What's It Like As A Red Team Operator? (w/ Chris M.)
Вставка
- Опубліковано 1 чер 2024
- Ever wondered how to get a job on a red team? In this video Ricky sits down with a professional hacker to discuss his journey into cybersecurity. We cover topics like salaries, practical skills, hiring and interview process, and more!
Find out how to get started in the field and what life is like as a red teamer. Going from beginner to professional hacker may seem daunting. But in this first episode of Cyber Made Simple, Chris talks everything from penetration testing to to how you can start a career in red teaming.
00:00 Start
01:18 Getting into Cybersecurity
03:25 Cybersecurity Today
04:28 Learn the Basics
06:30 What is Red Teaming
14:16 Red Team Lifestyle
19:48 White Hat vs. Black Hat
21:29 The Hacking Process
25:25 Why Red Team
27:54 Hacker Education
29:44 Hacking Practice
32:28 Certs or Skills?
36:52 How to Get a Job
40:15 Red Team Salaries
40:45 Social Engineering
41:58 Cyber Pro Picks
42:25 Cyber Tips for Grandma
45:22 Final Thoughts
What are the differences between red team operators and penetration testers? Let us know in the comments below!
LIKE, SUBSCRIBE, and FOLLOW
Host: Ricky Tan (@GoRickyTan)
Guest: Chris M.
cyberspatial
cyberspatial_hq
cyberspatial
#Cyberspatial #RedTeam #InfoSec
That handwriting is the writing of a true pen tester.
omg..
Red Team sounds like the route for me..I love solving puzzles, detective work and using my analytical skills. Awesome interview.
Even in mid 2022, this interview is refreshingly relevant and thoughtful - Awesome content, keep it up :)
theoretically FBI! theoretically OPEN UP!
😂
😂😂😂
This is soooooooooo good :) Highly value and appreciate your content.
thanks!!
wtf u talkin about, this is elementary school stuff
@@goranskoc4152 it's perfect for people who don't know isn't it?
thank you both. I'm not even a scriptkiddie yet, but learned a truckload of amazing stuff
This channel is highly under-rated. It deserves way more subs. Your content is very insightful and helpful❤️💯
Appreciate the kind words!
The way you ask questions is very much appreciated,
Your question really clarify all the doubts
I never found anyone asking this type of questions in any channel or podcast.
Well done.
Really appreciate the kind words. Comments like this inspire us to continue what we're doing :)
Also I would love a video about common cyber security / technical terminology explained and stuff
Forbidden A good idea, we’ll take a look at that! Also we are considering using discord, but in the meantime you can always contact us at contact@cyberspatial.com
Thank you 😅
Focused for all the 47 minutes of the video, I have to rewind several times to soak myself with the information. 3 years ago but still relevant in 2024, Good content is timeless.
Love the food analogy! Awesome dialogue. Hoping for more of these!
More to come!
This is really good. Best "day-in-the-life" type video I've seen.
Glad you enjoyed it!
It definitely is more fun to break things! Very insightful!
This content is gold. Learned alot.
Thank you :)
Thank you so much for these videos!
bubbly asmr thanks for the support!
incredible interview and great content. Just discovering the world of offsec as a total noob and already into THM and learning python and its all great fun so far
Thanks and good luck!
Bro this was very helpful, you've got a new sub!
Thanks! Welcome aboard!
focused for all 47 minutes of the video thanks for this!
Wow, what a champ! Appreciate it. Thank you :)
this channel is a life saver!
Thank you :)
OMG thank you for this!!
Loved your interview and content ❤️❤️. Great content for people who want's to join cybersecurity career path and people who have lack of knowledge about cybersecurity and cybercrime.
Thanks for the kind words, Rajat! Make sure to subscribe to our channel for more content like this. 😊
Dude, you'r awesome! Keep it up! Quality content!
Will do! Thanks :)
great interview!!
Im love ur channel bcz of video quality and content 😻
We appreciate it. Thank you.
Very informative, well done!
Thank you!
38:32 that's a motivation right there, thank you for this great content!
Level Up!
Thanks for another great video! Career changing from accounting to cybersecurity. Typical reactions I always get is "you're crazy for doing that.." lol. Excited for myself and where I will be in a year.
Awesome to hear! Wish you well on your transition :)
@@Cyberspatialwow, thanks for replying! This might be a long shot but I'll ask anyways. Can/do you interview women in cybersecurity as well? I just love listening to people's journey especially into this field.
@@HM-os6wy I'm doing a quick chat with Heather Mahalik tomorrow.
This video is theoretically very informational.
Informal *
Currently working as an accountant. I'm working towards my first red team cert eJPT then it's OSCP
Very good interview with informaiton, been wanting to transit to cyber securities field but totally clueless.
Thank you! Hope this video helps :)
Love the sewing machine in the background! There is a phenomenal sewing machine museum in Tulsa, Oklahoma on Peoria Ave.
Thanks! Symbolizes hard work and attention to detail. Will check it out :)
Absolutely amazing content 👍
Thank you 🙌
Great interview.
God job; good questions and interesting answers.
Thank you for watching!
Love the content!!!
Thanks!
Great 1:1 on being a red team operator. Chris needs to watch Mr. Robot.
Thank you!
Good interview
Dude, you have good interviewing skillz!
Thanks!
Thank you
Thanks very helpful 👍
Glad it helped :)
exceptional content
Thank you :)
good job 👍 keep up the good work
Thanks, will do!
Wow great session
Thank you!
I'm in Blue Team now as incident responder. But I want to move to Red team someday. Question I have is: Do Red Team Operators travel a lot for engagements or is it possible to find remote opportunities or even only local opportunities. I'm asking because I'm a more of a family guy but I really want to become a Red Teamer someday.
Awesome, Awesome, Awesome content! Simple and deep at the same time. I thought C|EH was an advanced cert, but now I know it's not as advanced as I thought.
Shoot for your OSCE!
@@Cyberspatial Still a little bit far. I'm only a support technician, but I have a Sec+ scheduled for next week. I'll take eJPT and PNPT next year, not sure if I should try to pivot to Network admin or sysadmin before trying to become a pentester. But I'll shoot for OSCP after having my eJPT and PNPT.
Awesome talk!
Appreciate your time and attention!
Very helpful
Glad you think so!
nice man enjoyed myself also learned some stuff
Glad to hear!
i appreciate the subtitle!
Glad you find them helpful!
23:29 The way that Wi-fi works is that it connects to the strongest signal. That's fine, but do you not need the password for the original Wi-Fi to conduct the Man-in-the-middle attack? the man-in-the-middle usually would mean that you would connect to they're wi-fi so that you can forward the traffic through it? but would the device connecting already send the key and you would effectively get the password that way also???
You're spoofing a fake access point. Don't need to access the original to MiTM a victim going through your AP.
Good info.
Glad you think so!
This was amazing, many thanks! 1st programming I learned was Basic back in the 80's on a Radio Shack TRS80 or trash80 as we called it LULZ!
You're welcome! I think BASIC was a lot of people's first language! Is Radio Shack still in business nowadays?
Just beautiful
Awesome interview! Is it possible for someone to enter cybersecurity through the self taught route? A brick and mortar school isn't my thing.
For sure! Self-taught is normally the best way to become skilled in this field
9 months down the line. But if you didn't know some employers hire directly from hackthebox
@@shhs1227 Not too late! Thanks for the info!
How do you feel about Project Ares ??? Do you think its worth it
It's flashy.
Might be worth a shot but there's cheaper alternatives like HackTheBox or TryHackMe.
When did you start programming?
I started with C at the age of 7
And python at the age of 7 or 8
Awesome to hear!
i started at the age of 19
So now, what's your profession/career, right now?
Bro now what's your job
@@ihsan9407 building a start-up :)
Beautiful
Thanks!
thats what i call.. " exceptional communication skills "
Thank you!
i need to work on mine
hey, for eg. he worked for a month and reported there aren't any vulnerabilities and he got paid his salary. but if somehow someone is hacked into the company and stole data. now won't the company question him like why didn't you reported about this vulnerability and what you tested last month, like?
In that scenario, the burden of fault isn't fully on the red teamer. There's a lot more people that would be on the chopping block first. More often than not, the company doesn't do anything about the vulnerabilities that do get reported. That's why they get hacked. Companies that are very proactive with a good red team tend to be quite successful.
@@Cyberspatial Gottcha!!!
Can someone state the certifications he mentionner ?
How do you become one or get an interview for this
We invite guests to share their experiences.
So we who have master's degree are doomed if we don't have cert?
The real challenge for new people to get in to the industry is that there is a huge lack of hands on training and way too much focus on theory and certs. I am trying to break thorough that and I am finding it very difficult . I feel the certs I gain are a true waste of time especially when we need to renew them as well.
getting into bug bounty will help a lot keep in your mind RT focusing on attacking the system and exploiting the vulnerability and bug bounty is best a way to get your hand dirty on real world attack I know many people who become pentester , red teamer etc.. with only bug bounty background , good luck with your journey
Red Team sounds fun.
I'm took B. Sc (forensic science)(cyber security and data analytics), I have one doubt, eitherforensic science means cyber forensic or actual forensic,
Learning cyber forensics can probably fund your hobbies better. No reason why you can't learn actual forensics in your free time.
Great vid - But some of the comments... -.-
Sorry I'm late! Thanks for waiting for me!
Ps you started off awkward af but finished strong. +1 sub +1 ding
Haha very first interview always awkward.
Just watched this was absolutely inspiring has that guy got any content out you could learn from or follow him his a mystery lol
Chris had requested the title redaction shortly after uploading. Quiet professionals like to keep low profiles.
Is he a Filipino-American?
No, he's not.
"type thing" -Chris M.
Do you need to be great with you're handwriting to become master Red Team.
Well I have handwriting which needs it's own analysis like Malware analysis,if you really want to understand it .
No, it's definitely not required to be a master. ☺️
I see that sacred geometry in the back 👀 tryna decode the universe ?
Who is blue team?
People who defend. Check out the SOC Lead interview! 👉 ua-cam.com/video/5oGQNu4CJL8/v-deo.html
wow
Thanks!
Do not cheat with the Secretary!
Someone please tell this guy about the word “hypothetical”
I'm sure he knows what it means. Humor comes in different forms.
I am going to press X to doubt on that bank story.
No major bank would have that vulnerability, without there being some serious legal issues. Even in the earliest days of browsers, there were ways to secure against that type of things, and banks have always used archaic infrastructure for the sole reason that those are easier to lock down.
We're talking languages that are so old, that only a handful of people in the world still knows how to use them.
And considering that I cannot find any articles about a flaw that massive, I am assuming Chris is talking about the old breakroom myth that is shared among hackers, that back in the 90's. You know, one of those "industry secrets" that some inspirational speaker or older coworker talks about from their own life story, but turns out to be something they had picked up from someone else, who picked it up from someone else, who just plainly lied about it because it sounded plausible.
And because of that, I can't take anything else he talks about here seriously. It all just sounds like he's padding his own reputation, because nobody will be able to verify it anyway.
So a pro tip is that if you're going to lie about your resume, make sure there's no verifiable information there.
As a dude who worked for the government. Major flaws are often covered up. As time goes on we become sophisticated, so don't be a victim to hindsight bias. Unless you believe a virgin can have child without penetration.
@@dopple420 Oh, yes, I know that. But as a developer myself, I also know these systems. I am very familiar with the systems that have been used as far back as the 70's. And I can tell you right now that no bank in America, EU or Australia has ever used a system with that kind of insecurity. It just wouldn't happen.
You may get many websites with that insecurity, especially back in the day, but no banking system. Which is why most banking systems still run software from the 70's and 80's.
@@morphman86
Lol why do we need pentesters?
Not questioning your experience or views but there are silly bugs out there.
@@b3twiise853 pentesters are the forefront of security, the guardians of your personal information. They collect all those silly bugs and make sure the business' server hasn't been affected by them.
Truth is stranger than fiction.
Even trillion-dollar companies in the 21st century still make mistakes.
arstechnica.com/information-technology/2017/11/macos-bug-lets-you-log-in-as-admin-with-no-password-required/
"im a white hat right now..." emmmm what about later???
This man is the real Eliot Alderson.
There's many out there.
Nice! I finally got the 1000th like on a video. The downside is the total of comments is 69, and I'm going to ruin it.
Legend!
Is this an IA or is it just meee
You would have waaay more subs if you created content regarding career changers. So much of your content is geared toward "pc lover since i was 9" type of crowd. Well thats all fun and dandy but thats now where all views are.
Thanks for the input. At some point, the career changers want to get insights from the "pc lover" crowd too!
I hacked modems...
SOF
So...this vulnerability exists...and you don't report it. So...potentially you're finding out that this is a horrible security vulnerability and others could be stealing information same as you, while you do nothing about it until you've done as much damage as possible(which other attackers could be doing)? Nice! Love keeping an insecure system insecure as long as possible.
You report after you dig deeper to find the extent of its impact. This intel is valuable to find more potential vulnerabilities that you wouldn't have found otherwise.
What the fuck kind of bank did this? What country?
I'm evil and I love it!
Evil in a good way.
interviewer needs to write these questions down before hand. He is a bit awkward.
PS that's called calligraphy- intentionally stylized handwriting.
What’s a red team operator?? Lol
Wtf. Your own digital security? How about dont use gmail. Lmfao 42:00
Gmail has great security. Don't know what you're laughing at.
@@Cyberspatial gmail has zero security from google.
@@hmain6753 Are you sure? So what do you suggest as a better provider for email?
Gmail is very secure, as is anything developed by Google, a company with one of the largest security budgets in the world.
Kind of ironic you're complaining about the security of gmail when you're using UA-cam, both developed by Google lmao.
That into was jarring as fuck. The video just opens on a random sequence sentences. I almost didn't watch the video.
Glad you did though :)
This guy is paranoid. Always has to insert a “theoretically” somewhere in what he says. No one cares dude. Just fucking say you’re a HACKER! it’s a common job.
Too much of your face.
"operator"? Lmfao , woohoo buckle up here comes the cringe.
I'm guessing "the life" is all about bitches wanting him, dudes wanting to be him, and how he thinks everyone sees him as some kinda james bond computer hacker agent..... Theoretically ..
That is an industry term: Red Team Operator. There's a well respected certification called Certified Red Team Operator.
Don't know what you're on about
@@lmfao69420 wring, red team ops is the term and its for operations not operator like theyre special forces soldiers, lol. the certification youre talking about is not well respected, its entry level ( quick google will tell you ) and buzz word cert for noobs that think its cool
@@quietpillsdispensedondeman5189 the problem is you just quickly googled it and didn't do any research, there's nothing entry level about red teaming
@@lmfao69420 your reading comprehension is poor.
@@quietpillsdispensedondeman5189 your understanding of the field is poor 😂