Sign up to save your podcasts
Or
Share Devin Casadey – Global Red Team Lead
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Devin Casadey – Global Red Team Lead
Chat with @DevinCasadey, Managing Principal / Global Red Team Lead. Devin's
Certifications: OSCE3 (OSWE, OSEP, OSED), OSCP, OSCE, OSEE, OSWP, eCTHP, GCPN
Devin can be found at:
Hack the Box: https://www.hackthebox.eu/profile/28293
HTB & CTF Team: https://www.hackthebox.eu/teams/profile/1685
Github: https://keramas.github.io/about.html
LinkedIn: https://www.linkedin.com/in/devin-casadey-198117b/
Twitter: https://twitter.com/DevinCasadey
Show Notes
Don't Roll Your Own: Devin's Writeup for how he decoded the database (referenced in the episode) - https://keramas.github.io/2022/05/03/dont-roll-your-own.html
EvilGinx: Man in the Middle Two Factor Auth - https://github.com/kgretzky/evilginx2
Chapter Timestamps
01:09 -- Why are you passionate about Infosec?
02:17 -- First use a computer?
05:31 -- What are you doing now?
06:16 -- Best way to hone skills?
07:54 -- Difference between Redteaming and Pentesting 09:12 -- Are Pentesters ever asked to emulate APTs?
11:51 -- Do you test different EDR Vendors?
16:18 -- Test Scenario 17:42 -- Do you have to write custom exploits for engagements?
23:31 -- Do you tell vendors you can bypass their EDR product?
26:02 -- Trying to get caught by Security Team 27:21 -- What can customers do to get the most out of a pentesitng engagement?
32:09 -- Pentest Client Behavior 35:56 -- Linux Boxes 37:11 -- Windows Security 40:30 -- Found Machine Already Compromised?
41:44 -- Pentest Planning
43:46 -- Memorable Engagements
47:07 -- Zero Trust
53:44 -- Initial Point of Entry
58:55 -- Okta Breach
01:01:27 -- Triple MFA
01:02:53 -- Avoid Burnout?
01:05:00 -- Joining a Redteam
01:09:44 -- Any Passion Projects?
01:10:21 -- Goodbye
Links:
Podcast Website: https://ephemeralsecuritypodcast.com
Blog: https://brakertech.com
Github: https://github.com/ssstonebraker
Social:
LinkedIn: https://www.linkedin.com/in/stevestonebraker
Twitter: https://twitter.com/brakertech
View all episodes
By Steve Stonebraker
5
44 ratings
Chat with @DevinCasadey, Managing Principal / Global Red Team Lead. Devin's
Certifications: OSCE3 (OSWE, OSEP, OSED), OSCP, OSCE, OSEE, OSWP, eCTHP, GCPN
Devin can be found at:
Hack the Box: https://www.hackthebox.eu/profile/28293
HTB & CTF Team: https://www.hackthebox.eu/teams/profile/1685
Github: https://keramas.github.io/about.html
LinkedIn: https://www.linkedin.com/in/devin-casadey-198117b/
Twitter: https://twitter.com/DevinCasadey
Show Notes
Don't Roll Your Own: Devin's Writeup for how he decoded the database (referenced in the episode) - https://keramas.github.io/2022/05/03/dont-roll-your-own.html
EvilGinx: Man in the Middle Two Factor Auth - https://github.com/kgretzky/evilginx2
Chapter Timestamps
01:09 -- Why are you passionate about Infosec?
02:17 -- First use a computer?
05:31 -- What are you doing now?
06:16 -- Best way to hone skills?
07:54 -- Difference between Redteaming and Pentesting 09:12 -- Are Pentesters ever asked to emulate APTs?
11:51 -- Do you test different EDR Vendors?
16:18 -- Test Scenario 17:42 -- Do you have to write custom exploits for engagements?
23:31 -- Do you tell vendors you can bypass their EDR product?
26:02 -- Trying to get caught by Security Team 27:21 -- What can customers do to get the most out of a pentesitng engagement?
32:09 -- Pentest Client Behavior 35:56 -- Linux Boxes 37:11 -- Windows Security 40:30 -- Found Machine Already Compromised?
41:44 -- Pentest Planning
43:46 -- Memorable Engagements
47:07 -- Zero Trust
53:44 -- Initial Point of Entry
58:55 -- Okta Breach
01:01:27 -- Triple MFA
01:02:53 -- Avoid Burnout?
01:05:00 -- Joining a Redteam
01:09:44 -- Any Passion Projects?
01:10:21 -- Goodbye
Links:
Podcast Website: https://ephemeralsecuritypodcast.com
Blog: https://brakertech.com
Github: https://github.com/ssstonebraker
Social:
LinkedIn: https://www.linkedin.com/in/stevestonebraker
Twitter: https://twitter.com/brakertech