Chat with @DevinCasadey, Managing Principal / Global Red Team Lead.
Devin’s Certifications:
OSCE3 (OSWE, OSEP, OSED), OSCP, OSCE, OSEE, OSWP, eCTHP, GCPN
Devin can be found at
Hack the Box:https://www.hackthebox.eu/profile/28293
HTB & CTF Team:https://www.hackthebox.eu/teams/profile/1685
Github: https://keramas.github.io/about.html
LinkedIn: https://www.linkedin.com/in/devin-casadey-198117b/
Twitter: https://twitter.com/DevinCasadey
Show Notes
Don’t Roll Your Own: Devin’s Writeup for how he decoded the database (referenced in the episode) – https://keramas.github.io/2022/05/03/dont-roll-your-own.html
EvilGinx: Man in the Middle Two Factor Auth – https://github.com/kgretzky/evilginx2
Chapter Timestamps
01:09 — Why are you passionate about Infosec?
02:17 — First use a computer?
05:31 — What are you doing now?
06:16 — Best way to hone skills?
07:54 — Difference between Redteaming and Pentesting
09:12 — Are Pentesters ever asked to emulate APTs?
11:51 — Do you test different EDR Vendors?
16:18 — Test Scenario
17:42 — Do you have to write custom exploits for engagements?
23:31 — Do you tell vendors you can bypass their EDR product?
26:02 — Trying to get caught by Security Team
27:21 — What can customers do to get the most out of a pentesitng engagement?
32:09 — Pentest Client Behavior
35:56 — Linux Boxes
37:11 — Windows Security
40:30 — Found Machine Already Compromised?
41:44 — Pentest Planning
43:46 — Memorable Engagements
47:07 — Zero Trust
53:44 — Initial Point of Entry
58:55 — Okta Breach
01:01:27 — Triple MFA
01:02:53 — Avoid Burnout?
01:05:00 — Joining a Redteam
01:09:44 — Any Passion Projects?
01:10:21 — Goodbye
// LINKS //
Podcast Website: https://ephemeralsecuritypodcast.com
Blog: https://brakertech.com
Github: https://github.com/ssstonebraker
// SOCIAL //
LinkedIn: https://www.linkedin.com/in/stevestonebraker
Twitter: https://twitter.com/brakertech