Security Affairs Questions

Soon after I blogged about the “Snagging Creds from Locked Machines” and it went a bit viral for a day, Pierluigi Paganini from asked me some great questions, that I failed to answer in a timely manner. They are probably a lot less useful to him now (8 months late), but I thought I would answer them anyways.

You are one of the most respected experts on cyber security. Could you tell me what your technical background is and when you started hacking?

I think my earliest “hacking” was cheating at video games. I enjoyed learning the mechanics of how the Game Genie and GameShark worked, and how I could cheat at games much more than playing them. My parents always thought that I ruined the games, but it really was the figuring out how to get the right hex for infinite life or ammo that was the game for me.

After that I owe my traditional IT / Security learning to the Marine Corps 0651 and 0656 schools, the amazingly patient Marines and civilians at the MARCERT, the OSCP and Chris Gates’ blog.

What was your greatest hacking challenge?

My “greatest hacking challenge” I would say is myself. Self awareness is an ever progressing goal, I attempt to figure out and make myself better every day. I fail at it a lot, but all the best hacks are pure and simple perseverance and I plan to never let this one have the better of me.

What are the 4 tools that cannot be missed in the hacker’s arsenal and why?

So much troll ammo in that question. Or I could go the philosophical route and talk about the mind, and never giving up, but I’ll take the question at face value:

  1. A programming language. Yes, you don’t have to know programming to be in “Information Security” but to be a “hacker” (in the sense of breaking into systems), knowing a language will save you when the tool that you need for a very specific use case just doesn’t exist. It also helps you when you run into a tool that is broken, that everyone seems to use, but for some reason you are the only one noticing it’s broken.
  2. An Intel NUC (or other computer) with ESXi (or other virtualization) on it. Having a lab, even on a hand-me-down laptop/computer with Virtualbox and trial copies of Windows, I was able to learn more by building whatever application I was trying break into, than I ever would have by poking at it from the Internet.
  3. A blog. I forget things all the time and I usually use my blog or another note taking method (pen and paper, text editor, telling friends about it), to be able to reference it later when I need it. Even if you are the only reader of your own blog it is hands down one of the best method of learning for me because it forces me to re-do things and revisit my assumptions.
  4. Metasploit. Mostly because it makes things dead simple, and learning to use it isn’t very hard.

Which are the most interesting hacking communities on the web today?

I’ve never really been welcome or even interested in the darker side of hacking communities. I would get caught if I even tried to dive into that world.

To know one’s limitations is to know one’s self

However, I run NoVAHackers with Chris Gates so I would be remiss to not mention it, and it’s parent AHA. Both are great communities with basically a mini-conference every month at the meetings.

If you don’t have a hacker space, or “Hackers Association” in your area, first, look harder there probably is one that you just haven’t found yet, and second, if not, start it. I went to the first 2 or 3 meetings of NoVA Hackers by myself. Don’t be deterred by single digit membership or attendance. NoVA Hackers is near ~700 members + another 500 or so alumni since it started in 2009.

Which is the industry (healthcare, automotive, telecommunication, banking, and so on) most exposed to cyber attacks and why?

Honestly I don’t want to answer this. Why would you point at someone and say “hit him, he’s easier to take down”

What scares you more in the Internet?

The fact that people think it’s a weapon for or against them.

We often hear about cyber weapons and cyber attacks against critical infrastructure. Do you believe concrete the risk of a major and lethal cyber attack against a critical infrastructure?

Yes, but in what country? Is the U.S. even the most connected these days? I doubt it. In counter point I would like you to watch the following for actual statistics on the matter by @SpaceRogue:

Why and which are the most exposed CI?

Same issue with the industry question, not going to point at the weakest link. I guess an argument to the fact that making light of these targets helps to force action, but I think unless you have had your head in the sand every knows of “Cyber Threats” these days, and a heading like:

Security Expert Rob Fuller says that Widgets are the most vulnerable target in U.S. Infrastructure

doesn’t really further any message or get anyone’s attention to something they don’t already know.

Thanks for your time. Have an awesome 4th of July.