아까워서 올리는 HITB 이메일 인터뷰 내용

2018년도 4월, HITB AMS(HackInTheBox - Amsterdam) 컨퍼런스에서 리서치 내용을 발표 할 수 있는 좋은 기회가 있었다.

당시에 이메일 인터뷰를 했는데, 어디 실리기는 한건지 도무지 찾지 못했다. 아까워서 블로그에 남긴다.

 

컨퍼런스 운영 측을 통해 아래와 같은 인터뷰 요청을 전달 받았다.

Media Team을 통해 받은 인터뷰 요청

 

Freebuf라는 중국 매체라는데.. 뭐 딱히 문제되는 부분은 없으니 OK 했고, 발표가 끝난 뒤 답변을 주기로 했다. (발표 끝나기 전까지는 정신 없을것 같아서 ㅎ)

발표 끝난 후 이메일 인터뷰에 회신 주기로 했다!

 

그리고 질문을 받았는데, BoB에 대한 질문이 상당 부분을 차지했다. 중국 사람들이 BoB에 관심이 있다는 점이 신기했다.

아래는 인터뷰 내용! (미안, 다 영어..)

과연 내가 열심히 작성한 답변은 Freebuf에 실리긴 한걸까... ㅠㅠ

 

 

******************************

Interview Questions

******************************

 

Regarding the research project:

 

- What difficulty did you encounter in the process? And how was it solved?

- I have used fuzzers before, but it was my first time being involved in making one. This itself was a big challenge for me. But thankfully singi guided me through the process and answered to all my questions.

 

 

Personal Experience:

 

- What brought you to the world of infosec and how did you enroll in B.o.B? 

- I was generally interested in Computer Science. But when I was applying to college, I wanted to decide what I wanted to do specifically. Infosec seemed like an interesting field and that's when I started.

And when I came to college, I met a few friends who already had experience in the field of infosec. They had previously taken part in the BoB program, and suggested it to me saying that I could learn and experience a lot more by taking part in it.

 

- I noticed that you participated in many security clubs and society in your college and you also did well in hackathons. Are those activities of great help you?

- Yes, SSG(the security club in my college) is where I started studying computer science and security. We try to study and conduct research beyond the scope of college lectures. As freshmen, we have seminars on a regular basis to study the basics. And later on we collaborate on projects of interest.

Participating in different hackathons and competitions really did help. I could try out my skills and learn a lot more at the same time. I took part in most of the hackathons and competitions with my friends from SSG. Since we know eachother's strengths very well, it is great for teamwork. (And ofcourse, we enjoy being with eachother.)

 

- You cover a wide range in infosec field. The presentation is about web browser security. And I also noticed that you developed security tools for memory analysis and forensics several years ago. When you were within the B.o.B program, your major seems to be Security Consulting. So what is your favourite among these fields and why?

- My favourite for now is security consulting (especially pentesting), which is why I am currently also working in the same field. Security consulting requires a wide scope of knowledge in aspects of security, and also needs to satisfy the requirements of different people. This challenge interests me, and this is why my favourite in the field of infosec (for now) is security consulting.

 

-It's not very common to see women researchers in the cybersecurity field. How do you think of it? Is there any stereotype in the area? And how do we break it?

- Cybersecurity is not an easy field for both men and women alike. But yes, it is true that women researchers are not common in cybersecurity. If sterotype is a reason behind it, it should be broken. We need people from diverse backgrounds for different ideas and approach.

We're aware of that "tech is a man's field" stereotype. (Which is probably why this question was asked in the first place.) And cybersecurity is not an exception. Unfortunately, there are women who succumb to this sterotype. But tech, as well as cybersecurity, or any other field, does not belong to one gender.

If a person has interest in a particular field, no one has the right to stop that person from being involved in it. And this applies to women and tech too.

To break this stereotype, we should be aware at all times and be cautious of our actions. And more importantly, try hard to provide a sterotype-free environment and mindset for young generations, so that this sterotype is eliminated in the future.

 

 

To mentor Singi:

 

- What does the B.o.B program screen talents?

- B.o.B is South Korea's best information security training Program. And B.o.B Mentors are comprised of people who have proven experience and skills.

Also, mentees are also not newbies. They are made up of people who are famous in security/hacking in Korea. So they can compete with each other in good faith.

As a result of these efforts, they are giving great outputs such as  winning the Defcon 2015 finals, reporting 0days of major programs, and speaking at international hacking conferences. Sometimes, we have interviews like this.

 

- How did you become a Mentor in B.o.B program and what role do you play in it?

- First, I was also a mentee. I was part of B.o.B in its first year. A few years later, I became a B.o.B Mentor.

B.o.B Program has 4 tracks whic are - Vulnerability Analysis, Security Consulting, Digital Forensic, and Military.

I'm a Mentor of Security Consulting track. I teach vulnerability analysis, reverse engineering, and programing skills to mentees in the security consulting track.

 

- What are the talents developed in the program?

- In the B.o.B Program, mentees are educated in various ways through the best mentors in Korea.

Famous hackers/consultants/investigators/developers are mentors. They are top experts in different fields, so mentees can learn from various experiences of the mentors through B.o.B Program.

Mentors are working hard to educate mentees on their computer skills, humanism, english, etc. Computer skills include exploitation, reverse engineering, cryptography, OS architecture, algorithm, etc.

 

 

******************************