Ephemeral Security
Ephemeral Security
Steve Stonebraker
Devin Casadey – Global Red Team Lead
1 hour 11 minutes Posted May 5, 2022 at 4:40 am.
-Why are you passionate about Infosec?
-First use a computer?
-What are you doing now?
-Best way to hone skills?
-Difference between Redteaming and Pentesting 09:12 -- Are Pentesters ever asked to emulate APTs?
-Do you test different EDR Vendors?
-Test Scenario 17:42 -- Do you have to write custom exploits for engagements?
-Do you tell vendors you can bypass their EDR product?
-Trying to get caught by Security Team 27:21 -- What can customers do to get the most out of a pentesitng engagement?
-Pentest Client Behavior 35:56 -- Linux Boxes 37:11 -- Windows Security 40:30 -- Found Machine Already Compromised?
-Pentest Planning
-Memorable Engagements
-Zero Trust
-Initial Point of Entry
-Okta Breach
-Triple MFA
-Avoid Burnout?
-Joining a Redteam
-Any Passion Projects?
-Goodbye
0:00
1:11:27
Download MP3
Show notes
Chat with @DevinCasadey, Managing Principal / Global Red Team Lead. Devin's
Certifications: OSCE3 (OSWE, OSEP, OSED), OSCP, OSCE, OSEE, OSWP, eCTHP, GCPN 
Devin can be found at:
Hack the Box: https://www.hackthebox.eu/profile/28293
HTB & CTF Team: https://www.hackthebox.eu/teams/profile/1685
Github: https://keramas.github.io/about.html
LinkedIn: https://www.linkedin.com/in/devin-casadey-198117b/
Twitter: https://twitter.com/DevinCasadey 
Show Notes 
Don't Roll Your Own: Devin's Writeup for how he decoded the database (referenced in the episode) - https://keramas.github.io/2022/05/03/dont-roll-your-own.html
EvilGinx: Man in the Middle Two Factor Auth - https://github.com/kgretzky/evilginx2 
Chapter Timestamps
Links:
Podcast Website: https://ephemeralsecuritypodcast.com
Blog: https://brakertech.com
Github: https://github.com/ssstonebraker
Social:
LinkedIn: https://www.linkedin.com/in/stevestonebraker
Twitter: https://twitter.com/brakertech