banner
毅种循环

毅种循环

头顶铁锅接收宇宙能量
HomeArchivesNFT 展示关于

The suffering in the world is not unbearable, just give money.

#随笔337
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The author hasn't updated in a while due to work commitments. They discuss the future of red teaming and the importance of practical skills. Many people in the industry have a short-term mindset. It is important to remain humble and strive for growth. The author shares a story about a dispute over compensation and their differing perspectives with their girlfriend. They wish everyone a happy day.

This is 2023/10/14. I haven't updated for a long time.

image.png

Screen#

Since September, I have been very busy. Almost every weekend is occupied. Tasks come one after another, and I rarely have the leisure to work on my own things. It's all a blur.

A few days ago, I attended a colleague gathering, and someone who used to know me well said to me, "Looking at my current state, I'm not as dedicated as before." Of course, he was only referring to my pursuit of technology, work attitude, and work content. I am quite saturated in these aspects.

I agreed and said, "That's true, my current state is not as good as before." Because I have changed my job content and direction, I no longer need to be busy with practical things. With all the knowledge I currently have, I can handle the existing work content with ease. I no longer need to actively pursue higher levels or maintain a competitive state or a sense of crisis.

Here, I want to briefly discuss the future development of red teaming.

Career#

The simplest and most intuitive truth is that the achievements of a red team are in demand in the market. The large number of attack-defense projects has created a high demand, leading to various outsourcing and high-priced recruitment behaviors. The most important and core aspect of red team personnel is their practical ability.
Practical ability, in simple terms, means that you can defeat the target. It doesn't matter what method you use, whether it's taking shortcuts or seizing opportunities. All of these can be considered practical abilities.
The red teams of the client side and the red teams of the service side are completely different. The client side focuses more on internal vulnerability scanning and achieving KPIs, or they have fewer external projects because they don't need to rely on achievements for bidding. Refer to the security positions at companies like Alibaba and ByteDance.
The red teams of the service side are more interesting. Most of the high-end red teams in first-tier companies either have enough technical experience to become leaders on the client side, or they continue to focus on technical work on the service side.
This has created an interesting hierarchy, where most implementation personnel on the service side find it difficult to communicate with leaders on the client side. This is because the people on the client side may not understand technology, so the solutions they come up with often contradict the experience of the implementation personnel. I have encountered this situation relatively rarely since I transitioned from the service side to the client side.

Most people in this industry only stay at a superficial level, including myself. It's strange that everyone seems to be restless and likes to do things that can be quickly satisfied.

Is red teaming difficult? Yes, it is. Is it really difficult? Not really. We used to do it without 0days, and as the saying goes, it's all about luck and carefulness.
Read more articles from others and think about why they were able to find that vulnerability. Summarizing experiences is a good approach.
Is it easy to deal with internal networks?
If it's easy, you can just use fscan to scan and attack whatever is vulnerable. Once you have a proxy, capture machine passwords, and perform password cracking. In many cases, this is how it's done because the target doesn't have many devices. Do you think anyone can't do this?
Is it difficult?
If all devices are fully patched, the internal network has various EDR and permission divisions, and password cracking fails, and fscan doesn't reveal anything. Yes, it's difficult.
In this industry, stay humble and respectful of technology. There are many things that can't be fully learned, and not everyone can master everything.

Whether you are responsible for research, coordination, internal networks, or phishing in a team, think about your own position and the role you play. While doing your job well, find time to go beyond and break through. No one is only good at one thing.

Although I am no longer working on the front line, and because of my busy work, my energy is too scattered and I lack the proactive enthusiasm to learn new things, my passion for this field still exists. I can spend several days focusing on a target. I don't know what my future plans are, I usually don't think too much about it. I just want to do my best. So, I also suggest to friends who are facing the same dilemma, don't be restless, take it slow, and gradually improve. Many things require persistence. In this industry, it is impossible to have a short-term breakthrough and achieve high-level accomplishments unless you are a genius. But truly talented individuals in this field, especially in terms of practical abilities, are rare. If you want to achieve a significant transformation and reach a high level with ease, age and experience become a paradox. Having practical experience equals having good practical abilities, and good practical abilities equal doing projects well. This takes time, and it's a rule and experience. As long as you persist, believe that one day you will have a breakthrough.

The World#

By Beiji Nianyu, I want to say something.

Recently, Beiji Nianyu became popular for a while. The event is roughly as follows: In March 2023, a netizen with the nickname "Beiji Nianyu" on Weibo showed off their wealth and insulted netizens. They claimed that their grandfather was the former director of the Shenzhen Transportation Bureau and that their family had a "nine-digit" bank balance.

I don't understand why so many people are indignant about this. The truth is just like that. Whether you understand it or not, it's meaningless. This kind of thing happens every day. To understand wealth and truth, you need to read many, many books.
image.png

We believe that we are all equals, but the truth is we are not.

The term "the world" is interesting. In the past, it referred to the wealthy merchants and beggars. Nowadays, it often refers to the image of vulgar and cunning people. Throughout history, the meaning has been constantly changing. What is a wealthy merchant?
So, the world is normal, and being humble is normal.

Monument#

My girlfriend told me a story that I find ridiculous. It's because her friend helped a girl in the same car lift her luggage, but for some reason, the wheel broke. Then they exchanged WeChat contacts and discussed compensation, but later, they felt that the compensation demanded by the person involved was too much and unreasonable, leading to a verbal conflict. Some netizens on social platforms also had interesting opinions, thinking that if you do a good thing but it turns out bad, you shouldn't have to compensate. Public opinion tends to lean towards one side, but my girlfriend and I believe that there is a division in our understanding.

My suggestion is that there is nothing wrong with compensating. This is a matter of property loss. I will compensate as much as I should, as long as it is reasonable. If it is unreasonable, we can discuss it further. If I were the owner of the suitcase, based on my personality, I would also negotiate compensation with you. I would consider that you did it out of goodwill, and I can assess the value. If it's cheap, I'll let it go.
Let's think from another perspective. If my best friend accidentally broke my suitcase while helping me carry luggage out of goodwill, but the suitcase is not cheap, it seems unreasonable to ask for compensation, as it goes against the sense of camaraderie. But if there is no compensation, I will still feel unhappy because it's not a small amount of money. Fortunately, she said she was willing to compensate, but after I told her the price, she seemed reluctant.
But she was the one who broke the suitcase, and she was the one who said she would compensate. Shouldn't she compensate regardless of the price? I read some comments, and I think some people's thoughts are really ridiculous. Just because someone doesn't agree with you, they are all defined as having a problem with their character? This is a matter of property loss, not a moral issue. If something is broken, it should be compensated. This is common sense. This friend hopes that others will stand on a moral high ground to judge the parties involved, but in the eyes of those who understand the situation, her comments put herself in the position of the victim. She thinks that because she did a good thing and suffered a loss, the person who broke the item is unwilling to compensate, and the person who broke the item is unintentionally placed in the position of the villain. The fact that the injured party didn't forgive her in the most generous way doesn't mean that they are making things difficult for her.
I would compensate, regardless of whether the person is my friend or not, for the sake of peace of mind. Fortunately, we both have the same opinion.

Have a pleasant journey#

image.png
I hope winter comes soon. I plan to go out and see the snow this year.
Wishing you a happy everyday.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.