130: Jason's Pen Test
Get the full experience! Sign up to access transcripts, personalized summaries, and more features.
Episode Description
Join us as we sit down with Jason Haddix (https://twitter.com/Jhaddix), a renowned penetration tester who has made a name for himself by uncovering vulnerabilities in some of the world’s biggest companies. In this episode, Jason shares his funny and enlightening stories about breaking into buildings and computers, and talks about the time he discovered a major security flaw in a popular mobile banking app.
Sponsors
Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer.
Support for this show comes from Arctic Wolf. Arctic Wolf is the industry leader in security operations solutions, delivering 24x7 monitoring, assessment, and response through our patented Concierge Security model. They work with your existing tools and become an extension of your existing IT team. Visit arcticwolf.com/darknet to learn more.
Listen to Episode
AI-Generated Summary
Navigating the Dark Side of the Internet
In this segment, Jason Haddix shares his early experiences diving into the world of cybersecurity and computer hacking. He recounts his time as a member of Shadow Crew, a prominent darknet forum, where he learned tricks for creating fake IDs. This curiosity and experimentation led him down a path of understanding both the potential and pitfalls of unauthorized access, which culminated in a pivotal experience that made him reconsider his journey into the underground.
The Evolution of a Penetration Tester
After his experiences with Shadow Crew, Jason transitioned into a legitimate career in cybersecurity, taking courses and eventually becoming a penetration tester. He narrates his progress as he engaged in various penetration tests, detailing his responsibilities at HP and the numerous assessments he conducted for Fortune 500 companies. This section highlights the growth of Jason from a curious teenager to a professional navigating the complexities of cybersecurity while maintaining ethical standards.
Uncovering Major Security Flaws
Jason shares his memorable experiences during penetration tests, particularly focusing on a mobile banking app where he discovered serious vulnerabilities. He explains the technical details of these findings, emphasizing both network and application testing as critical areas of focus. The anecdote about an open Amazon S3 bucket storing sensitive check images dives into the real-world implications of poor security practices, showcasing the vital role penetration testers play in protecting data.
Humor in the Field of Security
The discussion also explores lighter moments from his career, including stories about the unique methods he employed during physical penetration tests, such as using a blow-up doll to bypass security mechanisms. These anecdotes not only provide comic relief but also illustrate the creativity required in the field of penetration testing. Jason reflects on the importance of humor in a high-stakes environment while shedding light on the ethical dilemmas and challenges faced by security professionals.
Ready to get started?
Join other podcast enthusiasts who are getting podcast summaries.
Sign Up Free