Manager of Belfast Threat Research Center, WhiteHat Security
Who are you, and what do you do?
Hi, I’m Johnathan Kuskos and I’ve just recently moved to a management role for WhiteHat Security’s Northern Ireland based Threat Research Center. Before that, I had slowly grinded up to a Senior Application Security Engineer position primarily focused on winning bakeoff’s vs. other respected security vendors =). Prior to WhiteHat life, I was just another college kid with a CS/EE background trying to figure out what I wanted to do with my life. The earliest I can remember really hacking was using a hex editor on earliest versions of NES roms in the late 90’s while in middle school. Today, I’m spending most of my time teaching young engineers the tricks of our trade.
What hardware do you use?
Plain off the shelf Macbook Pro, and that’s only because work paid for it. The best part about being a web application hacker is that you need very little hardware to accomplish amazing feats (A single Raspberry Pi has enough power to do simple client to server attacks). Everything I do could be done with a $300 laptop from Best Buy; My “rig” is probably the lowest budget you’ll ever see.
What does your testing network or lab look like?
I’ve got a decent set of Docker rules that I use to spin up dummy “Hello World” applications as quickly as possible in order to mimic the servers/frameworks that I’m able to fingerprint when manually assessing a site. It allows me to fuzz in greater detail since 99% of my focus within WhiteHat is not bringing down a live production site.
What tools and software do you use for your trade?
Burp Suite accounts for 95% of my tool use. The few extender modifications I’ve made are just quality of life improvements. I tried DOMinator Pro last year but was frustrated with how often it crashed whenever DOM usage was high. I’d like to think my specialty has naturally evolved to being the “bypassing WAF’s” guy. I’ve built a fuzzer that I’m constantly modifying and hope to release when I feel it’s of acceptable quality.
What is your dream setup?
I’m a simple guy with simple dreams, 4K monitors are pretty and I’d have no qualms with being surrounded by several.