My experience of the 48 hour CRTO exam - adversary simulation using Cobalt Strike.
CRTO Course:
https://zeropointsecurity.co.uk/
...
https://www.youtube.com/watch?v=P2ioSJdcAJw
My salary as a new penetration tester working at a cyber security consultancy in Australia. Discussing 2021 salary ranges and career progression timeframes in infosec.
...
https://www.youtube.com/watch?v=a-B49Af1qXU
Jackson Kelly is a software engineer (ex-Amazon), smart contract auditor and career coach with over 10 years of experience in tech.
In this conversation we discuss his move from FAANG to working in the crypto space, his smart contract auditing methodology, opportunities in web3 and advice for students considering a career in tech.
LINKS:
https://www.youtube.com/c/JacksonKelley
https://twitter.com/sjkelleyjr
https://jacksonkelley.gumroad.com/l/how-to-become-a-smart-contract-auditor/
https://medium.com/coinmonks/5-solidity-code-smells-87bb2f259dde
https://code4rena.com/
https://yacademy.dev/
https://spearbit.com/
OUTLINE:
00:00 - Background
8:04 - Working at Amazon
14:13 - Software Engineering vs Smart Contract Auditing
16:46 - Lessons learned from Amazon
19:09 - Adversarial/Hacker Mindset
21:53 - FAANG Interview Tips
28:13 - Coding Interviews
30:32 - Do you need a Degree
32:08 - Smart Contract Auditing Methodology
35:23 - Developing Intuition for Vulnerable Code
38:54 - Learning Resources for Smart Contract Auditing
47:43 - Getting a Job as a Smart Contract Auditor
55:12 - yAcademy
1:01:43 - Spearbit
1:05:11 - Senior Smart Contract Auditor Salaries
1:07:49 - Working at Robinhood
1:14:31 - Working as a Developer vs Auditor
1:17:24 - Cyber Security background vs Developer background
1:19:53 - Web3 security in the next 2-5 years
1:28:35 - Advice for Students
1:32:55 - Deciding what to work on
1:35:36 - Being a new dad
1:40:24 - Jackson's YouTube Videos
...
https://www.youtube.com/watch?v=cHAOoANmSNA
I talk to Zach Obront about his audit process, how he collaborates with other top auditors and his recent wins on Sherlock and Immunefi.
Links:
https://twitter.com/zachobront/status/1633130401043546118
https://github.com/zobront/tla-specs/
0:00 Intro
3:32 Learning Smart Contract Auditing
7:44 Progress on Code4rena
10:30 Collaboration with other Auditors
14:33 Zach's Audit Process
27:53 Motivation
29:36 Sherlock & $700,000 Optimism Audit Contest
34:40 Finding Critical Vulnerabilities
36:15 Spearbit and Private Audits
41:43 Finding a Critical on Optimism
47:51 Finding a Critical on Immunefi
49:21 Zach's day-to-day
53:34 Goals
...
https://www.youtube.com/watch?v=57V-57ZXmfA
We sit down with Pashov and discuss his decision to all in on web3 security as an independent security researcher. Pashov shares alpha on auditing, obtaining clients and building industry connections.
Links:
https://twitter.com/pashovkrum
OUTLINE:
0:00 Intro
3:52 Going Independent
5:47 First High Severity Bug
10:45 Learning Mindset
14:06 Reading code4rena Reports
20:23 Building Intuition for Vulnerabilities
22:46 Focused Hours
24:55 Spearbit
28:49 Understanding Code in Depth
31:34 How Beginners Should Approach code4rena
36:38 First Solo Audit
41:26 Getting Clients
45:52 Solo Auditing and Auditing Partnerships
55:30 Day in the Life of Pashov
59:22 How to Study
1:09:02 Independent Security Researcher vs Auditor Job
1:13:07 Experience Auditing with Spearbit
1:16:28 Deep Understanding of Code
1:20:02 Small vs Large Codebases
1:24:38 Immunefi
1:30:21 Building a Business
1:35:25 Making Industry Connections
1:40:30 Setting a Good Example for Others
1:46:43 Tips for Newbies
...
https://www.youtube.com/watch?v=KONVlS7azMQ