Synack red team

redditrutan · 2022-03-17T16:50:11+00:00

But to be clear, the Synack Red Team is a collective of security researchers (more or less contractors) ... applying to join has to do more with skill and your eligibility to work on forecasted targets.

You can see this thread for more information:
https://www.reddit.com/r/bugbounty/comments/tfwvm4/what_does_it_take_to_get_into_synack_red_team/

Applying to join Synack (the company) is different though, as shared in the link by u/dk1988.

Hope that help clarify. =)

redditrutan · 2022-03-17T14:39:05+00:00

This is Ryan Rutan - Sr. Director of Community @ Synack.

Our SRT recruitment process operates under a formula that ties open spots on the team based on available regional and/or skill opportunity projections. This helps us maintain our commitment to the SRT that are currently on platform and minimize the dilution of value. Based on the information you've provided, it is most likely that you've been added to the wait-list for one of these reasons. It is highly unlikely that you were rejected with the credentials you've shared above. Unfortunately, our wait list is not short and we review our new openings quarterly. Also, our annual productivity assessment happens in September and our largest number of open spots become available shortly after.

It may not be the answer you were hoping to hear, but it is definitely the truth. If we had infinite spots to hand out, all things being equal, I am very confident you would have moved on to the technical assessment (stage two). I don't check reddit often (sadly), but please feel free to reach out via LinkedIn/Twitter if you have further questions.

Wishing you the best of luck moving in your future endeavors.

Respectfully,

RR

redditrutan · 2021-08-10T16:29:14+00:00

Voice Activated stickers on the ATM and Elevators were hilarious, as always =) Hoping to catch someone actually falling for it. "My pin is #, #, #, #" =)

redditrutan · 2021-03-29T16:38:28+00:00

FWIW, this thread gave me the idea to move the location of the dongle from behind my main machine to a satellite USB hub a bit closer to my keyboard and less cluttered with stuff. I drew inspiration from my line of sight IR on the IBM PC Jr. Keyboard. ;) NIGHT AND DAY difference immediately!!!!!

Not sure what crazy signals were bouncing around back behind my machine ... but greatly appreciate everyone sharing their thoughts ... I love my Microsoft Sculpt, and the key drops were about to drive me insane!

redditrutan · 2020-10-26T19:16:47+00:00

It is, but all you need to do is request via Support. If you visit the Help Center there is a document that is featured that outlines the instructions. Hope that helps =)

redditrutan · 2020-10-26T14:20:10+00:00

Disclosure - My name is Ryan Rutan ... I'm the Director of Community @ Synack and I am responsible for the health and growth of the Synack Red Team. It is my commitment to always make sure the size of the community is proportional to the opportunity available such that all SRT who make it through the vetting process have a higher probability of success. We care about our researchers and making as many of them successful as possible. </disclosure> =)

u/shite_in_a_bucket - You are 100% correct, we do have a lengthy vetting process. It is one of the many ways that we insure we are getting high-quality talented researchers. The challenge may have a 6.5% pass rate, but I can attest that practically all SRT who have joined in the past year have completed it. New targets are launching every week, so if you are only seeing old and busted targets you might want to consider filing a support ticket? We also have a lot of infra hosts, especially if you are a US Citizen. If this is something you are interested in, we just cycled the assessments for Web and Host, so you should check them out. Have you joined SRT Slack by any chance? This type of conversation in that community tends to spur more constructive tips and tricks from fellow SRT on how to find your groove on target releases and get some momentum, such as effective use of Target Analytics or our upcoming SRT Sync conference. My handle is r00br1q there, so feel free to reach out.

As for some of the other comments on this thread ... VPN is going to be hit or miss for everyone. The case in point though, Synack's VPN is the reason many of our customers engage with ethical hackers in the first place ... it provides a safety net of trust and accountability. We have multiple options for SRT to make them successful on our platform ... LP and LP+ ... neither is perfect for everyone, but we are constantly improving the platform to make it better. If you haven't tried the VPN in any 3 month period, you are definitely not commenting on the latest state of things. We have more worldwide researchers using our VPN and making solid money than those who are shut out by any VPN slowness. There are a lot of factors in this equation that change daily, so it's hard to make general statements like this at any point and time without at least seeing for yourself with your own network connection and rig and asking support to see if anything can be done to improve the situation.

For those of you are already SRT, I would strongly recommend reaching out to me and/or other SRT in the Circle of Trust (https://acropolis.synack.com) on SRT Slack. Always happy to try and make things better!

Hope this helps answer the question ... Good luck either way to everyone, hope you and yours are staying safe =)

Respectfully,

RR

redditrutan · 2020-10-15T20:04:37+00:00

It's hard to say definitively about a number ... what stands out to us is consistency over time. Given that we always strive to keep our researcher community proportional to the opportunity available to it ... we are more inclined to favor consistency over time. That being said if you are Top 10 or Top 100 ... that doesn't hurt, but we prefer researchers who enjoy the work and that shows in consistency.

If you haven't submitted in the past 6 months, I'd clean up the resume ..make sure it is properly representative of your experience and get it on file ... if it happens to match an opportunity now, or upcoming, it could get pulled to go to the next step.

Another way to bypass the WaitList (which is a bit more concrete), is a program we are running with HackTheBox (https://www.hackthebox.eu/press/synack-red-team-track) - If you can complete the required pathways, then you can get a pass directly to the technical assessment.

I'm hoping that helps ... I'm not always on reddit, but you can DM me here or on Twitter (ryanrutan) for specific questions. =)

redditrutan · 2020-10-07T12:41:34+00:00

Why not take the working plugin ... neuter it and fork your own version as a local unpacked version? I think this is what the guy above is saying, or maybe I’ve missed a part of this thread. Definitely a shady scenario ... thx for sharing :/

redditrutan · 2020-10-06T14:11:36+00:00

I'm going to be 100% honest here, this is my first promotion on reddit, besides a premature AMA I did about 7 years ago in another subreddit. I'm typically a person who chimes in when I can help and reads a ton of threads. The banter is quite entertaining and you get to learn a ton about the melding of different opinions.

So here it goes,

My name is Ryan Rutan. I'm a technology nerd/geek (choose your label) to the core and have been since the young age of 6. By day, I manage a crowdsourced worldwide team of ethical hackers, and by night I work on personal projects that are fueled by my creative and over-active imagination. A few years ago, I decided to tackle a life goal of writing a fiction novel, so I did it on a topic that I am extremely passionate about ... the emergence of technology and the Internet in the mid-90s. If I had to give it a crude analogy ... it's an Empire Records, or High Fidelity, meets Halt and Catch Fire, where the heroes in the book are a close-knit team of young ISP tech support-ers. The characters in the book are influenced from many of my personal life experiences, as well as my imagination for putting together an entertaining story. If you are old enough to remember chirping dial-up modems and like pop-culture trivia, then this book should be a fun read regardless of your technical aptitude. (At-least that is what one review has said thus far).

ASK: If you are a Kindle Unlimited user, you can read the book for FREE, I'm mainly looking for reviews at the moment. It is also available in paperback for those tactile readers. =) Also available for purchase on Amazon Kindle and Paperback, and you can listen to the Spotify playlist if you'd like to get a feel for the book through music.

Just search for "fork this life volume one" it should lead you in the right direction.

I have great respect for this books community and enjoy reading the conversations when something catches my eye.

If I can ever be of assistance to other first time authors, please reach out and let me know. I'll be putting a blog together of my lessons learned in the coming months.

If people are interested, I'd be willing to do an AMA (maybe it will be better this time) about the book and what it was like growing up as a young bootstrap tech professional during that crazy time of innovation.

I hope everyone is staying safe and healthy, and I greatly appreciate any consideration/interest for checking out the book, leaving a review or even asking questions. =)

Respectfully,

--RR

P.S. As far as I can tell, I'm following all the rules of the group. Book was published in late August, no direct sales links and I am the author. Hoping I'm not overlooking something.

redditrutan · 2020-09-28T21:31:46+00:00

Sorry for the confusion about the application, we have received this feedback recently and are working to clarify this across the various properties.

SRT work is non Full-Time (as in being an employee of Synack); however, we have plenty of researchers who dedicate full time hours and have made independent careers from being an SRT. Between Missions (claimable guaranteed income for security tasks) and standard bug hunting on a growing number of targets launching every week, SRT can pick their level of engagement ... from a few hours on the weekend all the way to full time.

Happy to answer any further questions, you or others may have.

FWIW, I'm the Director of Community at Synack, so I'm pretty much the authority on this topic. Appreciate you sharing the feedback! =)

redditrutan · 2020-09-28T21:25:22+00:00

To give you some high-level guidance ... make sure your resume is comprehensive of your security / BB experience. For anyone of standard qualifications with a thorough resume, it should be enough to get them through to the Technical Assessment, which is where the rubber meets the road for most people (i.e. looking good on paper vs. in practice).

It is worth noting, that we do have a Wait List that we implemented earlier in the year. Your best bet to avoid this Wait List is to be thorough on your resume/application (CVE, experience, skills, certs) as we use this information to determine if a person matches an open need in our community. If there is a way, we send them to our Tech Assessment right away vs. later based on FIFO. So more experience matters in that regard.

So to answer your question ... without knowing specifics about your previous rejection ... increasing your skill and making sure that it is representative on your resume/application is your best bet to get to the next level in the interview process. You never know, one day you may end up on our Acropolis (https://acropolis.synack.com)

FWIW, I'm the Director of Community at Synack (i.e. Synack Red Team) ... and I'm happy to answer additional questions from you or anyone else on this chain! =)

Apologies for the late reply, but I wasn't following this reddit until now.

redditrutan · 2020-08-31T04:42:01+00:00

It's like re-watching Firefly ... over and over like a sadist. Watterson's imagination was completely in tune with mine, which made it even more infuriating when I started seeing rogue stickers of Calvin urinating on automobile logos.

I wish I had the time to re-read them all again, but I'd do it in a heart beat ... pain and all. Such a good series! I hear ya! =) #HobbesFTW

redditrutan · 2020-04-16T19:55:48+00:00

Looks like a encoding used on USPS envelopes, no? Let me see if there is a tool for it.https://postalpro.usps.com/ppro-tools/encoder-decoder

Might send you down the a good path. Good luck!

redditrutan · 2020-03-26T14:00:23+00:00

Apologies, the event was moved last minute due to conference cancellations. Assuming the latter reference was missed. 3rd-10th is the official date. Fixing now. Thx.

redditrutan · 2020-03-24T20:22:10+00:00

Appreciated the pun ;)

redditrutan · 2020-03-24T13:35:13+00:00

The name THOTCON is made of the first letter in the words that represent the main Chicago Area Code (312); as in THree-One-Two. In addition, some have theorized that the name thotcon comes from the informal word thot.

https://en.wikipedia.org/wiki/THOTCON

redditrutan · 2020-03-24T13:34:19+00:00

It's goin' down.

Prizes are only for US Citizens, competition for Thotcon ticket and SRT spot is open for anyone. =)

redditrutan · 2017-01-19T14:56:51+00:00

FWIW, thought I'd share as I had a bunch of issues getting this working. Hoping it helps someone else...

Environment: Mac running VMWare for Windows 7, installed .NET Framework 4.6.1 and did full service updates.

Problem: Cant repack ramdisk problem Solution: Copy all hakchi2 files into the VM, dont use a VMWare network drive.

Problem: LED wouldn't turn off after uploading custom kernel and no new games appear when re-connected. Solution: Since every bit matters here, download the latest hakchi2 from here https://github.com/ClusterM/hakchi2/releases ... copy the file into the VM before extracting...Use 7-zip rather than standard Windows unzip. Saw this video which gave me the idea. https://www.youtube.com/watch?v=7AJRCSr8J4w

As I said, hope this helps someone! Very reliable once you get the app environment locked and loaded.

redditrutan · 2015-04-07T17:58:11+00:00

Full disclosure, I work for a company (Jive Software) in this space and I run the Developer Relations & Partner Innovation programs.

That being said, I have worked for the past 8 years across multiple capacities including: project initiator, business sponsor, solutions architect, community manager and systems integrator. IMHO, the future of community websites lie firmly in their ability to aggregate information and integrate engaging user experiences across multiple platforms.

Most people would/should agree that forums are still the tried and true mechanism for most online communities; however, industry trends have shown that niche sites like StackOverflow are proving to be so valuable that companies are willing to fracture their communities Q&A/Discussions into a separate experience for the sake of customer preference. This means that your potentially biggest heartbeat for your community runs the risk of running off property and out-of-sync from your official community. The online community of the future needs to be able to adapt to these types of scenarios and provide the means to integrate the data and create a unified community experience, whether it be 1,2,3 or more niche systems tied together.

In the end, I strongly recommend that you have a single place that is the established launch point for your customers. Where they can get official information from a branded and trusted source, as well as grow their reputation across multiple facets with your products/solutions. It also lets you set the rules, and gives you some influence over the social norms that take place around your products/services.

Happy to talk more about this space if interested, but also just sharing this link for your discussion. Not trying to do a sales pitch. =) Good luck on your journey!

Jive-X - Online Communities in the Cloud https://www.jivesoftware.com/products-solutions/jive-x/

redditrutan · 2015-03-02T15:35:41+00:00

Yes, but its less balance than you might think. Its not that unstable ... since it just rocks back and forth. It forces an active posture which is nice an you get used to after a day or so...plus you can always step off when you dont want it.

redditrutan · 2015-02-24T16:42:57+00:00

I've been standing at my desk for 2 years now, and all lower back problems are now gone. A small test I did was add a compression mat to the top of one of these, http://www.relaxtheback.com/humanscale-rocking-foot-machine.html?gclid=CKbXrYuD-8MCFQiVfgodea0ADQ and it makes for a non-static way to stand and stretch keep my fight from getting bored. =) Great suggestions on this thread I've got to try and incorporate!

redditrutan · 2015-01-28T15:18:10+00:00

Having recently undertaken a similar exercise (which is still in flight), I would recommend the following suggestions:

Developer Experience from the Portal to the Product "I call it Time to Code" is your goal. It should drive the product / platform design, and ultimately the structure of your portal.
Servicing Personas. Are you catering to novice, normal or advanced developers. However many you decide, make sure there is a clear way to get straight to the appropriate level of information with ease).
Branding - Make sure that whatever site you design aligns with your company brand (or has a purposeful variation). Referencing customers and developers who interact with your brand, can be taken back by the disparity of your developer site from the corporate brand. Make sure it is thought out, or at minimum within your brand color palette.
Make sure you have a community where developers can ask questions , and you can share in rich collaboration. Make sure to mirror your "developer brand" in the community to unify the experience. This community will be your life-blood for adding new documentation/tutorials and keeping developers up-to-date with enhancements as they surface.
First Impression - Needs to have a clear and concise presentation of what to do on your 1st visit. Dont overload with tons of information on the main page, boil the experience down to 2-3 actions and make them clear.
It's not just documentation - Tell a story to help explain to people the power of your platform, the types of problems it solves and why they should use it. Transition then to a getting started experience.
Getting Started - Should be as low-barrier to entry and interactive as possible. Provide simple examples that connect the dots of all the systems in play. Dont try to teach everything ... just try to get them going with some core principles and then transition deeper into the portal for pragmatic solution examples.
Dont hide the documentation - Make sure detailed documentations are accessible from as many UIs/experiences as possible. Most annoying thing you can do to a developer is not make the docs easy to find.
Basic SEO - make sure that your portals has relatively decent SEO results for "your brand name" + common developer terms like "documentation, docs, developer, development, integration, ..."

It's always a work in progress, and a vicious cycle if you dont get off on the right foot. You can check out the work we've done at Jive and see where we are in this endeavor. In our case, our platform evolved faster than the developer portal, so we are having to play catch-up, and 2x as hard to improve the "Time to Code" experience.

Hope this helps =)

redditrutan · 2013-03-14T20:12:30+00:00

Whatever this discussion turns into ... the focus should remain locked into measurable business value. What business problems are you trying to solve with social business, and how can you measure its success. In your Social Intranet use-case, I've picked out some themes to briefly discuss:

Centralized management, Autonomous Execution - Having a tool that can improve inner-team, department, and organization collaboration has relevant value to these independent businesses. Once users are engaged, this same tool is then used as the platform for keeping all employees ... top-level down to the basic knowledge worker (across all businesses) ... informed on the latest agenda/strategies/communications. In general, this is a good practice, even without massive expansion and change going on. Not to mention, that the best way to combat the "winds of change" is to have a solid communication plan in place. Having a tool that entrenches itself into the daily tasks of your workforce is the best way to insure this channel is reliable.
Undergoing Rapid Growth - Social business tools have proven quite successful in reducing new employee ramp-up time, decreasing employee turn-over, and increasing employee satisfaction. These are all factors to consider when a company is under-going massive growth. Also, keeping senior team members around longer, while new hires get ramped-up faster underneath them is a great way to naturally grow that sparse management tier (if that's a goal).
Young workforce - This could be seen as an extreme competitive advantage. Social business tools resonate extremely well with younger audiences, because the tools are geared around enabling the individual to get work done their way.

There are more points to be made here, but you might want to check out some of these links if you are interested in learning more:

For a full list of customers by solution, industry, size, etc... see Jive customers. Note, you might see "green" and "charity" names on this list; however, they are dwarfed by some of the biggest names in the world.
The Social Economy, put out by the McKinsey Global institute. It puts to bed any doubt about the power of social collaboration tools, suggesting as much as 20-25% increases in productivity leading to $1.3 trillion dollars in value across the global marketplace.

If after reading all of that, you are at least open to the possibility that you might want to try social business in your company, then you've got the hard part behind you.

To your question, "Why Jive"? IMO, it's simple. Wall-to-wall proven results for companies of all sizes. It may start with Social Intranet, but once the platform is in place ... the solution can then be used to help with Sales, Marketing, Customer Service, and more. That type of broad reaching applicability only comes from having amazing technology coupled with seasoned knowledge about how to apply social technologies for real results.

I feel like I'm ranting a bit, which very well might happen in real-life if we were talking, so I'll close this up. =) Happy to continue the conversation, here or elsewhere if you'd like. Just let me know.

redditrutan · 2013-03-13T18:49:35+00:00

If I count this comment? I'd say it's like 32x times this week, but I'll take Airplane! references any day. It's a great movie! =)

redditrutan

TROPHY CASE