Victor Teissler | Penetration Practice Lead
How did you originally become interested in cybersecurity?
I remember participating in computer lab studies in elementary school. As kids, we would excitedly share new tricks, shortcuts and understandings. I think that cultivated in me a fundamental appreciation for exploring technology and teaching / learning from others.
In middle school, software was installed on the computer lab systems that would prevent us from certain actions while filters restricted access to the internet. I began working on exploring the restrictions. There was a moment in time where I realized that trying to bypass the restrictions was more rewarding than the content on the other side. I have long forgotten what it was that I wanted access to in the first place.
What part of your job sparks the most joy for you
Figuring out complex things and making unexpected functionality or behavior manifest.
What would you consider your biggest professional achievement to be?
I think back to moments where a confluence of disciplines granted me relatively rare insights into a problem.
One that sticks out to me was the quick creation of a local privilege escalation exploit. There was a program, written in C, that had an embedded python interpreter. The program was owned by root and had the setuid bit set. Reading through the assembly revealed a mistake, the application first evaluated a python script stored within itself and then relinquished its root privileges. Setting an environment variable caused the embedded python interpreter to load modules from a user-controlled directory. This allowed me to insert a few lines of code that ran as root, granting full access to the system.
Modifications to specific libraries or that time I hacked a really cool and well-designed fire suppression system through its smart security camera. I think I get a kick out of gaining access through a security component.
What did you do before you came to work at Digital Silence?
Once I was a c/c++ programmer. I knew I wanted to be a penetration tester, but I felt that my programming was, for lack of a better term, feral. After college I decided to work as a programmer until I felt that I could easily express my ideas in code.
What is your biggest pet peeve that corporations do or forget to do when it comes to cybersecurity/protecting their information from threat actors?
Probably not enforcing SMB signing. It is far too common and makes attacking Windows networks trivial. Without SMB signing, it is common for a penetration tester to get domain admin before lunch on the first day of their engagement.
What is something you wish everyone knew about cybersecurity?
That it is fun to learn and has a welcoming community.
When you’re not in cyberspace, what are you typically doing?
Thinking about cyberspace. I have also been known to enjoy climbing and traveling.
Who is your favorite movie or TV show that has a cybersecurity theme?
Probably the 1992 film Sneakers.
Fun fact about yourself?
My family moved to the US to escape occupying forces in 1988.