Vesky Shares His IT Security Story

Vesky Shares His IT Security Story

 

 

We're back to share another story from someone in the field of IT Security! At MyHackerTech we want to celebrate the diversity in the cybersecurity industry by sharing the inspirational stories of the people in the industry. With the IT security industry booming, many prospective IT professionals are wondering what they need to do to kick start their career.

 

They are also wondering if they have the necessary skills to start a career in the industry. We want to demystify the fields of IT security and white hat hacking, allowing the next generation of hackers to see first hand how to start their journey. These stories help piece together the building blocks of a career in security so our readers know where to focus their energy.

 

No two stories are exactly the same and people come to the industry from a multitude of backgrounds. Here we want to highlight the potential routes into the industry, as well as share advice to help prospective security professionals along their journey. Today we're listening to Vesky's story. Vesky hails from Twin Cities, Minneapolis-Saint Paul, in east-central Minnesota.

Follow Your Passion

I currently work for a consulting firm in the Twin Cities as an IT security analyst (read: pentester). I've been there for a couple of months and it's my first job after graduating college. Before that, I studied computer science and IT in college.

 

I could give you one recommendation, it would be to pursue your interests in your free time. Find something you love and learn it very well. The Cybersecurity field is one that people go into because they love it. It's a passion first and a career second. It's hard to compete against these kinds of people unless you also have the same kind of passion for the field.

Q: How Did You Decide to Go into Hacking? What Is It About the Field That Attracted You?

A: My origin story is very similar to a lot of my colleagues. I played a lot of videogames in my spare time, so it was natural to look towards something computer-related for a career. Originally I was thinking of Computer Science, but I took a programming class in high school and decided I wasn't smart enough to program.

 

I figured that since programming was for people much more intelligent than I was, I could do the IT and networking work that avoided it. My first year in college was all IT and networking systems. Windows, Linux, and Cisco.

 

No Cybersecurity and no programming. I loved the intro to Linux class I took. It made so much sense to me. I could tell the computer what to do and it just did it. I could take simple and easy to use commands and combine them with pipes to solve complex problems. I showed other people how to use Linux. I loved it so much that I started researching how to do other cool things in Linux.

 

I did some Bash scripting here and there and eventually figured out that Bash scripting is just programming. I realized that programming isn't as difficult as I originally thought it was. Today I am a programmer as well as a hacker, and IT security professional.

 

My journey into Cybersecurity began when I joined my school's Collegiate Cyber Defense Competition team. It was a great place to learn and be among people who were just as clueless about how to secure a network as I was. The goal of CCDC is to defend a network from hackers while keeping critical services like HTTP, mail, and Active Directory alive and online.

 

We got hacked badly the first year. The next year we recreated the same IT infrastructure setup and I wanted to see how easy it would be to attack using basic tools like Metasploit and Nmap. Turns out it was pretty easy. You just have to be persistent and try things until they work.

 

I'm the youngest in my family so trying to get away with as much mischief as possible comes second nature to me. I like the server administration side too, but I think it's really fun to see how much hacking I can get away with before I get caught. I just thought computer hacking would be a sweet skill to have. I wish I had a more exciting reason to be in the Cybersecurity field, but at the heart of it, I just think being a professional hacker sounds really cool.

 

Don't Let a Lack of Programming Knowledge Scare You

To anyone thinking about pursuing a career in cybersecurity, don't let a lack of programming knowledge discourage you. Tons of positions don't require any kind of programming experience -- mine included. At the same time, don't make the mistake I made and think that programming is unattainable for you. Programming just takes time and the patience to figure things out.

 

Be ready to look up a lot of compiler/interpreter errors and make Stack Overflow your best friend. I'd recommend starting the way I did and writing simple Bash scripts or something easy in Python before jumping straight into the "more difficult" languages like C/C++, Java, or Assembly. The basic concepts are the same across every programming language.

 

My advice is to immerse yourself in learning. Read lots of articles, keep up to date with the latest exploits and hacks, learn some new things about whatever technology you're trying to hack. Below is list of resources I have to know for my job. I hope it's as useful to you as it was for me.

 

Networking

IPv4/Subnetting

    https://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13788-3.html

TCP/UDP

    https://www.howtogeek.com/190014/htg-explains-what-is-the-difference-between-tcp-and-udp

Ports

    http://www.pearsonitcertification.com/articles/article.aspx?p=1868080

    https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

    https://en.wikipedia.org/wiki/Ephemeral_port

Linux

Commands

    https://www.cheatography.com/davechild/cheat-sheets/linux-command-line

Users/Groups/Permissions

    https://www.linode.com/docs/tools-reference/linux-users-and-groups

Daemons

    https://kb.iu.edu/d/aiau

    https://wiki.archlinux.org/index.php/Daemons

Package Managers

    https://www.tecmint.com/linux-package-management

Windows

Commands

    https://www.howtogeek.com/168896/10-useful-windows-commands-you-should-know

    https://www.sharepointsky.com/powershell-basic-commands

Active Directory

    https://en.wikipedia.org/wiki/Active_Directory

    https://cyberx.tech/kerberos-authentication

SMB (Server Message Block)

    https://en.wikipedia.org/wiki/Server_Message_Block

Group Policy

    https://en.wikipedia.org/wiki/Group_Policy

HTTP and HTTPS

TLS Certificates

    https://en.wikipedia.org/wiki/HTTPS

    https://letsencrypt.org/docs/faq

GET/POST

    https://www.diffen.com/difference/GET-vs-POST-HTTP-Requests

Web Servers

    https://yourbusiness.azcentral.com/list-different-servers-3142.html

Offensive Security (Hacking)

Dumping Windows Passwords

    http://woshub.com/how-to-get-plain-text-passwords-of-windows-users

    https://github.com/SecureAuthCorp/impacket/blob/master/examples/mimikatz.py

Kerberoast

    https://attack.mitre.org/techniques/T1208

    https://github.com/SecureAuthCorp/impacket/blob/master/examples/GetUserSPNs.py

Password Cracking

    https://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-passwords-part-3-using-hashcat-0156543

Pass the Hash

    https://en.wikipedia.org/wiki/Pass_the_hash

    https://github.com/SecureAuthCorp/impacket/blob/master/examples/smbclient.py

NTLM Relay

    https://resources.infosecinstitute.com/exploiting-windows-authentication-protocols-part-01

    https://github.com/SecureAuthCorp/impacket/blob/master/examples/ntlmrelayx.py

 

 These materials are for educational and research purposes only.Do not attempt to violate the law with anything contained here 


Leave a comment

Please note, comments must be approved before they are published

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.