Creating reliable team with right the mindset and mutual trust is essential in every business. In cybersecurity when working with sensitive information, those values are essential within the team and the company. To introduce the team of offensive security, we have decided to make an insight to teams’ structure. Working in cybersecurity is not a “regular” job. It is a choice to make information and systems more secure. To explain the driving force behind offensive security, we took some time to speak with one of LIFARS’ team leaders Milan Kyselica. The first part of this interview is available here.
LIFARS: Looking for a way how to get in the system and exploiting it requires certain mindset. Do you have the same mindset of doing things differently in everyday life?
Milan Kyselica: Most of the time I follow things that work and suit me well. But otherwise yes, once you are a hacker you will be hacking everything such as health, food, sleep and other things.
LIFARS: Working with different clients you come across different security holes. Is there something that always surprises you?
Milan Kyselica: It is pretty much unbelievable how common it is to find vulnerabilities that were heavily exploited 10 years ago on modern web applications. I mean it makes sense that the new websites are being built with security in mind and on a better software stack, but it is still not sufficient.
People in this field need to be aware of the most common types of vulnerabilities. Also, developers should have the OWASP Secure Coding Practices in mind when developing software.
LIFARS: Is there a success in particular that you are proud of achieving during one of your offensive security engagements?
Milan Kyselica: Last year our team and I discovered a session hijacking in a large financial institution. This means, that anyone knowing the details about the vulnerability could potentially log into their VPN which was secured with multi factor authentication. Surprisingly, this was possible even without knowing the correct credentials and the second authentication factor. Again, combination of factors that made the session hijacking possible.
LIFARS: In every system one will find flaws or possibilities how to breach it. Would you say it is laziness of its administrators or lack of knowledge and expertise in cyber security?
Milan Kyselica: It is hard to tell because each system and client is different. However, I would say the lack of expertise and knowledge is missing in most of the cases that have severe vulnerabilities. It is common to see the default settings in production without any kind of hardening and customization to prevent unauthorized access.
LIFARS: What are three tips you would give to every system administrator?
Milan Kyselica: Do not forget to update and patch, use strong passwords along with second factor authorization. And finally, use some antivirus or EDR solution to scan and keep all your devices protected.
LIFARS: Are there any obstacles or challenges that you face as a penetration tester?
Milan Kyselica: There are many of them. Firstly, knowing the application logic that differs pretty much in each engagement. You always need to adapt to new environment, architectures and technologies fast. Secondly, testing in production environment when the client is not prepared for it and does not have any kind of testing environment. That is sometimes painful since we are limited from what we can execute and test.
LIFARS: What would you recommend to an aspiring penetration tester as a starter pack? What certifications would you recommend?
Milan Kyselica: Pick an area that seems to be interesting and stick to it for some time. For example, I have started my pentesting career assessing web applications. I tried to discover what is being used to run this type of applications, how to setup them, and what it looks like when the configuration is set to default, Also, I looked into what kind of methodologies exist and are being used for testing them correctly, and what kind of vulnerabilities can be found in specific technologies.
As for certifications. it really depends on the area. Probably the most popular choice is Offensive Security Certified Professional (OSCP). An ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution.
LIFARS: How you keep yourself motivated to enter in new engagement with clear mind?
Milan Kyselica: I really like the work I am doing. I always try to come up with a little different approach to some problems and try to solve them. Practicing and getting more skills in this area is really my main motivation.