Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Jake From State Farm

UNTCSC
October 24, 2019
0
31

Jake From State Farm

UNTCSC

October 24, 2019
Tweet

More Decks by UNTCSC

See All by UNTCSC
Network Simulation
unt_csc
0
38
Password Hashing Fall 2020
unt_csc
0
24
Resume and Interview Workshop
unt_csc
0
22
Security: Why do we Care
unt_csc
0
26
Welcome back fall 2020
unt_csc
0
16
Secure Coding
unt_csc
0
30
UNTCSC Spring 2020 Welcome Back
unt_csc
0
25
Password Guessing
unt_csc
0
19
Network Security
unt_csc
0
15

Featured

See All Featured
Understanding Cognitive Biases in Performance Measurement
bluesmoon
12
1.1k
What’s in a name? Adding method to the madness
productmarketing
PRO
17
2.7k
Raft: Consensus for Rubyists
vanstee
133
6.3k
Building Adaptive Systems
keathley
32
1.9k
Become a Pro
speakerdeck
PRO
13
4.6k
Build The Right Thing And Hit Your Dates
maggiecrowley
25
2k
Designing for humans not robots
tammielis
247
25k
Robots, Beer and Maslow
schacon
PRO
155
8k
A better future with KSS
kneath
231
16k
Designing for Performance
lara
601
67k
We Have a Design System, Now What?
morganepeng
43
6.8k
The Pragmatic Product Professional
lauravandoore
26
5.9k

Transcript

  1. Jake - State Farm

  2. what i’m doing now and some background ▪ penetration tester

    at a fortune 50. did anyone actually know SF was a fortune level company? more on the job later ▪ straight A’s, internships, volunteer, valedictorian – no, but what had happened was...’volunteer’ ▪ how long does a degree actually take… ▪ small soapbox moment about the grind

  3. my path to being paid to hack stuff ▪ screw

    up for several years straight – it was fun tho ▪ get ^$#% together – repeat as needed ▪ degree ▪ first job outta college – great experience but no opportunity for pentesting – first intro to people who ‘want to be’ a pentester – automation. sorry ▪ Overthewire, vulnhub, HTB ▪ took on more at work (for my resume, i’m kind of a jerk) ▪ OSCP ▪ holy crap it actually worked

  4. OSCP ▪ about the test format and what you can

    expect – 24 hr long. 5 boxes. always 1 buffer overflow. get root/system. low priv counts. ▪ the next person to tell me to try harder is getting dropkicked – took me 3 tries: ▪ 1: oops BOF is here. ▪ 2: 1 more low priv, @#*% ▪ 3: gg nerds. i need a drink – Coworkers experience with the test ▪ 1,4,2 ▪ recommendations – i had no experience, so took the 3 months of lab. try to get at least 30 boxes owned (offsec says 10 but they’re crazy). super hard ones? – hackthebox i think provided the most benefit outside the labs, especially now that they’ve gotten some $$$. ippsec’s cray

  5. day in the enterprise life ▪ what sucks – paperwork

    – scope of work – you’re never gonna be the best – prod is scary – the politics are real – it’s pretty solitary work ▪ (i like this, but ymmv) – tony ▪ pentesting vs. red-teaming and what we do – what we don’t ▪ what’s awesome – my team. cve’s, 0-days, all levels of experience – level of notoriety in the company – always learning... this is important – something new every day, and we can decide what that is – actually causing change in a company this big

  6. stuff you may wanna think about doing ▪ bug bounties

    ▪ being in this club is a great start ▪ hackthebox. retired boxes, ippsec’s writeups, when you’re comfortable work on some live easy ones – why live is the way to go – actually getting to play with windows machines ▪ internships are great. people skills are better ▪ think about if the level of knowledge/learning required is something you really want in a career. i’m so serious that it doesn’t stop ▪ find a modern language. learn it, love it, use it.. it doesn’t matter how stupid you think it is – i like golang ▪ blog your successes, show your passion. bonus points for not using WP/square/etc.

  7. thanks ☺