Options

Interview with a BlackHat

wes allenwes allen Member Posts: 540 ■■■■■□□□□□

Comments

  • Options
    gabyprgabypr Member Posts: 136 ■■□□□□□□□□
    Very interesting, thanks for sharing.
    EC-Council Master in Security Science M.S.S [Done]

    Reading Project Management Professional (PMP) Certification Exam prep by Sohel Akhter
  • Options
    MrAgentMrAgent Member Posts: 1,310 ■■■■■■■■□□
    Great read. Thanks for sharing.
  • Options
    YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    Regarding his DDoS blackmail comment - I was recently at an ISC(2) conference in Phoenix in which a cybercrime FBI investigator flat out told us they do not invesgigate DDoS attacks unless the victim is an important target, such as a fortune 100 bank. Pretty much leaves everyone a sitting duck for that type of thing.
  • Options
    olaHaloolaHalo Member Posts: 748 ■■■■□□□□□□
    I shared this with many coworkers, they all seem impressed.
  • Options
    mapletunemapletune Member Posts: 316
    cool article, thanks for sharing.

    also, i'm guessing that the site is being ddos'ed.
    Studying: vmware, CompTIA Linux+, Storage+ or EMCISA
    Future: CCNP, CCIE
  • Options
    Master Of PuppetsMaster Of Puppets Member Posts: 1,210
    Great stuff, thanks!
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
  • Options
    SecurityThroughObscuritySecurityThroughObscurity Member Posts: 212 ■■■□□□□□□□
    Interview with a pompous young man.
  • Options
    z3r0coolz3r0cool Member Posts: 49 ■■□□□□□□□□
    "Uni"?
    "Mummy"?
    "fortnight"?

    definitely a Brit :)
  • Options
    RomBUSRomBUS Member Posts: 699 ■■■■□□□□□□
    Wow very interesting...kinda makes it look too easy you know. This probably took a lot of years to setup and be part of something to pull off some of the things himself and his team did
  • Options
    Sounds GoodSounds Good Member Posts: 403
    Makes me want to learn the black hat trade icon_lol.gif
    On the plate: AWS Solutions Architect - Professional
    Scheduled for: Unscheduled
    Studying with: Linux Academy, aws docs
  • Options
    effektedeffekted Member Posts: 166
    "Adam" is obviously highly skilled since he is still able to do what he's talking about, but like he mentioned a lot of it you can learn from google and various places on the internet. Compromising a system or getting in thru a vulnerability isn't the hard part, doing it without leaving a bread trail back to you is where you see the difference between noob/script kiddie and "professional" Blackhat.

    Take the initial compromise of Sony for instance, anyone able to follow instructions could have google'd/watched a youtube video on using Metasploit and gotten into the system. It's been a while but I want to say it was an outdated Apache running either no root password or the default.

    That's why its important to always patch anything open to the internet, change all default logins, and due diligence. Otherwise you're a stationary target just asking to be compromised.
  • Options
    UnixGuyUnixGuy Mod Posts: 4,567 Mod
    amazing read! thanks for sharing!
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • Options
    MiikeBMiikeB Member Posts: 301
    I'm not convinced this is 100% true or accurate. His explanations were overly simple and generic, and when he tried to act like he was going in to detail it sounded even more oversimplified.

    I don't doubt some truth, for example he may very well have done DDoS for ransom etc, but "making millions and just funnel it through a cafe" type of comments seem like discussing something that he isn't actually familiar with the details of.
    Graduated - WGU BS IT December 2011
    Currently Enrolled - WGU MBA IT Start: Nov 1 2012, On term break, restarting July 1.
    QRT2, MGT2, JDT2, SAT2, JET2, JJT2, JFT2, JGT2, JHT2, MMT2, HNT2
    Future Plans - Davenport MS IA, CISSP, VCP5, CCNA, ITIL
    Currently Studying - VCP5, CCNA
  • Options
    YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    MiikeB wrote: »
    I'm not convinced this is 100% true or accurate. His explanations were overly simple and generic, and when he tried to act like he was going in to detail it sounded even more oversimplified.

    Keep in mind this person worked in a crew; therefore he likely was not involved in all the minutia outside of his specialty. Early in the interview he claimed his specialty is social engineering.

    To your credit, I agree, not everything you read on the internet is true; however I can see how one might not know intimate details of the entire operation.
  • Options
    mworwellmworwell Member Posts: 37 ■■□□□□□□□□
    Thanks for sharing. Very interesting interview.
Sign In or Register to comment.