Home page logo

pauldotcom logo PaulDotCom mailing list archives

Getting Your Start Because You Wanted to Get Paid For Hacking
From: brianwgray at gmail.com (Brian Gray)
Date: Fri, 15 May 2009 11:22:52 -0400

My apologies if this is long and or boring :)

     I too started into info sec thinking why not get paid to do what
fascinates me and I do already. It really clicked after realizing the power
of a computer connected to a network. My first programming classes started
in 7th grade (mid 90's) and so a few of my classmates and I started working
on projects together in classes over the years. Around 9th grade, our high
school started connecting the computers in the programming labs to hubs
and my friends and I started playing with socket programming and began a
project between the three of us to mimic NetBus, Back Orifice, suB7, etc. As
we played around with sockets more and more I started writing basic syn port
scanners and learning how to tunnel out of the school's proxies with ssh and
creating remote execution applications as pranks to pop up porn on friends
browsers in other classrooms or remotely kill games they were playing etc.
always searching for new tricks to hide processes so they couldn't easily be
shut down. Writing our own applications let us get around the antivirus
programs because they weren't out in the wild and they didn't stop on
actions back then only signatures. We were required to produce new projects
quarterly for our programming classes so we would add new features to our
remote control application as projects. Which gave us a "valid" reason to
get away with installing it all over the school. As our remote control
application became more powerful and more mature we started gearing it less
for pranks and more for remote administration of the school's computer labs
which meant adding some basic authentication to use it. The more research I
did to add features the more interested I became in groups like the cDc with
BO and individuals like mobman with suB7. I went off to college with the
purpose of learning networking and computers on a lower level and always
fixated on working in the security field. In high school I was taught that
memory management and cleaning up was good coding practice. In college I
learned why and was introduced to the world of remote exploitation. I
constantly try to work on new projects and learn as much as I can every day
from as many sources as I can. I try to surround myself with people that I
can learn from.  After college and my internship with a well known
university I started at a company ~6 years ago that made it clear that if I
was willing to work my way into it I could join their security team. I made
it on to the team a couple years ago and I take every opportunity when
training like Sans is offered I can't get enough of it. I don't think I
could enjoy another career or community as much as this one.

    I've spent the greater part of my life striving to be a part of this
industry and yet still have SOOO much to learn. I can't thank the members of
the PaulDotCom community and other security communities enough for providing
a place to share and learn information about computer /
information security.


On Fri, May 15, 2009 at 8:42 AM, Raffi Jamgotchian
<raffi at flossyourmind.com>wrote:

My experience mirrors yours. After wardialing for BBSes, I ran one off
of a 'teenage line' as we called it back then. Wrote some BBS software
that sucked. After entering the workforce, outside email was
introduced to our ccMail system which I did over an serial connection
between a standalone PC that would connect to the Internet over ISDN
and finger the ISPs POP server.
People wanted to browse (this is 1995-6) so we bought a Sun Sparc
workstation and checkpoint and it was my job to set it up and harden it.

The only time that we were hacked (that I know of!) is during a
pentest they found a modem connected to a conference bridge system
running NT4 and an unsecure PCAnywhere that the vendor left on.


On May 14, 2009, at 8:20 PM, Chris Merkel <cmerkel at gmail.com> wrote:

A variation on that other thread. I didn't get my start in infosec
because I got hacked. I was a huge (beige hat) fan of the movie War
Games, if you catch my drift.

BBSs, tymnet, telenet (no, that's not a typo kids...) and other random
x.25 links found via wardialing were my first playgrounds. I remember
one day, as the sun rose on a typical all-nighter, I said to myself
"Cool, I just taught myself how to use DEC VMS, I bet I'd be good at a
job working with computers..."

So, who got into IT in the hopes that they could one day start getting
paid for something they had done for fun in the past? (And is willing
to admit it ;-)

I did - it's still a lot of fun, though there's a lot more paperwork

- Chris Merkel
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
Main Web Site: http://pauldotcom.com
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
Main Web Site: http://pauldotcom.com

-Brian W. Gray
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090515/d522de7e/attachment.htm 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]