Exclusive Interview With Penetration Tester : Phillip Wylie
Today we have one of the experienced information security professional, Penetration Tester with us having rich experience in Penetration Testing in core banking security and other aspects of digital security as well. He is also a Bugcrowd Ambassador and the founder of the free hacking educational meetup called The Pwn School Project. He has got awesome Pentesting skills and sharing his experience in this interview about how he started as a learner and reached at this stage.
So let’s have a look on the below conversation Hackers Interview had with Mr. Phillip
Hackers Interview: Hello Mr. Phillip, please introduce yourself to our readers.
Phillip Wylie: My name is Phillip Wylie and I live in Carrollton, TX, USA. I work as a pentester for a top 10 US bank. I teach ethical hacking and web app pentesting for Richland College in Dallas, TX. I am a Bugcrowd Ambassador and the founder of the free hacking educational meetup called The Pwn School Project. My certifications are CISSP, OSCP, and GWAPT.
Hackers Interview: Why you’ve decided to pursue Information Security as your career option?
Phillip Wylie: I got interested in Information Security in 2001 after working briefly for a company where I supported Linux based firewall appliances and a vulnerability scanning software. I moved from my system admin job into network security in 2004.
Hackers Interview: How you had started your journey in cyber world?
Phillip Wylie: I started out in network security after spending seven years doing system admin work.
Hackers Interview: Tell us about your experience in this field.
Phillip Wylie: I worked in network security from 2004 to 2005 supporting firewalls, Intrusion Detection Systems (IDS). I also did some network vulnerability scans and risk assessments. In 2005 I moved into application security and worked in this area until 2012. Application security inspired my desire to become a penetration tester/ethical hacker. In 2012 I started my career as a penetration tester. I got my start in pentesting as a consultant and I spent five years in consulting. In 2017 I left my consulting job to work as a pentester for a bank. In 2018 I started teaching ethical hacking at Richland College.
Hackers Interview: What are the amazing things you did in Penetration Testing?
Phillip Wylie: One of my favorite accomplishments was taking the OSCP course and passing the OSCP exam. My favorite all time hack on a pentest was exploiting a SQL injection vulnerability to go gain command line access (also known as a shell) to a Windows Server running MSSQL. XP CMD Shell was enabled allowing command line access to
the server.
Hackers Interview: What advice will you give to our readers to improve their Penetration Testing skills?
Phillip Wylie: The advice I always give my students and people that I mentor is to always be learning. The more practice the better you get and pepetition is a great way to learn. I recommend building a home lab where you can learn new techniques and it’s a good place to test PoCs (Proof of Concepts) before you use them on a pentest. Bug bounties and CTFs are other great places to learn and get experience. Bug bounties allow you to learn in a production environment and they provide a wide variety of different web app frameworks and environments to learn. If you are trying to get a job as a pentester bug bounties give you real world experience that can be used in a pentesting job.
Hackers Interview: What is the scope of Penetration Testing?
Phillip Wylie: Penetration test scopes vary. Pentests can focus on application, network, wireless network, IoT and hardware. The size of the scope depends on the size of the organization that you are testing, or the percentage of the organization being tested. Other considerations are the level of knowledge of the targets you are testing. This could be a black box pentest where you have very little information on the targets in scope. In some cases, you may only have a business address and the name of the business and you have to do reconnaissance/OSINT (Open Source Intelligence) gathering to discover URLs and IP address of the targets for the pentest. The opposite of black box pentests are white box or crystal box pentests. In this type of scenario, the customer gives you the URLs and IP address that are in scope for the pentest. During a white box web app pentest user accounts are provided. Gray box pentests are a combination of the two previous methods giving you enough information to perform a thorough pentest. Gray box pentests are more common based on my experience. The amount of time given to test the targets can dictate the type of pentest performed. The less time you have to test the more information is required to perform an adequate pentest.
Hackers Interview: What upcoming challenges you see for a Penetration Tester as per the current security postures of companies?
Phillip Wylie: Technology is constantly evolving and security is typically an after thought if even part of the technology and it is part of the challenge and job of a pentester to keep up with these new technologies. A challenge that pentesters face is cloud due to a lot of companies moving their computing platforms and applications to the cloud. Learning the different cloud platforms that you test is important. Just as other technologies you pentest the better you understand the technology the better job you can do testing it. Mobile devices and BYOD (Bring Your Own Device) can make testing environments more difficult to test and secure.
Hackers Interview: What are the useful online and offline sources to learn Penetration Testing?
Phillip Wylie: Georgia Weidman’s book “Penetration Testing: A Hands-on Introduction to Hacking” is a great book to start with. In the book Georgia shows you how to setup your own lab, which is used for the exercises in the book. Peter Kim’s books “The Hacker Playbook” versions 1, 2 and 3 are great books to follow up Georgia’s book. I have used Georgia’s book for three semesters with great results teaching my ethical hacking class. PentesterAcademy.com is a great resource for learning pentesting. Cybrary.it, Hack The Box , and http://virutalhackinglabs.com are good learning resources. Bugcrowd University has some good resources for learning web app pentesting and they are in the process of adding more content. OWASP.org is a good place for learning web app pentesting.
Hackers Interview: What certification do you suggest to master the skills in Penetration Testing? Please suggest the right path and resource to achieve it.
Phillip Wylie: For someone starting out in pentesting or trying to get into pentesting, I would start with the CompTIA PenTest+ or the CEH certifications. For someone with more experience or a higher technical skillset I recommend the OSCP and for advanced pentesters the OSCE. The PenTest+ and CEH can be done through self-study, but the OSCP and OSCE require Offensive Security courses. A lot of people start out with the OSCP and unless you have experience pentesting I recommend doing some preparation before starting the OSCP course. Hack the Box and VulnHub.com are good resources to learn hacking skills required for the OSCP. Two great resources for learning buffer overflows are corelan.be and fuzzysecurity.com. Another great resource for preparing for the OSCP is http://virutalhackinglabs.com.
Hackers Interview: What security challenges do you face as a Penetration Tester while working with large Banks.
Phillip Wylie: Payment Card Industry Data Security Standard (PCI DSS) compliance drives a lot of the requirements for banks. Pentesters need to understand the PCI DSS testing requirements to adequately test banking environments. This knowledge is also helpful when explaining them to business groups and IT. Network segmentation testing which is a requirement can be a difficult concept for business and IT groups to understand.
Hackers Interview: What are the myths companies have in their mind while dealing with Cyber Security?
Phillip Wylie: There are some misconceptions that if you have firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), end point protection, antivirus or other security products that you are safe from breaches. These solutions are helpful but require proper configuration and updates. Penetration tests are also required to ensure these types of security products are effective in protecting environments. Security software and devise are only a part of an overall security strategy.
Hackers Interview: Anything additional you would like to add here which gives value to our readers?
Phillip Wylie: Advice I give my students and people I have mentored, is to get involved in the security community. This is a good way to network with other professionals, a great way to learn and a good way to help others. I got my last two pentesting jobs from people I met at meetups. Join your local DEFCON Group, OWASP chapter and, or ISSA chapter. If you are in the Dallas, TX area you should checkout Dallas Hackers Association, DEFCON 214, The Pwn School Project, North Texas Cyber Security Group, North Texas ISSA, OWASP Dallas, Fort Worth ISSA, and Hack Fort Worth. Joining local security groups and being involved in the security community has opened up so many opportunities as well as opportunities to give back to the community.
“Thanks Mr. Phillip Wylie for giving your precious time to our readers.”
Author: Yogesh Prasad
Information Security Professional | Cyber Security Expert | Ethical Hacker | Founder – Hackers Interview