How To Get Away With Hacking by Liam Follin

uh this is how to get away with hacking um it kind of was kind of born because of something you see on LinkedIn all the time when I was the previous speakers have spoken about it as well it's like you know here's how you get into pen testing post Then followed by a list of resources longer than the average Christmas shopping receipt um half the resources on the list are questioned all the best and there is no structure to it some of it then the few poor souls you do actually grind away through this arduous mountain of nonsense content end up in an interview and realize that they're missing large portions of key knowledge um so this talk is not only based on my own Journey but on also on the journeys of three other people um ultimately though I hope they will arm you with the knowledge that you need to really nail your first interview so obligatory who are my slide um is GitHub and you can email me um I'm a tech team leader for applications um you can see all this extra stuff on the screen Twitter is just a nonsense rambling GitHub has some pretty cool tools if you're interested in getting into fantastic or if you already are a pen tester and you can also email me questions queries or preferably cat so quick agenda a bit of Preamble um explain exactly what a transistor is touch from the law that's largely to cover my own back I can't mine and then we'll cover the day-to-day to the job and then some warnings I'm then going to go through four Journeys the first is mine then we have uh Charlie um Jasmine and Josh um and then I'll throw some advice at the end which kind of tries to distill exactly what you know these these people have done and how you can apply that to your own Journey um obviously there's no Silver Bullet a lot of it is just hard work but hopefully we'll get a bit of that and then we should have some questions at the end so first of all quick explanation what is a pen tester um we call the medical hackers what hats or pen testers so there's a couple of different terms throwing around as well um the order again basically similar job the tax system see its weaknesses and then reports on them so you tell them somebody what's actually going on so they can be fixed um comes in many different forms but primarily you as a tester you're given a Target or set of targets thereof and are tasked with assessing them this can be anything from a single laptop to hundreds of servers in AWS to a massive content management system doesn't really matter what it is your task is to go in there and break it and then tell the person who owns the system haven't you broke it okay hello um some of the things I'm going to talk about here are illegal if you don't get permission so please get permission before you do this or use uh instead of doing it against Natural targets using the training platforms I'm going to talk about and whatever you do please don't go attacking random companies looking for bug bounties I don't want any emails letters or more to the point explosive devices rocking up at my flat after somebody gets arrested for doing something legal we'll do it quick explanation of the day-to-day um it's not all fun and games hacking is really really cool and we'll get into exactly how cool it is a little bit later on um but as I said um wake up your first thing you do is you check Twitter and there's a couple of other like threat feeds that you can just be plugged into for any use security vulnerabilities you know any kind of crazy announcements and nonsense coming out of one of the other zero day Labs or or um of something that's being used to actively exploit stuff um there will be either a testing date or reporting reporting is never the most fun part of any job it's writing a large amount of text about stuff that you found and finding it's obviously the cool bit reporting on it slightly less cool but always more important uh the testing is quite cerebral you know imagine you're given a Rubik's Cube every day but it's mixed up to a varying degree so sometimes you'll walk straight in and you'll find everything you're like all right great and then other times you're chasing the rabbit for hour and hours and some of the apostrophe syndrome some of the previous uh speakers have also spoken about um comes uh comes a creeping back in and you convince the idiot you're gonna absolutely need to bomb out and someone's going to factor out and then the next test it's all easy again and you have a great time um but as I said the report writing 15 to 100 findings in an easy to just format that's clear and concise always quite challenging especially it's one of the hardest things we've found you know people coming into the industry are certainly struggled with it myself and I was starting to get into pen testing and people who are just kind of joining and find uh normally they pick the technical stuff up a little bit faster because there's loads and loads of research content we can talk about that later to help teach you how to hack things how to write about packing there's a lot less um so that's kind of always the harder part of the job is the hardest part to teach and hardest part for people to kind of really get to grips with um back to the day-to-day calls with clients to discuss our tests you're talking to the incline all the time you're kind of working in a big cyber security company or consultancy um and then after work get back to self-development again so that's solving Labs like they had a code we'll get to that later reading up on new attacks that have come out some really cool um adcs ones have just been over the past six eight months you know coming out which are really awesome and then of course you've got to have a simple favorite Tipple as well I've got a couple of bottles of whiskey lying around here somewhere um you've got to enjoy yourself at the same time that is an important part of being a tester so first one's me hi um Apprentice Junior pentester check team leader and then um well okay so the last one hasn't happened yet right I'm holding out hope I did start as an apprentice I moved through to Junior pen tester in uh junior pentester after suffering through uh BCS qualification which oddly enough doesn't feature in any recommendations of mine later and then grab my way to check team leader in applications with a small Pit Stop away doing some kind of threat intelligence work um more than a few mistakes were made along the way by my own admission and hopefully I can have some of you avoid them if you do decide to come and jump into fantastic such change is born there is a common theme here we've got journey two which is uh Charlie who may be in the audience today so hopefully so um Charlie started with marine biology moved on to stock analyzen then Junior pen testing and now check team member and manager um his journey is taken in from being a fish sign s he's so eloquent it calls it through the hard graft of being shown in the shift Workshop analyst and passing the suspect somebody did it by running a job as a junior pen tester and that pop skip and a jump to a team member a while Divergence from sharks and coral but there is a common theme here in Marine Biology and in it you have to be able to grasp both depth and breadth both of them green biology quite literally been quite deep and quite wide and it being figuratively so our third journey is Jasmine so Jasmine here flew so fast through her career she's the only one that was never technically a junior pen tester um but trying straight from one of our graduate courses all the way through through the chat team member in what can only be described as a Whistle Stop tour of a hacking Jasmine's very background is a testament to how to make hard work pay off um and you know the experience that you're getting from things like the Merchant Navy working in civilities offices you know battles with with the law have prepared her well for the tough task of switching it off and on again I'll but more seriously as well as to the credits against testing a high variety of high-profile clients there is obviously a common theme here which we'll start to listen soon but Journey four will refer back to all of these people in the company slides is Josh so started off somewhat more traditionally than the last couple of people uh Southern forensics degree um he was then a developer for about three days I think um then Junior pentester and then check team leader for perhaps um you started I guess a traditional route in cyber degree um but if you actually go and ask him about it it didn't help him that much which is I think a common theme from the other speakers today either they don't have a kind of traditional degrees or um they weren't necessarily the biggest fans of them um but it was a burning desire to break stuff that really drove just to be great what it does and His short stinters as a developer reminded him that breaking stuff is wildly more fun than building it we do have we do build our own Labs as well again I'll get on to that and uh I can attest that breaking them is uh way more fun than saying they're writing CSS files um this but yeah this uh this kind of burning desire um to Break Stuff led him to be an objective leader the tender age of 23 which is no no not an easy thing at all as anyone who's sat those those crazy exams what he did cyber scheme or Crest will attest to so those are the four Journeys again we'll be referring back to those over the next a little bit of time um we'll kind of move on now and start to distill so there's a bit of advice for various parts of your journey through it so there is some advice for beginners um there's then some advice for people who are trying to make that leap into like you know maybe maybe it's into check work maybe since it's just a specialized area of testing iot or red teaming um and then it doesn't really matter where you want to go what really matters is that you have a kind of Direction a path and a more to the point a plan of exactly how you're going to go and exact a lot of these are these things are knowing where you where you want to end up or not maybe not even knowing where you want to end up but having an idea of what you like doing and figuring out what you like doing and then figuring out the other ways I like doing this so that means I should probably go and do this because it's something like that so advice for someone for beginners real beginners never maybe if you haven't even touched a computer before well hopefully you have um but we've got some resources on the screen here so these are just a couple of ways of starting to get introduced to hacking um and they give a very good all of them give you a very good basic understanding of the techniques that you know certainly I use on a day-to-day basis um over the wire especially the Bandit levels which are shown on the screen there um is a must for learning uh basic Linux commands it's a also a good introduction to like what capture the flags are going to start looking like if you want to use those gamified solutions to learning these things then it's an it's really excellent it's uh you just SSH into a box um from there you try and capture the flags um it teaches you all about the different Linux commands which obviously you'll lose power or whatever District you really fancy um that will set you up very very well if you want to focus on there's nothing more the infrastructure side of things uh try hack me and hack box write introductions but if web apps are more you jam then download but so it's Community Edition and have a crack at the ports we get development course learning how to leverage those resources will be quite important for when you get to your first interview so even if you start today with no understanding of what really pen testing is you start to slowly work your way through that so over the wire was the first thing I did when I was looking to get an apprenticeship I think it was about 17 at the time and I sat down and there's 34 labs in Bandit and they go on and you can do some of the other ones and just the knowledge that gave me really helped me when I was starting to do it for real or whatever I want to work my way through the apprenticeship and start to go on client work to understanding of how Linux works and at least that's what it really help black cat python is going to be a controversial opinion coming in some later slides so be warned that black hat Python's a great book um and a great explanation to offensive coding you don't have to know all the things it talks about it goes pretty in depth on some things but it's still very useful to have and obviously Paul's quicker try help me hit the Box um they're all very very useful for learning the actual techniques of it um another great thing that you'll need to do is you need to learn how to make notes I use obsidian to take my notes I know some people like to do other things one of the previous one of the people whose Journeys are speaking about previously enough likes to use text files and just hundreds of text files which causes me physical pain but it seems to work for him so fair enough um but yeah make sure you've got really good notes um because if you do walk into your first plant system knowing how to attack adcs or perform non-based cross-san scripting or any of the other things you might want to know you'll have an easier time than most and it'll give you something to talk about if an interviewer says you know do you have a favorite vulnerability you can go yes it's processed script tickets request forward reads you know relaying things on on internal networks well no matter what it is there would be something that you can talk about and it's really show your passion that you're interested in the industry um soap moving on for advice for beginners be warmed right everybody wants to be a hackie if you walk into a classroom full of you know a full of six-year-olds you say you well here wants to be a hacker you know how many hands would have thrown up um which does make the industry incredibly competitive it's also not necessarily your standard nine to five you will need to work outside of that not just only to excel but also just to maintain a reasonable level of Competency um because it's very wide and very deep because it is an industry that's incredibly complex and very very hard and that's just the technical stuff you know there's reporting on top of that Consulting travel difficult clients the exams suck not even not just the offensive security ones but all of them are quite long or a lot of revisions or work hours it is tough um but don't let that put you off and if it hasn't put you off let's have a Ganda what you'll need to start on in order to start standing out a little bit more in inside or at least in this first couple of interviews um I'm going to say it again the really important things immediately make good notes um really good notes and make them about everything anything you see find or do on a catch the flag when you're solving any of those labs when you run try Hackney when you're doing the pause for your Academy slap it in your notes as I said are you subsidian it's fine it's the best and you can integrate it with Git very very easily but really doesn't matter how you take your notes just make sure they're really easy to do this format and make sure you can search them as well because if you if you've got like a massive Bank of notes and you're thinking oh I know how to do this because I've done this before if you can just there's a search function built in you can find it really fast and then you're not spending 60 hours going through text documents um and then the other thing about notes is make sure you know how you talk to yourself as it'll make them easier just to understand and you need to use them so I was sitting the um the cstl exam without going into too much detail I didn't realize that your screen was shared with the examiners so a lot of my notes had profanity in because I was writing them at 11 o'clock at night and everyone was revising um so maybe maybe not so that so much but again if it's how you talk to yourself and you then when you're reading it back to you or just sound like you're talking to yourself you'll be able to understand them a lot better and the other big one is make sure to practice every day it doesn't matter if it's 10 minutes reading you know Cyber Law or 10 hours doing Labs um hacking is a bit like Tesco every little helps so these the other side to kind of the tips and tricks they're not really tricks a lot of it's just about you know keeping on going um is uh try and understand which bit you fall in love with straight away if you know that you really really enjoy um my packing or really enjoyed like Cloud um or enjoy attacking Microsoft's ad show then there's positions for you that will focus a lot on that and you can focus on that kind of area of testing let me view about your specialism and if you're very passionate about something it'll become all these late nights you know these 10 hours dig Labs or the crazy grind or the awkward clients won't matter so much because you're actually doing what you love um I know I appreciate it it's a cliche you know do what you love and you haven't worked a day in your life but it's also quite true uh mainly an application guy I did a lot of other areas of pen testing as well but there's something about seeing like that old vanilla PHP app that just gets gets my yeah gets my juices going um I'm sorry that's why I decided to pursue have a great time doing it um addendum to that is it's also as an industry it is paid quite well um but it doesn't pay enough to make it doesn't play enough to negate the fact that you'll be miserable if you just got into it for the for the money um as I said I've got the self-development time a lot of other things aren't necessarily the most fun parts of the world but yeah you do get to school yourself a hacker at the end of the day um which works surprisingly well on hinge so the other part is automation so I know I mentioned a controversial opinion earlier it's time for that hard truth um to be a good pen tester do you need to know how to code well no not necessarily but to be a great one you do need to know the ability to write your own exploits becomes invaluable when common tools like burp Suite or metasploy reach the end of their capabilities which they do um to demonstrate I'm explaining exactly how knowing how to automate tax is so important or at least knowing how to how to code and how to build different techniques into these these sorts of things um but I do really want to ram home that learning how to code or how to program even if it's just scripting is a key part of both demonstrating exports to clients and improving yourself as a security professional again you don't have to do it but specifically for fantastic it's crazy valuable if you can you know we start every every test off with a load of scans and if you can just stick in The Bash file or write in Ruby or in python or even in lure um you know or in go you can you know the first the first thing you do is just sort of firing up loads of terminals running really different scans then having to interpret it well if there's just one script you go you should like dot slash screen it dot sh or script.pi whatever it is and it just does all of that for you knowing how to write that and then also debugging it things like that will save you a massive amount of time which means that you can go and demonstrate value in other ways because all your low hanging fruits have been crossed off by the script that you wrote Oh the thing that you come through together it also means that when tools break which they like to especially if you're on site with no internet always seems to be the case and you're left staring at this horrific stack Trace you know how bit of scripting you know how to write a