[Chugalug] penetrate me!

Joseph Simoneau joseph.simoneau at gmail.com
Thu Mar 27 12:58:21 UTC 2014

If it'll satisfy your requirements for professionalism, I can get in
contact with the greyhat club at Georgia tech.

We're all students, mostly undergrads, but I'm sure we'd love to put a team
together for travel (if necessary, not sure what scenarios you're looking
at), possibly a pittance, and resume fodder.

Some of us definitely know what we're doing; some have interned or co-op'd;
and graduates tend to get hired by firms like PWC and BishopFox.

If you're interested, send me some information, and I'll ask for interest
at the meeting tonight.

Our "network administrator" at the main office quit over a year ago and a
replacement was never hired.

Our "network administrator" at our "NOC" quit over a year ago and never got

Our "phone system guy" quit a year ago, a replacement was hired, but I've
seen him, like, once.  When the phone/fax systems goes down, they call ME.

So guess what?  I and one of the other programmers on my team inherited all
these extra support duties (without a single f'ing penny of a pay raise,
mind you).

We inherited hardware and software that hasn't been updated in years
(insert career-damaging-but-painfully-true
my-boss-is-a-cheap-bastard-and-doesn't-spend-money-on-upgrades comment here)

We know basic firewall, iptables, am mindful of sql injection, can
install/run/monitor virus scanners etc, but we are not security experts nor
do we play one on t.v.

If this situation wasn't stressful enough, it has now come to a boil as a
potential (big!) client "demands" proof of pen testing before they will let
us host their data.    At this point I'm spread way to thin and told my
boss today that he needs to crack open that wallet and hire an outside pen
tester.    Anyone on the list "qualified" to do it?    Willing to work for

What defines a qualified pen tester?  I see what appears to be "free"
software I could download and run myself, if I was inclined to take on more
responsibility w/o pay.    I suppose this free software would be a "good
start" but is a pen test done by an "internal" employee good enough for the
client, I doubt it.

Chugalug mailing list
Chugalug at chugalug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20140327/cab145df/attachment.html>

More information about the Chugalug mailing list