Dmitry - January 19, 2006 on 6:43 pm
It’s cold and gloomy outdoors. I’m feeling pretty faded (errr, jaded) right about now. I’m sure all you corporate hangers-on have seen the Big-whatever companies come in with their pen-testing or audit teams. Some of them call themselves pen-testing, some Tiger, some white-hat hacker, whatever. They should just state that they are inept p0sers. But, that gets me thinking (on just such a day) what it would take to get hired at one of these Big-whatever companies. So, without further adieu:
Rule 1 - You can’t run Windows. Seriously, don’t even consider showing up to a Con|interview|class|etc with Windows. Even if you have to run a CD distro, or OpenBSD at runlevel 3, you must do it. You will be scoffed at and not taken seriously with a Windows machine. For bonus points, put con stickers or anti-microsoft stickers on the laptop. You get extra bonus points if you’re running a MAC. Just pull up Safari and browse over to slashdot. Yeah, you’re rolling hardcore now.
Rule 2 - You must have complete and utter disdain for any authority figure. You’re the rebel - the misunderstood creative genius. Act the part.
Rule 3 - You must be a coder of some sort (’Hello world’ is sufficient). Ruby and Python are pretty cool right now. C is an old standard and always well respected. If you’re running one of those GUI APIs that really makes things much easier, STOP. It’s not cool. gcc or death.
Rule 4 - You’ll have to be a Goth, punk, or (less bonus points) a long-hair. You must dress and look the part. Yes, Dave Aitel showed up to Defcon wearing a shirt and tie…but, hey, he’s Dave. If you’re not Dave, you have to look like a meth junkie, sorry. There *are* bonus points for piercings and tattoos.
Rule 5 - On some elite mailing list, you must have gotten a wink (both ‘;)’ and ‘;-)’ are acceptable) from some security guru. !wink == !cool (incidentally, I just satisfied rule 3 - Go me!)
Rule 6 - You must have a ‘Niche skill’. Not only must you have the niche skill, you must talk about it a LOT. Certain skills are worth more than others, so I’ll do a quick rundown on which skills generate the most bonus points. If it’s not on this list, then it’s worth negative points and you should avoid it at all cost.
Reversing - Crank up IDA Pro, put on that “I’m so busy doing really, really important reversing that you dare not ask me any questions” look and watch those bonus points ROLL IN!
Writing exploits or shellcode - Still very cool. Try to be seen with either a .s file open (use vi editor, don’t make the mistake of using emacs or pico or, G-d forbid, a GUI editor) or gdb. In a crunch, you can have a .c file open, but don’t make it a habit. You’ll need to work on that “don’t bother me look”, lest someone ask you wtf you’re doing.
Fuzzing - Do NOT tell anyone that you use a commercial or open-source fuzzer. That’s like -500 bonus points. No, my friend, you write your own fuzzers. “Yeah, cuz like, SPIKE wasn’t doing enough pairwise-relationships between parameters so I had to like, write my own fuzzer that took advantage of like binary relations across multiple fields and stuff and like, I’d explain it to you but it’s really complicated and like …” ad infinitum.
TCP/IP Ninja - Really low on the spectrum. It used to be really cool but now, unless your name is Kaminsky, you’re not really getting much spin with this one. Maybe when people figure out that there are still bugs to be found at layers 2,3, and 4 of the stack this will get some rejuvenation…but, until then, I don’t recommend this one.
Rule 7 - You must be the project owner of some arbitrary project… Have some pet project that you supposedly work on all hours of the night. Send out emails at all hours of the night (use cron if you have to) telling your boss that you have a great idea for some cool new reversing/fuzzing/exploiting-shellcode_generating-morphing-inline-tcp-ip-ninja-death-ray machine that you are working on. If they ever ask to see a working demo, take the coders moral high road (i.e. make up some reason why you are so elite that you dare not try the tool until you’ve tweaked out some bugs…or whatever)
Rule 8 - Coherent statements are not for you. That’s right, even if you have to go back and add in typos, do it. I should probably give a few examples.
Bad email - Good evening Mister Jones, I was just working on my project for that Death Ray auto-pen-testing machine and wondered if you had any feedback regarding how we would handle shellcode delivery across SCADA or process control networks. Further, as I am putting in so much time with this project, I may need to be a little late tomorrow morning.
Good email - hey. so, im rewrking the shellcode delivrey mechanism for teh scada and pc networks and if you had anyhthing to add before I commit thes to CVS then can you shoot me an email. I might be in late tomorrow depeending on how son I get thes bugs worked out.
That’s about it. Good luck, I’m sure I’ll be seeing you soon.
!Dmitry
Subscribe to:
Post Comments (Atom)
6 comments:
Oh, dear K3\/1n, that's too close to the bone to be phunny! Clothing choice: Thinkgeek-type t shirts, either brand-spanking new, or nearly new with creases showing where Mom ironed it, or about 3 years old (dating from that wild period just before they dropped out of college when they first got into, like, smoking weed and staying up all night, posting to bulletin boards asking for IIS6 0day, will trade for rippped off metasploit shellcode. Posting to Full Disclosure from vanity domains like 'corefayl.org' or 'blacklite.net' ... collecting O'Reilly books dedicated to obscure LDAP servers, with a sprinkling of 'Hacking exposed', 'Rootkits', 'Art of Deception' and a battered secondhand paperback copy of Cuckoo's Egg, bought from eBay. He keeps a gadget hacked to run Linux for the sole purpose of impressing visitors - an Xbox, a Roomba, and Aibo if possible.
PS Yeah, I was a pen-tester for two years. Despite teaching myself a lot more, I was never allowed to do much more then run Nessus and Nmap (Although they had no problem with my pulling down dozens of exploits as source and trying to learn the first couple of chapters of K&R by working out why they wouldn't compile.) This wasn't a big (or even medium sized) general consultancy corp, it was a small (a few dozens of staff) 'security firm' that made most of it's income from selling expensive silver dummmies... you know silver dummies? Dummy in the English sense, silver in the silver bullet sense. Firewalls, mostly, with ludicrously complex failover clustered multisite setups making for much more profitable design / config / management stuff. And that J. Random Pentester was me.
Shop, compare and save on your next home mortgage, refinance, auto loan, payday loan advance and even personal credit lines. Regardless of your prior credit, you can qualify for a better loan at a better rate by shopping and comparing our extensive site of lenders. Fill out a no obligation, simple one page application and get a FREE rate quote. We specialize in great low rates for those with poor or bad credit, even no credit at all. Good credit customers can expect the lowest rates available.
Don't delay, come to www.nwcleasing.com and apply today and get an instant decision and lock in your lowest possible rate.
Well done!
[url=http://xvkkwvtk.com/vphk/wxxw.html]My homepage[/url] | [url=http://gsbmxnoo.com/coid/vzml.html]Cool site[/url]
Good design!
My homepage | Please visit
Well done!
http://xvkkwvtk.com/vphk/wxxw.html | http://peuizwxe.com/vvwg/hwbz.html
Post a Comment