I'm a paid hacker, AMA
Title is only slightly clickbait. I graduated from a Cyber Security and Forensic Computing degree, and am currently working as a Cyber Security Researcher. In short clients give us stuff (hardware, software, etc.) and we check it for security flaws by trying to break it.
AMA
AMA
Scroll to see replies
Which popular social media website/app would you say the easiest to hack? 
Spoiler
Original post by Chronoscope
Which popular social media website/app would you say the easiest to hack?
Spoiler
That isn't really my area of expertise, nor do I use social media in any great capacity these days. But I'd wager a lot, if not all of the major social media organisations have very competent security teams. With that in mind, if someone asked me to hack a specific social media account I'd be going the social engineering route over looking for bugs in the website or app.
In that respect, it's about the user rather than the service. Someone who has MFA turned on, uses different passwords for each site, etc. is a harder target than someone who uses the same predicatable password in each account. That's not to say these services are infallible and bug free, but humans are often the weakest link in the security chain.
A lot of experts wouldn't say they have great chances at hacking say Facebook or Twitter directly. But it takes almost no skill to pull something like the Adobe leak and start trying those creds on different social media accounts. Or to spin up a fake Facebook login page and socially engineer someone into putting in their details. Or password spray accounts for low hanging fruit.
Spoiler
In the most simple way possible how does cyber security even work? Encryption seems like the basic go-to that we're taught in E-Safety classes but I'm sure there's more to it than that right? I'm sure with a fast enough AI, encryption becomes useless?
- Someone who knows nothing about tech
- Someone who knows nothing about tech
Wow that's so cool 
doesnt surprise me though as your technical knowledge is amazing
Nice to see you back Acsel
doesnt surprise me though as your technical knowledge is amazing Nice to see you back Acsel
Original post by 8472
how do you feel about product names such as cloudstrike falcon
Part of it appeals to the child in me that just wants to be the cool hoodie hacker. But on the other hand some names are a bit cringey, especially in professional context. That said, I think it's important to have fun, so even if I don't agree with all the names I much prefer it over Generic Tool #16.
APT names on the other hand are just funny.
Original post by CoolCavy
Wow that's so cool doesnt surprise me though as your technical knowledge is amazing
Nice to see you back Acsel
doesnt surprise me though as your technical knowledge is amazing Nice to see you back Acsel
Thank you Cavy
what kind of cyber crime could you do
Couple of questions here, so I'll break them down.
You are correct, there is much more to it than that. Encryption as a field falls under Cryptography (which aims for secure communication in the presence of adversaries), which itself is a field within Cyber Security.
Cyber Security as a whole is the practice of securing and defending digital systems. That ranges from the physical like mobile phones, computers and servers, to digital data, software, websites and anything else you can think of. Encryption is one facet of that, but other fields include:
This list is not exhaustive and there are all sorts of jobs and fields not mentioned. So as you can imagine, there isn't a simple answer to the "how does it work".
So AI and encryption aren't inherently linked. I'm not really an AI person, but you are somewhat on the right track here.
Encryption as a process aims to take some data, change it into a form that is unreadable without some additional information, send it to the recipient and then they can decrypt it to read the message. We do this using complex mathematical algorithm, and a unique key. Think of it like putting the message in an unbreakable locked box, only the person with the key should be able to get in.
Now in good encryption, the security of the message depends on the key, not the algorithm. The algorithm can be public knowledge, but without the key it should be impossible to retrieve the message. This raises the question, why not just try every possible key? Simply put, modern day encryption algorithms use keys that are long enough to make this computational impossible. To put it in perspective, a 128 bit key has 2128 combinations; that's a 39 digit number. Even with the fastest computers today, it'd take millions of years to generate and try every value. However it wasn't always this way, and once upon a time we'd use shorter keys. But as computers became more powerful, cracking them became more feasible.
Now that's an overly simplified explanation, and there's far more to breaking encryption than just brute forcing the key value. But take your original statement and replace AI with something like "computational power" and you are fundamentally correct.
Original post by 2_versions
In the most simple way possible how does cyber security even work? Encryption seems like the basic go-to that we're taught in E-Safety classes but I'm sure there's more to it than that right?
You are correct, there is much more to it than that. Encryption as a field falls under Cryptography (which aims for secure communication in the presence of adversaries), which itself is a field within Cyber Security.
Cyber Security as a whole is the practice of securing and defending digital systems. That ranges from the physical like mobile phones, computers and servers, to digital data, software, websites and anything else you can think of. Encryption is one facet of that, but other fields include:
•
Bug hunting - Identifying bugs in software, which can lead to vulnerabilities
•
Digital forensics - Aims to collect and maintain digital evidence. This could involve working with the police, looking for digital evidence of criminal activity, or private sector work such as industrial espionage or tracking data breaches
•
Offensive security - This is your typical "hacker" role, in capacities such as red teaming and penetration testing. In short, you pretend to be a hacker and try to break stuff to find security holes
•
Defensive security - These are the good guys working for an organisation, setting up firewalls, monitoring networks, etc.
•
Development - As the name suggests, writing tools such as the antivirus used in your computer, or the monitoring software installed in billion dollar networks
This list is not exhaustive and there are all sorts of jobs and fields not mentioned. So as you can imagine, there isn't a simple answer to the "how does it work".
Original post by 2_versions
I'm sure with a fast enough AI, encryption becomes useless?
So AI and encryption aren't inherently linked. I'm not really an AI person, but you are somewhat on the right track here.
Encryption as a process aims to take some data, change it into a form that is unreadable without some additional information, send it to the recipient and then they can decrypt it to read the message. We do this using complex mathematical algorithm, and a unique key. Think of it like putting the message in an unbreakable locked box, only the person with the key should be able to get in.
Now in good encryption, the security of the message depends on the key, not the algorithm. The algorithm can be public knowledge, but without the key it should be impossible to retrieve the message. This raises the question, why not just try every possible key? Simply put, modern day encryption algorithms use keys that are long enough to make this computational impossible. To put it in perspective, a 128 bit key has 2128 combinations; that's a 39 digit number. Even with the fastest computers today, it'd take millions of years to generate and try every value. However it wasn't always this way, and once upon a time we'd use shorter keys. But as computers became more powerful, cracking them became more feasible.
Now that's an overly simplified explanation, and there's far more to breaking encryption than just brute forcing the key value. But take your original statement and replace AI with something like "computational power" and you are fundamentally correct.
Original post by yeetouttawindow
what kind of cyber crime could you do
The sky is the limit here, cyber is actually a somewhat creative field. Compromising the average persons computer is a fairly straightforward affair, and you can do some fun things if you get hold of any banking or personal details as a result of that. You can end up looking at things like fraud or blackmail when you go this route. Or maybe I don't actually want to gain anything and instead want to watch the world burn. I'd dump some malware on your machine, or break the OS, and move on.
At a less personal level, while I'm no expert I'd wager there's a whole host of organisations out there with insecure defences that even a beginner like me could take down. All things considered though, this is quite a difficult question for me to answer. I'm not a criminal, so can't exactly benchmark my skills and see what I'm capable of. That's probably not the answer you were looking for, but there's isn't a convenient checklist of "I can hack this, I can't hack that".
Original post by AcseI
Title is only slightly clickbait. I graduated from a Cyber Security and Forensic Computing degree, and am currently working as a Cyber Security Researcher. In short clients give us stuff (hardware, software, etc.) and we check it for security flaws by trying to break it.
AMA
AMA
so ur a penetration tester?
Original post by Xarao
Starting salary
For me, £30K. Average I saw when looking for a graduate job was £27-32K. Of course starting salary and what you're actually left with each month are very different.
Original post by AcseI
For me, £30K. Average I saw when looking for a graduate job was £27-32K. Of course starting salary and what you're actually left with each month are very different.
Oh this really is an AMA, thank you for that.
Now for the real question, what kind of career progression is there/you expect to see from your position as a Cyber Security Researcher? I always have been intrigued with cyber security, however when I ask this question, I usually don't get a great response.
Original post by vix.xvi
so ur a penetration tester?
There is some overlap and I am currently taking my OSCP, but officially no. My role as a researcher focuses more on binary exploitation than full pentesting. So I'm focused more on things like memory corruption, reverse engineering, fuzzing, etc. I would like to do some red teaming at some point though.
Original post by Xarao
Oh this really is an AMA, thank you for that.
Now for the real question, what kind of career progression is there/you expect to see from your position as a Cyber Security Researcher? I always have been intrigued with cyber security, however when I ask this question, I usually don't get a great response.
Now for the real question, what kind of career progression is there/you expect to see from your position as a Cyber Security Researcher? I always have been intrigued with cyber security, however when I ask this question, I usually don't get a great response.
I was debating if I wanted to answer salary, since I'm not going to answer personal questions for obvious reasons. But IMO salary isn't personal and it's something I'm happy to talk about in a general sense.
Honestly at this point I don't have a clear end goal. I chose a research position because it gives me a chance to get hands on with a lot of different technologies. I also had an offer for a more traditional pentesting role, but turned it down for various reasons. I also quite enjoyed binary exploitation at uni, which is what my research role focuses on.
I'd like to move towards more offensive roles like red teaming and maybe exploit development at some point, but it's not something I'm super desperate for. There's a lot of options, and I imagine if I got bored with this side of things I could probably move to the defensive side, working in a blue team soc for example. I don't particularly like the idea of the corporate side of things, so won't be aiming for CISO or anything like that. Although I could see myself delivering training courses in the future.
I don't think career progression in cyber works quite like it does in other fields. There's a constant need to develop your skills, but as a result it also means you can keep progressing while doing relatively the same job if that's what you enjoy. For some people career progression means getting into more senior positions, while for others it's about getting paid more. Providing you are happy to keep learning though, it's not a field where you can really stagnate.
Tl:dr an arbitrary comment about the degree a family members friends son was doing.
Basically I spent the standard 2 years at college, no idea what I wanted to do so uni was out of the question. Spent another 2 years at college (free education FTW) and was looking at some tech related apprenticeships. Waited for a year (so gap year), got sick of waiting and figured maybe uni was a good idea. Still no immediate career ideas, but I didn't want to just keep working in retail and making zero progress.
At this point I'd been interested in computers since I was little (got my first laptop in 2004) but had a brief blip and decided electronic engineering seemed like a fun idea. But I backed out of that, because computers was more my thing. I didn't just want to do CompSci and be a programmer though. Someone mentioned a forensic computing degree at uni, I looked and thought YOLO this looks fun so lets go with that. The degree then changed to encompass more cyber elements, I became progressively more enamoured with the traditional hacking side of things and here I am.
Looking at things objectively, I didn't put nearly as much thought as I should have into something that has been so life defining. And I don't regret any of it.
Basically I spent the standard 2 years at college, no idea what I wanted to do so uni was out of the question. Spent another 2 years at college (free education FTW) and was looking at some tech related apprenticeships. Waited for a year (so gap year), got sick of waiting and figured maybe uni was a good idea. Still no immediate career ideas, but I didn't want to just keep working in retail and making zero progress.
At this point I'd been interested in computers since I was little (got my first laptop in 2004) but had a brief blip and decided electronic engineering seemed like a fun idea. But I backed out of that, because computers was more my thing. I didn't just want to do CompSci and be a programmer though. Someone mentioned a forensic computing degree at uni, I looked and thought YOLO this looks fun so lets go with that. The degree then changed to encompass more cyber elements, I became progressively more enamoured with the traditional hacking side of things and here I am.
Looking at things objectively, I didn't put nearly as much thought as I should have into something that has been so life defining. And I don't regret any of it.
Original post by Other_Owl
What makes it hard to hack into an account?
Depends on the account. Passwords are the main defence, so having a strong password that is not reused is key. Multi factor authentication also makes it more difficult. Protection mechanisms then also pose problems, for example think of the lockout you get if you put your password in wrong too many times. These make the brute force approach more difficult.
However the flip side of this is that hacking into accounts often isn't a matter of guessing your password. Social engineering plays a big part in getting access to things nowadays. You can have a strong password that is effectively impossible to brute force, but if I can socially engineer you to enter it into my fake login page then you're done. So really alongside having strong passwords, people just generally being smart makes it more difficult. Not clicking dodgy links in emails, not entering your credentials when blindly asked, things like that.
Quick Reply
Related discussions
- I need help. Instagram account.
- Cyber security at uni
- GSK Assessment Centre Invite
- Coventry University or De Montfort University for Ethical Hacking/ Cyber Security
- Doing a Psychology Placement Year - AMA
- Unethical American Surveillance Recently,
- Crypto and bitcoin - any purpose and use beyond their plethora of scams and frauds?
- EO DWP Conditional offer West London campaign
- Back From My 4 Year Hiatus & Today Is My 10th TSRVersary! #AMA
- Advice on Cyber Security Course
- KCL or Nottingham
- Will the Army find out if I falsify my medical records?
- Physics and maths tutor not working :(((
- I've been on the studentroom 13 years but this is a new account AMA
- Most attractive guy of the following
- what does VPN do?
- Asperger Female. AMA.
- I'm a girl that doesn't like women's football AMA
- How many of you have 2 Factor Authentication (2FA) set up for instagram and Faceboo
- I do a Linguistics degree, AMA!
Latest
Trending
Last reply 3 days ago
If you could instantly become fluent in any foreign language which one would it be?Last reply 3 months ago
About the NCUK IFY Program for university Studies in the UKTrending
Last reply 3 days ago
If you could instantly become fluent in any foreign language which one would it be?Last reply 3 months ago
About the NCUK IFY Program for university Studies in the UK
