This series of blog posts was sparked from a recent internal discussion and is really just to learn how penetration testing individuals “got their start” or became interested with security, hacking, and anything else within our industry. To start this off we have to go to the beginning…
The Beginning – Farm Life
Here is a drone photo of my family’s farm:
Living out in the country (5 miles outside of the nearest town) we only had dial-up internet for the longest time. 28k to 56k seemed like a huge speed increase.
Funny side-note: I taught myself to spin a basketball on my finger while waiting for web sites to load.
I came across BackTrackR3 back in 2008/2009 and started booting my school computer into it and seeing what I could do. Naturally, I became good friends with my high school IT teacher and was able to become very involved in student laptop configuration, allowing me to have time to focus more on learning BackTrack.
Learning To Hack
Towards the end of high school, I would say I was solely interested in wireless hacking. I ended up picking up a compatible wireless adapter (PCMCIA – shown below) that worked with our schools’ laptops at the time.
I learned to crack various wireless networks starting with WEP, moving onto WPA2 PSK, and even utilizing Reaver to crack WPS (this was fun).
As college moved on into my senior year, I had made friends with similar interests expanding the experiences and enthusiasm for hacking. One random day, our class receives an email from a professor about an internship. This internship listed out various toolsets and job duties that sounded interesting to me and were similar to things I was playing with inside BackTrack. I convinced a classmate to apply with me. After our initial phone interview, we were given a list of tasks we would have to do during the practical onsite exam.
I can remember that day, as my classmate and I were messing around with Windows XP and utilized some exploits within Metasploit to gain command line access to the system. We quickly changed directories to the desktop and created a text file – as this was done, we saw the file be created on the screen of the system. At the time, this was the coolest thing ever!
My classmate and I completed the practical exam for the internship that same day.
Penetration Testing Internship
We got word that once we finished school, we would be able to start the internship.
The internship was for a large CPA firm that offered consulting services to their clients. Within the first year I was able to shadow and perform many engagements that enhanced my skill set. These engagements included internal/external penetration tests, social engineering – onsite/remote tests, email phishing, and some web application penetration tests.
I’d say one of my biggest accomplishments was taking and passing the Offensive Security Certified Professional (OSCP) certification on the first try.
I remember one of my first engagements was performing an internal penetration test for a local credit union. I recall gaining access to their ATM machines and being able to view the ATM camera’s live stream and watch individuals withdrawing cash. This absolutely blew my mind at the time and helped me understand how bad security was at various organizations. I also have many memories of performing onsite social engineering and being able to gain access to multiple buildings during and after hours… It always felt like a scene out of a movie. *cue spy music*
Life As A Pentester
After a couple years at the CPA firm, I ended up leaving for Target to join their Security Operations. This allowed me to learn from some very talented individuals and more importantly grow my web application testing skills. Eventually, I would leave Target to rejoin the CPA firm again for a couple of years with my new skills.
It then became apparent that a great mentor of mine was expanding and looking to hire some technical individuals to perform consulting work for their clients… Now, I have been at White Oak Security for 3 years and 7 months and it has been one of the best decisions I have ever made. The team members here are so incredibly knowledgeable, friendly, and come from many different areas. Continuous learning is a quality pentesters require, and it seems like every day I am learning something new here.