Cargill is putting me through 2nd interview for Penetration tester Cyber Security position

[Cerberus]

Wednesday I got my 2nd interview. Today I did first interview with initial HR. And Wednesday is hiring managers. Oo it'll be interesting as this is my first official interview with hiring managers of a first ever Cyber Security job.

Wish me luck guys if i get that Cyber Security job it'll be $80k a year and it's with a big company in Minneapolis area. I got some Cyber security experience.

 

[trucel]

Inshallah you get the job

 

[freedomrider]

Wednesday I got my 2nd interview. Today I did first interview with initial HR. And Wednesday is hiring managers. Oo it'll be interesting as this is my first official interview with hiring managers of a first ever Cyber Security job.

Wish me luck guys if i get that Cyber Security job it'll be $80k a year and it's with a big company in Minneapolis area. I got some Cyber security experience.

 

[Cerberus]

You worked for them before?

 

[Cerberus]

How did you know it's Cargill you psychic?

 

[freedomrider]

How did you know it's Cargill you psychic?

you changed your post. i was able to see "cargill".

 

[Cerberus]

you changed your post. i was able to see "cargill".

Ahhhh yeah lol i forgotten i put it in title

 

[Bo$$man]

Good luck bro

 

[repo]

Good luck, I'm curious what type of questions they will ask you. Keep us updated.

 

[Cerberus]

Good luck, I'm curious what type of questions they will ask you. Keep us updated.

Am sure their questions will include what experience I have in penetration testing and what technologies I use. They most likely wann hear I am focused on finding security bugs that have business impact. I am usually good at finding security bugs and will reference my Microsoft and Twitter hall of fame. I'm on Twitter and Microsoft's hall of fame for finding security bugs for them. Also found for countless companies. They are aware I haven't worked full-time for a company in cyber security / pen tester role but I used my hacker One experience. I did a nice fancy resume for them. They're hiring 3 people for this role and it will be ever growing. Uber was also one of my bug bounties. I found security bug fir Uber and got $500 award. Currently I'm in progress for a bug bounty with Gitlab if they verify it is indeed a security bug and Gitlab will most likely pay me $3,000

Basically Cargill is a family oriented company and friendly and likes to do interview as if you're talking to them as you do with friends and public. They are easy going and team oriented from what initial recruiter told me so I will just be myself and answer their questions and tell them anything else they wanna know about me.

 

[Cerberus]

Good luck, I'm curious what type of questions they will ask you. Keep us updated.

Some companies I hacked with using just a photo or a PDF file. Imagine that. Like United Airlines. They awarded me 100k miles after i hacked them with a PDF file but in a way that i didn't harm them

 

[Cerberus]

Good luck, I'm curious what type of questions they will ask you. Keep us updated.

Companies that use VPNs like Cargill will also be interested in your skills or experience with VPN penetration testing and finding vulnerabilities. Some Elite guys have already hacked Cisco and big name networks.

 

[Ras]

Wednesday I got my 2nd interview. Today I did first interview with initial HR. And Wednesday is hiring managers. Oo it'll be interesting as this is my first official interview with hiring managers of a first ever Cyber Security job.

Wish me luck guys if i get that Cyber Security job it'll be $80k a year and it's with a big company in Minneapolis area. I got some Cyber security experience.

How do you find these bugs? Do you look for known vulnerabilities someone already published or try to find brand new zero days?

How do you do the latter?

Always was interested in cyber-security.

Gd luck

 

[Cerberus]

How do you find these bugs? Do you look for known vulnerabilities someone already published or try to find brand new zero days?

How do you do the latter?

Always was interested in cyber-security.

Gd luck

My stuff aren't considered zero day vulnerabilities. I haven't found a zero day yet. Zero is like something inside the software itself that is a security flaw and discovered for the first time. The stuff I find are usually already known but the developers didn't take the time to actually deeply check code for exploitable conditions. Example is the time I hacked a popular forum software with just an image, the developer of that forum software gave me bug bounty $75 and patched up the flaw that didn't strip malicious code from Svg image files.

Sometimes I discover my own new Dorks and submit them to Dork database as I have here with my nickname Ozzy

Usually I do some Api and other kinds of penetration testing using known methodologies. Basically find some flaw that impacts business. In the case of United Airlines, I got awarded 100k miles for finding backend vulnerabilities including one that allowed me to hack them with PDF and one that allowed me to email people as @united.com email address.

Toyota same thing, they were leaking sensitive info from their Jira and I was able to see passwords used by their devs. Sometimes you can exploit Jenkins stuff too. Just find out what web technologies they may be using and find out exploits or learn how to exploit stuff in YouTube. I'm not a master in this, just average guy that learned stuff. Here this one is a Dork I discovered myself and sent to dork database.

https://www.cybersecuritywebtest.com/google-hacking-database/dork-ghdb~4579

 

[Cerberus]

How do you find these bugs? Do you look for known vulnerabilities someone already published or try to find brand new zero days?

How do you do the latter?

Always was interested in cyber-security.

Gd luck

Get into cyber security man lots of jobs. Java programs and updates are being developed by people all the time. Java deserialization bugs and memory leak bugs you discover can help developers avoid further exploiting. So it is always good time to get into this stuff now and gain your experience. You can use Kali Linux for hacking or some other tools. Api's can be vulnerable to hacking too and Api's communicate with databases so that is why they are critical to protect.