Ex-NSO Hacker Explains his Shift into Web3 Security
An interview with Trust, ex-NSO Group hacker turned web3 bounty hunter and independent security researcher. In just under a year, Trust has rocketed to the top of the code4rena leaderboard, and has made waves on both code4rena and Immunefi.
In this conversation, we delve into Trust's background as an exploit developer at NSO Group, and learn more about his decision to leave and pursue a career in web3 security. Trust discusses his work performing audits on code4rena, participating in bug bounties on Immunefi, and shares with us his methodology and mindset around bounty hunting and security research.
One week into the labs, progress on PWK machines, thoughts on the OSCP material so far. How well does OSCP lab machines translate to a real penetration test?
...
https://www.youtube.com/watch?v=OhtWDC42WPU
Progress in the PWK labs after 6 weeks. Talking about my experience going through the 5 retired OSCP exam machines.
OSCP resources:
https://www.reddit.com/r/oscp
https://discord.gg/WVHDZvemB2
...
https://www.youtube.com/watch?v=Zx0sbnAlGXU
Progress on the PWK labs at the end of the second week. Tips on OSCP enumeration and general thoughts on exam and lab machines.
Still on track to complete all the lab machines within 90 days.
...
https://www.youtube.com/watch?v=JoOOZ5VWxsA
Looking through and reacting to the CONTI Ransomware Gang’s internal training doco. Real life Russian hacker’s playbook. Interesting techniques that Russian ransomware gangs use to avoid detection and deploy ransomware in a corporation's internal network.
References:
Leaked PDF: https://github.com/silence-is-best/files
Enumerate File Shares: https://github.com/SnaffCon/Snaffler
Working PrintNightmare Variation: https://github.com/GossiTheDog/SystemNightmare
Learn penetration testing: https://www.tryhackme.com
...
https://www.youtube.com/watch?v=6FwNpX7PpIM
Dravee talks how he was able to break out of his learning plateau as a smart contract auditor.
In this conversation we talk about Dravee’s background as a DevOps engineer and how he learned smart contract auditing from scratch. We discuss how he was able to break through learning plateaus, his auditing strategy and his report automation setup.
Full Podcast: https://www.youtube.com/watch?v=gd5z2AKbvHk
...
https://www.youtube.com/watch?v=yrfQi6DyYeU
Jacob Larsen is a Cyber Security manager who has extensive knowledge in information security management, and a broad range of experience in both technical and non-technical cyber security engagements.
In this conversation we discuss how to break into cyber security, developing soft skills, networking and career progression.
Connect with Jacob:
https://www.linkedin.com/in/jacobcyber/
OUTLINE:
00:00 - Introduction
1:15 - Background
4:17 - Landing an Internship
7:47 - Networking
10:27 - Developing Soft Skills
14:26 - Day to day as a Cyber Security Manager
17:42 - Developing Leadership skills
21:17 - Technical role vs non-technical role
31:42 - Advice for young people
33:37 - Do you need a Degree
35:22 - Self study vs Degree
48:21 - Skills Shortage in Cyber Security
51:35 - Cyber Security Entry level jobs
53:17 - Interview Tips
55:30 - How to progress your career
56:50 - Passing the CISSP
1:00:25 - Personal Brand
1:02:21 - Web3 Security
1:04:14 - Conference Talks
1:08:52 - Building a LinkedIn profile
1:11:40 - Work Culture
1:14:13 - Working at Big 4
1:23:49 - Job Hopping
1:26:58 - Future Goals
1:33:47 - Penetration Testing
1:35:46 - Runescape
1:38:15 - Bitcoin
...
https://www.youtube.com/watch?v=Y4Tc3Yj7HGk