1. Thell me how did you get into cybersecurity to begin with :
Ok, so theoretically, so this may or may not have happend sitting in the libaray as a junior high-er,
didn't have a computer myself, looking at bank account information and I wonder hey, if I change this number in the URL up or down a number just in my browser, would I get another user? and with
a major back, it actually gave me the session of another user, I was able to see the information
instantly closed it out, because I definately get in trouble. But from an early age, I could see that cybersecurity was definately something that some businesses need to work on more and it was actulally very interesting and something I did not do again, theoretically.
2. Security Before VS NOW :
The first thing I tried was back in the late 80s. So back then the internet was very sparse. But I just tried to tinker and mess around and was able to do some cool things. And nowadays, there's just so much more out there, so much more that someone can do, there's so many diffrent ways that someone can hack nowdays. There's web application. There, there's nerworking, you can use Wireshark, or Burp or Metasploit or so many different tools that you can specialize or learn a specific avenue(애비뉴) of hacking or red teaming and specialize in that and one doesn't have to be knowledgeable in every single thing.
3. What was like your first serious programming language :
I think Python definately, and I'm glad that's the case. Python is just so helpful. It's used a lot, but it's also something that someone or red teamer could use to write their own scripts to get things done. So, definately the first language I'd recommend for someone that is interesting in red teaming.
4. What is a Red Team Operator and what do you do to making a living? What's you craft :
So as a red team oprator or a penetration tester, one of my friend who's a programmer, describes his job as, he builds Legos and build structures with Legos. A red teamer or penetration tester is a guy who smashes the Legos. So that's one thing I love about my job, is that I find the flaws and mistakes that developers put in there; accidentally put into their programs or applications and I exploit them, distory them, and do what I can do um.. take apart that program. So it's very satisfying. It can be a job where something can be instant. You find the entire database within a few minutes or it can be days of finding nothing. So it's almost like a detective work trying to uncover a puzzle, so it's definately a job that's great for people who love solving riddles or puzzles or capture-the-flag that challenges because a lot of times the job is like doing the capture-the-flag actually.
5. Awesome. What's the difference between a penetration tester and a red team operator? :
One of the main difference is penetration test is generally, a test where you're given an application or something you're told to to hack it in X amount of time(time-based). And there's, there's a lot more prior scoping agreements(Scoped engagement) of this is what I'am going to hacking, this is the time I'm doing it. So for example for a penetration test, it might be here's a website, and you're going to spenf one weekend; you get a username and password or some sort of information from the website owner. They know exactly what's going on. Red teaming might be that someone who leads a company says, hey, I want to see if my stuff is secure. And it's not just; penetration testing is more I'am gonna do what I can just surf more. I am going to give you reports. So it's like I can get a shell, and I can get access to your thing. I'm going to write a report, this how I got access. Red teaming goes deeper than that. So it's, all right now I've gotten access. Now what can I get? What kind of information can I get and continue to go to deeper and deeper and red team opations can go for months at a time, like some are like can be six months or something like that. Whereas as penetration test is ususally a week or two. But red teaming is often times in the network tying to go deeper and deeper to simulate what a threat actor would do and see how far they can get into the network. Yeah, like the penetration tester. If you're doing physical security, it's, hey, we're gonna see if we can get into the building. And we're gonna tell you how we got into the building, and once you get in, we'll report exactly what happpend. Red teamers is, alright, so we're going to get in the building, we're not going to tell you we did, but once we're in the buiding, we're gonna try to steal everything we can and put in more accesses so we can get into other parts of the building and then come back and continue to steal stuff. And then after months of work, be like, hey, we stole all your information. This is how we did it. And then bring it like bring it from there. So, It's more of a in-depth type work.
6. Can you walk me through the procees of like, what you would go to, go through to maybe target a person or organization(올게나이)? :
Okay, So if someone, let's say, let's target an individual. The first thing that someone in that position would do would be to get as much open-source information as possible. It's pretty easy to find someone's full name, date of birth, last phone number, address(애쥬레스) and all that kind if information. So once you have someone's email address, you can send them emails that may have have malware in it or links to malware. A lot of times those are really bad. But you send something that's a little better, like, hey, your package has arrived, especially around Christmas time or there's email, hey, here's your UPS tracking number, with the link, and that link can point to malware. So if you have someone's address, you drive up thier house, the way that Wi-Fi works is that you just connect to whatever has that name with the stongest signal. So you see what Wi-Fi signal is coming into their house, have a device that provides a stronger Wi-Fi signal, and they're connected to you, and through you as a middle man in the middle to get their internet. So it's like okay, once they go to a banking-type website, let me pay attention to all the numbers they put in, all the words they put in, their username and password. Or just every website they go to that may have any sort of significance. You can download information on their computers. Having enough information about a person, you can also create credit cards, identity theft that person and you can also; anyone else in their househole, identify, steal their credit card information, send emails in their name cause chaos, post social media psots. You see celebrities sometimes blame hackers. Don't know if that's always the case but you know you can post as them in social media, discredit them.
7. Gotcha. What are the some of the salary ranges that you've seen across the board for red teamers? :
I am familiar with the enty-levels salaries. The mid and upper salary is about one hundred to two hundred thousand dollars.
8. Here's some two-second responses, right? just kind of off the top of your head.
Vim or Emacs : Vim
Best Linux distro : Just gonna say Kali.
Iphone or Android : Android
Bash or PowerShell : Bash
Best hacker movie : never seen a good one.
Email provider of choice : Gmail
9. What recommendations would you say to imporve your own personal digital security? :
One of the most basic things, of course, is to not click on links from places you don't know.
And also whether it's on your cell phone or email. Instead of clicking a link, you can copy the address and see if that address is actually where you think it's from, and one piece of advice is do not have the same password for definately for all your websites. Because once your password is compromised at, say some random form or website you don't care about, you don't want your banking information compromised as well if you have the same username or password everywhere.
Something that's also very basic is just not to connect to random open Wi-Fis that are sitting aroung. Especially not doing that and then putting in your backing information. Talking about these places like coffee shops or airports. A lot of times, even if the Wi-Fi says it's the company you're at, it could be someone else that's making that and if you log into their Wi-Fi and put in you bank information, they can capture all your information, as there like an in-between you and the website you're trying ro reach.
'정보보안공부 > 정보보안용 영어공부' 카테고리의 다른 글
Ethical Hacker Road Map (0) | 2020.11.28 |
---|