Penetračný tester / Penetračná testerka

Miesto práce

Bratislava, Slovensko (Pozícia umožňuje aj prácu z domu)

Mzdové podmienky (brutto)

Od 2 000 EUR/mesiac plus motivačné bonusy

Finálna suma základnej zložky mzdy môže byť navýšená v závislosti od odborných skúseností vybraného kandidáta.

Druh pracovného pomeru

Plný úväzok, živnosť, alebo dohodou

Termín nástupu

Ihneď

 

Hľadáme nadšenca do nášho tímu, ktorý chce tráviť čas hackingom - hľadaním zraniteľností vo webových aplikáciách. Je jedno či ste junior alebo senior.

Ak sa pripojíte k nášmu tímu, budete mať príležitosť pracovať na rôznych projektoch pre rôznych klientov. Vaše úlohy budú zahŕňať skúmanie zabezpečenia a hľadanie zraniteľností, ktoré môžu ohroziť systémy a aplikácie klientov. Taktiež budete mať možnosť vylepšiť si svoje zručnosti v penetračnom testovaní, pretože sa budete učiť od skúsených členov tímu.

Snažíme sa rozvíjať kultúru Work-to-Live (práca pre život), a nie Live-to-Work (život pre prácu). Ľúbime to, čo robíme, ale máme radi aj osobný život. Aj keď sa stáva, že členovia nášho tímu pracujú do polnoci hľadaním zraniteľností, na súťažiach CTF alebo na osobných projektoch. Keďže máme radi aj osobný život, ponúkame Vám 4-dňový pracovný týždeň, ale o tom viac na úvodnom pohovore.

Od penetračného testovania webu sa môžete posunúť aj k hackovaniu mobilných aplikácii, infraštruktúry, cloudových a kontajnerových riešení až k reverznému inžinierstvu a exploitácii.

Nezáleží nám na vašom vzdelaní ani certifikátoch. Ak ste naozaj dobrý a máte vášeň pre počítačovú bezpečnosť a chuť sa neustále vzdelávať, ste ten správny kandidát.

 

Náplň práce:

·        Vykonávať penetračné testy webových aplikácií

·        Identifikovať a zneužiť zraniteľnosti

·        Vytvoriť záverečnú správu (report) z penetračného testu v slovenskom alebo anglickom jazyku

·        Komunikovať so zákazníkmi

·        Spolupracovať s vývojovým tímom na implementácii bezpečnostných opatrení

·        Výskum

 

Osobnostné predpoklady a zručnosti:

·        Vášeň pre počítačovú bezpečnosť

·        Chuť skúmať ako veci fungujú

·        Disciplinovanosť

·        Pochopenie etiky v podnikaní v počítačovej bezpečnosti

·        Schopnosť manuálne identifikovať a exploitovat bežné webové zraniteľnosti

·        Znalosť webových protokolov a webových architektúr / frameworkov

·        Vedieť čítať zdrojové kódy (Java, JavaScript, TypeScript, C#, PHP, ..)

·        Sledovanie nových trendov v oblasti bezpečnosti webových aplikácií

·        Byť samostatný, ale nebojácny sa spýtať kolegu ak niečomu nerozumie

 

Čo ponúkame:

·        Platená pozícia na plný úväzok, živnosť, alebo dohodou

·        Motivácia založená na kvalite a efektivite

·        Školenie a certifikácie v oblasti ofenzívnej bezpečnosti

·        Konferencie (zahraničné aj domáce)

 

Možnosť pracovať:

·        V kancelárii

·        Z domu (vzdialene, ale záleží aj od projektu)

·        Kombinácia

 

Ak máte záujem, pošlite nám svoj životopis na hr@binary.house a povedzte nám o svojich zručnostiach.

 

O spoločnosti:

Binary House je slovenská spoločnosť so sídlom v Bratislave, ktorá poskytuje služby v oblasti ofenzívnej IT bezpečnosti. Pomáha svojim klientom identifikovať a opraviť ich zraniteľné miesta v aplikáciách, sieťach a systémoch. Medzi poskytované služby patrí penetračné testovanie, bezpečnostné audity, reverzné inžinierstvo, vývoj PoC / Exploitov a útoky pomocou sociálneho inžinierstva.

ZeroPointSecurity Certified Red Team Operator (CRTO) Course - Few notes

Preface 

During the end-of-year madness with projects, I was searching for distractions for my troubled mind and saw several praising posts on Twitter about a red teaming course. Having a homie who also took part in the course and wrote a very comprehensive, although dated, blog post (https://v3ded.github.io/misc/certified-red-team-operator-crto-review) convinced me to look into it. Despite my reluctance to work within a Windows environment, I decided to take a step out of my comfort zone, so I jumped on the hype train and bought the course. The course strongly revolves around Active Directory misconfigurations leveraging Cobalt Strike. As my friends from the AV industry would say: "duh, Cobalt Strike again, boring." Their words are a true testament that probably one of the most widespread malware contains packed and obfuscated cracked versions of Cobalt Strike. Being able to emulate the tactics, techniques, and procedures (TTPs) of real-world APT groups—that's what red teaming is really about, isn't it? 

Labs and course material 

All of the materials are hosted on Canvas in the form of short Markdown articles. From the very beginning of the course, the author guides you through topics about the specifics of red teaming, especially in comparison with penetration testing. These mini-articles are clear and concise, which is good on the one hand, but on the other hand, some of the modules are so sparse that someone with no experience in red teaming will have a hard time materializing the concepts. There are also sections where the author does not care about explaining underlying concepts, which are left to the astute reader. For this reason, I would not recommend this course for beginners in IT security, as many topics are very light in terms of theory, and the section just shows that you carry out this specific attack in this way and that's it. If you blindly follow the commands for carrying out an attack, you will have a tough time in the exam. I've seen many students struggling with basic concepts and techniques, which Cobalt Strike allows you to perform in a single click. It's a double-edged sword: anyone can execute the attacks, but if the concept is not understood well, you just don't know when or how to use it properly. Many students didn't realize what the pivoting or session passing are really good for. As I mentioned, the modules are very straightforward and give you step-by-step instructions to execute an attack. I must confess that it is a very different approach to learning, as OffSec encourages in their courses. There are very few explicitly stated challenges that could push your critical thinking. On the flip side, you should pay close attention to every sentence, as many of the modules contain little nudges that hide a treasure that can be leveraged in the exam. Throughout the course, you will go through each stage of the attack lifecycle—from initial compromise to full domain takeover, data hunting, and exfiltration. You will also learn how common "OPSEC failures" can lead to detection by defenders and how to carry out those attacks in a more stealthy way. This is a huge feature, as the course allows you to check all the metadata and events that were triggered by your attack in the Splunk instance. When you have exhausted all of your ideas for replicating the attack, there is a very active and helpful Discord channel for the course available to all who participate in the course, where you can ask questions. 

Exam 

The exam is a 48 hour, hands-on CTF, carried as an assumed breach, where you attack several forests.   You are required to get at least 6 out of 8 flags to pass. The exam is, however, available for 4 days or 48 lab hours (whatever expires first), and it's possible to pause it if you want to take a break. The difficulty of the exam was fair and everything you need to successfully pass is in the course, even without annoying proctoring (unlike OffSec). The course teaches you techniques and attacks within latently protected environment (e.g. no antivirus and firewall). However, it is no secret that exam lab is protected by Defender with AMSI and a firewall, which will probably give you headaches. Therefore, after you scramble through the lab once, it's recommended to turn the Defender on and rinse and repeat the modules one more time. In my experience, I was very impatient with executing the commands and beacons were very often killed by behavioral analysis. During the exam I had several connection issues and the whole exam lab was so slow. The only support is the author of the course, so if you experience an issue and he is currently offline, you are left in the dark alone. 

Costs 

When it comes to value for money, there are only few courses that could beat this one to the punch. All in all, for £399.00, you will get lifetime access to the course materials, which seems to be fairly updated every now and then, 40 hours in the labs (can be extended for another 40 hours for 20£), that includes all the important server instances that you find in enterprise environments and hands-on experience with the premiere redteaming framework Cobalt Strike. 

Conclusion 

It should be noted that the course is a rated as beginner-intemediate course and thus, the Defender isn't fully up to date, even though the servers are Windows Servers 2022, but I witnessed multiple times during engagements that the many attacks carry over as they are of misconfigurations nature, rather than straight vulnerabilities that are being patched. After all, I would recommend this course after taking OSCP as a logical step towards the beauty of the red teaming world.