Welcome, all of you, to a new episode of Hackwise!
Today we're doing something different:
We have a special guest here,
DragonJAR!
Jaime: Well, hi, everyone!
My name is Jaime Restrepo,
I am devoted to the world of infosec,
as well as lending my services in security,
digital forensic analysis and also
training others in these fields.
César: The aim of this video is, evidently,
for you wisers to know a bit about people specialized in
infosec, dedicated to this.
And today we have an interesting format,
because we're going to try both mexican and colombian candy!
Jaime: Well, let's start with the traditional stuff.
For example, this one, very similar to milk caramel.
It's called "cortado", this comes from Valle del Cauca in Colombia
it's rather similar to milk caramel
but it has pieces of... something like cheese,
they're chunks of milk that curdles in the process
and it's quite delicious, it's something...
I dunno, I don't think you've ever tried it before.
César: It looks like it's in a coconut shell, or eggshell...
César: Something like that, maybe. Jaime: Actually, that container is called "totuma",
Jaime: And that's a fruit whose shell dries up,
and it ends up being like a bowl, it's quite traditional.
César: You know, to me it tastes... For mexicans,
it tastes a bit like cajeta [goat's milk caramel],
But... It has hints of lemon.
César: Tastes great!
César: Perfect, let's continue with mexican confectionery,
César: These are "Obleas",
they're basically wafers with cajeta sandwiched in,
they're scrumptious, they're typical...
César: And well, let's have Jaime try them... Jaime: Putting some flavor into the "body of Christ"!
(both laugh) César: Exactly, because it is a wafer, more or less.
Jaime: This is tasty.
Cajeta is quite different from
what wafers are served with in Colombia, they put...
arequipe [milk caramel], coconut, fruit...
César: How did you get started into infosec?
Jaime: Well, actually, I didn't start into that right away,
I started as... let's say, a lot of...
Possibly, someone who enters this sector, of technology,
through videogames.
Jaime: I had a Nintendo NES, one of my favorite consoles,
And then I started playing with computers.
Jaime: One thing led to another, I started making Messenger apps,
actually some of them are still up in the Internet.
Jaime: Search "Fenix MSN", they're...
the downloads are still up there...
César: Really? Was it, like, a Windows Messenger addon?
Jaime: Something like that. César: I think I used it, once, really!
Jaime: So, I started focusing on Messenger,
developing apps for it, one thing led me to another,
Ehm... I made a website....
Jaime: And, on that website I posted about what I learned.
Jaime: basically sharing information, that's what started to...
to take me to this world,
when I started noticing people shared more than me in the comments,
I said, "it's time to open a forum"...
I opened a forum to give a voice to those people that,
were screaming for it, in a manner of speaking.
Jaime: This one is not very common, possibly
a lot of your subscribers don't even know it yet.
Jaime: This is a magnificient coffee bean...
covered in dark chocolate,
and its peculiarity of this candy is, you must chew it.
Jaime: So the coffee will mix with the chocolate
and the mix is really interesting.
César: That's what I was going to ask you,
because I was a bit afraid to say:
"Should I suck it or chew it?"
(Jaime laughs) César: Sounds a little strange, but well...
Jaime: People would be trolling you in the comments!
César: Whoa...
César: It's strong, the flavor...
César: I mean, the coffee bean is actually, quite strong...
César: Dang, for those coffeee lovers out there,
I think this is amazing, and the chocolate, the combination...
it's really good, truthfully, really good.
César: Let's try a mexican one that I particularly like a lot
we know it as mazapán [marzipan],
César: I understand that, for those that are not from Mexico or Colombia,
it's a ground candy, made out of peanut...
César: That's basically it... Jaime: Maní [peanut], we call it.
César: Oh, maní? Well, maní it is, then!
How do you call it in your location? Leave a comment!
César: We call it "cacahuate", look...
César: This one, personally, I like it a lot.
Jaime: Do you split it, bite it, or how do you...?
César: Oh, you take a piece, and pop it into your mouth.
César: I don't know if it tastes like the ones you've tried, or similar...
Jaime: This one is drier.
César: I dunno if you could talk about your first experience
exploiting a system, accessing a system.
How did it happen?
Jaime: Well, promptly, it wasn't "exploitation",
but taking advantage...
of exposed information.
Jaime: This was when dial-up
was a necessity to connect to the internet.
Jaime: Back then, I didn't have Internet access.
But, I found a set on the trash,
Jaime: a phone line receipt from someone else, César: Trashy!
Jaime: and there was the access information
to connect to the internet.
Jaime: Turns out, it worked. I was able to connect to the internet
with all that it implied, the complaints of the siblings that wanted to use the phone,
they would pick up the phone and the download would be damaged...
Jaime: But worst of all, the neighbors found out
and called the number on the invoice, and I got into trouble.
Jaime: These are "Panelitas" made out of milk caramel.
We call it "arequipe" in Colombia.
César: "Arequipe"... That sounds familiar... Arequipe?
Jaime: Arequipe, it's like milk caramel. César: Isn't it a locality as well?
Jaime: That's "Arequipa" in Peru.
César: Alright, let's... Jaime: They're little blocks...
César: It came apart!
César: They're really good! Jaime: They're delicious, normally they're used
as a side dish for other foods like "mazamorra"...
César: Whoa, I dunno what that is. What's that? Jaime: Corn cooked with milk...
Jaime: It's like Colombian Kellog's...
César: Okay, like cereal? Jaime: Creole cereal, in a way.
César: Well, this is a...
When you try it, let's see if you can tell what it's made of.
Jaime: Right. César: I think it'll be easy, isn't it sold in Colombia too?
Jaime: No, but I've actually been to Mexico many times. César: Ah, perfect.
César: And do you like it, or not at all?
Jaime: It isn't one of my favorites but I don't dislike it either.
Jaime: I know you push it here until some sort of hair comes out...
"Your afternoon without Pelón Pelo Rico..."
"Your afternoon WITH pelón Pelo Rico!"
César: What's your advice for others to enter this world?
How to enter the world of infosec?
Jaime: That's actually a question I'm often asked.
Jaime: Actually, I think I see it every day.
First, be decided. Why? Because once you get involved with infosec,
It's hard to get out of it.
Because it's a world that engulfs you completely,
it's a world that is in constant update,
Jaime: Once you know what you want, do it with all your effort.
What are you going to do? You'll read a lot,
but you'll also complement it with lots of practice
because reading without practicing leaves nothing in your mind,
you simply remember you once spoke
about such technique you read in such book
but since you never put it in practice
when you finally need to make use of it, well
it'll be like you knew nothing at all.
Jaime: Be... not related, but updated; know how to choose your sources.
When I started on this there were very few sources of information,
and now you have, let's call it...
the term is "infoxication",
you're overly saturated with information but you must
be "content curators", you must know well who to follow,
who not to follow so you get quality content.
Jaime: A good account to follow is @DragonJAR on Twitter!
There's the self-advertising.
César: There it is- No, that's perfect! You should follow him!
César: And, I think that...
I'd also link this question: What to study?
Jaime: Thing is, everyone is a world in their own right.
I also studied computational systems and telecommunications,
which is the specialty... Say, the line laid by the university I studied at,
which is Manizales University.
Jaime: Then... I also know a lot of people that did not even graduate college
and they're excellent at infosec, so
one thing is not a requirement for the other. César: Right.
Jaime: But being regular is a requisite,
and again, to put in practice everything you learn.
Jaime: So, fortunately in infosec and in the world of technology in general,
it's rare that you get asked for a degree,
you're judged for what you've done or what you've contributed to the community in general.
Jaime: So, if you don't want to take the university path, that's okay.
If you want to take it that's good as well, since it will
give you a lot of bases, but one thing isn't required for the other.
César: Right, in the end they're just tools and
between not having and having them,
it's better to have all the credentials you can possibly get, right?
Jaime: besides, enrolling in the university also helps give that satisfaction to the parents,
of, "Hey, my son has a degree!", right? César: Right!
César: There's bachelors and engineers.
Jaime: So, if you'd like to give that to your parents, and graduate, do it!
You're not going to waste time because you can combine the knowledge you're imparted
with what you're passionate about
and if they're making you write a program,
you can apply that to something related to infosec
and that way you can practice both things.
Jaime: This is artisanal candy. César: Okay, that one looks real fancy.
César: Like, really elegant.
Jaime: This is a fruit called "Tomate de árbol" [tree tomato] in syrup.
Jaime: Okay, so, try it, if you can eat a whole tomato, the better.
César: In the meantime, while I try to get this out,
why don't you tell us, ehrm...
César: A tale about a security audit, but one that was a big challenge for you,
something that made you say "That was hard, but I made it".
Jaime: Well, not too long ago we had the opportunity of auditing all the infrastructure...
César: I'm sorry, but look, what's this? Look at the size of this!
César: I'm not putting all of that in my mouth! Look!
Jaime: You're going to cut out those phrases, see...
César: Perfect, I kinda sliced it... this looks like a pepper, eh-
César: Hey, this is good!
Jaime: It's really tasty.
Jaime: And it's not that common. César: Nope.
César: But really...
César: I hadn't tried it. I have no idea what it is.
César: I got dirty, everywhere.
César: I'm sorry, Jaime, you were telling us?
Jaime: Not long ago we had the opportunity of auditing smart electrical meters for a whole city -
an island, actually, and it was an interesting challenge,
because not only it has the typical infrastructure
of the servers, the web app that carried out the logistics,
but also we had to interact with different protocols, with hardware,
and with the operators in charge of
manipulating the electrical posts,
they climbed on them to carry out tests, so it was really interesting
and it was on a paradisiacal island in Colombia...
the whole project was really nice.
Jaime: We learned a lot, there.
César: Something kinda exotic, in an island... Jaime: In an island, yeah.
César: Well, you got to have free vacations there- Actually, what vacations, you were quite busy!
Jaime: What if I told you we didn't go to the beach at all? César: No!
Jaime: Actually, we were at the electrical plant,
where we had to work, obviously well equipped with helmets and
complying with all the normatives of that kind... César: Safety...
Jaime: That kind of situations. It was far away from the tourist area, so
a company transport picked us up early
to take us to the power plant and returned us late
to the hotel, so it wasn't quite vacations, but something interesting that...
Jaime: We learned a lot from. César: More or less how much time
César: did you spend at the plant auditing? How many hours a day were you there?
Jaime: We... It depends on the needs, more often than not,
it isn't a common situation but it's happened to us, when working with the government,
where there are due dates to meet
and projects planned for three months have been thrown at us that we've done in 15 days.
Jaime: So, those times we had 10-15 hour work days
and, we needed many people working on the project at the same time.
Jaime: Actually, that was on a hospital, and as a weird fact
I ended up checked into the hospital... César: No, hahahah!
Jaime: Due to the... César: The stress, the work...
Jaime: Yeah, I suffered tachycardia and since I was there already I was taken to the ER
and they hooked me up to an IV solution,
it didn't get worse but... I was gonna audit the hospital and I ended up being "audited".
"I was gonna audit the hospital and I ended up being audited." --DragonJar 2018
César: That's a good catchphrase, you know?
César: See, Wisers? it ain't easy, it's fun but it isn't easy.
César: Let's continue with a mexican candy,
this is the famous Pulparindo...
César: Made with tamarind... Jaime: It's an acquired taste, right?
Jaime: Because I took some of these to Colombia and
Jaime: only a few people liked it. César: See, many foreigners, mainly americans,
don't like it, because they find it a bit spicy.
And sometimes they wonder: "Why is all mexican candy spicy?"
César: "They make everything spicy!" Jaime: But that's true!
Jaime: This is called Super Coco, it's coconut nougat...
Jaime: It is the famous "tumbadientes" [tooth knocker]
Jaime: Us Colombians know many kids have lost teeth César: "Tumbadientes"... Nooo...
Jaime: chewing this...
César: I was gonna ask you, "Why 'tumbadientes'?", right?
César: I mean... Jaime: Yeah, because it's really tough nougat
Jaime: so, when chewing it it sticks to your teeth,
if you have a loose tooth it sticks to the nougat.
Jaime: Try it.
César: Let's try the "Super Coco"...
César: Perfect...
César: It's nougat, okay, dang it looks... quite...
tough... Lesse...
César: Agh! Okay, no... It knocked a tooth off, too!
Jaime: It's one of the most delicious.
César: Tastes like coconut. Right?
Jaime: That's why it's called Super Coco.
César: Okay, I see!
César: "Hey, tastes like coconut, I wonder why!" Because it's made of coconut!
César: Okay, everyone knows it's coconut, perfect...
César: It's good! Jaime, why don't you tell us, according to your perspective:
What do you consider a hacker must have?
Jaime: Thing is, making a recipe of what a hacker should be is quite hard.
César: Sure. Jaime: Because there are many paths they can take.
Jaime: If we resume it on a phrase like,
"Hunger for knowledge", that would sum it up.
Jaime: Because no matter which path you take, if you'll do forensics, if you'll do...
If you are a creator of exploits, a tester...
Jaime: Even if you'll be a teacher,
everything requires you to be hungry for knowledge.
Jaime: Actually, what's that you say?
"If this reaches so many likes, we'll repeat this event"?
César: If this reaches... 10,000 likes, we'll do a part two of this video with DragonJAR in Colombia!
César: I've put my neck into the noose because 10,000 likes are easily reachable... Alright!
Jaime: There's another kind of candy you cannot miss out on.
César: No, that's alright, go ahead. Jaime: This is milk caramel, but...
this arequipe in particular has coffee in it.
Jaime: So aside from being your typical arequipe,
it also tastes like coffee.
César: I insist, your candy is all fancy, they're high class, I mean,
this looks like one of those capsules you use to brew coffee, that you stick into the machine and pssshhh...
César: It's really pretty... "Arequipe con café"... Let's try it.
Jaime: That company- César: HEY IT TASTES LIKE COFFEE!
César: It has coffee! Jaime: "And it tastes like cajeta!"
Jaime: Actually, any foreigners that would like to have nice coffee and don't want to
limit themselves only to Juan Valdéz, Café Quindio is a really nice brand,
Lucaffé is a good brand too.
Jaime: They're not as known as Juan Valdéz, but they make great coffee.
César: Whoa!
César: This is REALLY good! Jaime: Oh, so everything else wasn't?
César: I liked everything, but this really caught my attention.
César: You know what I like about this? It's kind of like custard, like...
César: It's soft, really soft, and it's easy to eat.
Jaime: Well, we'll leave the money story started, right?
Jaime: Sometimes, mistakes cost money.
César: That's true! Jaime: It happened to us.
Jaime: In one audit, that...
Jaime: We took a machine there, one of the tips I always give is
don't use your personal computer as a work computer,
So, we took a computer and it wasn't enough, resource-wise,
Jaime: because we had to keep many sessions active
from different PCs we had cracked at the same time, more than two hundred active sessions,
Jaime: I'll send you a picture so you put it up... César: We'll post it, of course!
Jaime: And, we couldn't keep the sessions up at the same time,
so we had to run out to a hardware store
to buy a computer just for that process.
César: Well, I think we're saying farewell on this video now,
but first tell us about your social media accounts, pages, projects, where to follow you,
César: Where to see you... Jaime: They're a lot, from Twitter: @DragonJAR
to mention the media we're most active on, and have the most followers.
Jaime: Instagram, Dragon.JAR, relatively new account, I was forced to create it
by popular vote...
Jaime: On Facebook, you can find us as Comunidad DragonJAR
Jaime: And on Youtube there's DragonJAR.tv
Jaime: Enjoy it...
César: Perfect, Jaime; well, Wisers I hope you liked this video,
if you liked it leave a comment and a like,
César: Also let me know if you'd like us t ocontinue making this kind of videos,
maybe, mention who you'd like us to invite to see if we can make it
a reality. Jaime, thanks a lot for coming and being part of this video,
César: The first Hacker security consultant that visits us from Colombia in Guadalajara,
César: And well, thanks everyone for watching, see you next time, goodbye!
Jaime: So you can make it to 10,000 likes just like that? César: Yep, I think I'm done for.
César: Now we're gonna have to go to Colombia... Again Jaime: Again.
No comments:
Post a Comment