Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Jake From State Farm

UNTCSC
October 24, 2019
0
35

Jake From State Farm

UNTCSC

October 24, 2019
Tweet

More Decks by UNTCSC

See All by UNTCSC
Network Simulation
unt_csc
0
40
Password Hashing Fall 2020
unt_csc
0
27
Resume and Interview Workshop
unt_csc
0
29
Security: Why do we Care
unt_csc
0
34
Welcome back fall 2020
unt_csc
0
25
Secure Coding
unt_csc
0
49
UNTCSC Spring 2020 Welcome Back
unt_csc
0
41
Password Guessing
unt_csc
0
21
Network Security
unt_csc
0
19

Featured

See All Featured
Site-Speed That Sticks
csswizardry
2
230
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
7k
Java REST API Framework Comparison - PWX 2021
mraible
28
8.3k
Designing for Performance
lara
604
68k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
6
490
Building Adaptive Systems
keathley
38
2.3k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
45
2.3k
We Have a Design System, Now What?
morganepeng
51
7.3k
Into the Great Unknown - MozCon
thekraken
34
1.6k
How to train your dragon (web standard)
notwaldorf
89
5.8k
What's in a price? How to price your products and services
michaelherold
244
12k
Making the Leap to Tech Lead
cromwellryan
133
9k

Transcript

  1. Jake - State Farm

  2. what i’m doing now and some background ▪ penetration tester

    at a fortune 50. did anyone actually know SF was a fortune level company? more on the job later ▪ straight A’s, internships, volunteer, valedictorian – no, but what had happened was...’volunteer’ ▪ how long does a degree actually take… ▪ small soapbox moment about the grind

  3. my path to being paid to hack stuff ▪ screw

    up for several years straight – it was fun tho ▪ get ^$#% together – repeat as needed ▪ degree ▪ first job outta college – great experience but no opportunity for pentesting – first intro to people who ‘want to be’ a pentester – automation. sorry ▪ Overthewire, vulnhub, HTB ▪ took on more at work (for my resume, i’m kind of a jerk) ▪ OSCP ▪ holy crap it actually worked

  4. OSCP ▪ about the test format and what you can

    expect – 24 hr long. 5 boxes. always 1 buffer overflow. get root/system. low priv counts. ▪ the next person to tell me to try harder is getting dropkicked – took me 3 tries: ▪ 1: oops BOF is here. ▪ 2: 1 more low priv, @#*% ▪ 3: gg nerds. i need a drink – Coworkers experience with the test ▪ 1,4,2 ▪ recommendations – i had no experience, so took the 3 months of lab. try to get at least 30 boxes owned (offsec says 10 but they’re crazy). super hard ones? – hackthebox i think provided the most benefit outside the labs, especially now that they’ve gotten some $$$. ippsec’s cray

  5. day in the enterprise life ▪ what sucks – paperwork

    – scope of work – you’re never gonna be the best – prod is scary – the politics are real – it’s pretty solitary work ▪ (i like this, but ymmv) – tony ▪ pentesting vs. red-teaming and what we do – what we don’t ▪ what’s awesome – my team. cve’s, 0-days, all levels of experience – level of notoriety in the company – always learning... this is important – something new every day, and we can decide what that is – actually causing change in a company this big

  6. stuff you may wanna think about doing ▪ bug bounties

    ▪ being in this club is a great start ▪ hackthebox. retired boxes, ippsec’s writeups, when you’re comfortable work on some live easy ones – why live is the way to go – actually getting to play with windows machines ▪ internships are great. people skills are better ▪ think about if the level of knowledge/learning required is something you really want in a career. i’m so serious that it doesn’t stop ▪ find a modern language. learn it, love it, use it.. it doesn’t matter how stupid you think it is – i like golang ▪ blog your successes, show your passion. bonus points for not using WP/square/etc.

  7. thanks ☺