Security Affairs
Hacker Interviews – Speaking with Lorenzo Martínez
http://securityaffairs.co/wordpress/50848/hacking/hacker-interviews-lorenzo-martinez.html
September 1, 2016 By Pierluigi Paganini
Today I have the pleasure to share with you the interview with one of the most popular Spanish cyber security experts, Lorenzo Martinez. Enjoy it!
Lorenzo Martinez is the CTO of Securizame, a Spanish security company fully oriented to consultancy, ethical hacking, forensics and security trainings. He is also one of the four editors and founders at Security By Default, one of the most well-known Spanish security blogs. You can find him on Twitter as @lawwait.You are one of the world’s most talented cyber security experts, Could you tell me which his your technical background and when you started hacking? Well. You are pointing me very high. I am just a security enthusiast who had the chance and luck to study and work in what I like: Security. I started as a security consultant, sysadmin, and trainer. The I started to learn and practice about ethical hacking in different companies. I worked for two different security vendors, related to web security (a WAF manufacturer) and strong authentication. In 2012 I started my own company and done a bunch of forensics. What was your greatest hacking challenge? Hacking for me doesn’t mean only breaking websites and develop exploits. A way of hacking is to build useful stuff that has not be created for a particular use. My greatest hacking challenge was to ‘domotize’ my home creating the intelligence to glue several devices: a Roomba vacuum, a security system with face recognition using a webcam with OpenCV, an alarm and air conditioning systems with web management panels, X10 for lights and curtains, an Asterisk, a meteorologic station, a GPS-based tracker for my car, etc… I created a bot to manage them all, and to be more or less “autonomous”. IoT in 2012! You can find a first version of the talk I gave in RootedCON 2012 in this post http://www.securitybydefault.com/2012/04/welcome-to-your-secure-home-user.html and the enhanced version with the system running in two Raspberry PI Model B in this one in Ekoparty 2012 What are the 4 tools that cannot be missed in the hacker’s arsenal and why? In my case, that I prefer forensics, I would say: Autopsy, FTK Imager, Tcpdump/Wireshark and all CAINE tools. Speaking of hacking: Nmap, Netcat, Metasploit, and BURP. Which are the most interesting hacking communities on the web today? Security and hacking communities are moving to different sectors: CONs, IRC, even Telegram groups where you can discuss specific stuff. Which is the industry (healthcare, automotive, telecommunication, banking, and so on) most exposed to cyber attacks and why? What scares you more on the internet and why? Everything connected to the Internet (and a lot of air-gapped ones) is prone to be hacked. Several causes: misconfigurations, outdated systems, security implementation weaknesses, public or private exploits, because of being a target of any powerful government,… Others can be hacked because of people involved in the business of the organization. What do they want? Money or something that can be transformed into money, like information/data that could be sold for a strategy of a competitor or different country. I am scared because of the treatment of my data, by the providers or people who have my confidential information, as public administration, hospitals, banks, shops where I have to trust my credit card. We often hear about cyber weapons and cyber attacks against critical infrastructure. Do you believe it is real the risk of a major and lethal cyber attack against a critical infrastructure? I agree with that assessment. An attack to a nuclear central that would cause human casualties, would be catastrophic. In my opinion, there are more security incidents that are happening but we don’t realize because they are still unknown, and others that are discovered but kept private to avoid distrust or public panic. Thanks and compliments for your great work!