[Trent Darrow] (0:00 - 0:30)

Time management. If you spend all five days, you know, pen testing and that report is due Monday, guess what you're doing over the weekend? I may have spent some extra time finding a couple extra ways to get to DA, but totally dominated the network, you know, arguing with their C-suite because they wanted to downgrade every finding.

I didn't even know what enumerate meant, and he was telling me to take the OSCP, and boy did I get destroyed. The AI is not taking our jobs. We're in a safe field.

Good note-taking, you know, it took a while to kind of dig down in what note format headlights.

[Kyser Clark] (0:30 - 2:23)

Hi, I'm Kyser Clark, and welcome to The Hacker's Cache, the show that decrypts the secrets of offensive security one bite at a time. Every week, I invite you into the world of ethical hacking by interviewing leading offensive security practitioners. If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you.

Hello, hello, welcome to Hacker's Cache. My name is Kyser Clark. I've been in the cybersecurity field for over six years now, and I currently work as a full-time penetration tester.

Today, I have Trent Darrow, who has done help desk and IT specialist for over four and a half years. He did some network engineering for over two years, did some time as a part-time networking instructor, and did cybersecurity contracting and consulting for over two years, and he has been a senior penetration tester for over a year now. Last but not least, while doing all that work that I just mentioned, he's been in the Army National Guard for the past 14 years and continues to serve as a Cyber Protection Team Crew Lead Warrant Officer.

For education, Trent has a Bachelor of Science in Information Technology. For certifications, he has the OffSec Experienced Penetration Tester, that's the OSEP, the OffSec Certified Professional, that's the OSCP, GIAC Certified Forensic Analyst, that's the GCFA, the GIAC Web Application Penetration Tester, that's the GWAPT, the GIAC Certified Penetration Tester, that's the GPEN or GPEN, and the GIAC Cloud Penetration Tester, that's the GCPN. Furthermore, he's got a couple of CompTIA certifications, so he's got the CompTIA Project Plus, A Plus, Network Plus, Security Plus, and Linux Plus, and he's also had a few certifications expire from Cisco, Splunk, and the Linux Professional Institute.

So Trent, thank you so much for doing this episode with me. Go ahead and walk through your background and introduce yourself to the audience.

[Trent Darrow] (2:23 - 3:55)

Yeah, absolutely. Thank you for having me. Yeah, originally, I was going to college for athletic training.

Did that for about two years. The whole time I worked at the student help desk there for about three years. So when I'm on a first deployment, last year at college, I did computer networking.

I grew up, you know, messing with me and the twin. I grew up messing with computer signal power, putting it back together. The broken arms, you know, we'd skateboard with.

But, you know, after that, after the deployment, I got a job doing government contracting at our help desk, level one stuff. Eventually, moved to the VA and did a lot of telecom, you know, IT intern stuff there. Got pretty good with the systems.

Got married. Me and the wife moved to Texas. She was doing her doctor residency.

Got a job on a base as a network engineer, as a contractor. Did that for about two years, roughly. And went on to our deployment.

And while I was overseas, I was able to get the G-Pen and knock that out. So she landed me my first pen test job. Did that for about two years.

Crazy schedule as, you know, the starting pen test world is. Eventually moved into, you know, DOJ contracting, pen testing for just about a year. And now working with CENAC, trying to help build up their red team, trying to, you know, give clients additional benefit.

[Kyser Clark] (3:55 - 4:06)

Nice. So are you spending most of your time like spinning up a red team? Or are you also doing like some like traditional penetration tests while you're building up that red team as well?

[Trent Darrow] (4:07 - 4:32)

Yeah. So I can't say a lot because I got the job about a week or two before I went out of orders to go to a warrant officer basic course. But I do, I talked to the guys there.

I know one of the, he's doing a couple of pen tests. I know that they're still trying to stand it out to get a handful more people to provide more, you know, red team type capabilities for their clients.

[Kyser Clark] (4:33 - 4:40)

So in your current role as a cyber protection team crew lead, can you tell me like what you're doing day to day for that role?

[Trent Darrow] (4:41 - 5:27)

Yeah. So I just moved to that role about a year ago. It ranges anything from help and training the team.

So our team is traditional in the effective cyber protection team. So we do a lot of digital forensics system response, you know, protecting the network type stuff. So me and one other chief will go through provide red effects.

So the rest of the team has the opportunity to train and, you know, trying to find artifacts in the network, utilizing different sims. Otherwise, yeah, that's why I got the GCFA. I figured I needed a bit more experience than that.

It's just right now a lot of training advisors can be made around different training requirements, what the capabilities are, things like that.

[Kyser Clark] (5:27 - 5:32)

And then, so you're, are you running a team, like a small team big team?

[Trent Darrow] (5:33 - 5:45)

Yeah. So we're pretty small. Each team is pretty small.

So I have, you know, maybe our chief underneath me, we'll have a network analyst, a host analyst, and possibly attach an intel person.

[Kyser Clark] (5:46 - 5:50)

Is it like a cyber security analyst work or is it like cyber forensics?

[Trent Darrow] (5:51 - 6:16)

Yeah, kind of, kind of a little bit of everything, you know, it's, you know, we're not sitting in a sock or anything. But, you know, that's kind of the beauty of the National Guard, right, is it can, and it has happened, where they've been called up to, you know, help out the municipalities after a breach to go see if they can, you know, get them back to good, you know, and try and find all the things and put attribution to it.

[Kyser Clark] (6:16 - 6:42)

Okay, well, thanks for walking your background. Let's go ahead and get into the rapid fire questions here. So for the new audience members, we're going to do five questions and Trent will have 30 seconds to answer five questions.

It's extremely difficult, but we make it hard on purpose. If he answers all five questions in 30 seconds, he'll get a bonus six question that's not related to cyber security. Let me pull out my stopwatch here.

All right, Trent, are you ready?

[Trent Darrow] (6:42 - 6:43)

I'm good.

[Kyser Clark] (6:44 - 6:56)

Your time will start as soon as I finish asking the first question. Here we go. Do you pronounce it pseudo or pseudo?

Pseudo. Most challenging part of your job?

[Trent Darrow] (6:59 - 6:59)

Reporting.

[Kyser Clark] (7:00 - 7:02)

What was your first computer?

[Trent Darrow] (7:04 - 7:05)

Windows 98 gateway.

[Kyser Clark] (7:06 - 7:11)

Have you ever ran into an ethical dilemma while working in office security role, yes or no?

[Trent Darrow] (7:13 - 7:14)

Yes.

[Kyser Clark] (7:14 - 7:18)

Do you think passwordless authentication is the future?

[Trent Darrow] (7:21 - 7:21)

Yes.

[Kyser Clark] (7:23 - 7:51)

Boom. Nice. That's 29 seconds.

So perfect. You are, I can't remember how many episodes I have recorded at this point, but I think like, I don't know, 12, 13, 14, and you're the fourth one to do it. So congratulations.

It's not, that's not an easy feat. So let's go ahead and do the bonus question. You can provide as much or as little explanation as you want to this question.

It is not, it's not a serious question at all. It's just for fun. So here we go.

Is a hot dog a sandwich?

[Trent Darrow] (7:54 - 8:05)

No, no, no. Yeah. You know, I think if you, if you slice the bread into two halves, I think that it's a sandwich.

[Kyser Clark] (8:06 - 8:29)

Yeah. You know, I was thinking about this when I, when I put this in my notes and I, that's exactly what I thought too. But then I was like, well, a hot dog bun is almost the same thing as like a sub bun and a sub is a sandwich.

So you know what I mean? It's, it's, it's a tricky question. My initial thought was no, but then I was like, it could be, but I think I'm going to stick with no myself.

[Trent Darrow] (8:30 - 8:33)

Yeah. I'm going to, I don't know. Until I see the evidence.

[Kyser Clark] (8:34 - 8:51)

Yeah. Until you go to a restaurant and you see hot dogs underneath the sandwiches section. All right.

Well, I think, uh, the most interesting response that you gave was the ethical dilemma. So can you talk about the ethical dilemma or can we not talk about that?

[Trent Darrow] (8:53 - 10:17)

Yeah, I think so. Um, there was a client, it was a bank. Um, we, they, they for years had, had, uh, forced red team events on us, uh, around the kind of company.

And, you know, always as soon as they do it, they turn the alerts to 11 and everyone's scouring logs. And Oh, look, we found I went through when I was tasked to do that client and it said a pen test, not red team. So we're doing a pen test and, uh, you know, I may have spent some extra time finding a couple extra ways to get to DA, um, but totally dominated the network found, I mean, pages of findings.

Um, and then we were in meetings for months after that, you know, arguing with their, uh, with their C-suite, you know, cause they wanted to downgrade every finding, you know, with the, uh, aspect of, Oh, well, we caught you. It's like, well, it wasn't being quiet. I'm trying to find all the things, you know?

Um, and eventually, you know, it wasn't my name on the report and the, the senior, the partner of the group, he was the one who put his name on it and ultimately took responsibility for, uh, downgrading them, you know, in order to keep a client, you know, I get it from a business aspect, but you're not helping them.

[Kyser Clark] (10:18 - 10:57)

Yeah. Yeah. That's definitely an ethical loan for sure.

Like I have heard stories of, you know, clients wanting to downgrade findings or argue with the funding and, you know, you either got to stick with your guns or you got to, you know, maybe lower and, and keep the, keep the business. Cause if ultimately, you know, if you don't, if the client's not happy, then the repeat business is going to happen, you know? So it's definitely an ethical dilemma for sure.

And, uh, you know, if you downgrade the findings and so it's like, you know, like you said, you're not helping them as much and that's not good. You know, obviously that's, we're here to fix problems and security. So I can definitely see, see that.

[Trent Darrow] (10:58 - 11:07)

Yeah. I mean, I wouldn't, I didn't change it. I let the manager do that.

Cause that wasn't, I wasn't going to have that in the committee history, no matter my name.

[Kyser Clark] (11:08 - 11:15)

Yeah. So I guess the, I guess what was the root of the problem? Like they thought it was a red team engagement, but you guys thought it was a pen test or something?

[Trent Darrow] (11:16 - 11:55)

Yeah. I did read that it was a pen test. Um, so eventually we did get to, you know, tell them cause usually in the past, you know, they would, as soon as they would see something, they would just, okay, you're off the network, you know, and then it's kind of a waste cause no one's getting any benefit from it.

And you know, we're not there to steal the credit cards. You're there to find your problems. And I think that bank prided itself a little bit on the fact that they always, you know, I mean, they used us for like a couple of years and then always caught us, you know, and it's like, well, we have a week, attackers have months and years to sit on this.

You know?

[Kyser Clark] (11:56 - 12:35)

Yeah. Yeah. That's what makes a, yeah.

Especially if you're on a pen test, like you're not supposed to be sneaky at all. Like, you know, I'm a pen tester. Um, my company's just now spinning up red teaming and uh, hopefully I can do some red teaming in the future.

That's my goal anyways, but I haven't been on a single red team engagement. I don't have that skill set yet cause I'm still pretty early in my pen testing career. And uh, yeah, when I do it, you do a pen test, like I'm not trying to be stealthy at all.

Like I'm just trying to find as many things as I can and I'm throwing everything I can at this thing because my goal is to just see where your vulnerabilities are. I'm not trying to be a, you know, emulate a threat actor here.

[Trent Darrow] (12:35 - 12:39)

Right. Yeah. Let him get to his money's worth.

It's fine as much as you can. Yeah.

[Kyser Clark] (12:39 - 12:46)

And then, you know, a lot of, I've heard stories, um, from, so I read the tribe of hackers team. Have you read that book?

[Trent Darrow] (12:47 - 12:48)

No, no.

[Kyser Clark] (12:48 - 13:37)

It's pretty good book. Um, but a lot like a common theme that I saw in there or one of the questions actually that's asked to everybody in that, in that book, um, because basically in that book, uh, the author, uh, asks a bunch of pen testers and red teamers the same set of questions, but everyone gives you a different answer cause they're all different people. Right.

And, uh, one of the questions is like, have you ever turned, turned down a client or a customer for a red team? And one of the common things is like, yeah, I've have turned down a customer for a red team engaging because they just weren't simply ready for a red team engagement. They needed a regular pen test.

And in some cases they need a downgrade to like a traditional vulnerability assessment. So a lot of, yeah, a lot of, a lot of companies out there, you know, they want to be secure, but they don't know that there's a difference between us. So it's part of my job to like educate them on that, you know?

[Trent Darrow] (13:38 - 13:38)

Yeah, absolutely.

[Kyser Clark] (13:39 - 14:08)

Well, thanks for sharing that story. Cause, uh, yeah, that's definitely, that's definitely a thing that you run into. I've definitely heard stories and I got a couple people on my team that's told me some stuff like that about, you know, clients arguing findings.

I'm actually, um, actually I got a wrap up call tomorrow and I am prepared to, um, you know, for them to argue some of my findings. So I was giving a warning, like, Hey, just so you know, they might argue the findings. We did a pen test for them last year.

I was like, oh, all right, well, you know, let me get, let me get ready for defend my findings here.

[Trent Darrow] (14:09 - 14:14)

Yeah. Yeah. You'll get a, you'll get plenty of those consulting usually at least one a quarter.

[Kyser Clark] (14:15 - 14:29)

All right. So getting into pen testing. So you said the G pen helped you break into pen testing, but I would like to know, like the search, like the OSCP, OSEP and the G pen, did it prepare you for real world pen testing and ethical hacking on the job?

[Trent Darrow] (14:30 - 15:52)

Yeah. So I originally tried the OSCP, uh, back in 2019 when I was on the old test, extremely green to pen testing. And I, I got into a bad spot where I couldn't really study very much.

I was, um, you know, between work and travel and I was gone 12 hours a day during my 90 days. Like I remember the, the months prior to it, you know, one of the chiefs on the team said, oh, you should go do that. You know, you, you'd enjoy it.

I didn't even know what enumerate meant. And he was telling me to take the OSCP and boy, did I get destroyed. Um, yeah, so the G pen was great.

It was structured. It was, it was done very well. Um, I, I took advantage of it because of the, uh, army's credentialing assistance money at the time.

So I got to pay for it through that. The OSCP, uh, I, especially now that they've added the active directory stuff into it, uh, if you can get a workplace to pay for it, it's a fantastic cert. Um, this last time I took it because of, but I had a bit more experience and, you know, a bit more on the job training, I guess.

I had two exam attempts and went and just took one on a Friday night at 11 o'clock at night. Cause I was like, ah, I got two exam attempts. Let's just see how we do.

I didn't, you know, I didn't study or I didn't, you know, within a couple of hours, I had, you know, active directory pound and two boxes pound. And I think I, you know, well, one or two left, it was like, oh crap. I didn't even get you to material.

[Kyser Clark] (15:53 - 15:54)

Nice. Wow.

[Trent Darrow] (15:54 - 17:00)

You know, and I'm kind of glad that the buffer overflow is still there, but it's not necessarily part of it. It's good to know. It's good to understand how it works, but, um, you know, I haven't written any buffer overflow since, you know, um, maybe now besides like a CTF or something, you know, but yes, CTS are great.

Uh, I, I, I love doing search. I think they're fun, especially the structured ones. It's always the OSCP, especially that was a, uh, open experience.

That one was, that was a lot of C-sharp shellcode in that one and a lot of getting back to the VBS days. So OSCP is a great one to start. It gives you kind of a, uh, is either kind of the breadth of everything, a little bit of web apps, a little bit of network, you know, you know, kind of dab one, see what you enjoy doing, you know, SANS I know is out of reach for a lot of people because it's, I would never pay for it.

Not only work does, you know, CRTO is on my list. I want to knock that one out eventually. It's a good one.

It's relatively inexpensive. Uh, I know I haven't taken it. Uh, but I know if people say the PMPT, I know it doesn't hold the same value as like OSCP, but they said the training wise, it's a pretty good for beginners.

[Kyser Clark] (17:00 - 17:23)

Yeah. I've heard that as well. I know a few people that's gotten in some people that's been on the podcast of how that certain, I haven't heard anybody say anything negative about it.

What are some skills that you've learned like while on a job or just maybe, you know, on the internet that wasn't in like a traditional certification or mainstream training? Like, do you have any skills that you're just using day to day that you just didn't learn from traditional training?

[Trent Darrow] (17:24 - 19:02)

Time management for sure. You know, if, uh, if you spend all day, all five days, you know, pen testing and that report is due Monday, guess what you're doing over the weekend, you know, um, good note-taking, you know, it took a while to kind of dig down in what note format I liked and how I liked taking notes with findings and such and, you know, figuring out, um, you know, common commands, different, different, you know, uh, switches and scripts that I wrote, you know, figuring out a way to document those so I can reuse them, um, document all the little commands that you use. I still go back to some of my older notes because it's just like, oh, how do I do this? All I have the, you know, written down in my kit book, you know, just go and steal real fast.

I think learning how to speak authoritatively, obviously isn't really taught in any of those courses, but is, uh, in a consultant role, especially you'll kind of figure out how to, you know, talk to clients and how to, and having that help desk experience really kind of helps, I think, because you, you break down a little bit of advanced concepts and just something that, you know, the security engineer might, they'll probably understand, but the, you know, the, some of the RC suite members definitely aren't going to understand, you know, so yeah, a lot of the soft skills that, you know, everyone talks about, you know, it's a lot of those, you just learn on the job, you know, get with experience, but, you know, figure out what out taking thing you want to use and, you know, stick with it. And does it work? Try something else.

[Kyser Clark] (19:04 - 19:57)

Yeah. That's interesting. You bring up time management because like the OSCP, that's, that's my highest certification I have right now.

And that, that is, you know, six machines and you get 24 hours to pwn six machines. And then I, you know, I did my first network test and there's like 160 IP addresses. I'm like, whoa, I was not ready for this, dude.

I thought we were just doing like a handful of boxes here. So yeah, that's, that's a critical skill. And that you're right.

That doesn't, time management is not taught in those. I mean, there is time management because, you know, you only get 24 hours to pwn 60 boxes and you are pressed for time. Because when I did OSCP, it took me, I was, it took me 17 hours and two of those hours, I was probably, you know, eating and taking breaks.

So overall I spent 15 hours on, on the computer and yeah, you definitely have to manage your time during the exam, but it's a different kind of time management in the real world. You know, like you said, you got a week to do, you know, 200 IP addresses or something.

[Trent Darrow] (19:58 - 20:10)

Yeah. You definitely have to learn to prioritize, you know, where, where you're going to attack, right? You know, you're, you can't NMAP, TAC, PTAC, you know, SCSV, the entire network, you know, you'll do that.

NMAP is never going to finish.

[Kyser Clark] (20:11 - 20:21)

Yeah. It will. Yeah.

After a whole week, like you do that on the whole network, it's even a whole week, you know, five days straight, it's still rolling. You're like, Oh my gosh, like, I can't believe, why did I think this would work?

[Trent Darrow] (20:22 - 20:50)

Yeah. Yeah. You definitely, definitely learn to prioritize.

And that's not, it's kind of taught in the classes, I guess a little bit, you know, I would teach you, you know, it's a little hanging fruit, right? But like, you know, there's a big difference between a couple of machines and an enterprise network. So, which, you know, I get, it's going to be hard to replicate that in a lab.

It's going to be pretty costly. But, you know, that was something I'd learn on the job for sure. You know, how to scan large networks.

[Kyser Clark] (20:51 - 21:24)

Yeah, that's right. Yeah. That was one of the things that was, that was a very rude awakening for me, you know, like how to scan large networks.

It's a, it's a different skill set for like, than a CTF or certification exam for sure. So, thanks for bringing that up. So, it's not your current role, but it was your last role in the Army National Guard.

So, cyber warfare technician. So, from my understanding, like a cyber warfare technician, it's basically like a United States ABT, but from like the adversary point of view, is that accurate to say? Like, can I?

[Trent Darrow] (21:25 - 22:06)

So, it's still kind of the same team, right? It was just, they were moving things around. I eventually just moved us to the crew lead position.

So, because we could move in and host the network analysts underneath me. Otherwise it was, you know, no one in charge technically. So, it was kind of the same position, but now I just have that little bit of leadership aspect to it.

But yeah, the titles don't necessarily start, I would say accurate, right? Because they just keep it, it's just kind of what's listed on the, on the slot. So, yeah, it's just, you know, same thing, same thing as always, you know, digging in and using blue team tools, learning that and learning the DFIR aspect.

[Kyser Clark] (22:08 - 22:16)

So, were you doing any kind of like hacking or red teaming stuff when you was cyber warfare at all?

[Trent Darrow] (22:17 - 23:13)

Yeah. So, it's kind of the same, like the same position really, just as a leadership aspect. But to an extent during exercises, you know, we would, a lot of times me and our guy would get pulled to go red team stuff.

You know, we just got, we were on the red team for an exercise up in New England. So, we got to participate in that. And, you know, there was about 20 something of us, led by Marfor Cyber.

You know, we built up the playbooks for three different APTs. There's six different blue teams. And then, you know, we'd fire effects, you know, according to the playbooks.

I guess it was a good time. We got to, you know, they had a real dam in the loop, in the virtual environment. So, we actually got to like open that up and, you know, let the dirty water go into the clean water in a, you know, mock village, essentially.

[Kyser Clark] (23:14 - 23:36)

So, you're kind of flip-flopping between, you know, your civilian career and your National Guard. You're on orders now. So, is it hard to like flip-flop back and forth like that a lot?

Or is it kind of like a nice break from like your civilian career? Is like, does it help with the burnout at all? Like, explain like, you know, changing gears between, you know, going on and off orders.

Like, how does that work?

[Trent Darrow] (23:38 - 24:46)

Yeah. So, thankfully, the company I work for now, they're fantastic. They, you know, when I was interviewing, you know, I interviewed a couple other companies.

And every time I told them I was going on orders, it's just, okay, call us when you get back. Yeah, okay. You know, I get it.

I understand. And then, these guys, they're like, had no problem with it. They wanted to get me on before I went on orders, even though it was like a week.

You know, they're fantastic. You know, they don't mind the military stuff. It doesn't bother me none.

The Sabre team is probably one of the best units I've been a part of. They take care of their people really well. You know, they make sure not to intrude on your, you know, civilian life a whole lot.

They do a good job. And yeah, previously when I was high mars, or infantry, both of those, it definitely kind of sucked because, you know, then you're going to do that after, you know, it's kind of your time to rest and recoup. And you're on the field not getting a lot of sleep, and then you got to go back to work on Monday, and it's like, oh God.

So, I'm kind of glad I'm not doing that no more.

[Kyser Clark] (24:48 - 25:07)

Nice. That's good that your company, you know, works with your military career as well. Because that was, you know, I got active duty, and, you know, going in the Reserves or the Air National Guard was an option for me.

And one of the reasons why I didn't was because I was afraid that some companies would hold it against me, you know, because you got to miss time from work.

[Trent Darrow] (25:07 - 25:07)

Right.

[Kyser Clark] (25:08 - 25:18)

And they're not supposed to. They're not legally, you know, allowed to hold that against you. But, I mean, let's be honest.

I feel like some companies do and can, you know, get away with it if they really wanted to.

[Trent Darrow] (25:18 - 25:19)

Yeah.

[Kyser Clark] (25:19 - 25:46)

So, that was one of the reasons why I didn't do that. Because, you know, I just didn't want to take a bunch of breaks in my civilian career. Because I knew it would be rough, and, you know, I applaud you for doing what you're doing.

Because I feel like, you know, changing gears like that all the time. You know, when you're active duty, because I was active duty, you know, like you just kind of used to changing gears. But you're still active duty all the time.

But, you know, putting the uniform off and, or putting the uniform on and taking it off constantly. That's, you know, I never experienced that. So, sent us in to learn a little bit about that.

[Trent Darrow] (25:47 - 26:44)

Yeah, it's not bad, man. So, what I noticed, like, the lower to mid-tier companies were harder to get in with the National Guard stuff. You know, help desk and some of the, you know, mid-tier ones.

And those were, I think those ones were more applicable to, you know, I hate to say discriminate. But, you know, so to kind of hold that a little bit. Because you're just kind of a peon, you know, that's, they don't, they just want you to get your time in and, you know, do whatever for the company.

Whereas, you know, once you get to kind of the more higher tier positions, they are looking long-term, you know, they don't, if you got to take a time off, especially to do cyber training, you know, you're only going to come back and benefit the company more. So, it's nice, you know, it's a good change. It's glad after, you know, 14 years, it's finally working out.

[Kyser Clark] (26:45 - 26:54)

Nice. It took long enough. That's, yeah, it's a long time to do that.

So, yeah, definitely thanks for your service and appreciate that.

[Trent Darrow] (26:54 - 26:55)

Thank you as well.

[Kyser Clark] (26:56 - 27:08)

Yeah. Yeah, I did six years active duty and, you know, I'm done now. I mean, I could, I think I just said it, but I could go back and do the reserves or go out of National Guard, but I'm kind of enjoying my civilian life right now.

[Trent Darrow] (27:08 - 27:08)

Yeah.

[Kyser Clark] (27:09 - 28:03)

Like, you know, doing my day job and doing my content creation. I have a lot of fun with it. So, one thing I want to know is I actually asked this a couple of podcast episodes ago, but I always like to have additional perspectives because everyone's got different strategies and opinions on, you know, how to prepare for, you know, offset search.

So, I told you off the recording, I was trying to go for OSEP and I went to that course a few times and I never took the exam because I didn't feel comfortable, but I got the OSCP on my first try. Like, I felt like when you were on the OSEP was challenging for me, but I got on my first try, it wasn't like, it wasn't overwhelming to me. Like I wasn't like in too deep.

I just basically got hung up on one machine and it extended my time for a while. But, but going from OSCP to OSEP, that's a national progressionist, you know, Penn 200 to Penn 300. But I found that's like, like for me, that feels like a giant leap.

[Trent Darrow] (28:03 - 28:04)

It was a very big jump.

[Kyser Clark] (28:06 - 28:15)

So, that's interesting that you say it's also a pretty big jump. So, what, what are some strategies that you use to, you know, overcome that hurdle and like bridge that gap?

[Trent Darrow] (28:17 - 31:31)

Yeah. So, I took extensive notes with all the different code that I had. It was all in my Gitbook.

One of the best things you can do was the first time I took the exam and I failed, I didn't do any of the challenges. I just kind of ran out of time. And I was like, you know, I had to set the exam set date here.

And then, you know, something like a bunch of crap happened and I didn't get time to do the challenges. And I was like, okay, you know, let's just, either way, let's go for it. You know, I have another attempt just in case.

And then, you know, to get actual practice. And after that first attempt, I just went back through and did a little challenges. And ironically, a lot of the code that I had written during the exam was actually used in the labs.

So, I would have, you know, helped myself out quite a bit if I would have, you know, used that code basically from the labs in the exam. Not that it was the same, but it was, you know, it's done the same path. So, those challenges are definitely helpful.

Make sure that you have all of your code right now in a good, easy, copy and pasteable format. You know, that one, and especially the first time I went through, I, I'm trying to think what happened with my VM. Run all your tools through a proxy and make sure they work.

That really messed me up. I was having some really crazy DNS issues with, you know, Bloodhound and similar tools. Like, I tried using a new Bloodhound CE and it was just all sorts of broken through the proxy.

And then, I was, you know, scurrying during the exam, trying to get the old one on and running Python dependency issues. And, you know, just add, you know, and just make sure it all works through proxy. Even, even if it's, you know, you can test that on like HTB or, you know, in the proving grounds if you have the offset, you know, subscription.

It doesn't need to actually be, you know, two hops away. You can still pivot it through a proxy. You know, even if you're just proxying it through your own system, you know, just to make sure that your stuff works.

Yeah, I like doing CTFs. That's always fun to me. I do one to maybe a year.

In some aspects, you know, I got to finish the holiday hack from SANS last year. There's a small CTF during the exercise up in New England. You know, SANS puts out a handful of them every so often.

I like hopping on. You get a chance. Even if you don't get to do all of it, it's, it's a lot of things that you'll never really see in the real life, except for the SANS holiday hack that actually, it does include quite a bit you'll actually see, but it teaches you to kind of dig into details, right?

It's, it's not necessarily to figure it out and hack, you know, this crazy satellite communication stuff like, okay, but, you know, being able to dig in and troubleshoot and, you know, get things working is definitely going to help.

[Kyser Clark] (31:31 - 31:37)

So the SANS holiday hack, or I guess all the SANS CTFs, so are they, are they competitions?

[Trent Darrow] (31:40 - 32:07)

So they do have a couple of competitions ones, where they do hold like a ranking. I know like the boot ups, CTFs do hold rankings. The holiday hack is, I don't, they hold some level of competition with like the write-ups that a lot of people do.

And you can win stuff on the write-ups, you know, shout out from that. But, you know, I got to Huddie from last year because I finished them all. So, you know, you just go in that winners group.

[Kyser Clark] (32:09 - 32:16)

How does, how do you sign up for that and actually take part in those CTFs?

[Trent Darrow] (32:16 - 32:57)

Yeah. I don't think you, you might have to, I don't think you actually have to have like a SANS course or anything like that for theirs. I want to say, you know, if you Google just SANS holiday hacks, I don't think they're opening registration yet for 24, here it is.

But you can still go back through and do previous holiday hacks, do last year's and the years prior and use their discord. Their discord is fantastic with, you know, if you just need a nudge and you can search in there, hey, working on this thing. And I'm sure someone has asked the question and find at least a nudge in the right direction.

Now I used it, a couple of them.

[Kyser Clark] (32:59 - 33:07)

And with the CTFs, are they, do they cost money and are they in person or are they like online based?

[Trent Darrow] (33:08 - 33:33)

So I know they do some in person, like during the courses and stuff, but no, I've always done a free virtual. Yeah. I don't think I've done, I did one CTF in person and it went horribly.

I was back when, before I took the OSCP the first time and I had no business messing around in that. I think I just opened up Armitage and just started throwing traffic at the wall.

[Kyser Clark] (33:34 - 33:39)

There's like a button that's like auto-hacking, literally just trying every metasploit module possible.

[Trent Darrow] (33:41 - 33:44)

I was like, I don't know, man, just, I had no business.

[Kyser Clark] (33:46 - 33:48)

It's like sending a Hail Mary. I think that's what it's called, a Hail Mary.

[Trent Darrow] (33:49 - 33:53)

Yeah. I think it is. Yeah.

Yeah. I haven't used that since.

[Kyser Clark] (33:54 - 34:11)

I don't use Artimage. So for the listeners and viewers, the Artimage is basically the version of Metasploit. I always just use the command line of Metasploit.

I think it just works better for me. So, but yeah, the GUI. Yeah.

I think there's literally a button just called Hail Mary and you just click and it just fires everything. That's funny.

[Trent Darrow] (34:13 - 34:55)

Yeah. Yeah. And it's like about Metasploit, right?

With OSCP, you're only allowed to use it once. When you're going through the training, if you see that something is exploitable by Metasploit, use it. If it exploits and it works, then you know that that thing is exploitable by that CVE or that vulnerability and then go back through and find the proof of concept code.

And then you know that you're going down the right track. It doesn't say that you can't use it more than once in the labs. Utilize it just to prove that this is the exploitable route that you should be taking.

Just to help build that confidence a little bit that to know you're looking at is correct.

[Kyser Clark] (34:58 - 36:08)

Yeah. I'm glad you mentioned that because I think one of the boxes, at least in the old labs, one of the boxes, I was trying to figure out how to exploit it. I found the vulnerability while I was trying to exploit it, not through Metasploit because I was trying to not use Metasploit because you only get to use it one time during the exam.

And I went to the discord and was like, how do you exploit this without Metasploit? And the mentors were like, no, we intend you guys to use Metasploit. You're like, that's the solution.

And we're like, oh, all right. But with your exam, you do get to try one machine, you can have Metasploit. And if it fails, then you're still locked in that machine.

So if you hit a box and it fails, you're still locked in that machine. But if it succeeds, you can still keep using Metasploit. So you can theoretically, you know, privilege escalation with Metasploit too on that same box.

So I didn't use Metasploit. And I did, there was a box that I didn't get into. And I did fire Metasploit module, like last minute, I had enough points to pass.

I was like, let's see if I can just get 10 more points real quick. And it failed. I'm like, I'm going to bed.

I got enough points.

[Trent Darrow] (36:09 - 37:05)

Yeah. Yeah. I remember the first year or the first time I tried it.

I think I started at like one in the afternoon or something. And, you know, hammering away all day, finally go to bed at like, you know, five in the morning or something, catch three hours of sleep. And there was one of the boxes.

I was like, I can't think of any other route. I can't find nothing. I think it's this route.

You know, I kept trying all the, you know, GitHub proof of concepts and I'm sure that there was something stupid about it, but I think it was like noon or something. And, you know, the next day I forgot that I had used Metasploit. And I knew that it had a module for it.

And I was like, yeah, let's just see if it runs. I haven't ran it. Like, even if I get this box, I'm going to fail, who cares, you know, and punch it in and then immediately get a shell.

And I'm like, oh my God, trying to hammer away, trying to, I'm like, there's a chance, you know.

[Kyser Clark] (37:07 - 37:16)

Nice. All right. Well, unfortunately we're out of time.

So I'm going to ask you the final question. Do you have any additional cybersecurity hot takes or hidden wisdom you'd like to share?

[Trent Darrow] (37:20 - 37:44)

Yeah. It's okay to take a break every once in a while, so you don't burn out. That's for sure.

That's just a little bit of wisdom. It's okay to go take a hike or go on a vacation and not study or bring your laptop and relax. I guess for a hot take, and I'm going to say AI is not taking our jobs.

We're in a safe field.

[Kyser Clark] (37:45 - 38:06)

I made a video about that recently and I said, you know, in five years, a little over five years, I feel like entry-level jobs might, a big might, you know, I don't see it. I don't think it's like super confirmed, but yeah, I feel like as long as you're learning and you're keeping your skills up to date, then you're safe. You know, that's basically, as long as you keep learning stuff, you'll be all right.

[Trent Darrow] (38:07 - 38:12)

Yeah. AI is going to create the vulnerable software for us. So start learning web apps.

[Kyser Clark] (38:14 - 38:24)

Yeah. That's a good point. Wow.

They are going to, yep. That's a good point. Well, Trent, thanks for your time and where can the audience get a hold of you if they want to connect with you?

[Trent Darrow] (38:25 - 38:52)

Yeah. LinkedIn is probably the easiest way. Just, I think Trenton or Trenton Darrell, I can't remember which I have on there.

I have a Twitter. Don't ever get on it. Yeah.

I don't know. Twitter locked out in Iraq, so they haven't been able to like, I can't like anything or add any more followers. I don't know.

I don't know. I never looked into it. So yeah, LinkedIn was probably the easiest way.

[Kyser Clark] (38:54 - 39:31)

And LinkedIn is also the easiest way to contact me, audience, if you want to get a hold of me, as well as Kyserclerk.com, my website. Thank you, Trent, for taking your time doing this. I really do appreciate it.

I got a lot of value out of this. I believe the audience got a lot of value out of this. So yeah, thanks for doing this.

And audience, if you haven't reviewed the show already on Spotify and Apple Podcasts, do me a favor, do a five-star review. That'd be the best way to support the show right now. So if you do that, I'd appreciate it.

Until then, I'll see you on the next episode. Thanks for watching. Thanks for listening.

Kyser, out.