We think we know what it takes to build hacking tools

02/27/24 • 54 min

Stay tuned as we explore how tools like Nmap and sqlmap have shaped penetration testing over the last two decades, and stick around to discover which aspects make pentesting predominantly a craft - and which parts have become standardized (and what that means for your work).

Unpack this conversation to discover:

The depth of the work involved in crafting offensive security tools [04:45]
What you can learn only by developing and maintaining tools [08:03]
How Villain evolved and key learnings from building it [17:00]
The challenges of finding balance in deep offensive security work [21:30]
How Panagiotis uses automation to make his work smoother [25:35]
How building his own tools shaped his thinking [32:00]
What makes penetration testing a craft (with hands-on examples) [38:12]
Why (and how) he finds the motivation to do meaningful work [48:16]
What kind of projects keep him energized [50:55]

Venture with us into the evolution of hacking tools, as T3l3machus shares his journey from admiring early toolmakers to becoming a pioneer, creating tools like BabelStrike and Villain.

Resources from this episode:

Panagiotis on LinkedIn
Panagiotis on GitHub
His YouTube channel
How to create your own GitHub projects
John Hammond about hacking using Villain
Villain
Toxssin
Hoaxshell
BabelStrike
Kerberos

Unpack this conversation to discover:

The depth of the work involved in crafting offensive security tools [04:45]
What you can learn only by developing and maintaining tools [08:03]
How Villain evolved and key learnings from building it [17:00]
The challenges of finding balance in deep offensive security work [21:30]
How Panagiotis uses automation to make his work smoother [25:35]
How building his own tools shaped his thinking [32:00]
What makes penetration testing a craft (with hands-on examples) [38:12]
Why (and how) he finds the motivation to do meaningful work [48:16]
What kind of projects keep him energized [50:55]

Venture with us into the evolution of hacking tools, as T3l3machus shares his journey from admiring early toolmakers to becoming a pioneer, creating tools like BabelStrike and Villain.

Resources from this episode:

Panagiotis on LinkedIn
Panagiotis on GitHub
His YouTube channel
How to create your own GitHub projects
John Hammond about hacking using Villain
Villain
Toxssin
Hoaxshell
BabelStrike
Kerberos

Previous Episode

We think we know our mind is our best hacking tool

Inti not only sheds light on what happens when expectations meet reality, but he also shares his unique approach to problem-solving with real-life examples you can add to your own process.

With 12+ years of experience in this space, Inti De Ceukelaire is a Belgian ethical hacker and cybercrime investigator. He currently works as the Chief Hacker Officer at Europe’s largest vulnerability disclosure platform Intigriti and is also a founding member of the Hacker Policy Council.

Inti also excelled in various bug bounty competitions, where he’s been rewarded by companies like Google, Meta, Yahoo, The US Department of Defense, or Amazon for identifying critical vulnerabilities in their systems.

Dive deeper into this conversation to learn:

Why the best hackers started their career by running scripts and trial and error [03:47]
Why bug bounty hunters need to nurture their creativity when looking for particular vulns [07:37]
What the main differences between bug bounty and pentesting are [09:46]
How to impersonate developers as a bug bounty tactic [13:42]
Why bug bounty often looks like a rabbit hole [25:24]
Why it’s important to define your own success and appreciate your failures [30:33]
How AI helps ethical hackers eliminate repetitive and boring tasks [34:19]
How deep research can lead to unexpected wins in ethical hacking [43:55]

Join us as we explore the intricacies of bug bounties, the crucial role of mindset in hacking, and how to turn every failure into a stepping stone to success.

Next Episode

We think we know what makes a good pentester

With 20+ years of cybersecurity work, Tom unpacks the complexities of penetration testing, discussing the roles of vendors, practitioners, and technological advancements.

He also shares his perspective on what makes a good pentester, the value of mentorship, and the ethical challenges in this line of work.

Explore this conversation to learn:

How pentesting changed over the years and who’s shaping it [03:02]
How to avoid burnout and deal with imposter syndrome [09:13]
Why he seeks and values mentorship for personal and professional growth [19:44]
The importance of constant learning and networking with your peers [23:23]
How compliance brings down the value of pentesting and what to do about it [30:04]
How cultivating range can help you in your pentesting career [37:24]
How to set healthy boundaries to protect your health [41:11]

This episode with Tom is a must-listen if you want to learn how to showcase your work and elevate your thinking and tactics.