“Sure, I Can Hack Your Organization” – with Eric Escobar (Part 2 of 2)
Summary
Eric Escobar (Twitter; LinkedIn) joins Andrew (Twitter; LinkedIn) to discuss compromising networks and information security. He has a coveted DEFCON Black Badge.
What You’ll Learn
- Intelligence
- What keeps Eric up at night
- Thinking like an ethical hacker (aka a “penetration tester)
- Protecting your information (i.e., “Hardening the attack surface”)
- Plain English explanations of key cyber concepts like “Kill Chains” and “Zero Days”
- Reflections
- Having a cool job
- The information revolution and life in the modern world
- And much, much more…
Episode Notes
Eric Escobar commits several thousand felonies on any given day, if he didn’t have permission to do what he was doing.
A Principal Security Consultant with SecureWorks, Eric has compromised pretty much everything out there: from healthcare and banking to technology and critical infrastructure, through to amusement parks and next generation military aircraft.
“From my perspective, it’s the coolest job in the entire world.”
His team consecutively won first place in the Wireless CTF category at DEF CON 23, 24, and 25, snagging a Black Badge along the way. He has a BS and MS in Civil Engineering.
And…
The links between computing, hacking and the 60’s counterculture are FASCINATING. Learn more by dipping your toes here and here, or dive deeper with What the Dormouse Said (2005) by John Markoff and From Counterculture to Cyberculture (2006) by Fred Turner.
Quote of the Week
"Watching any critical infrastructure get compromised is really the thing that keeps me up at night because lives are in the balance…and we do a lot of testing for critical infrastructure, and I've seen computers and machines that have been online and not been taken offline, longer than I've been alive…So really interesting to see those types of things because they interact with really big, expensive hardware…there's a catch 22 that happens where you can't really take the machine offline to do maintenance on it because it's critical infrastructure. So then how do you test it to make sure that a hacker can't take it offline, or maintenance can't be done on it? " – Eric Escobar.
Resources
*Andrew’s Recommendation*
- Word Notes
- From beginner thru advanced, you’ll find some helpful definitions of things like “Web 3.0,” “NFT’s” and “Digital Transformation” on this Cyberwire audio glossary.
*SpyCasts*
- Inside Microsoft’s Threat Intelligence Center (MSTIC) – with John Lambert and Cristin Goodwin (2021)
- The Cyber Zeitgeist – with Dave Bittner (2021)
- Securing Cyberspace – with Charlie Mitchell (2016)
*Beginner Resources*
- What is Hacking? The Economic Times (n.d.) [web]
- Ethical Hacking in 8 Minutes, Simplilearn (2020) [8 min video]
- Cybersecurity in 7 minutes, Simplilearn (2020) [7 min video]
Books
- The Cyberweapons Arms Race, N. Perloth (Bloomsbury, 2021)
- Cult of the Dead Cow, J. Menn (PublicAffairs, 2020)
- Breaking & Entering, J. Smith (Mariner Books, 2019)
- The Art of Invisibility, K. Mitnick (L, B & C, 2017)
- Ghost in the Wires, K. Mitnick (Back Bay Books, 2012)
- Kingpin, K. Poulson (Crown, 2012)
- The Cuckoo’s Egg, C. Stoll (Doubleday, 1989)
- Neuromancer, W. Gibson (Ace, 1984)
Articles
- 2022 State of the Threat: A Year in Review, Secureworks (2022)
- The Anthropology of Hackers, The Atlantic (2010)
- Timeline Since 2006: Significant Cyber Incidents, CSIS (n.d.)
Documentary
- DEFCON, The Documentary Network (2013)
Resources
- Government Hacking Bibliography, S. Quinlan, New America Foundation (2016)
*Wildcard Resource*
- “The Aurora Shard”
- Come to the International Spy Museum to see an ugly chunk of metal. Why? Well, it speaks to a revolution in the relationship between the material world and the non-material world. Broken down? 30 lines of code blew up a 27-ton generator. Zeros and ones can cause violent explosions!