Dear interviewer,
I do not know how to code. I only know a limited amount of Python and Ruby scripts. I can't figure out assembly language and C++. Shellcode scares me. Socket Programming, yeah, a little bit.
But there's a couple of tricks that I do know. I know how packets are made of and how they behave. The OSI layer and TCP-IP 3-way handshake is something close to my heart. I know how to leverage the MSF3 Framework for a goal-oriented penetration testing engagement. I know how to evade firewalls and overall detection using NMAP. I know how to craft my own packets using NPING. I know what a reflective DLL injection is. I know how to migrate an existing exploit from one running process to another. I know the difference between a compromised Windows XP and a clean one by just looking at a running Wireshark capture. I know how to maintain my connection. I know how clean my tracks.
I know how to go over a list of check boxes, namely SAS70 Type2 Audit (Now called Service Organization Control Reports), the legendary PCI-DSS, or HIPAA, or the ISO27001. I love the GAPP document by AICPA/CICA. Pretty straight forward.
Yes, I am a script kiddie. I do not breath and live codes. All I need to do is read and follow how to exploit a specific vulnerability. The l337 coders already made the codes, the payloads, and the guide how to attack. The difficult part is done and all I need to do is follow the guide from step 1. And yes I hate the command-line. Thank you Raphael for creating Armitage, makes MSF3 like child's play. Hail Mary see you tonight!
Thank you for hearing me vent by reading this blog. I am just frustrated because everyone is looking for "paper-certified" security researchers when I go over Dice.com, Monster.com and other job hunting websites.
Goodnight.
No comments:
Post a Comment