Saturday, January 29, 2011

Confessions of a script kiddie and a l337 wannabe

Dear interviewer,

I do not know how to code. I only know a limited amount of Python and Ruby scripts. I can't figure out assembly language and C++. Shellcode scares me. Socket Programming, yeah, a little bit.

But there's a couple of tricks that I do know. I know how packets are made of and how they behave. The OSI layer and TCP-IP 3-way handshake is something close to my heart. I know how to leverage the MSF3 Framework for a goal-oriented penetration testing engagement. I know how to evade firewalls and overall detection using NMAP. I know how to craft my own packets using NPING. I know what a reflective DLL injection is. I know how to migrate an existing exploit from one running process to another. I know the difference between a compromised Windows XP and a clean one by just looking at a running Wireshark capture. I know how to maintain my connection. I know how clean my tracks.

I know how to go over a list of check boxes, namely SAS70 Type2 Audit (Now called Service Organization Control Reports), the legendary PCI-DSS, or HIPAA, or the ISO27001. I love the GAPP document by AICPA/CICA. Pretty straight forward.

Yes, I am a script kiddie. I do not breath and live codes. All I need to do is read and follow how to exploit a specific vulnerability. The l337 coders already made the codes, the payloads, and the guide how to attack. The difficult part is done and all I need to do is follow the guide from step 1. And yes I hate the command-line. Thank you Raphael for creating Armitage, makes MSF3 like child's play. Hail Mary see you tonight!

Thank you for hearing me vent by reading this blog. I am just frustrated because everyone is looking for "paper-certified" security researchers when I go over, and other job hunting websites.


A playground for network security enthusiasts, innovators and early adoptors

Welcome to my blog, this is me thinking out loud about Voice over IP security (VoIP), managing and optimizing converged networks, Metasploit Framework, Cloud Computing, general security and privacy concerns, grappling adventures, and tuning my MKIV VW Jetta.

All inputs, feedbacks and violent reactions are welcome.

Packet Boy Perseus
Helping spread a positive image why we hack things.

About Me

I am an InfoSec Innovator, a Blue Ocean Seafarer and a Paul Graham Pupil.