Freelance Security Consultant, Tool developer
Who are you, and what do you do?
My name is Ryan Dewhurst (@ethicalhack3r), I live in France but I’m originally from the UK. I recently started freelancing at Dewhurst Security where I mainly carry out Web Application Security Assessments and External Penetration Tests. Before that I worked as a consultant for 5 years for a British security company. And before that I did a BSc in Ethical Hacking for Computer Security.
I’m probably most known for the work I did on Damn Vulnerable Web App (DVWA) back when I was still at university. I don’t actively develop DVWA anymore but over the past few years I have been working on another project called WPScan and the WPScan Vulnerability Database with a small team of awesome people.
I have partaken in some bug bounty programs but haven’t really spent too much time on them. I have been known to blog, contribute to other security related projects and some small work on the OWASP wiki and testing guide.
What hardware do you use?
I do most of my work on a mid-2012 13″ Macbook Pro which is connected to a 22″ monitor while I’m in the office. I find the 13″ Macbook Pro great for traveling with and powerful enough to do most of my work from. It currently has an Intel Core i5, 16GB RAM and a 250GB SSD. I feel this might need to be upgraded sometime in the near future as it’s getting on a bit now.
Apart from that I have a custom build Intel Core i7 machine with 16GB RAM and 2 x 1TB HDDs. I mainly use this as my lab machine when I need to spin up more than 3 or 4 virtual machines for testing. It probably doesn’t get as much use as it should as I find the Macbook Pro can handle most things.
I have a backup NAS with 2 x 2TB HDDs which I use to backup personal files. I hope to upgrade this soon too as it is starting to show its age. I have a ton of other hardware that sits on my shelf and doesn’t get much love, such as a couple of Fon+ routers, a couple of Hak5 WIFI Pineapples, USB hardware keyloggers and a bunch of other routers, switches, hubs, etc.
Oh! And I have a few old Android devices which I use for Android app testing. I recently rooted my old HTC Desire Z!
What does your testing network or lab look like?
I pretty much just use VirtualBox on the Macbook Pro when I need 1-2 machines to test on. Some of the virtual machines include DVWA, Windows 7, Kali Linux, OWASP BWA, Ubuntu Server/Desktops, OpenBSD, Fedora and a bunch more.
When I need a handful of virtual machines I’ll spin up the custom build i7.
What tools and software do you use for your trade?
Burp Suite would be the main tool that I use during testing. I use Nmap for host discovery and TCP/UDP port enumeration and versioning. I usually run Nmap with the -A switch at first and then do a full port scan (-p0-65535). I will use Massscan when doing any Internet wide scanning which I may do for research purposes. I always run Nikto during tests as it always seems to find a gem or two which other scanners may miss.
Dirbuster for content discovery, mainly using the default small list as I find that a good trade off between findings Vs time. And maybe Burp’s internal content discovery functionality.
I will use the Dradis Framework on large projects or when it is required to be used by the client. I find it great for organizing findings and helping with reporting.
And of course, I use WPScan when testing WordPress installations.
If no tool fits the job I will write some custom scripts in Ruby.
What is your dream setup?
Updating my setup has been on my mind for the past few months. I don’t think I could part with Apple’s hardware quality so maybe a new Macbook Pro connected to a large 27″ monitor. I have considered the 27″ iMac and even some of the Lenovo laptops with Linux installed.
Go forth and be awesome!