Chat with @DevinCasadey, Managing Principal / Global Red Team Lead.
Devin's Certifications:
OSCE3 (OSWE, OSEP, OSED), OSCP, OSCE, OSEE, OSWP, eCTHP, GCPN
Devin can be found at
Hack the Box: https://www.hackthebox.eu/profile/28293
HTB & CTF Team: https://www.hackthebox.eu/teams/profile/1685
Github: https://keramas.github.io/about.html
LinkedIn: https://www.linkedin.com/in/devin-casadey-198117b/
Twitter: https://twitter.com/DevinCasadey
Show Notes
Don't Roll Your Own: Devin's Writeup for how he decoded the database (referenced in the episode) - https://keramas.github.io/2022/05/03/dont-roll-your-own.html
EvilGinx:  Man in the Middle Two Factor Auth - https://github.com/kgretzky/evilginx2
Chapter Timestamps
01:09 -- Why are you passionate about Infosec?
02:17 -- First use a computer?
05:31 -- What are you doing now?
06:16 -- Best way to hone skills?
07:54 -- Difference between Redteaming and Pentesting
09:12 -- Are Pentesters ever asked to emulate APTs?
11:51 -- Do you test different EDR Vendors?
16:18 -- Test Scenario
17:42 -- Do you have to write custom exploits for engagements?
23:31 -- Do you tell vendors you can bypass their EDR product?
26:02 -- Trying to get caught by Security Team
27:21 -- What can customers do to get the most out of a pentesitng engagement?
32:09 -- Pentest Client Behavior
35:56 -- Linux Boxes
37:11 -- Windows Security
40:30 -- Found Machine Already Compromised?
41:44 -- Pentest Planning
43:46 -- Memorable Engagements
47:07 -- Zero Trust
53:44 -- Initial Point of Entry
58:55 -- Okta Breach
01:01:27 -- Triple MFA
01:02:53 -- Avoid Burnout?
01:05:00 -- Joining a Redteam
01:09:44 -- Any Passion Projects?
01:10:21 -- Goodbye
// LINKS //
Podcast Website: https://ephemeralsecuritypodcast.com
Blog: https://brakertech.com
Github: https://github.com/ssstonebraker
// SOCIAL //
LinkedIn: https://www.linkedin.com/in/stevestonebraker
Twitter: https://twitter.com/brakertech