PaulDotCom mailing list archives
Getting Your Start Because You Wanted to Get Paid For Hacking
From: brianwgray at gmail.com (Brian Gray)
Date: Fri, 15 May 2009 11:22:52 -0400
My apologies if this is long and or boring :) I too started into info sec thinking why not get paid to do what fascinates me and I do already. It really clicked after realizing the power of a computer connected to a network. My first programming classes started in 7th grade (mid 90's) and so a few of my classmates and I started working on projects together in classes over the years. Around 9th grade, our high school started connecting the computers in the programming labs to hubs and my friends and I started playing with socket programming and began a project between the three of us to mimic NetBus, Back Orifice, suB7, etc. As we played around with sockets more and more I started writing basic syn port scanners and learning how to tunnel out of the school's proxies with ssh and creating remote execution applications as pranks to pop up porn on friends browsers in other classrooms or remotely kill games they were playing etc. always searching for new tricks to hide processes so they couldn't easily be shut down. Writing our own applications let us get around the antivirus programs because they weren't out in the wild and they didn't stop on actions back then only signatures. We were required to produce new projects quarterly for our programming classes so we would add new features to our remote control application as projects. Which gave us a "valid" reason to get away with installing it all over the school. As our remote control application became more powerful and more mature we started gearing it less for pranks and more for remote administration of the school's computer labs which meant adding some basic authentication to use it. The more research I did to add features the more interested I became in groups like the cDc with BO and individuals like mobman with suB7. I went off to college with the purpose of learning networking and computers on a lower level and always fixated on working in the security field. In high school I was taught that memory management and cleaning up was good coding practice. In college I learned why and was introduced to the world of remote exploitation. I constantly try to work on new projects and learn as much as I can every day from as many sources as I can. I try to surround myself with people that I can learn from. After college and my internship with a well known university I started at a company ~6 years ago that made it clear that if I was willing to work my way into it I could join their security team. I made it on to the team a couple years ago and I take every opportunity when training like Sans is offered I can't get enough of it. I don't think I could enjoy another career or community as much as this one. I've spent the greater part of my life striving to be a part of this industry and yet still have SOOO much to learn. I can't thank the members of the PaulDotCom community and other security communities enough for providing a place to share and learn information about computer / information security. --BrianWGray On Fri, May 15, 2009 at 8:42 AM, Raffi Jamgotchian <raffi at flossyourmind.com>wrote:
My experience mirrors yours. After wardialing for BBSes, I ran one off of a 'teenage line' as we called it back then. Wrote some BBS software that sucked. After entering the workforce, outside email was introduced to our ccMail system which I did over an serial connection between a standalone PC that would connect to the Internet over ISDN and finger the ISPs POP server. People wanted to browse (this is 1995-6) so we bought a Sun Sparc workstation and checkpoint and it was my job to set it up and harden it. The only time that we were hacked (that I know of!) is during a pentest they found a modem connected to a conference bridge system running NT4 and an unsecure PCAnywhere that the vendor left on. ---- Raffi On May 14, 2009, at 8:20 PM, Chris Merkel <cmerkel at gmail.com> wrote:A variation on that other thread. I didn't get my start in infosec because I got hacked. I was a huge (beige hat) fan of the movie War Games, if you catch my drift. BBSs, tymnet, telenet (no, that's not a typo kids...) and other random x.25 links found via wardialing were my first playgrounds. I remember one day, as the sun rose on a typical all-nighter, I said to myself "Cool, I just taught myself how to use DEC VMS, I bet I'd be good at a job working with computers..." So, who got into IT in the hopes that they could one day start getting paid for something they had done for fun in the past? (And is willing to admit it ;-) I did - it's still a lot of fun, though there's a lot more paperwork involved. -- - Chris Merkel _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- -Brian W. Gray -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090515/d522de7e/attachment.htm
Current thread:
- Getting Your Start Because You Wanted to Get Paid For Hacking Chris Merkel (May 14)
- Getting Your Start Because You Wanted to Get Paid For Hacking Raffi Jamgotchian (May 15)
- Getting Your Start Because You Wanted to Get Paid For Hacking Matt Hillman (May 15)
- Getting Your Start Because You Wanted to Get Paid For Hacking Robin Wood (May 15)
- Getting Your Start Because You Wanted to Get Paid For Hacking Tim Mugherini (May 15)
- Getting Your Start Because You Wanted to Get Paid For Hacking Brian Gray (May 15)
- Getting Your Start Because You Wanted to Get Paid For Hacking Matt Hillman (May 15)
- Getting Your Start Because You Wanted to Get Paid For Hacking Raffi Jamgotchian (May 15)