Interview with our offensive analyst
Klea
Hi Klea, can you tell us about your role as an offensive analyst at AlgoLightHouse ?
Hello ! I’m an offensive analyst on the project. My role is to provide a comprehensive, ongoing assessment of our customers’ external security. The aim is to make it easier for our customers to provide them with useful, accurate and qualified information on vulnerabilities/threats on their external perimeter.For example, when an alert is sent to us by the tools, I’m in charge of checking the criticality of the alert: false-positive, minor, important or critical. I then assess the potential impact and generate security alerts based on these results and communicate them to the customer. Finally, I provide recommendations on the corrective measures to be taken to remedy the vulnerabilities detected.
The aim of my work is to help customers identify potential vulnerabilities and threats on their external perimeter, in order to facilitate their security decision-making.
What technical skills are essential to your day-to-day work ?
Overall, I need to have knowledge of the various scanning tools I use to detect vulnerabilities and sensitive information exposed. The ability to configure and interpret the results of these tools is important. It helps to identify potential risks more quickly.
AlgoLightHouse is a key element in my work :
- A good runderstandingof its functionalities and the diversity of tools used is important for identifying security flaws and generating relevant alerts.
- A good knowledge of attacker’s approaches also helps. Possible scenarios enrich our threat analysis.
In addition, we simulate the actions of an attacker during pentests, so my skills in penetration testing are useful, as is my ability to exploit the vulnerabilities found and assess the potential implications for the customer.
EASM, on the other hand, only deals with external vulnerabilities and risks, i.e. those exposed on the Internet. Once the attack surface has been determined, EASM can be mobilized to assess the risks inherent in each access point, and also to prioritize the security actions required to circumvent them. As you can see, ASM and EASM are two approaches to cybersecurity that are quite similar, and sometimes even confused. The only difference is in the scope of their actions.
Finally, my skills as an external penetration tester help me enormously. It’s easier to defend yourself when you can put yourself in an attacker’s shoes.
What tools do you use most often ?
What are the most critical alerts you've already raised ?
Our platform, AlgoLightHouse, is based on passive and active scans, as well as a range of essential tools. Each tool plays a key role in our overall strategy.
We also use open source tools, validated by our pentestersat AlgoSecure, as well as solutions we have developed in-house.
What I’d really like to highlight is the preparation stage. The tools enable us to check specific control points, but that’s only part of the process. We have a series of criteria to validate, and to achieve this, we use not only these tools, but also our human expertise. This is what guarantees the effective validation of each control point.
Among the alerts reported, there are 3 that are generally critical for customers:
– Vulnerabilities linked to critical CVEs : the identification of components or services vulnerable to security flaws documented in CVEs with a high severity score, exposing the system to attacks exploiting these vulnerabilities.
– Exposure of sensitive ports : when I discover ports open on critical services without authentication or with default authentication mechanisms, allowing access to sensitive system functions.
– Credential leaks : I sometimes detect the disclosure of credentials, passwords or API keys, which are publicly exposed, increasing the risk of system compromise.
What are the main challenges you face on your missions ?
Attackers evolve rapidly, and new attack techniques appear regularly. So it’s essential to keep abreast of the latest trends in cyberthreats to ensure effective protection. As an offensive analyst, constant monitoring is essential in this business to anticipate and react to emerging threats.
Another challenge is to manage the results of our analyses and interpret them correctly. Scanning tools, whether passive or active, can generate false positives. This makes validation of results and in-depth analysis of alerts crucial to avoid errors in risk assessment. Customers need to understand not only the defects identified, but also the corrective measures required to rectify them. We need to be both clear and precise, and pedagogical when necessary.
Share this article :