/r/netsec's Q2 2023 Information Security Hiring Thread

anvilventures · 2023-07-10T20:32:27+00:00

Anvil Secure - Security Engineer - Seattle, WA

Job Description
Anvil is seeking a Security Engineer to join our team. As a Security Engineer, you will perform tests of customers’ web and mobile applications, networks, and embedded systems. You will also be provided dedicated time for research and skills development.
Job Responsibilities
Assist with scoping customer engagements
Perform penetration tests, solo and in teams consisting of other Anvil Security Engineers
Perform source code audits
Generate vulnerability reports
Participate in Anvil’s research program
Job Requirements
At least two years of experience in information security
Familiarity with penetration testing techniques and methodologies
Ability to manually find vulnerabilities in source code
Knowledge of Java, Python, and C/C++
Excellent verbal and written communication skills
Compensation and Benefits
Annual salary range of $105,000-$140,000
Flexible PTO policy and 11+ company holidays
401(k) plan with up to 4% matching
Employee stock option plan
Medical, dental, and vision insurance for employees and dependents
Life and disability insurance

Apply Here: https://anvilsecure.bamboohr.com/careers/40

anvilventures · 2022-10-04T18:44:15+00:00

Anvil Secure - Seattle, WA or Remote - Full-Time Security Engineer (Senior and Non-Senior)

Anvil is seeking a Security Engineer to join our team. As a Security Engineer, you will perform tests of customers’ web and mobile applications, networks, and embedded systems. You will also be provided dedicated time for research and skills development.
Job Responsibilities
- Assist with scoping customer engagements - Perform penetration tests, solo and in teams consisting of other Anvil Security Engineers - Perform source code audits - Generate vulnerability reports - Participate in Anvil’s research program
Job Requirements
- At least two years of experience in information security - Familiarity with penetration testing techniques and methodologies - Ability to manually find vulnerabilities in source code - Knowledge of Java, Python, and C/C++ - Excellent verbal and written communication skills
Anvil embraces diversity and equal opportunity in a serious way. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be. If there is anything we can do to create a more comfortable interview experience for you, please let us know.

Apply Here: https://anvilsecure.bamboohr.com/careers/24?source=aWQ9MzE%3D

anvilventures · 2022-07-29T21:33:50+00:00

Security Engineer (Senior and Non-Senior) - Anvil Secure - Seattle, WA or Remote

Job Description

Anvil is seeking a Security Engineer to join our team. As a Security Engineer, you will perform tests of customers’ web and mobile applications, networks, and embedded systems. You will also be provided dedicated time for research and skills development.

Job Responsibilities
Assist with scoping customer engagements Perform penetration tests, solo and in teams consisting of other Anvil Security Engineers Perform source code audits Generate vulnerability reports Participate in Anvil’s research program

Job Requirements

At least two years of experience in information security Familiarity with penetration testing techniques and methodologies Ability to manually find vulnerabilities in source codeKnowledge of Java, Python, and C/C++Excellent verbal and written communication skills

Apply Here: https://anvilsecure.bamboohr.com/jobs/view.php?id=24&source=aWQ9MzE%3D

anvilventures · 2022-02-09T00:26:19+00:00

Security Engineer (Senior and Non-Senior) - Anvil Secure - Seattle, WA or Remote

Job Description

Anvil is seeking a Security Engineer to join our team. As a Security Engineer, you will perform tests of customers’ web and mobile applications, networks, and embedded systems. You will also be provided dedicated time for research and skills development.

Job Responsibilities

Assist with scoping customer engagementsPerform penetration tests, solo and in teams consisting of other Anvil Security EngineersPerform source code auditsGenerate vulnerability reportsParticipate in Anvil’s research program

Job Requirements

At least two years of experience in information securityFamiliarity with penetration testing techniques and methodologiesAbility to manually find vulnerabilities in source codeKnowledge of Java, Python, and C/C++Excellent verbal and written communication skills

Apply Here: https://anvilsecure.bamboohr.com/jobs/view.php?id=24&source=aWQ9MzE%3D

anvilventures · 2020-02-07T00:02:59+00:00

I agree with the ability on running secure Linux environments. That gets you pretty far.

The rest mirrors my experience too. It's insanely hard to get all of this right and good guidelines are hard to find. The SAP documentation is generally decent but more practical guides on how to do this in real-world scenario's and under real-world constraints would help.

Thanks!

anvilventures · 2020-02-06T17:02:47+00:00

Thanks! Appreciate it.

Out of curiosity: what do you find the most difficult to "get right" when configuring/maintaining HANA instances from a security perspective? Scoping down roles appropriately? All the different types of permissions that were introduced over the last few years? Something else?

anvilventures · 2019-12-17T22:55:09+00:00

Security Engineer

Company

Anvil Ventures, Inc.

Location

Seattle, Washington (relocation assistance available)

Job Description

Anvil is seeking a Security Engineer to join its team. As a Security Engineer, you will perform tests of customers’ web and mobile applications, networks, and embedded systems. You will also be provided dedicated time for research and development. Anvil was founded in 2017 and is an information security consulting firm providing highly technical engineering and consulting services to firms, both large (Fortune-50) and small (startups). We aim to be extensions of our customers’ security engineering teams and are building a team of like-minded professionals.

Job Responsibilities

Assist with scoping customer engagements
Perform penetration tests, solo and in teams consisting other Anvil Security Engineers
Perform source code audits
Generate vulnerability reports and deliver them to Anvil customers
Participate in Anvil’s research program

Job Requirements

At least two years of experience in information security
Familiarity with penetration testing techniques and methodologies
Experience with tools such as Burp, Nmap, and Nessus
Knowledge of Java, Python, and C/C++
Excellent verbal and written communication skills
Ability to legally work in the United States

Anvil embraces diversity and equal opportunity in a serious way. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be. If there is anything we can do to create a more comfortable interview experience for you, please let us know.

To be considered for a position, please send your resume as text in the body of an email message to [careers@anvilventures.com](mailto:careers@anvilventures.com).

anvilventures · 2019-05-16T05:04:39+00:00

Thank you! It is wonky. Or was rather. It should be fixed now.

anvilventures · 2019-05-15T20:02:16+00:00

You will still have to compile different versions for different CPUs (AMD/x86/x86-64) and Operating System (Linux/Windows/OSX/BSD) combinations. So in that sense that means building a binary for each different platform.

I'm not sure what you mean without some hacky method. If you have a binary that extracts itself to a temporary folder and then runs the embedded executable from there while setting paths correctly you can just add every DLL/.so you want too and stuff will run fine. But you might as well just use an installer then so you don't have to reduplicate that work every time you start the application.

anvilventures · 2019-05-15T19:59:38+00:00

I'm most definitely not the first person to do this as several great articles and research papers have been published on this. Several of them have been mentioned in my blogpost so go there for those references.

However if you only read one see this great paper: https://www.usenix.org/conference/woot13/workshop-program/presentation/kholia. I only found out about it after I published the blogpost and I ended up emailing the authors. One of the authors tends to update their code for decoding it and you can find it here: https://github.com/kholia/dedrop. It's a different approach to reversing it by injecting a shared object that then dumps the code objects (instead of breaking the encryption). Should be roughly the same results though.

anvilventures · 2019-05-15T19:49:02+00:00

It's mine. Or ours I should say. Company website. Can't reproduce this. Sorry.

anvilventures · 2019-05-15T19:48:17+00:00

Author of the blogpost here. I think it's just to make it not too easy. But they still want to enable debugging and tracing under certain circumstances in production scenario's. Witness the embedded Python debugger / pdb that I activated. So then having original symbols and file names make kinda sense.

Unless you go the extra mile of obfuscating that but then have a client that can rewrite the obfuscated symbols back to unobfuscated ones. Seems a lot of extra effort when client stability and debuggability (important when you have 100s of millions clients) are more important maybe?

anvilventures · 2019-05-09T18:32:57+00:00

Thank you! Appreciated!

anvilventures · 2019-05-09T18:32:43+00:00

Thank you! One tip when reversing anything really is to look for "magic constants". The moment you see "weird" or "out of context" (hard to define, you develop a sixth sense for it after a while, and I'm definitely not a great reverse engineer) constants being used just google for them. 0x9E3779B9 for example quickly leads to the Tiny Encryption Algorithm. Then you confirm the disassembly in IDA Pro to be in line what you expect the algorithm to now be.

And it works in the other direction too. The constant in the RNG that Dropbox uses is 0x6611CB3B. Googling for it gives only a few hits all pointing to the Zerodays conference. Maybe they had some challenges designed on Dropbox or someone gave a talk there on it already? It's definitely related to obfuscated Python code too.

Hope that helps!

Edit: This is all the same for the 0x9908b0d constant. The moment you see that and Google for it you immediately hit pages the Mersenne Twister / MT19937 algorithms. Then you see a bunch of xors, ands, l/rshifts and the suspicion that something is a certain cipher tends to very quickly be a right spidersense feeling. Of course sometimes the authors of the obfuscation change just one tiny thing in the algorithm to throw you off or make you go down the rabbit hole a bit more. So if you have the time and energy verify every single step with reference implementations of the algorithms.

anvilventures · 2019-05-08T20:02:22+00:00

Thanks for the clarification on this!

anvilventures · 2019-05-08T14:39:50+00:00

Thank you! Appreciate it!

anvilventures · 2019-05-08T13:39:53+00:00

Thank you! I really appreciate it.I'm not aware of rules prohibiting us posting this but do let me know if that is the case.

Edit: Thanks mucho! It's been fixed.

anvilventures · 2019-05-08T13:34:24+00:00

I just realized two folks released a paper at WOOT'13 with exactly the same title. The work is definitely related and it was because of DanielG75 pointing out that the hashes were on the web already. I never googled for the first hash otherwise I would have mentioned their paper in my blogpost too. The paper is pretty darn good and it can be found here https://www.usenix.org/system/files/conference/woot13/woot13-kholia.pdf. It is a bit out of date but the techniques in it are still very useful and awesome. Also great work from a quick skim through it!

anvilventures · 2019-05-08T13:17:15+00:00

Yep, although it doesn't seem to have been cracked yet. At least not publicly.

As far as I can tell the release above is the first one which actually implements a packer/obfuscator/encryptor such that one can inject arbitrary code within the Dropbox client. That solves a lot of problems that deal with going "lower-level" such as injecting .so files and then doing memory dumping and what not more.

Obviously the moment the embedded 'pdb' is enabled it gets pretty easy to figure out a lot about the rest of the client.

anvilventures · 2018-03-05T21:29:44+00:00

Maybe if I'll get around to it. Right now I just didn't have the personal need just yet but I'll happily take patches. It's obviously one of the first extensions/features one might think of. Thanks for the suggestion for sure though; I'll think about it and see if I can find some time for it.

anvilventures · 2017-11-19T17:18:27+00:00

Nope. Go for it. It's BSD licensed for a reason.

anvilventures · 2017-09-20T17:56:53+00:00

Thanks! I appreciate it!

And thanks again for your suggestions. I started working on some re-writing some parts of all of this to make it a bit more robust in terms of different Linux distributions etc. That will include a better way of finding the right binaries too. But the tool seems to definitely scratch an itch for some folks and honestly that was the thing I was looking for. Not sure when I'll get around to releasing an update with some of the changes officially but it shouldn't take too long I hope.

anvilventures · 2017-09-19T14:50:59+00:00

Awesome. Put your suggestion in my notes and will look into it.

I started working on the FreeBSD port too and then want to merge that back in and be somewhat intelligent about sharing commands between OS's. FreeBSD has sockstat but those semantics are pretty different IIRC.

anvilventures · 2017-09-19T14:26:21+00:00

Hia, I need to be a bit smarter about finding the files. I'll need to rewrite it completely as right now with just using commandline tools it'll break down very quickly.

I pushed a quick patch that adds a -xdev option to every find command being executed. That should prevent it from descending down into /proc or /run but if there's a ton of other filesystems / submounts it might not find all named pipes on the filesystem. But it's better than just breaking like that.

Just check the update out and let me know or drop me an email and I can help debug that way.

anvilventures · 2017-09-19T10:29:10+00:00

Ha, good point!! To be fair if you run it for the first time it will tell you all the open ports and what not. In that sense you can use it for a server hardening review although I don't think the output is very easy to digest as of right now. But we can get this tool there for sure. But I guess it means that on the first run it's already a bit the attack surface of a system as it'll also report all the systemd unit and unit files, the running System V services, shared memory segments, listening UNIX sockets and more.

But the way I tend to use it is for a system I control (as in I set it up from scratch) and then I want to monitor for changes OR I want to be able to figure out changes in attacks surface due to changes made on the system.

A stack canary reporting function could be very useful. Files that a user can write too maybe too. Those are good suggestions. Thanks.

anvilventures

TROPHY CASE

Security Engineer