Let’s hack the planet with sparcFlow

Hi guys! I’m back with an amazing interview! This time with @sparcFlow, the author of “how to hack like a pornstar”, he actually has a series of books called “hacking the planet”, so please follow him right now!

https://nostarch.com/how-hack-ghost

Let’s go!

WHOIS sparcflow

Hi I’m Sparc Flow. I wrote the series of books “Hacking the planet”, most notably How to Hack Like a Pornstar and How to Hack Like a Ghost.

Now we know who he is… but what is his story and why is he here?

How did you start hacking?

In my teen years, I had a friend who was into hacking games and Instant-Message accounts. I was very drawn to that way of thinking. 5 or 6 years later I fought hard to get into a college with a major in security. Unfortunately, I discovered early on that the first two years had nothing to do with computers, so I headed to the library, picked up the biggest book about security and started reading it every day. That book was “Counter hack reloaded” by Ed Skoudis. I loved it. I read all the security books I could find: hacking exposed, the art of intrusion, web application security then transitionned to phrack articles, white papers on packet storm, DEF CON talks, etc. Along the way I experimented, wrote tools, exploits and so on.

This is very important to me because this is something that many hackers have in common, most of them are self-taught, they read books, articles and practically everything they can get their hands on to learn more and more.

Now… a lot of people want to get into hacking but… do they know the reality of it?

How is your day to day as a penetration tester?

I was a pentester for about 5 years. The typical day varied a lot. When I started, I was very hands-on all the time. I’d get a scope: web app, infrastructure, whatever and I’d try to break in, find and collect data, etc. Each assignment has its own scope, threat scenarios to simulate and so on. The role evolves as you take on more responsibilities: Some days I’d show up at 5pm at the client’s office to help out a colleague get that domain admin. Other times, I’d review a couple of reports written by colleagues, or write down a commercial proposition. I was involved in the R&D team as well, so we’d write articles for the blog, magazines, prepare talks, write internal tooling, etc.

WOW! This is very important because the reality is very different at least from what I thought and this changes even more as you have more responsibilities! So no guys it’s not all about having a terminal and running command, I would like to but it’s not.

But… how do we get the knowledge he has and not just get the theory… practice makes perfect! And to back this up he has a great article showing us his opinion on CTF’s! Go read it right now!

https://www.sparcflow.com/are-ctf-games-the-best-way-to-learn-pentesting/

What are the pillars of hacking for you?

Curiosity and grit. You gotta have curiosity to ignite that first spark but that’s not enough. You need grit, slow perseverance toward a long term goal to keep you going, digging, until you find that crack in the window.

Ok you have this and if you’re here it’s for a reason… but how do we get a job? On sites like Linkedin we see requirements like:

  • Computer Science degree
  • OSCP certification

But… do we really need this?

What do you think about hacking certifications?

A good alternative to regular a computer science diploma to pass Human Resources filters or negotiate a higher salary.

This blew my mind, the reality of this is that they can be helpful to pass some filters but many times they will ask for it but I think another way to show what you know is to create projects, use GitHub, create a blog, etc.

So don’t feel bad if you can’t afford a university degree or a certification like me, maybe it will cost you a little more but with a lot of discipline you can do it.

Let’s be honest, I want to be like him, like hackerfantastic, John Hammond, occupypytheweb, but how?

What advice would you give them?

Find your edge and lean into it. Being excellent at something takes hard and smart work. You won’t make a dent by being a moderately good generalist.

So guys… work hard and smart, learn from books, Youtube, courses, blogs and obviously follow @sparcFlow, buy all their books that are really great!

Thanks to @sparcFlow for taking the time to answer these questions and to you for reading it and following me! ❤

sparcFlow: More sharing and less drama. Less gate keeping and trashing new opinions. Less user shaming and more vendor accountability.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Martin Martinez

Martin Martinez

330 Followers

Jr Penetration Tester 😎 Twitter: @martdevp 👨‍💻 GitHub: noli18p 💻