BSides Tirana 2022 - Keynote Talk - Robert Shala

so greetings everyone it's very very nice to be here today I feel very honored to be invited as a keynote speaker the organizers could have invited anybody really and there are some amazing people in our community so I just want to thank you for uh recognizing a little bit of my effort to bring me here today but really I have a lot of respect for everyone in this industry because it's very difficult it's very hard um and it's not easy when you come from countries such as Kosovo or Albania that traditionally are not known as large I.T or Tech hubs with a lot of connections so I really recognize all of your efforts and uh especially Rio's efforts as one of the Pioneers in the industry so it's very wonderful to be here besides Tirana the first time first conference that's really great so my talk today I will not bore you with technical stuff I will take it easy make a small introduction about myself and really try to share some insights that I wish I heard on a besides Pristina maybe 10 or 12 years ago so I wouldn't make some mistakes that I've made along the journey so I hope this presentation will give you a little bit of food for thought and help you maybe correct a few things that you may have done wrong as I've done in the past so um I was born in Pristina in Kosovo 1994 the 90s were a terrible time we went through the war um Kosovo as you know was a small province in Yugoslavia really most of my family were involved in the mining industry they were either miners or doing something um alongside of it life pushed a lot of people to become merchants and and try to survive in in some very difficult times and um in this picture with the tanks I actually put this there just to uh we found this on the internet actually quit him is sitting right there and then um they're both part of a century cyber security so there's a long way from that time until here but I see I see that as very important to share my personal background as I'm sure that many of us can share uh similar stories and to make you understand that really to get ahead in this industry it doesn't really matter what what your background is or what you went through but you should cherish and um take even tragedies and good things and learn from them and move forward so right after the war when uh growing up you know there weren't any Tech schools there weren't something like digital school where you could learn programming for kids uh there weren't any conferences there were no there wasn't any Tech really the most tech that we had were internet cafes where we would play you know Counter-Strike for hours and hours on end maybe watch football basketball go to the games so there wasn't really a lot that you could do in Kosovo in terms of opportunities and later on I found a little bit of a passion started making some music but nowhere close to the tech industry me and computers were two worlds apart so the only thing I could do was find songs on YouTube and you know probably uh download some torrents and crack some games so um at this point in life I have a very very um uh dear mother that I love and she told me listen Robert you're wasting your time and maybe you should uh consider going to this there was a conference that was being held like a workshop about cyber security and she said you should go learn some computer stuff and I knew what that meant you know she didn't that wasn't a negotiation it was either a golden computer stuff or a not become a baker but you know what that big stick means so I I agreed and on the first Workshop in Pristina I think this was probably 2000 13 or 14 at The Innovation Center Kosovo I met drenor salmoni who is now also my business partner he had the workshop on wi-fi hacking and believe it or not that was one of the most amazing moments of my life I went to the class I had I didn't even know how to install Kali Linux dinner helped us with that I didn't know what the password is what the default password so I uh I really struggle to even log into the operating system but uh he walked us through cracking a weapon WPA encryption on wireless and to me that was like magic you know so uh I I really try to to work hard and apply my skills of course back then we didn't have things like hack the box so I trained a little bit uh on my neighbors which um which then I told them of course you know they were very supportive um but there was a I think this was a pivotal moment in my life is when uh drennor he's a very very serious guy and he was probably one of the only people in Kosovo that knew anything about computer hacking and he said Robert listen you have a knack for this um but if you really want to be good and if if you want me to train you and work with you if you want me to coach you and if you want me to show you what I know you have to go all in and leave all the so that's what I decided to do and uh one eternity later with a lot of hacking this is me I'm Robert Shala now the CEO of century cyber security we're a boutique consulting firm in Pristina and Bosnia has to Covina we do a lot of penetration testing we have a team of 40 people um my background is in application security really I'm not a CEO guy I'm a more of a tech guy but they made me the CEO because at the time I knew the best English and that's something important that we will come back to I've done a few things in Kosovo help with the national strategy done a lot of conferences but really the main thing my main focus was growing century and really putting a Kosovo on the map when it comes to offensive security so today I won't talk to you about what certifications you should get I won't talk about what schools you should go to I won't talk about any external factors similar to those and I won't talk about ttps although you have some amazing speakers today that are going to teach you amazing things what I will focus on are a few things that kind of people skipped over or maybe they just took them for granted and I really want to highlight a few of those things so there's three things that I want to share with you and and I hope for all of you young people that are trying to break into the industry you really remember these and you you try to apply them throughout your profession so the first one is this is a very tough industry and um a lot of people want to learn but they don't want to go through the sacrifice of learning it and applying it so the first thing that I would share with you is to actually be coachable and to be coachable is not just to want to learn it's about to understand that you don't know it's about to understand that you're going to suffer you're going to be beaten down you're going to go through a lot of Hell however at the end of the tunnel you will become a stronger and more efficient person and especially it will help you grow as a professional tremendously um that is when you're being coached as I did as I was coached by draenar you really have to take a leap of faith you have to understand that some people have gone before you and maybe they know a lot of insights that uh you should adopt not to really screw yourself over and learn from other people's mistakes there's with being coachable there's a lot of uh there's an ego part to it I know that uh especially offensive hacking is very competitive it's very you know ego driven very adrenaline pumped fueled you know you want to be the best but really when you're trying to grow yourself professionally the ego is something that you want to keep in control and keep in check there is a time and place for that but you should really learn how to be humble and try to learn from the best because essentially what people before us have done is that they have paved the way they've been pioneers and they've made a lot of mistakes and when you're trying to be coached they're trying to show you the shortest path to achieving your goals um so you don't make the same mistakes they did and waste time and really this industry has been pioneered by many many before us in this picture I put the Loft heavy Industries it's a picture from their Senate testimony in 1998 I highly advise that you guys go listen to it and see what they have to say and you know we are standing on the shoulders of giants and if you can go back to these pioneers and see what they did and what they thought and where they saw the industry going it can really help you understand why this industry is the way it is and it can help you really um believe more in just than just thinking about the industry as a profession where you can get a salary or you know make some extra money um there's a beauty in in computer hacking and looking back at these Pioneers can really really highlights that so that was a general rule that I I just want to highlight it's very put there for a dramatic effect so you learn from everyone and if you stop learning you die that is professionally you know of course you you might still be alive so the second thing is what no one told me or not what no one told me but is no one really highlighted this fact is you really need to have good English skills if you want to break ceilings in this industry I can't stress this enough there are a lot of reasons for it the Best Literature is in English the best conferences or in English the best research papers that you're going to read are in English in this industry you're interfacing with people most of them will speak English maybe also German if you're working for the European market but generally most of us are exporting services or working uh internationally so English is the main language and it's really important to harvest and harness this skill as you grow professionally you can really hit some uh hard to break ceilings if you don't know and if you don't speak and if you don't read the the language well well writing is an essential skill if you're going into penetration testing if you're doing offense or really any other uh cyber security job that has a lot of responsibility you're going to be doing a lot of writing these are some of the samples of penetration test reports that you can see they can span 50 pages 60 100 150 200 and you are going to be writing those they don't write themselves so communicating very well knowing English speaking well presenting well are some skills that you should harness and really really upgrade yourself on don't as do all the technical stuff but don't leave the language behind this is very important um my mistakes was during University for example I I feel like I I lost I I missed a few opportunities we were learning about you know literature uh in in English and I said oh I'm never going to need this who cares about Walden and Henry David Thoreau and what he did in the forest you know but I think that that might have been a great opportunity for me to upgrade my skills however uh my mother saved me because she forced me to go to take English classes when I was a kid so I had a little bit of a leg up there so thanks Mom if you're watching this um [Applause] here's another one cve 2020-11552 10.0 super critical vulnerability exploited by apt groups around the world the product is a manage engine ad self-service it's a small program that a lot of Enterprises use when they have a lot of users you know when they're trying to log into their computers if they click forget password it opens up like a self-service ticketing system that allows you to reset your password so it really helps with managing a very very large Workforce now the thing with this vulnerability is very special and very peculiar and I'll get to the reason why I'm showing you this just follow me for now so the idea is that there's a host that is connected to an uh to the active directory and whenever they would like to reset the password they click reset password on the Windows login screen an application opens up and if you do an mitm there you will abuse the browser engine that the application uses so let me show you shortly how that looks like so the first one as an attacker what you would do you would RDP into a host that has RDP enabled inside of a critical infrastructure um you would then do an mitm so when you click reset password you would get a dialog box that the certificate is invalid and then you would abuse the dialog and go open up the file browser on Windows and then you could get to a CMD you could run it as admin and you would get a system shell so in this way you could hack an entire Bank uh because all you would have to do is get a system shell and just wait for a for an administrator to connect there maybe make some trouble and you know if they have administrative privileges then it's game over which is exactly what I did in 2015. however as you could note the cve is for 2020. my mistake was that I didn't report the vulnerability to the vendor in fact I think at the time I didn't even know you could report these I didn't know how this actually worked moreover than that I really didn't care I cared more about my music I didn't care about you know having cves or a personal brand I didn't really understand the impact that such a finding could have in in my career especially as a junior I could really have put me on the map and made a few things easier along the way so um what I would suggest is that if you're breaking into the industry please document all of your all of your work start blogs start journals have a GitHub page and really put yourself out there and think about how you portray yourself online this is very important especially if you're going to start a business people are going to Google you Google your company Google your teammates and really thinking about this early on can really help you in your career otherwise it can make a lot of things a little difficult from my side you know even if a vendor doesn't have any bug Bounty programs or whatnot please do report them I remember Rio had the reflective download on Facebook for example that they didn't accept as I remember which was a really cool vulnerability that he found and I know many many more from my friends in Pristina and myself included that have found vulnerabilities on many platforms we just didn't care to report them it was cool you know hanging out on a conference or something we all knew the hacks but no one really reported them and I think that's that's a real shame because that's a that's a lot of missed opportunities so last but not least please think about helping others in this industry I wouldn't be here if it wasn't for a lot of people that have mentored me and coached me throughout the years and if you are at a position that you're a more senior person that you are someone that has broken through please help others you know this is an industry that doesn't have an end you can there's work for everyone there's great salaries you can have a great life and you can help people um Empower themselves you can help them help their families out help their Community out and you can really really make a positive change so if you have something smart to say please come to places like b-sides and share what you have to say share your research and and and just coach others right so don't forget that when you become uh when you become a big shot so that's that there's a thank you here but what well there's a thank you here so it's it's all