Jake From State Farm

Transcript

1. Jake - State Farm

2. what i’m doing now and some background ▪ penetration tester

   at a fortune 50. did anyone actually know SF was a fortune level company? more on the job later ▪ straight A’s, internships, volunteer, valedictorian – no, but what had happened was...’volunteer’ ▪ how long does a degree actually take… ▪ small soapbox moment about the grind

3. my path to being paid to hack stuff ▪ screw

   up for several years straight – it was fun tho ▪ get ^$#% together – repeat as needed ▪ degree ▪ first job outta college – great experience but no opportunity for pentesting – first intro to people who ‘want to be’ a pentester – automation. sorry ▪ Overthewire, vulnhub, HTB ▪ took on more at work (for my resume, i’m kind of a jerk) ▪ OSCP ▪ holy crap it actually worked

4. OSCP ▪ about the test format and what you can

   expect – 24 hr long. 5 boxes. always 1 buffer overflow. get root/system. low priv counts. ▪ the next person to tell me to try harder is getting dropkicked – took me 3 tries: ▪ 1: oops BOF is here. ▪ 2: 1 more low priv, @#*% ▪ 3: gg nerds. i need a drink – Coworkers experience with the test ▪ 1,4,2 ▪ recommendations – i had no experience, so took the 3 months of lab. try to get at least 30 boxes owned (offsec says 10 but they’re crazy). super hard ones? – hackthebox i think provided the most benefit outside the labs, especially now that they’ve gotten some $$$. ippsec’s cray

5. day in the enterprise life ▪ what sucks – paperwork

   – scope of work – you’re never gonna be the best – prod is scary – the politics are real – it’s pretty solitary work ▪ (i like this, but ymmv) – tony ▪ pentesting vs. red-teaming and what we do – what we don’t ▪ what’s awesome – my team. cve’s, 0-days, all levels of experience – level of notoriety in the company – always learning... this is important – something new every day, and we can decide what that is – actually causing change in a company this big

6. stuff you may wanna think about doing ▪ bug bounties

   ▪ being in this club is a great start ▪ hackthebox. retired boxes, ippsec’s writeups, when you’re comfortable work on some live easy ones – why live is the way to go – actually getting to play with windows machines ▪ internships are great. people skills are better ▪ think about if the level of knowledge/learning required is something you really want in a career. i’m so serious that it doesn’t stop ▪ find a modern language. learn it, love it, use it.. it doesn’t matter how stupid you think it is – i like golang ▪ blog your successes, show your passion. bonus points for not using WP/square/etc.

7. thanks ☺