> secureworks as a pentester and now I'm the practice lead for our wireless pentesting![]()
yeah definitely. It was incredibly lucky lol![]()
Eric thanks for taking the time for this chat! What skills do you think translates well for someone trying to make the move into security from a compsci/app engineering pov?![]()
since starting at barracuda we competed in the wireless ctf at defcon which is/was a blast![]()
Little bit of an out-there question: do you find your civil engineering training informing your security work at all?![]()
python![]()
Can you share a story about a wireless pen test?![]()
@Dan Maloney excel has been a godsend for some thing![]()
s*![]()
also knowing what a typical corporate environment looks like and how outdated hosts are everywhere![]()
@dcox there was one time we tested a theme park which was pretty awesome![]()
@dcox more than once we've been able to compromise and entire organization without stepping foot in their office![]()
What does your 'kit' look like? I've found some hak5 stuff to be great in theory but a bit unreliable at times.![]()
what changes in our approach do you expect with the new WiFi standard?![]()
@airforcetxn a handful of raspberry pi's, a hotspot, a laptop, and a bunch of panda pau09's![]()
Eric, when you get an assignment, you use more known exploits and look for unpatched services or really spend time understand the client's system and trying to break in? If so, how you know when is time to stop and start the reports?![]()
Do you have a most notable wireless find from a pentest? (funny/ridiculous/unique/awesome)![]()
@ChangeFlutter I expect that we'll see capturing 4 way handshakes will stop with wpa3![]()
@Dana ringing a wireless doorbell![]()
@Gabriel D'Espindula I definitely use known exploits with things that are unpatched![]()
@Gabriel D'Espindula we also definitely look at their configs and setup and usage of their infrastructure![]()
and use that to build out our plan of attack![]()
Eric : do you also happen to help people write safer code or fuzz software ?![]()
@Yann Guidon / YGDES people on our team do. You wouldn't want me coding anything![]()
What's your take on certifications, useful for hr, practically useful, etc, especially with cissp now being equivalent to a masters degree?![]()
Eric, as a seasoned vet, what are your thoughts on CompTIA's Security+ Cert? aka how useful is it real world? would you recommend pursuit of it? Why or Why not?
Is general Networking knowledge enough or do you recommend Net+ or even CCNA as a must?
![]()
@bprofitt useful for hr, do it if work pays for them![]()
if you want to get started sec+ network+ i've both heard are good![]()
What's the conversation like when you have to tell the person in charge of security that you were able to break in?![]()
@Phabeon I personally really like the OSCP it was more of a game![]()
@Dan Maloney that's really an artform lol![]()
I can imagine emotions run a bit high when turf is being protected![]()
I basically say, look it wasn't great, but better we got in then an attacker. you paid to know your weaknesses and now you have a report you can use as ammunition to get your team more time, training, budget, tools and resources.![]()
I'm slated for SANS SEC617 in September. Have you taken it or heard anything one way or the other about it?![]()
I've heard it's good, I'm not super familiar with that course though![]()
You start as an outsider trying to break in or you have a briefing of the system overview from the company that requests the service beforehand?![]()
@Gabriel D'Espindula it depends.![]()
A little wifi question, with WPA3, which i assume is coming out soon? or maybe out? Am i right in thinking you can't easily deauth devices?![]()
We do EPTs (external tests) which simulate an attacker on the public internet with only target IP addresses![]()
we have IPTs which simulate an internal attacker![]()
wireless simulates someone in proximity to your airspace![]()
red team, we can pretty much do anything![]()
Thank you for the answer and your time Eric, as any industry is being "affected" by AI and ML, what is your feeling about the penetration testing field around this, there are already many AI systems out there that claims to do our job "better", what are your thoughts and the future of us as a community...we all know automation is not always the best?![]()
appsec, we try to break in to your custom website or application![]()
hardware is.. well we try and break a hardware device![]()
Hi Eric, have you experienced a major downturn in work since the coronavirus or have you found opportunities in pentesting as a direct result of businesses shutting down and the chaos/confusion it has caused?![]()
wpa3 i belive has protections from direct dauths like you can do in wpa2. I have only seen wpa3 in a lab so not in the real world yet![]()
nice :), thanks![]()
@rob fortunately we are busier than ever![]()
Broad question, how long are your engagements?![]()
I am a Certified Ethical Hacker. How should I proceed further to learn more about security and make a career in it?![]()
a lot of external tests, new clients who now need remote access etc etc![]()
@Mark Snyder they can be as short as a week or as long as 3 months![]()
@Dhruv Mehta get an oscp, submit talks to conferences, network, and be a member of the community![]()
Going back to your kit -- Have you ever used a drone as a platform for your pentesting?![]()
How do you keep abreast of new things without burning out, since it's your day job as well? Any tips for not getting stuck in the rabbit hole, after getting my OSCP I didn't want to look at a terminal for 2 months :)![]()
Thank You Eric for the answer. Also, which skills should I learn next?![]()
How can you learn the skills needed without having a team available?![]()
we have the capability but have never needed it. a long range antenna or just a hidden ground device are typically all we need![]()
never underestimate a soda can with a pi, lipo and lte![]()
@guido.giunchi the hacking community at large is your team. I have a ton of friends I don't work with directly which provide input. karma is huge.![]()
@Eric I remember back in 4 or 5 years I was playing with scapy and rogue AP. Then it worked like charm... I listen for SSIDs which are most searched from near by devices and create Rouge clones and I got allot of clients(mainly mobile devices) associating with my RougeAP... My question is do you think this attack still works? Is there any mitigation applied so far?![]()
Thank you for your answer. Clever.![]()
@sniffski 100% it works I do it every day!![]()
best way to counter it is to be listening for it![]()
Thank you @Eric![]()
99% of our clients don't listen fro other wireless activity![]()
Lovely![]()
Have you ever completely failed to penetrate a system? Anything locked down so tight that you couldn't find a way in?![]()
Thanks @Eric... you gave me a purpose for my Pi0 to play with! :)![]()
it helps to be in a slack channel with other nerds![]()
@Dan Maloney yes absolutely![]()
@Eric - Kali, parrot or do you roll your own distro with tools?![]()
it's rare, but some companies do security right![]()
@bprofitt kali for something quick, or debian, or ubuntu for sdr stuff![]()
Which is worse ? governmental or private company ?![]()
Eric, your job is tons of fun right, but what do you do for FUN when your "off"![]()
both have pros and cons. I think they are just different![]()
govt is slow to respond to fixes i'v found![]()
Do you ever have to test non-WiFi wireless systems? Like maybe microwave backhaul links between sites? Seems like those could be rich targets.![]()
@Phabeon I have a 2 year old LOL![]()
oh that's certainly a lot of ... "fun" :-D![]()
@Dan Maloney I've tested a handful of RF![]()
one ptp setup and a lot of other radio protocols![]()
What do you use for SDR - hardware & software?![]()
hardware - hackrf, or a b210![]()
software universal radio hacker, ooktools, gnuradio![]()
You said you also do hardware: can you elaborate on that a bit more please?![]()
Companies hire you usually for precaution or because someone messed up with them?![]()
yeah our team tests hardware devices to see if we can extract information from onboard chips, or gain access to a local shell with serial/jtag or some other means![]()
@Gabriel D'Espindula typically for audits, precaution or something bad has happened![]()
@Gabriel D'Espindula we also have a full incident response team![]()
for people that have been hit by "hackers" or ransomware etc etc![]()
What is your approach for organizations hit with ransomware?![]()
That’s definitely not my forte but I believe our stance is that we first try to evict and then restore from backup and regain control![]()
Okay. Thank You Eric![]()
Absolutely!![]()
Eric, if I understood one of your previous replies, your not a coder/programmer right? So what skills would you say you have then? i.e. strong in networking or wireless standards, ect, ect
![]()
On the last question, how is the team structured, do you have precise roles?![]()
I’d say that I have a strong understanding of wireless networking, networking, and how to talk to peopleAbout Us Contact Hackaday.io Give Feedback Terms of Use Privacy Policy Hackaday API
What do you find to be the most common security mistake businesses make? IOW, what one thing makes your job a piece of cake?
