Chat with @DevinCasadey, Managing Principal / Global Red Team Lead.

Devin’s Certifications:
OSCE3 (OSWE, OSEP, OSED), OSCP, OSCE, OSEE, OSWP, eCTHP, GCPN

Devin can be found at

Hack the Box:https://www.hackthebox.eu/profile/28293
HTB & CTF Team:https://www.hackthebox.eu/teams/profile/1685

Github: https://keramas.github.io/about.html

LinkedIn: https://www.linkedin.com/in/devin-casadey-198117b/
Twitter: https://twitter.com/DevinCasadey

Show Notes

Don’t Roll Your Own: Devin’s Writeup for how he decoded the database (referenced in the episode) – https://keramas.github.io/2022/05/03/dont-roll-your-own.html

EvilGinx: Man in the Middle Two Factor Auth – https://github.com/kgretzky/evilginx2

Chapter Timestamps

01:09 — Why are you passionate about Infosec?

02:17 — First use a computer?

05:31 — What are you doing now?

06:16 — Best way to hone skills?

07:54 — Difference between Redteaming and Pentesting

09:12 — Are Pentesters ever asked to emulate APTs?

11:51 — Do you test different EDR Vendors?

16:18 — Test Scenario

17:42 — Do you have to write custom exploits for engagements?

23:31 — Do you tell vendors you can bypass their EDR product?

26:02 — Trying to get caught by Security Team

27:21 — What can customers do to get the most out of a pentesitng engagement?

32:09 — Pentest Client Behavior

35:56 — Linux Boxes

37:11 — Windows Security

40:30 — Found Machine Already Compromised?

41:44 — Pentest Planning

43:46 — Memorable Engagements

47:07 — Zero Trust

53:44 — Initial Point of Entry

58:55 — Okta Breach

01:01:27 — Triple MFA

01:02:53 — Avoid Burnout?

01:05:00 — Joining a Redteam

01:09:44 — Any Passion Projects?

01:10:21 — Goodbye

// LINKS //

Podcast Website: https://ephemeralsecuritypodcast.com

Blog: https://brakertech.com

Github: https://github.com/ssstonebraker

// SOCIAL //

LinkedIn: https://www.linkedin.com/in/stevestonebraker

Twitter: https://twitter.com/brakertech