+ Reply to Thread
Results 1 to 16 of 16
  1. Senior Member
    Join Date
    Oct 2012
    Location
    Lexington, KY
    Posts
    534

    Certifications
    CISSP, GMON
    #1

    Default Interview with a BlackHat

    Reply With Quote Quote  

  2. SS -->
  3. Senior Member gabypr's Avatar
    Join Date
    Mar 2012
    Location
    Puerto Rico
    Posts
    136

    Certifications
    A+, S+, MCP XP, MCDST ,MCTS (Vista,7), MCITP Vista, MCSE 2003, 70-410, 70-687, VCA-DCV, EC-Council University Student
    #2
    Very interesting, thanks for sharing.
    Reply With Quote Quote  

  4. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,283

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #3
    Great read. Thanks for sharing.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  5. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,419

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #4
    Regarding his DDoS blackmail comment - I was recently at an ISC(2) conference in Phoenix in which a cybercrime FBI investigator flat out told us they do not invesgigate DDoS attacks unless the victim is an important target, such as a fortune 100 bank. Pretty much leaves everyone a sitting duck for that type of thing.
    Reply With Quote Quote  

  6. Senior Member olaHalo's Avatar
    Join Date
    Jul 2012
    Location
    Las Vegas
    Posts
    727
    #5
    I shared this with many coworkers, they all seem impressed.
    Reply With Quote Quote  

  7. eager student mapletune's Avatar
    Join Date
    Jul 2012
    Location
    Taiwan
    Posts
    305

    Certifications
    CCENT, CCNA, CCNA Security
    #6
    cool article, thanks for sharing.

    also, i'm guessing that the site is being ddos'ed.
    Reply With Quote Quote  

  8. Netzwerksicherheit Master Of Puppets's Avatar
    Join Date
    Jan 2013
    Location
    /dev/null
    Posts
    1,175

    Certifications
    CCNA R&S, CCNA Security, CCNP R&S, CCNP Security
    #7
    Great stuff, thanks!
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Sep 2012
    Posts
    210
    #8
    Interview with a pompous young man.
    Reply With Quote Quote  

  10. Member z3r0cool's Avatar
    Join Date
    Mar 2013
    Location
    Virginia Beach, VA
    Posts
    49

    Certifications
    AAS Computer Technology
    #9
    "Uni"?
    "Mummy"?
    "fortnight"?

    definitely a Brit
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Oct 2008
    Location
    Long Island, NY
    Posts
    693

    Certifications
    CCENT, Microsoft Cert Specialist: 74-409, MCITP:EA/MCSA:2008, MCSA:Win8.1/Win7, MCSE:Sec.2003, MCTS(x4); A+('07), Sec+ ('08)
    #10
    Wow very interesting...kinda makes it look too easy you know. This probably took a lot of years to setup and be part of something to pull off some of the things himself and his team did
    Reply With Quote Quote  

  12. Livin is ez w/ I's closed
    Join Date
    May 2010
    Location
    NYC
    Posts
    399

    Certifications
    A+, Network+, Security+, BCNE, CCNA, ITIL v3, AWS - CSA/CD/SA
    #11
    Makes me want to learn the black hat trade
    On the plate: AWS DevOps Engineer - Professional
    Scheduled for: Unscheduled
    Studying with: acloud.guru, aws docs
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Mar 2011
    Location
    KY
    Posts
    162

    Certifications
    Security+
    #12
    "Adam" is obviously highly skilled since he is still able to do what he's talking about, but like he mentioned a lot of it you can learn from google and various places on the internet. Compromising a system or getting in thru a vulnerability isn't the hard part, doing it without leaving a bread trail back to you is where you see the difference between noob/script kiddie and "professional" Blackhat.

    Take the initial compromise of Sony for instance, anyone able to follow instructions could have google'd/watched a youtube video on using Metasploit and gotten into the system. It's been a while but I want to say it was an outdated Apache running either no root password or the default.

    That's why its important to always patch anything open to the internet, change all default logins, and due diligence. Otherwise you're a stationary target just asking to be compromised.
    Reply With Quote Quote  

  14. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Location
    Australia
    Posts
    3,208

    Certifications
    B.Sc, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #13
    amazing read! thanks for sharing!
    ‎"After the earth dies, some 5 billion years from now, after it’s burned to a crisp, or even swallowed by the Sun, there will be other worlds and stars and galaxies coming into being — and they will know nothing of a place once called Earth." - Carl Sagan.
    Reply With Quote Quote  

  15. Senior Member MiikeB's Avatar
    Join Date
    Apr 2011
    Posts
    298

    Certifications
    BS-IT,MCITP:EA,A+,Net+, Sec+,Project+
    #14
    I'm not convinced this is 100% true or accurate. His explanations were overly simple and generic, and when he tried to act like he was going in to detail it sounded even more oversimplified.

    I don't doubt some truth, for example he may very well have done DDoS for ransom etc, but "making millions and just funnel it through a cafe" type of comments seem like discussing something that he isn't actually familiar with the details of.
    Reply With Quote Quote  

  16. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,419

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #15
    Quote Originally Posted by MiikeB View Post
    I'm not convinced this is 100% true or accurate. His explanations were overly simple and generic, and when he tried to act like he was going in to detail it sounded even more oversimplified.
    Keep in mind this person worked in a crew; therefore he likely was not involved in all the minutia outside of his specialty. Early in the interview he claimed his specialty is social engineering.

    To your credit, I agree, not everything you read on the internet is true; however I can see how one might not know intimate details of the entire operation.
    Reply With Quote Quote  

  17. Member mworwell's Avatar
    Join Date
    Aug 2008
    Location
    Ohio
    Posts
    37

    Certifications
    CCNP:Route , CCNA, Security+, Network+,
    #16
    Thanks for sharing. Very interesting interview.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks