Episode 1
Dan Borges - From Infosec ITAdmin to Red Teamer to CTF Organizer
Permalink and Transcript: http://gettingintoinfosec.com/dan
In this first episode, I chat with Dan Borges, a professional red teamer, blogger, and security tool developer.
Dan Borges discusses his early experiences using and exploiting computer systems, how InfoSec experts work with companies, and the new tools he and others created and released this year!
Episode Highlights:
-
Dan explains how he became involved in information security,
including his introduction to programming through a Lego robotics
program. -
His early experiences as a pen-tester—i.e. a penetration tester, who
looks for system security weaknesses—and why it’s difficult to get
hands-on experience in that field. -
The benefits of becoming an Offensive Security Certified Professional
(OSCP). -
What does a red team do in an organization, and how is it different
from pen-testing? -
Dan describes the day-to-day life of a pen-tester and the kind of
conflicts they can run into. -
A few war stories from the trenches of InfoSec, as well as some of
the tools pen-testers use. -
How being grounded led to Dan’s earliest hacking experiences, and the
ways his parents fostered his interests and mentality. -
What conferences should InfoSec beginners check out?
-
Fun and beneficial ways you can “hack” reading.
-
Dan’s tips for those starting off or looking to transition into
Infosec. -
An in-depth look at one of the newer tools Dan uses for his work.
-
The rules and intricacies of InfoSec competitions.
Quotes:
-
“It’s such a catch-22 to get practical, hands-on experience to go to these jobs because, y’know, hacking’s illegal, right?”
-
“We don’t just go in and blow the brakes off people, we’re trying to measurably improve security.”
-
“It was a constant escalation war, cat-and-mouse like that. They’d take something away and I’d figure out how to use the computer with that limitation.”
Links:
-
Dan Borges’ personal blog: http://lockboxx.blogspot.com/
-
Dan’s LinkedIn: https://www.linkedin.com/in/borges1337/
-
Dan on Twitter: https://twitter.com/1njection
-
Dan and Alex's DEFCON Talk on Gscript: https://www.youtube.com/watch?v=8yjMlMf8NpQ
-
Gscript: Genesis Scripting Engine: https://github.com/gen0cide/gscript
-
NationalCPTC (Collegiate Penetration Testing Competition): https://nationalcptc.org/
-
Outro Music: Missing You by Trash80: https://trash80.bandcamp.com/track/missing-you
Getting Into Infosec:
-
Twitter: https://twitter.com/coffeewithayman
-
YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A
-
Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/
See omnystudio.com/listener for privacy information.
Mentioned in this episode: