r/hacking u/RoseSec_ 6d ago

AMA I built the first Coast Guard Red Team, open-sourced thousands of attack techniques, then left to help businesses secure their infrastructure. Ask me anything!

My name is RoseSecurity, creator of Red-Teaming TTPs and Anti-Virus-Evading-Payloads. I'm also an active MITRE, OWASP, and Debian contributor/maintainer, although more of my recent projects have been cloud-focused. I went from cybersecurity in the government to helping businesses build secure infrastructure in the cloud. Ask me anything about contributing to open source projects, security research, or cloud security!

Edit: I helped build the Coast Guard Red Team. I was just a small piece in an awesome team doing great stuff. Sorry if I ruffled any feathers 🤙

107 Upvotes

90% Upvoted

36 comments sorted by

12

u/TheOGgeekymalcolm 5d ago

Wondering what tools you used as your "daily driver" / go to tools?

14

u/RoseSec_ 5d ago

For development or cybersecurity specific? My daily driver is a MacBook Pro, and some of my favorite "tools" are Chezmoi for configuration management of my dot files across different workstations, Neovim for file editing, and lots of self-service scripts. gh-dash is another great one for managing open source projects and notifications in the CLI

13

u/gothichuskydad 5d ago

I work in the field on the blue team side. While there's no question here, I just gotta say I really appreciate the level of detail and how thorough you are in answering these. For an AMA it's rare to see a "no stone left unturned" method and it's much appreciated.

Been working for 9 years and have actually used some of your resources. Fantastic work. Thanks a ton!

6

u/RoseSec_ 5d ago

You have no idea how much I appreciate this. My biggest motivator is writing tools and TTPs that are actually used, so I’m thankful they are helping you defend! If you ever have find anything that you think would benefit the greater community, feel free to open a PR or an issue and we can get it added. We’re all in this together

3

u/gothichuskydad 5d ago

Don't worry, I definitely will. I'm pushing to make threat hunting a more community driven process at my current org and they are jumping on the train like it's the next best thing.

Keep doing what you do. On the blue, red, and even purple side we appreciate it a ton! I'll let you get back to answering questions though haha.

7

u/intelw1zard potion seller 5d ago

Thanks for doing this AMA!

Some questions:

  • What advice would you have for someone first getting into cybersec?
  • What is the most challenging cert you've studied for?
  • In your opinion, what do you believe to be the most serious cyber threat?

10

u/RoseSec_ 5d ago

Love these.

My advice for those getting into the infosec field is to stay curious and take time to understand the underlying concepts and technologies rather than just the tools. It's easy to run a command, but what do the bytes actually look like going across the wire? That creates great learning opportunities from both the offensive and defensive perspectives.

The most challenging for me was GIAC Exploit Researcher and Advanced Penetration Tester (GXPN). I took it too early in my career when I was primarily working in the SIEM space and wasn't diving into OS internals, so I got completely lost in the sauce. I'd definitely revisit the materials although many of the techniques are now legacy.

No comment ;) I'm sworn to secrecy

5

u/I_am_BrokenCog 5d ago

Were you involved with the NSA Red Team Certification process? How bureaucratic did that get?

7

u/[deleted] 5d ago

[deleted]

3

u/I_am_BrokenCog 5d ago

I know the Ft. Meade team very well. They can be very helpful -- once all the hoops are lined up :).

2

u/RoseSec_ 5d ago

They’re a great group and taught me a lot. I worked on the other side of the house on the UNIX blue team there.

3

u/I_am_BrokenCog 5d ago

What years were you there?

I was there from '07 until '13

2

u/RoseSec_ 5d ago

Heck yeah, I was there from ‘19 to ‘23 so a little more recent but same old same old I’m sure

3

u/Responsible_Minute12 5d ago

Thoughts on honey pots and deceptions?

6

u/RoseSec_ 5d ago

I developed an open source project called Gaspot over the past few years that emulates a Veeder Root Guardian AST, the tank gauging system commonly found at gas stations across the United States. After deploying it in my homelab with internet exposure, it generated interesting insights into how various tools and actors interact with these systems. I also created a simulation of a local water tower control system, which revealed additional attack methodologies due to its web-based interface. I wrote a blog here if you're interested in the technical details. The honeypots had some fascinating data on threat actor behavior, but the scariest experiment I did involved embedding a canary token in our password manager to monitor for potential breaches...

3

u/Soberaddiction1 5d ago

Have you been on or would you go on u/jackrhysider podcast? The subreddit for it is r/darknetdiaries

8

u/RoseSec_ 5d ago

Not sure if my career is exciting enough to have a narrative written about and podcasted, but I have some war stories from the trenches 🤙

5

u/Soberaddiction1 5d ago

He can make the boring and mundane worth listening to. He’s got a great podcast.

7

u/DamianDaws 5d ago

Thanks for being here to answer questions. I’m new to hacking and engineering. How did you get started and what tools would you recommend for beginners?

14

u/[deleted] 5d ago

[deleted]

3

u/BALLSTORM 5d ago

Kudos, Debian is sort of my fave.

3

u/RoseSec_ 5d ago

Gotta love stability

5

u/yard_ranger 5d ago

Did you set up your own consulting firm or do you work for someone else?

2

u/intelw1zard potion seller 5d ago

also what is your favorite open source project to contribute to?

7

u/RoseSec_ 5d ago

My favorite has to be the entire Cloud Posse ecosystem of Terraform components, modules, and tools to manage infra. Being able to write features and improvements for code that is downloaded millions of times is super fulfilling. Other than that, I'd definitely say Trufflehog is an awesome group. They are super responsive to pull requests and fun to work with.

3

u/wifihack 3d ago

thank you, that's kind to hear! -OG TruffleHog maintainer

2

u/Deadlydragon218 5d ago

Whatup TISCOM

1

u/RoseSec_ 5d ago

Yessir, I miss those $3 civie breakfasts

4

u/Deadlydragon218 5d ago

I worked at OSC as a contractor for about 5 years NaaS Ops. Miss you all dearly, I had fun being the email security guy and thinking through ways to block some spam/scam campaigns. The sextortion campaign was of particular interest as the entire body of the email was variable save for a few select words. Printed out a bunch of those in my cube and was highlighting similarities.

2

u/Spiritual-Matters 4d ago edited 4d ago

How did you get started and what got you hired?

2

u/RoseSec_ 4d ago

I joined the military after high school and got to go through lots of cool training. I decided to shift from traditional vulnerability assessments and red teaming into the world of infrastructure so I could help organizations design and build securely. Something about infrastructure as code and automation that makes for a fun time

3

u/FK1627 4d ago

Thanks for doing AMA! Here are some questions

  1. How have your interests and focus evolved—from government red-teaming to cloud, and now what’s capturing your curiosity?

  2. What new attack surface or tool do you now focus on especially one that you wish you had earlier in your career?

-1

u/[deleted] 4d ago

[removed] — view removed comment