Oct. 8, 2018

Dan Borges - From Infosec ITAdmin to Red Teamer to CTF Organizer

Dan Borges, a professional red teamer, blogger, and security tool developer, discusses his early experiences using and exploiting computer systems, how InfoSec experts work with companies, and new tools he and others created and released this year!


Permalink and Transcript: http://gettingintoinfosec.com/dan

In this first episode, I chat with Dan Borges, a professional red teamer, blogger, and security tool developer.

Dan Borges discusses his early experiences using and exploiting computer systems, how InfoSec experts work with companies, and the new tools he and others created and released this year!

Episode Highlights:

  • Dan explains how he became involved in information security,
    including his introduction to programming through a Lego robotics
    program.

  • His early experiences as a pen-tester—i.e. a penetration tester, who
    looks for system security weaknesses—and why it’s difficult to get
    hands-on experience in that field.

  • The benefits of becoming an Offensive Security Certified Professional
    (OSCP).

  • What does a red team do in an organization, and how is it different
    from pen-testing?

  • Dan describes the day-to-day life of a pen-tester and the kind of
    conflicts they can run into.

  • A few war stories from the trenches of InfoSec, as well as some of
    the tools pen-testers use.

  • How being grounded led to Dan’s earliest hacking experiences, and the
    ways his parents fostered his interests and mentality.

  • What conferences should InfoSec beginners check out?

  • Fun and beneficial ways you can “hack” reading.

  • Dan’s tips for those starting off or looking to transition into
    Infosec.

  • An in-depth look at one of the newer tools Dan uses for his work.

  • The rules and intricacies of InfoSec competitions.

Quotes:

  • “It’s such a catch-22 to get practical, hands-on experience to go to these jobs because, y’know, hacking’s illegal, right?”

  • “We don’t just go in and blow the brakes off people, we’re trying to measurably improve security.”

  • “It was a constant escalation war, cat-and-mouse like that. They’d take something away and I’d figure out how to use the computer with that limitation.”

Links:

  • Dan Borges’ personal blog: http://lockboxx.blogspot.com/

  • Dan’s LinkedIn: https://www.linkedin.com/in/borges1337/

  • Dan on Twitter: https://twitter.com/1njection

  • Dan and Alex's DEFCON Talk on Gscript: https://www.youtube.com/watch?v=8yjMlMf8NpQ

  • Gscript: Genesis Scripting Engine: https://github.com/gen0cide/gscript

  • NationalCPTC (Collegiate Penetration Testing Competition): https://nationalcptc.org/

  • Outro Music: Missing You by Trash80: https://trash80.bandcamp.com/track/missing-you

Getting Into Infosec:

  • Twitter: https://twitter.com/coffeewithayman

  • YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A

  • Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/

Follow Ayman on Twitter

Breaking IN: A Practical Guide to Starting a Career in Information Security