Ahead of the Breach - Mike Takahashi, Security Engineering Expert & Leader
Ahead of the Breach Podcast sits down with Mike Takahashi, Security Engineering Expert & Leader, as he shares his insights into the art of Google Dorking, explaining how targeted search queries can reveal hidden vulnerabilities in web applications.
Every week, Casey Cammilleri interviews an expert who is in charge of empowering security experts and practitioners with the knowledge and insights needed to excel in the future of cybersecurity.
In our very first edition, I dive into our interview with Mike Takahashi, Security Engineering Expert & Leader. Here are the top takeaways from the interview.
#1: Jumpstart Your Career with Ethical Hacking and Bug Bounties
“So I've always been into security ever since I was young. I didn't know when I was young that there were these opportunities to do ethical hacking. Once I discovered bug bounty and ethical hacking, I went head first into it. I spent all my time, and that's actually how I got started, in security. So I spent all of my off time doing bug bounty and just trying every different technique I could find out.
“And eventually I was able to find some vulnerabilities. I reported them, and that started my trajectory into cyber security. That's something I recommend to a lot of young people that are trying to get into cybersecurity. Like, okay, where do I start? How do I get experience? The best proof you can have is to actually hack something.”
Actionable Takeaway: Dive into cybersecurity by exploring ethical hacking and bug bounties. Start by dedicating your off time to finding vulnerabilities and reporting them. This hands-on experience is invaluable and can propel you into a successful cybersecurity career. The best way to prove your skills is by actually hacking something ethically.
#2: Maximize Vulnerability Detection with Auth Analyzer
“So I use a lot of extensions. So Auth Analyzer is a big one. I feel like a lot of people miss this one. So I feel that a lot of people, they manually test these broken access controls and like, indirect object references that are very high impact, but they don't put it through a tool.
“So if you put it through Auth Analyzer, it will actually build a matrix of all the different account types that you have and all the different HTTP requests, API endpoints, and it will build a whole matrix of where the requests work and on what accounts, and then you can say, okay, I have a regular account and an admin and this request worked on both, even though it shouldn't, and you just immediately find out these vulnerabilities.”
Actionable Takeaway: Use tools like Auth Analyzer to streamline your security testing process. Automate the detection of broken access controls and indirect object references by building a matrix of account types and HTTP requests. This approach helps you quickly identify vulnerabilities that manual testing might miss.
#3: Get to Know Available Tools From Both Defensive and Offensive Sides
“Ever since ChatGPT hit the world, I've spent a lot of time there, both for making my own processes more efficient, but also what implications it has on security, which now we're seeing. It has a lot of implications. You have misinformation, you have phishing, you can easily craft any number of different kinds of phishing emails. A lot of deepfakes going on, like both the visual and audio.
“You hear of all these situations where someone was called and made it sound like their son and essentially social engineered them out of money. There was also a situation where the entire Zoom call full of people was all deep fake, and it's all employees. And these tools are just getting better every single day, so it's interesting to see all the different ways that offensive teams can use them.”
Actionable Takeaway: Keep up with the latest technology trends and tools that are constantly cropping up, even if you don’t plan on incorporating them into your arsenal. It helps to know what is out there and how it might be used by hackers or other forms of threats so that you can be prepared and defend against those attacks. For example, ChatGPT can be used to generate phishing emails and even deepfakes, which are used as social engineering tools.
Listen to full episodes out now:
For more information about Ahead of the Breach, please visit www.sprocketsecurity.com/aob-podcast. Episodes are available on all major podcast platforms.
We look forward to bringing you more conversations with actionable insights that help in your pursuit to protect your most valuable assets — and help clients do the same!
Continuous Human & Automated Security
The Expert-Driven Offensive
Security Platform
Continuously monitor your attack surface with advanced change detection. Upon change, testers and systems perform security testing. You are alerted and assisted in remediation efforts all contained in a single security application, the Sprocket Platform.
Expert-Driven Offensive Security Platform
- Attack Surface Management
- Continuous Penetration Testing
- Adversary Simulations