TL;DR

I have joined Hacklabs as an Associate Security Consultant! :briefcase::computer:
Looking forward to learning more things from my colleagues/seniors

Environment

The HackLabs office is currently based in Manly, although they’ll be moving soon. It’s great for random 10 minute walks along the Corso or beach :beach_umbrella:
manly

Since Manly is a tourist destination, there’s tons of food options nearby, definitely won’t be as much variety around the new office :plate_with_cutlery::cry:

The office uses a Hotdesking concept which is pretty cool. Everyone gets a laptop and you can simply go to any desk and plug in your peripherals to work. Mouse, keyboard, headphones, external monitor included

The staffroom has free fruit, tea/coffee and biscuits which are restocked every week, it’s really great if I’m bored/sleepy/hungry… :apple:


People/Culture

So far I’ve met people from a variety of different backgrounds/culture — It’s pretty great as I don’t feel like I don’t belong in a sense. Furthermore, most of the sec people are memelords :black_joker:

There’s no need to wear full formal in office, decent clothing is enough!
Also — every login is done with SSO and accompanied with 2Factor Auth.


Workload

I just completed an external test recently and subimitted a report with the help of @Tophat. I also helped/shadowed other consultants in their tests and did security research in general. (ie. playing Pentesterlab)


Commute

Right now my commute consists of train + ferry, which realllllly sucks:

  • It’s 1.5hr so I have wake up super early
  • It’s fairly expensive (I meet the weekly/daily caps! :money_with_wings:)
  • But sometimes you get nice views on the way back home
   
ferry sunset

What’d I learn/use so far?

  • Nessus vulnerability scanner is awesome, although it may generate false positives/negatives sometimes

  • Word Report Template, fancy word functions like split-window editing, Document/Outline view, and Macros

  • Burp suite Pro license:
    • I now have unthrottled Intruder!!
      UNLIMITED POWER
    • Saved projects
    • Active scanner
    • Pro plugins

  • Learning how2MACOS, took awhile to get used to the  COMMAND+Thing  style, but iTerm2 is neat

  • Network discovery tools such as:
    • nmap (I actually had to read a book about it!)
    • hping

  • AWS boxes for phishing campaigns, grepping through password dumps, running Nessus scans from office is whitelisted for IPs and stuff

  • Using a SOCKS Proxy to continue working if a WAF IP-bans you

  • Real world stuff that CTF’s dont test your knowledge on:
    • Insufficient mail spoofing protection: SPF, DKIM, DMARC
    • Microsft Exchange Server Internal IP Disclosure
    • Insecure TLS Configurations
    • and many others…
  • Be aware of bad password policies and also Account Lockout policies :sweat_smile: