Dan Borges, a professional red teamer, blogger, and security tool developer discusses his early experiences using and exploiting computer systems, how InfoSec experts work with companies, and a new tools he and other created and released this year!
- Dan explains how he became involved in information security, including his introduction to programming through a Lego robotics program.
- His early experiences as a pen-tester—i.e. a penetration tester, who looks for system security weaknesses—and why it’s difficult to get hands-on experience in that field.
- The benefits of becoming an Offensive Security Certified Professional (OSCP).
- What does a red team do in an organization, and how is it different from pen-testing?
- Dan describes the day-to-day life of a pen-tester and the kind of conflicts they can run into.
- A few war stories from the trenches of InfoSec, as well as some of the tools pen-testers use.
- How being grounded led to Dan’s earliest hacking experiences, and the ways his parents fostered his interests and mentality.
- What conferences should InfoSec beginners check out?
- Fun and beneficial ways you can “hack” reading.
- Dan’s tips for those starting off or looking to transition into Infosec.
- An in-depth look at one of the newer tools Dan uses for his work.
- The rules and intricacies of InfoSec competitions.
- Dan’s tips for reading books quickly [28:55]
“It’s such a catch-22 to get practical, hands-on experience to go to these jobs because, y’know, hacking’s illegal, right?”
“We don’t just go in and blow the brakes off people, we’re trying to measurably improve security.”
“It was a constant escalation war, cat-and-mouse like that. They’d take something away and I’d figure out how to use the computer with that limitation.”
- Dan Borges’ personal blog: http://lockboxx.blogspot.com/
- Dan’s LinkedIn: https://www.linkedin.com/in/borges1337/
- Dan on Twitter: https://twitter.com/1njection
- Dan and Alex’s DEFCON Talk on Gscript: https://www.youtube.com/watch?v=8yjMlMf8NpQ
- Gscript: Genesis Scripting Engine: https://github.com/gen0cide/gscript
- NationalCPTC (Collegiate Penetration Testing Competition): https://nationalcptc.org/
- Outro Music: Missing You by Trash80: https://trash80.bandcamp.com/track/missing-you