Attributes of a Pen Tester - Curiosity and Desire to Tinker
Meet Matthew Thurber (aka Lamp) – Winner of our Hack Through the Holidays cyber range challenge
As part of our Hack Through the Holidays event, we interviewed some of the top CMD+CTRL Cyber Range performers. The world of security testing and hacking can often be intimidating to break in to, so we’re hoping this success story encourages others to learn more!
Matthew is a professional penetration tester who also volunteers on the side to test the Flash MMO AdventureQuest Worlds. Lamp, was the first person to solve ALL 48 of our ShadowBank challenges with a perfect score of 11,020. Lamp, also provides one of the best concise definitions of the hacker mindset we’ve seen; “curiosity and desire to tinker.” Great job Lamp!
Q: How did you get into security testing?
Lamp: When I was around 13 or so I stumbled my way to HackThisSite. I started off as a total skid (script kiddie), but within a few years, I was developing missions for them. Since then I knew I wanted to make a career out of it.
Q: What is the most interesting exploit, vulnerability, or finding that you’ve discovered (and are willing to share)?
Lamp: The security team I led for AdventureQuest worlds found a really neat exploit involving the game’s authentication system and how it was handled across the game’s multiple servers. This ultimately led to us being able to generate massive amounts of their in-game micro-currency.
Another favorite of mine involved abusing HTML injection where only double quotes weren’t filtered to hijack a META tag to set a cookie. The cookie value was used in the page source, unfiltered, all around the site. To get a payload into the cookie without any particularly dangerous characters besides double quotes, I had to double encode the payload which was then decoded when being stored in the cookie and a second time when being written from the cookie to page source. This allowed me to abuse cookie-based XSS to inject a persistent JS keylogger directly into the target’s cache. Until they cleared their cache, this keylogger would silently run on any page on that domain which wrote out the cookie value (which was most pages).
(Note: This is amazingly cool, but takes years of experience to understand, never mind exploit. Don’t worry n00bs, you’ll get there!)
Q: It can be difficult to build up the knowledge and skills needed to become a good hacker. How did you learn these skills?
Lamp: After finding HackThisSite, I spent the next few years actively seeking out mentors on their IRC chat and learned a lot. The rest was mostly self-taught over the following years.
Q: What recommendations would you have for others that are interested in learning more about security and hacking?
Lamp: I would say that it’s more important to cultivate a hacker mindset than simply seeking out knowledge.
While knowledge is important, ultimately all that knowledge exists because of the hacker mindset: people’s curiosity and desire to tinker. Once you have that mindset, the rest comes more naturally.
Q: Other than Cyber Ranges like CMD+CTRL, what tools would you recommend to others looking to extend their skillsets?
Lamp: As mentioned earlier, HackThisSite was a good starting place for me, but it isn’t as active anymore. The main thing I got from HTS, though, was the community to help me learn and I’m sure similar communities are still out there nowadays if you look.
Q: What were the main factors that drove you to become a top scorer in the CMD+CTRL Cyber Range?
Lamp: I wanted to represent my AppSec team at work and flex a little for fun. I honestly didn’t know anything would come out of winning; I just wanted to hack for myself mostly.
Q: What other guidance would you give to people interested in building their hacking skills?
Lamp: Try to accumulate as much general knowledge as possible instead of simply specializing. While having something you are particularly good at is fine, oftentimes having broad knowledge and the ability to daisy chain that knowledge and combine disparate ideas can be very useful.