Capture the Flag for Fun & Profit

Cybersecurity is the only technical, professional occupation I know of where practitioners routinely sharpen their skills through open competitions. The contests are based on the classic capture the flag game – except the flags are all virtual and capturing them involves hacking computers. Also unlike most other technical careers, cybersecurity is a high-paying profession that doesn’t require a university degree or formal training. There are literally hundreds of thousands of unfilled cybersecurity jobs right now. You can also just dabble in cybersecurity, making money from bug bounty programs. Or you can just hack for the fun of it – in a completely safe and legal environment. Jordan will tell you all about it in today’s show! Jordan Wiens has been a reverse engineer, vulnerability researcher, network security engineer, three-time DEF CON CTF winner, even a technical magazine writer but now he’s mostly a has-been CTF player who loves to talk about them. He has been the CTF expert for the first three years of HackASat and he was one of the founders of Vector 35, the company that makes Binary Ninja. Interview Links Hack-A-Sat 3: https://hackasat.com/  Satellite hacked using $25 hardware: https://threatpost.com/starlink-hack/180389/  Decommissioned satellite hacked to broadcast movie: https://www.independent.co.uk/tech/hack-satellite-hijack-def-con-b2147595.html  Student Rick-Rolls school: https://www.malwarebytes.com/blog/news/2021/10/high-school-student-rickrolls-entire-school-district-and-gets-praised  Hack-A-Sat 2 interview: https://podcast.firewallsdontstopdragons.com/2021/06/21/hacking-satellites-for-fun-profit/  Plaid CTF: https://plaidctf.com/  CTFTime.org: https://ctftime.org/  Pwnable.kr: https://pwnable.kr/  Pwnable.tw: https://pwnable.tw/  Reversing.kr: http://reversing.kr/  Shodan: https://www.shodan.io/ Burp Suite: https://portswigger.net/burp  Wireshark: https://www.wireshark.org/  Binary Ninja: https://binary.ninja/  Metasploit: https://www.metasploit.com/  Nmap: https://nmap.org/  Live Overflow: https://liveoverflow.com/  TryHackMe: https://tryhackme.com/  Further Info Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/ Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887  Support my work! https://firewallsdontstopdragons.com/support/ Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:03: Interview setup 0:04:25: What is Hack-A-Sat? 0:08:44: How has the Hack-A-Sat program evolved? 0:12:58: How did CTF’s start out and when did they become popular? 0:17:37: Why do we have so many unfilled cybersecurity jobs? 0:21:15: Do you need a college degree to work in cybersecurity? 0:29:39: What’s a black hat hacker vs white hat? What’s a red team or blue team? 0:32:15: How do CTF’s actually work? What is a flag and how do I capture it? 0:38:05: Are they beginner CTFs that are free to try? 0:44:38: What sorts of tools do hackers use in CTFs and in real hacking? 0:51:57: How do hackers chain together multiple exploits? 0:56:26: What’s your advice to someone who would like to try a CTF? 1:00:36: What’s next for Hack-A-Sat? 1:02:25: interview wrapup 1:04:07: What is Rick-Rolling? 1:05:23: Try a CTF, go to a hacker con!