Dealing with the "Exploit writer" and "Hacker" of the team

[Deleted User][Deleted User] Senior MemberPosts: 0 ■■□□□□□□□□
Hey Forum

So I really don't have a lot of complaining threads. However, this one is a good one.
There is a guy on my team who enjoys exploit development and penetration testing. However, I have never seen this kid write an exploit, never seen him conduct a pen test, anything of the sort. He buys a lot of books on penetration testing/ethical hacking. He doesn't have any certifications since he believes they are "beneath him". I always see this guy reading articles, talking to other people on the team, babbling about stuff he reads on articles that have no relevance about work or anything in general. I get you have to have small talk but this guy takes "small talk" to a whole new level. I tried to be nice to this kid, but he still sometimes has an attitude with me. I get along with everyone else on the team just fine but him so I know it's not a personality trait with me. I have as minimum contact with this kid as possible only when necessary on a work level but he manages to still annoy the heck out of me and tick me off. Today for example, I was working on getting an exploit to work and couldn't get it working. He then says to a colleague, well that's what a script kiddie would do (implying i'm a script kiddie). Now something like that really pissed me off. In my opinion, when someone asked him what port DNS ran on and he said "51", I said no it's 53 UDP/TCP TCP for zone transfers. Any thoughts or opinions about this? It made me chuckle when I thought to myself, if he thinks DNS runs on port 51, I could imagine what his exploits look like! hahaha. Any thoughts on this or ways to deal with this pain in the rear? Thanks all! :)


  • Options
    636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    To be truly successful in infosec life you not only need technical skills, but you also need people skills. my two cents....
  • Options
    wastedtimewastedtime Member Posts: 586 ■■■■□□□□□□
    Well I think most of us have ran into this type of person at least once are lives. If you haven't it may be you. Any more I don't let those people get to me. I do my thing and they do their thing. Eventually they get looked at for the fraud and/or egotistical person they are. If you need to interact with them then do so but don't let them get to you. You may want to look historically as I know other post have been put in Off-Topic and IT Jobs / Degrees that are similar to this one.

    Also unrelated to this social issue you may want to look up information about the DNS truncation bit.
  • Options
    jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Why not ask him to start a CTF team?? Or goto a Con together and work on the hacking challenges together.

    Maybe its one of those things where you two can get along but haven't really had the opportunity to do so.
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • Options
    Mike7Mike7 Member Posts: 1,107 ■■■■□□□□□□
    To be successful, you need IQ and EQ among other things...

    Talk is cheap.
    When someone criticises, I listen and ask for recommendations and suggestions, i.e. "How would you do it better?"
    When someone brags about something, I ask for more details and even a demonstration, i.e. "That's great! I want to know more. Can you show me?"

    Get your whole team (and your manager?) to ask that kid to do an info-sharing session. Tell the kid the team wants to learn from him. Who knows? He may turn out to be a real guru. icon_lol.gif
  • Options
    UnixGuyUnixGuy Mod Posts: 4,564 Mod
    Yep sounds exactly like my colleague:

    Be very pragmatic with him. Smile to his face, but don't ever chat with him. Don't look his way, ignore his existence.

    Do not waste energy on him, upskill and remember you will leave this company in a year or two or so, it doesn't really matter. Learn stuff that will get you to your next position, and this fraud co-worker will simply not make it to the next position. Move up, he can't follow you. Get certs, he can't get the knowledge you're getting. He is shooting himself in the foot and wasting his time blabbing.

    Also, one thing I realised about those who blab a lot during work: their personal life outside work really suck, so work time is their 'fun' time. Nothing wrong with that, but it just made me more sympathetic.

    Either way, you're not in this job forever so make the most out of it.

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • Options
    [Deleted User][Deleted User] Senior Member Posts: 0 ■■□□□□□□□□
    Thanks everyone for your input!! :) I agree UnixGuy, I have to ignore him and not even note his existence and focus on myself. Only interact with him when necessary in a professional manner and focus on myself with certs and learning! :) This is a great forum and an awesome place to get advice from true experts in the field!! My own therapists online! What more can you ask for! ;)
  • Options
    Grafixx01Grafixx01 Member Posts: 109 ■■■□□□□□□□
    I had a colleague like that when I first started in my job. I was told to learn from him and he was told to show me. He went through stuff super fast and I couldn't get anything he was doing down so I could follow / reproduce the same. Then I asked him, with me playing dumb/ignorant on how I could pass the CEH since he had his CEH, CHFI and something else. His response, "It took me about 10 years to be able to pass my CEH. My best advice to you is go get like a ******** for it, answer what you can and research anything that you get wrong and even the wrong answers in the question. Then take about another 2-4years of learning and doing, then you'll be able to sit for the CEH. That's what I did."

    Really? Seriously? Lets make sure that you know that he is also like 24 but has been working in the business for 10+ years!
  • Options
    dhay13dhay13 Member Posts: 580 ■■■■□□□□□□
    My experience is usually those guys don't know half as much as they say and if they do they are too immature to command any respect from his/her peers.
  • Options
    boxerboy1168boxerboy1168 Member Posts: 395 ■■■□□□□□□□
    Who has time to care what other people do think or say??

    I don't have time for that.
    Currently enrolling into WGU's IT - Security Program. Working on LPIC (1,2,3) and CCNA (and S) as long term goals and preparing for the Security+ and A+ as short term goals.
  • Options
    OctalDumpOctalDump Member Posts: 1,722
    I find that some IT environments can get a bit 'masculine', and can turn into a c*ck measuring contest. Really doesn't benefit anyone.

    No one is really does know it all, even when you think you know a lot, you come across something new. And I think I'd prefer it that way. I enjoy learning new things, so if you did know it all, you'd be stuck and that seems boring.

    But, yeah, some people just rub you up the wrong way and the best you can hope for is an adequate professional relationship. Try your best to be professional, engage them when you think they might be a useful resource, and try (as hard as it can be) to not let personal feelings control the professional relationship.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • Options
    echo_time_catecho_time_cat Member Posts: 74 ■■□□□□□□□□
    @OP, as UnixGuy implied, ignore his existence.

    Ever played chess with a pigeon? The pigeon will just poop all over the board and still think it won. Same thing happens here with this type.

    Don't get drawn into the silly little competitions this guy will set up, on his terms, on topics he read about 5 minutes ago. Focus on yourself, only compete with yourself. He will expose himself in time and either quit, or be humbled enough to stop wasting everyone else's time and just dig in and work.
  • Options
    FillAwfulFillAwful Member Posts: 119 ■■■□□□□□□□
    Ever played chess with a pigeon? The pigeon will just poop all over the board and still think it won. Same thing happens here with this type.

    ^^This is amazing, stealing!

    OP, I totally get the frustration of dealing with people like this, its super frustrating. I always end up being a smarmy, sarcastic jerk to people like this after a while. I can't help it. It's like the Wonka meme "Oh really...tell me more about DNS over port 51..." They usually have no idea and continue to blather nonsense. I know its kind of a d--- move to do this, but it gives me so much satisfaction and technically I'm still being polite.

    Everyone else is right of course but, man, I feel your frustration.
  • Options
    echo_time_catecho_time_cat Member Posts: 74 ■■□□□□□□□□

    I couldn't resist. It had to be done. :)
Sign In or Register to comment.