I'm a paid hacker, AMA

Watch
AcseI
Badges: 18
Rep:
?
#1
Report Thread starter 2 months ago
#1
Title is only slightly clickbait. I graduated from a Cyber Security and Forensic Computing degree, and am currently working as a Cyber Security Researcher. In short clients give us stuff (hardware, software, etc.) and we check it for security flaws by trying to break it.

AMA
5
reply
Chronoscope
Badges: 21
Rep:
?
#2
Report 2 months ago
#2
Which popular social media website/app would you say the easiest to hack?

Spoiler:
Show
are you back? :hugs:
1
reply
AcseI
Badges: 18
Rep:
?
#3
Report Thread starter 2 months ago
#3
(Original post by Chronoscope)
Which popular social media website/app would you say the easiest to hack?

Spoiler:
Show
are you back? :hugs:
That isn't really my area of expertise, nor do I use social media in any great capacity these days. But I'd wager a lot, if not all of the major social media organisations have very competent security teams. With that in mind, if someone asked me to hack a specific social media account I'd be going the social engineering route over looking for bugs in the website or app.

In that respect, it's about the user rather than the service. Someone who has MFA turned on, uses different passwords for each site, etc. is a harder target than someone who uses the same predicatable password in each account. That's not to say these services are infallible and bug free, but humans are often the weakest link in the security chain.

A lot of experts wouldn't say they have great chances at hacking say Facebook or Twitter directly. But it takes almost no skill to pull something like the Adobe leak and start trying those creds on different social media accounts. Or to spin up a fake Facebook login page and socially engineer someone into putting in their details. Or password spray accounts for low hanging fruit.


Spoiler:
Show
Sort of, but in a (hopefully) much more of a casual role than when I used to help out in tech. Good to see you Chronoscope :hugs:
3
reply
8472
Badges: 21
Rep:
?
#4
Report 2 months ago
#4
how do you feel about product names such as cloudstrike falcon
1
reply
V℮rsions
Badges: 21
Rep:
?
#5
Report 2 months ago
#5
In the most simple way possible how does cyber security even work? Encryption seems like the basic go-to that we're taught in E-Safety classes but I'm sure there's more to it than that right? I'm sure with a fast enough AI, encryption becomes useless?
- Someone who knows nothing about tech
1
reply
CoolCavy
Badges: 20
Rep:
?
#6
Report 2 months ago
#6
Wow that's so cool :eek: doesnt surprise me though as your technical knowledge is amazing
Nice to see you back Acsel :hugs:
1
reply
AcseI
Badges: 18
Rep:
?
#7
Report Thread starter 2 months ago
#7
(Original post by 8472)
how do you feel about product names such as cloudstrike falcon
Part of it appeals to the child in me that just wants to be the cool hoodie hacker. But on the other hand some names are a bit cringey, especially in professional context. That said, I think it's important to have fun, so even if I don't agree with all the names I much prefer it over Generic Tool #16.

APT names on the other hand are just funny.
0
reply
AcseI
Badges: 18
Rep:
?
#8
Report Thread starter 2 months ago
#8
(Original post by CoolCavy)
Wow that's so cool :eek: doesnt surprise me though as your technical knowledge is amazing
Nice to see you back Acsel :hugs:
Thank you Cavy :hugs:
0
reply
yeetouttawindow
Badges: 19
Rep:
?
#9
Report 2 months ago
#9
what kind of cyber crime could you do
0
reply
AcseI
Badges: 18
Rep:
?
#10
Report Thread starter 2 months ago
#10
Couple of questions here, so I'll break them down.

(Original post by 2_versions)
In the most simple way possible how does cyber security even work? Encryption seems like the basic go-to that we're taught in E-Safety classes but I'm sure there's more to it than that right?
You are correct, there is much more to it than that. Encryption as a field falls under Cryptography (which aims for secure communication in the presence of adversaries), which itself is a field within Cyber Security.

Cyber Security as a whole is the practice of securing and defending digital systems. That ranges from the physical like mobile phones, computers and servers, to digital data, software, websites and anything else you can think of. Encryption is one facet of that, but other fields include:

  • Bug hunting - Identifying bugs in software, which can lead to vulnerabilities
  • Digital forensics - Aims to collect and maintain digital evidence. This could involve working with the police, looking for digital evidence of criminal activity, or private sector work such as industrial espionage or tracking data breaches
  • Offensive security - This is your typical "hacker" role, in capacities such as red teaming and penetration testing. In short, you pretend to be a hacker and try to break stuff to find security holes
  • Defensive security - These are the good guys working for an organisation, setting up firewalls, monitoring networks, etc.
  • Development - As the name suggests, writing tools such as the antivirus used in your computer, or the monitoring software installed in billion dollar networks

This list is not exhaustive and there are all sorts of jobs and fields not mentioned. So as you can imagine, there isn't a simple answer to the "how does it work".

(Original post by 2_versions)
I'm sure with a fast enough AI, encryption becomes useless?
So AI and encryption aren't inherently linked. I'm not really an AI person, but you are somewhat on the right track here.

Encryption as a process aims to take some data, change it into a form that is unreadable without some additional information, send it to the recipient and then they can decrypt it to read the message. We do this using complex mathematical algorithm, and a unique key. Think of it like putting the message in an unbreakable locked box, only the person with the key should be able to get in.

Now in good encryption, the security of the message depends on the key, not the algorithm. The algorithm can be public knowledge, but without the key it should be impossible to retrieve the message. This raises the question, why not just try every possible key? Simply put, modern day encryption algorithms use keys that are long enough to make this computational impossible. To put it in perspective, a 128 bit key has 2128 combinations; that's a 39 digit number. Even with the fastest computers today, it'd take millions of years to generate and try every value. However it wasn't always this way, and once upon a time we'd use shorter keys. But as computers became more powerful, cracking them became more feasible.

Now that's an overly simplified explanation, and there's far more to breaking encryption than just brute forcing the key value. But take your original statement and replace AI with something like "computational power" and you are fundamentally correct.
0
reply
AcseI
Badges: 18
Rep:
?
#11
Report Thread starter 2 months ago
#11
(Original post by yeetouttawindow)
what kind of cyber crime could you do
The sky is the limit here, cyber is actually a somewhat creative field. Compromising the average persons computer is a fairly straightforward affair, and you can do some fun things if you get hold of any banking or personal details as a result of that. You can end up looking at things like fraud or blackmail when you go this route. Or maybe I don't actually want to gain anything and instead want to watch the world burn. I'd dump some malware on your machine, or break the OS, and move on.

At a less personal level, while I'm no expert I'd wager there's a whole host of organisations out there with insecure defences that even a beginner like me could take down. All things considered though, this is quite a difficult question for me to answer. I'm not a criminal, so can't exactly benchmark my skills and see what I'm capable of. That's probably not the answer you were looking for, but there's isn't a convenient checklist of "I can hack this, I can't hack that".
1
reply
Xarao
Badges: 20
Rep:
?
#12
Report 2 months ago
#12
Starting salary
0
reply
vix.xvi
Badges: 20
Rep:
?
#13
Report 2 months ago
#13
(Original post by AcseI)
Title is only slightly clickbait. I graduated from a Cyber Security and Forensic Computing degree, and am currently working as a Cyber Security Researcher. In short clients give us stuff (hardware, software, etc.) and we check it for security flaws by trying to break it.

AMA
so ur a penetration tester?
0
reply
AcseI
Badges: 18
Rep:
?
#14
Report Thread starter 2 months ago
#14
(Original post by Xarao)
Starting salary
For me, £30K. Average I saw when looking for a graduate job was £27-32K. Of course starting salary and what you're actually left with each month are very different.
0
reply
username5177602
Badges: 18
Rep:
?
#15
Report 2 months ago
#15
What is it that led you into Cyber Security?
0
reply
Xarao
Badges: 20
Rep:
?
#16
Report 2 months ago
#16
(Original post by AcseI)
For me, £30K. Average I saw when looking for a graduate job was £27-32K. Of course starting salary and what you're actually left with each month are very different.
Oh this really is an AMA, thank you for that.

Now for the real question, what kind of career progression is there/you expect to see from your position as a Cyber Security Researcher? I always have been intrigued with cyber security, however when I ask this question, I usually don't get a great response.
0
reply
AcseI
Badges: 18
Rep:
?
#17
Report Thread starter 2 months ago
#17
(Original post by vix.xvi)
so ur a penetration tester?
There is some overlap and I am currently taking my OSCP, but officially no. My role as a researcher focuses more on binary exploitation than full pentesting. So I'm focused more on things like memory corruption, reverse engineering, fuzzing, etc. I would like to do some red teaming at some point though.
0
reply
Other_Owl
Badges: 21
Rep:
?
#18
Report 2 months ago
#18
What makes it hard to hack into an account?
0
reply
AcseI
Badges: 18
Rep:
?
#19
Report Thread starter 2 months ago
#19
(Original post by Xarao)
Oh this really is an AMA, thank you for that.

Now for the real question, what kind of career progression is there/you expect to see from your position as a Cyber Security Researcher? I always have been intrigued with cyber security, however when I ask this question, I usually don't get a great response.
I was debating if I wanted to answer salary, since I'm not going to answer personal questions for obvious reasons. But IMO salary isn't personal and it's something I'm happy to talk about in a general sense.

Honestly at this point I don't have a clear end goal. I chose a research position because it gives me a chance to get hands on with a lot of different technologies. I also had an offer for a more traditional pentesting role, but turned it down for various reasons. I also quite enjoyed binary exploitation at uni, which is what my research role focuses on.

I'd like to move towards more offensive roles like red teaming and maybe exploit development at some point, but it's not something I'm super desperate for. There's a lot of options, and I imagine if I got bored with this side of things I could probably move to the defensive side, working in a blue team soc for example. I don't particularly like the idea of the corporate side of things, so won't be aiming for CISO or anything like that. Although I could see myself delivering training courses in the future.

I don't think career progression in cyber works quite like it does in other fields. There's a constant need to develop your skills, but as a result it also means you can keep progressing while doing relatively the same job if that's what you enjoy. For some people career progression means getting into more senior positions, while for others it's about getting paid more. Providing you are happy to keep learning though, it's not a field where you can really stagnate.
0
reply
AcseI
Badges: 18
Rep:
?
#20
Report Thread starter 2 months ago
#20
(Original post by bluewolf21)
What is it that led you into Cyber Security?
Tl:dr an arbitrary comment about the degree a family members friends son was doing.

Basically I spent the standard 2 years at college, no idea what I wanted to do so uni was out of the question. Spent another 2 years at college (free education FTW) and was looking at some tech related apprenticeships. Waited for a year (so gap year), got sick of waiting and figured maybe uni was a good idea. Still no immediate career ideas, but I didn't want to just keep working in retail and making zero progress.

At this point I'd been interested in computers since I was little (got my first laptop in 2004) but had a brief blip and decided electronic engineering seemed like a fun idea. But I backed out of that, because computers was more my thing. I didn't just want to do CompSci and be a programmer though. Someone mentioned a forensic computing degree at uni, I looked and thought YOLO this looks fun so lets go with that. The degree then changed to encompass more cyber elements, I became progressively more enamoured with the traditional hacking side of things and here I am.

Looking at things objectively, I didn't put nearly as much thought as I should have into something that has been so life defining. And I don't regret any of it.
0
reply
X

Quick Reply

Attached files
Write a reply...
Reply
new posts
Back
to top
Latest
My Feed

See more of what you like on
The Student Room

You can personalise what you see on TSR. Tell us a little about yourself to get started.

Personalise

Current uni students - are you thinking of dropping out of university?

Yes, I'm seriously considering dropping out (181)
14.38%
I'm not sure (59)
4.69%
No, I'm going to stick it out for now (368)
29.23%
I have already dropped out (37)
2.94%
I'm not a current university student (614)
48.77%

Watched Threads

View All