Dan Borges, a professional red teamer, blogger, and security tool developer, discusses his early experiences using and exploiting computer systems, how InfoSec experts work with companies, and new tools he and others created and released this year!
Permalink and Transcript: http://gettingintoinfosec.com/dan
In this first episode, I chat with Dan Borges, a professional red teamer, blogger, and security tool developer.
Dan Borges discusses his early experiences using and exploiting computer systems, how InfoSec experts work with companies, and the new tools he and others created and released this year!
Dan explains how he became involved in information security,
including his introduction to programming through a Lego robotics
His early experiences as a pen-tester—i.e. a penetration tester, who
looks for system security weaknesses—and why it’s difficult to get
hands-on experience in that field.
The benefits of becoming an Offensive Security Certified Professional
What does a red team do in an organization, and how is it different
Dan describes the day-to-day life of a pen-tester and the kind of
conflicts they can run into.
A few war stories from the trenches of InfoSec, as well as some of
the tools pen-testers use.
How being grounded led to Dan’s earliest hacking experiences, and the
ways his parents fostered his interests and mentality.
What conferences should InfoSec beginners check out?
Fun and beneficial ways you can “hack” reading.
Dan’s tips for those starting off or looking to transition into
An in-depth look at one of the newer tools Dan uses for his work.
The rules and intricacies of InfoSec competitions.
“It’s such a catch-22 to get practical, hands-on experience to go to these jobs because, y’know, hacking’s illegal, right?”
“We don’t just go in and blow the brakes off people, we’re trying to measurably improve security.”
“It was a constant escalation war, cat-and-mouse like that. They’d take something away and I’d figure out how to use the computer with that limitation.”
Dan Borges’ personal blog: http://lockboxx.blogspot.com/
Dan’s LinkedIn: https://www.linkedin.com/in/borges1337/
Dan on Twitter: https://twitter.com/1njection
Dan and Alex's DEFCON Talk on Gscript: https://www.youtube.com/watch?v=8yjMlMf8NpQ
Gscript: Genesis Scripting Engine: https://github.com/gen0cide/gscript
NationalCPTC (Collegiate Penetration Testing Competition): https://nationalcptc.org/
Outro Music: Missing You by Trash80: https://trash80.bandcamp.com/track/missing-you
Getting Into Infosec:
Breaking IN: A Practical Guide to Starting a Career in Information Security
Here are some great episodes to start with. Or, check out episodes by topic.