Day 4️⃣⃣4️⃣⃣
Young Padawans and seasoned Cyber Professionals alike - what is the most important skill in Cyber Security?
Let me tell you.
Young Padawans and seasoned Cyber Professionals alike - what is the most important skill in Cyber Security?
Let me tell you.
The number one problem that you have in Cyber Security because of its vastness is lack of knowledge.
You will never know everything, it is a constantly evolving field.
So how do you balance knowing with being ok not knowing?!
You use your most valuable skill.
You will never know everything, it is a constantly evolving field.
So how do you balance knowing with being ok not knowing?!
You use your most valuable skill.
Googling.
Being able to find information on the internet is the differentiator between:
Junior
Intermediate
Senior
Lead and above
Being able to find information on the internet is the differentiator between:
Junior
Intermediate
Senior
Lead and above
I often use the following abstraction for career levels:
Junior - asks what to google for
Intermediate - knows what to google for
Senior - knows how to google efficiently - to find things the intermediate cannot find (uses experience)
Lead+ - teaches others how to google
Junior - asks what to google for
Intermediate - knows what to google for
Senior - knows how to google efficiently - to find things the intermediate cannot find (uses experience)
Lead+ - teaches others how to google
So today I will throw a lot of questions at you and you can do the following:
- ask me for tips
- try to find it on your own and tell me what you found
- post what you found in the replies or in a DM
The questions will be similar to what I have been asked in interviews
- ask me for tips
- try to find it on your own and tell me what you found
- post what you found in the replies or in a DM
The questions will be similar to what I have been asked in interviews
Q1: Which tools do hackers use to test web applications?
Q2: What is a Proxy? maikroservice's dad. duh...
Q3: What is XSS - how do you find it?
Q4: Can you automate finding XSS?
Q4.1: How would you try to?
Q5: What is the difference between red team assessment and pen test?
Q2: What is a Proxy? maikroservice's dad. duh...
Q3: What is XSS - how do you find it?
Q4: Can you automate finding XSS?
Q4.1: How would you try to?
Q5: What is the difference between red team assessment and pen test?
Q6: Which one is your favorite vulnerability?
Q6.1: How do you hunt for them?
Q7: What's a CVE?
Q7.1: Do you have any?
Q8: How would you find CSRF vulnerabilities w/ grep?
Q9: Which linux distribution is your favorite (This one kills me... please dont ask this in interviews)?
Q6.1: How do you hunt for them?
Q7: What's a CVE?
Q7.1: Do you have any?
Q8: How would you find CSRF vulnerabilities w/ grep?
Q9: Which linux distribution is your favorite (This one kills me... please dont ask this in interviews)?
Now that's a lot of questions, how do we answer them if we don't know the answers?
WE SEARCH!
Here are 10 TRICKS to get better at using google/other search engines
WE SEARCH!
Here are 10 TRICKS to get better at using google/other search engines
1. You can specify the site you are looking for with e.g. site:linkedin.com
2. You can look for definitions by using the "def:hacking" syntax
3. you can exclude specific words with "-word"
4. use double quotes to find EXACTLY what you are looking for
2. You can look for definitions by using the "def:hacking" syntax
3. you can exclude specific words with "-word"
4. use double quotes to find EXACTLY what you are looking for
5. you can specify the filetype with: filetype:pdf
6. you can search in url, title or site - inurl:keyword, intitle:keyword, insite:keyword
7. you can use the .. operator to find data between two dates/years - 2006..2008 will find things between 2006 and you guessed it 2008
6. you can search in url, title or site - inurl:keyword, intitle:keyword, insite:keyword
7. you can use the .. operator to find data between two dates/years - 2006..2008 will find things between 2006 and you guessed it 2008
8. you can give priority to one search term by adding a "+" infront of it - hacking +maikroservice xss
9. you can use the AND / OR operators to either make sure multiple strings are found (AND) or either (OR)
10. you can find things in the meta information with "meta:keyword"
9. you can use the AND / OR operators to either make sure multiple strings are found (AND) or either (OR)
10. you can find things in the meta information with "meta:keyword"
That's a wrap!
I hope you learned something today - If you enjoyed this thread:
1. Follow me @maikroservice for more of these
2. RT the tweet below to share this thread with your audience
I hope you learned something today - If you enjoyed this thread:
1. Follow me @maikroservice for more of these
2. RT the tweet below to share this thread with your audience
Loading suggestions...