Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Ever wanted to work as a "chief hacker" "security evangelist"? This is a place to post jobs or ask for work. Over time as I hear about job offers, we can consolidate them into this board. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
job prospective
Posted by: Malkav
Date: February 12, 2008 09:47AM

to you recruiters, what security cert is really valuable to you ?

i am currently thinking of getting a GSE
[www.giac.org]

but don't know apart for the fun factor if it is really worth the hassle. there is so many so called "Ethical pentester/hacker/kiddie" certs around, that it's difficult to understand those who are really recognised/known around.

so a CCIE security, or CREST or something ? maybe a combat grade from sensepost [www.sensepost.com]

'cause i ain't got no super duper piece of toilet paper to show the world my ├╝ber h4x0r 1337 skillz (or not). not good for the payrise.

so any advice from the slave traders lurking around here ?

yeah rsnake, i know this is much more about net/system sec than webapp sec. i don't know if there is such a certification or something. perhaps google for .mario certified. your liver don't want to be id certified...

Options: ReplyQuote
Re: job prospective
Posted by: id
Date: February 12, 2008 12:01PM

A CCIE easily makes a resume, you could get hired on it alone if that's what you want to do, but it ain't easy...

Without knowing your background and future goals it's hard to say what's good for you

-id

Options: ReplyQuote
Re: job prospective
Posted by: Malkav
Date: February 12, 2008 12:56PM

well. i suppose you could call me a UNIX guy. something like 15 years with linux/BSD/solaris. only a little AIX HP/UX in the mix. i am not *that* perverted. i focused on system tuning for the better of the last few years, and that's actually my job in a large banking group (arbitrage box tuning. those babies take quite a load in the ass per day) but i have reached more or less the limit of the field. corporate environment doesn't fit to well with low level kernel hacking.

on a more security oriented PoV i have already done a lot of incident handling, post mortem analysis, network or system (UNIX boxen only. i don't know the first thing on windows boxen, never had/worked with any) and code auditing (C/C++/perl mainly. java on design flaw, not implementation) i started to play with higher level flaws (which is the main reason of my presence here) after a random kiddy nearly rooted one of the servers i was root on with a lame SQLi, and i must say the stuff is pretty exciting (especially if you take in consideration the lower levels implication. like if you manage to throw a couple of blade racks through the roof with a web exploit, temp in the data will *quickly* raise to obscene level, resulting in total failure of the whole floor. something nice i experienced recently with a bunch of code monkeys that found a way to create a distributed fork() bomb on a *fat* grid)

i grok crypto a lot too, and that lead me to my point. i would love a job consisting of tearing down stuff. top-down embedded device security, from the web front end to the processor architecture. something really transversal.

and something well paid, 'cause my lab is starting to cost.

something like that in store chef ?

thanks for the help.

Options: ReplyQuote
Re: job prospective
Posted by: id
Date: February 12, 2008 08:04PM

HPUX was my first *NIX, I worked for HP in their UNIX motherboard shop on R&D boards, soldered together a HPUX box out of scrap parts, fun times...guess I am *that* perverted...

Anyway... funny thing is, I put off certs for years, designed/defended some of the biggest networks in the world, and no one but the occasional recruiter would ask about my qualifications because I stayed pretty much in the same business and people knew my track record. However, now that RSnake and I are running our own business and working with people who aren't familiar with the kind of work we do, they ask a lot more, as they should. Businesses who's job isn't security are ill equipped to judge the qualifications of security professionals and companies; and as lame as many certs are, they are at least a baseline.

For the type of job you described most companies aren't going to care about a cert, they are going to want to see your work in action. Finding a job like that is a bitch though, and a cert could catch a recruiter's eye since the work you probably have on your resume is above their comprehension... So it's a trade off, if you can get interviews, don't bother, if you're having trouble finding the perfect job, then sure, take some, you might meet the kind of people with good connections in those classes as well.

If you had less experience and were cheaper, I'd ask you to apply here, but I need a lackey right now :)

-id

Options: ReplyQuote
Re: job prospective
Posted by: thrill
Date: February 12, 2008 11:10PM

Quote

and as lame as many certs are, they are at least a baseline.

Some of the dumbest people I've encountered as far as security was concerned had CISSP certifications.. and back in the mid to late 90's, having a Certified Novell Engineer title in your resume meant you knew about Novell as much as a 6 year old.

Quote

For the type of job you described most companies aren't going to care about a cert, they are going to want to see your work in action.

Balderdash! If you are lucky, you will run into someone who actually has a few marbles still running around upstairs and degree/certificates will not matter, otherwise you will have to deal with some pompous imbecile who will throw his degree in your face every chance he gets, and will belittle you and your little certificate because he definitely does not want someone who is obviously smarter than he is, yet does not possess an actual degree and having you come in and showing him off...

I guess you missed Gareth's recent posting about the amazing ineptitude of current IT profes*cough*sionals when it comes to security..

Maybe one day I'll tell you how I really feel.. ;)

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: job prospective
Posted by: Malkav
Date: February 13, 2008 03:17AM

@id from what i get of the posts here, looks like you are :)

@thrill we've got a big sec group in house, whose job is (as it would) checking our IT systems compliances with the various norms (BALE II, ISO17799...) and the state of the art.

that's for theory. in the real world, their biggest achievement is banning access from bash.org, forcing a wallpaper through a GPO, and denying systematically access to everything (one night the firewall was configured to cut a backuping machine from its robot 'cause "the flow was suspicious")

and, of course the guys consider themselves elite.

bah, enough rant, thanks for all the fish. don't know what i'll stick to, but i will update

Options: ReplyQuote
Re: job prospective
Posted by: Anonymous User
Date: February 13, 2008 12:05PM

@Malkav

Nice to see some more hardcored network guys grokking the webappsec. it has been downplayed for far too long IMO.

Options: ReplyQuote
Re: job prospective
Posted by: Malkav
Date: February 13, 2008 01:01PM

when a random 14 yo kiddie whose main skills is his left click on the right tool is only stopped by my host defense (auto process killing on suspicious activity, thanks samhain)and isn't detected by our K$30 inline IDS, just because some devs are lazy bastards (no input validation whatsoever on an internet facing application. come on, even without knowing really what a XSS was that's something which would be logic), it makes me feel really, really bad. youngster, i mocked old school admins which didn't adapt to new threats.
yes the threat model has changed. a lot. virii/worms are dead. the real VXers like z0mbie or vecna doesn't fit the business model (did you RE any recent malware ? if they're not modified copy of a random bot like Agobot, they're *really* badly coded (the irony is that, yes, a "professional" application, is often much less audited, for performance or security, than a "amateur" one. when you're coding for private interest, you just put much more motive into the app than the random code monkey in corporate land)

on the other hand, webapp sec seems to be hugely underestimated (like implementation errors like off-by-one buffer filling was ten years ago) and the knowledgeable people on the field seems to be... few.

that will seem obvious to you, but when i asked a member of our secteam yesterday if they were checking for XSS/SQLi/CSRF in our internal apps (managing a few billions per day...), he answered no with the smile that says "come on, it's just web apps, we don't care. what are they gonna do. deface our credit risk app ? lololololol!!!111oneone"

i learned a lot since i am here, and i start to wonder about the monstrous combos that offer knowledge of "classical" system exploitation with a pervasive internet.

exemple : correct me if i am wrong. could i create i JS worm targeting a popular blog engine (for the sake of the exemple, let's call it WormPress) that not only is stored in a random field present on the page, but is also an extension for a popular webbrowser, (AirWalrus here) that install itself silently, and then start scanning the luser's web activity for the very same blog engine, and infects it automagically as soon the user expose the flaw (trying to post a comment, register, or worse, just reading a post).

now that's just the infection engine, not even the payload.

then we could imagine a host infection using the web two point oohey functionality to do it's job. auto slashdotting, digging, tecnorating as a web DDoS mecanism anyone ?

well well. time will tell if can take more out those fields. the router hacking challenge is a GREAT leap forward in this PoV. i would fave .mario's VOIP interception, just because it associate physical, web and network sec. corporate espionnage ftw !

Options: ReplyQuote
Re: job prospective
Posted by: id
Date: February 13, 2008 02:47PM

you could always go blackhat, no one will check a cert...ever.

-id

Options: ReplyQuote
Re: job prospective
Posted by: Malkav
Date: February 14, 2008 03:10PM

oh yes, writing crappy malware designed for the quickest release possible after the discovery of yet another remotely exploitable trivial boundary check error in yet another crappy microsoft product. or better, injecting lame massive SELECTs in badly designed "secure" e-commerce sites to provide a few thousand credit card numbers at $0.35 apiece.

[arrrr, cheapodiscount philosophy ahead captain ! risk of aggravated laughter]
no thanks, i'll pass.call me names if you want but ethics are the foundation of my work. i consider myself yojimbo, not ninja. a taoist would say we're both side of a same coin.
[ahoy, matey, danger is behind us !]

and my small overlord has enough material of FUD for the next ten years about hackers with all those crappy media describing jerome kerviel as a grand evil h4x0r (not only this guy only knew a little VBA, but heck, he didn't even crack any passwords, he still had his from the time he was working at backoffice... yes yes no password expiration in two years... yes yes, in vital transaction control systems...)

but well. so GSE will it be.

Options: ReplyQuote
Re: job prospective
Posted by: thrill
Date: February 14, 2008 04:36PM

@Malkav - take deep breath.. there there, better?

Welcome to the world we live in. A world run by abusers who are followed by butt kissers, and between them they can't tie a shoe lace, but somehow they got to where they are and are the policy makers we must follow, even if their policies make more sense in a diaper bin than the corporate world.

It's a cruel reality that a larger number of us has to face. A piece of paper which only signifies you either learned the system well enough to get around it (by having someone else do your homework), or managed to memorize enough of "The Halo Effect" before taking your MBA final exam, but could recall less than 2% two weeks after the exam was over..

Yes yes, we have *them* in power now, greedy as all hell, afraid that someone above them is going to realize that they don't know crap, and got their job by dropping school and course names rather than actual merit. They probably went to the bullshit generator before their interview, and since the interviewer actually uses that same website to create their "Corporate Goals(tm)", they thought it was actually inventive. So here he goes, clueless as a 17yo girl who's been invited to see the Submarine Races, and gets assigned to run the IT department for a multi-billion dollar corporation. Of course, you or I cannot 'suggest' what needs to happen next, although our suggestions will be used after our jobs have been downsized. Then he'll get a $200k "Innovation Bonus" for implementing our suggestions. So while we surf Monster for a new job, he's actually busy customizing his Aston Martin Vanquish, because you know he's a really cool guy and should be driving only the best.

But like history has shown us, people do have a breaking point. Right now we may be willing to put up with this crap, but the day will certainly come when those at the top will actually know what they are doing, and sniveling young butt kissers with an MBA will have to settle for a career where the repetitive phrase "would you like fries with that?" will resonate long after they've fallen asleep.

;)

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: job prospective
Posted by: Malkav
Date: February 15, 2008 04:45PM

amen.

why do all the impassionated people i meet are so deeply cynical about the state of IT ? (purely rhetoric, we all know the answer)

oh, and for those interested, juniper should either audit their freebsd base, or stop making firewalls. there are funny things starting to float around. you should *always* validate IP headers.

*whistles*

Options: ReplyQuote
Re: job prospective
Posted by: id
Date: February 16, 2008 01:36PM

a. I was joking
b. I've seen pretty good blackhat code, maybe not clean, but very clever
c. I'm not passionate like thrill, just cynical

-id

Options: ReplyQuote
Re: job prospective
Posted by: fragge
Date: February 18, 2008 03:51PM

I was looking at the GCIH (GIAC Hacker Techniques, Exploits and Incident Handling) Cert from GIAC, through SANS both online and at a 6 day course that is coming to me. Looks interesting, although I don't think I'm going to learn much in the way of web security except about fragmentation and port attacks.. The app and rootkit shit is what caught my eye. Then again, if you've found a rootkit in the server you're supposed to be monitoring, chances are you're a moron for letting it in and its time to reformat. Anyone know if that course is worth doing, jobwise or simply as an educational endeavour - it doesn't look like much as far as certs go, although it does cover a wide range, and you jump onto a network with your classmates and drop bombs on their machines.. much fun. Details on what is covered at http://www.giac.org/certbulletin/gcih.php



Edited 1 time(s). Last edit at 02/18/2008 04:08PM by fragge.

Options: ReplyQuote
Re: job prospective
Posted by: Malkav
Date: February 18, 2008 04:30PM

1 : if you find a damn rootkit by hand, chance you're not a moron, and if you are not a moron, chances are that the damn rootkit is pretty much interesting. live forensic will be your way, just in case it's a mem only exploit

2 : IH is muuuuch more about procedures than tech. the process is always roughly the same. isolate incident. preserve context and evidences. analyse incident and redact a *clear* report. chances are that if you are employed as a full time IH your compagny will prosecute. your findings can be used in court in certain juridiction. so lot of evidence handling laws to learn ("droit de la preuve";"evidence jurisprudence"; don't know the term for you brits & americans)

Options: ReplyQuote
Re: job prospective
Posted by: thornmaker
Date: February 18, 2008 07:38PM

fragge - I took Hacker Techniques Sans course a couple of years ago. I didn't take the Cert exam so I can't comment on that. The course I had was taught by Ed Skoudis and I thought he did a good job covering the subject. The first day was on procedure, the next 3 (or 4?) days were on various vulnerabilities, exploits, tools, and defenses. The final day was a 'capture the flag' challenge where you can apply what you've learned. The course moved quickly, so there is obviously not time to go into great depth, but it was still very educational (at the time I was much more a novice with regards to security).

Options: ReplyQuote
Re: job prospective
Posted by: fragge
Date: February 18, 2008 10:02PM

@Malkav

hmm, I'm not sure I'd be very impressed with the intelligence/capability of our techs if they told me that an "interesting" rootkit had decided to log all the info on my box whilst opening backdoors and installing malware.

thanks for that info as far as incident handling goes, I wasn't aware that it was so evidence oriented. Perhaps I will just settle for a non-cert course.

@thornmaker

sounds informative and fun, I think I will give it a go - everything you stated there was what I was expecting from the course :)

Options: ReplyQuote


Sorry, only registered users may post in this forum.