SpyCast 10.11.22
Ep 560 | 10.11.22

“Sure, I Can Hack Your Organization” – with Eric Escobar (Part 2 of 2)

Show Notes

Summary  

Eric Escobar (Twitter; LinkedIn) joins Andrew (Twitter; LinkedIn) to discuss compromising networks and information security. He has a coveted DEFCON Black Badge. 

 

What You’ll Learn 

  • Intelligence 
  • What keeps Eric up at night  
  • Thinking like an ethical hacker (aka a “penetration tester) 
  • Protecting your information (i.e., “Hardening the attack surface”) 
  • Plain English explanations of key cyber concepts like “Kill Chains” and “Zero Days” 
  • Reflections 
  • Having a cool job 
  • The information revolution and life in the modern world 
  • And much, much more… 


Episode Notes 

Eric Escobar commits several thousand felonies on any given day, if he didn’t have permission to do what he was doing. 

A Principal Security Consultant with SecureWorks, Eric has compromised pretty much everything out there: from healthcare and banking to technology and critical infrastructure, through to amusement parks and next generation military aircraft

“From my perspective, it’s the coolest job in the entire world.” 

His team consecutively won first place in the Wireless CTF category at DEF CON 23, 24, and 25, snagging a Black Badge along the way. He has a BS and MS in Civil Engineering.  

And… 

The links between computing, hacking and the 60’s counterculture are FASCINATING. Learn more by dipping your toes here and here, or dive deeper with What the Dormouse Said (2005) by John Markoff and From Counterculture to Cyberculture (2006) by Fred Turner.   

 

Quote of the Week 

"Watching any critical infrastructure get compromised is really the thing that keeps me up at night because lives are in the balance…and we do a lot of testing for critical infrastructure, and I've seen computers and machines that have been online and not been taken offline, longer than I've been alive…So really interesting to see those types of things because they interact with really big, expensive hardware…there's a catch 22 that happens where you can't really take the machine offline to do maintenance on it because it's critical infrastructure. So then how do you test it to make sure that a hacker can't take it offline, or maintenance can't be done on it? " – Eric Escobar.

 

Resources 

*Andrew’s Recommendation* 

*SpyCasts* 

*Beginner Resources* 

Books 

  • The Cyberweapons Arms Race, N. Perloth (Bloomsbury, 2021) 
  • Cult of the Dead Cow, J. Menn (PublicAffairs, 2020) 
  • Breaking & Entering, J. Smith (Mariner Books, 2019) 
  • The Art of Invisibility, K. Mitnick (L, B & C, 2017) 
  • Ghost in the Wires, K. Mitnick (Back Bay Books, 2012) 
  • Kingpin, K. Poulson (Crown, 2012) 
  • The Cuckoo’s Egg, C. Stoll (Doubleday, 1989) 
  • Neuromancer, W. Gibson (Ace, 1984) 

Articles 

Documentary 

  • DEFCON, The Documentary Network (2013) 

Resources 

*Wildcard Resource*