Senior Security Researcher, (Fortify on Demand – an HP Company)
Who are you, and what do you do?
My name is Craig Smith (@craigz28 on the twitter). I’m a Senior Security Researcher for a Dynamic/Static security testing group within HP. I have been in IT for over 20 years and in InfoSec for over 10 years. In the past, I have been a developer, a manager, a penetration tester and all around good guy. My primary areas of security focus are web applications, networks and Internet of Things. I have a gaming rig that is seriously underutilized and an extensive network. I can be found on the twitter (@craigz28) and my blog site (craigsmith.net).
What hardware do you use?
(breathing in deeply…scene from Ace Ventura: Pet Detective)
My main rig is a 2008 Mac Pro (still a beast) with Dual Quad Core Xeons, 40GB of RAM, and an Nvidia GTX 770 pushing a 28 inch 4k display with two 24 inch monitors on either side in portrait mode. It has a 480GB SSD for the main drive with 4TB available on RAID 0 drives.
All my Macs run VMWare Fusion that I use for all manner of virtual machines.
Gaming rig which as I mentioned is highly underutilized runs an Quad Core i7 with 16GB or RAM and two Radeon 7950s pushing another 28 inch 4k monitor.
Ok, so networks and Hyper-V servers.
I’m running two Hyper-V servers. One, kinda the staging server is an HP z600 workstation with a Hexacore Xeon and 60GB of RAM. It’s also running a virtual enterprise level firewall to connect to my gigabit internet connection. That’s right gigabit… symmetrical.
I also have a separate enterprise firewall to connect to my other internet connection whose name is a four letter word. Slow by comparison.
My second Hyper-V server which is kinda the production box is a brand new Dell (sorry HP) T430 server with 32GB of RAM, an Octacore Xeon and 12 TB of drive space running in RAID 6. I have a full Active Directory deployment with my own Exchange server and have my data and VMs backed locally as well as in the cloud using Azure.
My network consists of various VLANS broken out by servers, DMZ, internal, etc. all running through Cisco switches.
And if that isn’t enough, I have about $10k of IoT devices piled in a closet from testing.
Wow, seriously didn’t realize I had that much stuff till I started writing about it.
What does your testing network or lab look like?
My testing rig, primarily used for beating the crap out of Internet of Things devices is a 2011 i5 Mac Mini with 16GB of RAM running two OWC Extreme SSDs in RAID 0. Stupid fast read/write times. It also has a 27 inch Thunderbolt display attached to it and various wireless routers and port mirrored switches for sniffing all that network goodness. I’ve also been tinkering with Zigbee sniffers and a JTAG programmer.
What tools and software do you use for your trade?
For web security testing:
I mostly use Burp Suite and otherproducts (HP stuff), and fuzzing lists from Seclists. I also have various VMs (Wavsep and HP’s Zerosite) set up for testing, training and using for the testing of application firewalls.
I only use Netscape for my browser 😉 Actually I use them all for my own personal reasons as well as testing. The usual suspects for plugins.
For IoT security testing:
I use a mix of everything; Burp Suite for web interfaces, various tools on Kali and my Mac for breaking network services and some mobile stuff. I use the OWASP IoT Top Ten Project for our testing methodology which was spearheaded and created by our group here at HP. As I mentioned earlier, it also has wireless routers and switches with port mirroring attached to it.
I use a myriad of Microsoft Office products, capture most of my notes in well Apple’s Notes and I primarily use iMessage for texting or Voxer when I want to go all walkie-talkie. I use a Plantronics headset so that I can walk around the whole house with great audio. I listen to Spotify for music.
What’s your dream setup?
I’m all set for now. I was Bitcoin mining pretty heavily for a while, but alas, it’s just not profitable anymore.