Tim Helming and Kali Fencl had the chance to sit down with Tony Robinson in this edition of Voices from Infosec. Tony is a Senior Security Researcher with the Emerging Threats team at Proofpoint and we spoke with him about how he got into cybersecurity, information stealers, his commitment to the community, and interests outside of the industry. It’s a great conversation we hope you all enjoy!
Meet Tony Robinson (aka da_667)
Tony’s interest in cybersecurity started while he was in high school where he took programming classes along with a Cisco networking program – that class in particular was where he found that systems and network administration was up his alley. From there, he earned his Associate’s Degree in Network Administration, and then took those credits to receive his Bachelor’s in Computer Information Systems.
At the time he began working, he discovered the Hacker Quarterly and thought “people get paid to secure or break things?” and his interest in cybersecurity progressed from there. He’s spent a majority of his career on the Blue Team, as he prefers to protect over break, and has spent the last two years with ProofPoint.
When we began working with Tony to prepare for our conversation, he was deep in the state of flow working on a blog post relating to the threat group, ZenRAT, which ProofPoint should publish within the next few weeks. We’ll be sure to update our show notes when it’s officially available.
Insidious Information Stealers
We love to learn what our guests are passionate about – whether that’s something that’s grinding their gears or something that’s been beneficial to the community. In our conversation, Tony shares that they do more damage than people think and their presence is pretty noisy. Tim and I discuss the latest news regarding the Information Stealer known as Raccoon Stealer, who recently re-emerged. Tony has some thoughts on why that might be, but he also has a good story about what he had initially seen regarding Raccoon Stealer when sharing information with @James_inthe_Box.
Commitment to the Cybersecurity Community
Tony discusses the value in organizations sharing information, especially using the Emerging Threats Open List. Information shared there comes from other organizations’ research as well as independent researchers. Tony describes it as an open-minded community where users are encouraged to share their observations and ask questions. Responses are treated with respect and positive feedback is reinforced.
In terms of other resources newer members of the community can use to get started, Tony points out free options including MalwareBazaar, Any.Run, and ThreatFox – all great examples of getting network samples for free. Tria.ge is a great sandboxing engine, but it does require approval for access.
Tony also shared information on the books he’s written (Building Virtual Machine Labs), which has two volumes. He mentioned that the length of the book seems a little intense upon first blush, but it’s written in a sort of “choose your own adventure” style, where you can choose hypervisors that you’re interested in and jump to the appropriate sections.
He’s a big believer in appealing to the different learning styles (text vs. images) and included visualizations to help ensure people are installing the right things in the correct order. In terms of video education, he does have some older material available on networkdefense.io.
The Origins of da_667 and Life Outside Cybersecurity
We had to ask Tony where the handle “da_667” comes from and the answer certainly did not disappoint. I could share directly here, but it’s great hearing it in Tony’s own words, so be sure to listen to the full episode.
Outside of cybersecurity, Tony would describe himself as a “stereotypical nerd” with interests in anime and comic books, but I love asking this question because people share unexpected hobbies, and Tony is no exception. He enjoys blacksmithing and has made several knives for himself. He also enjoys some woodworking, and would love to do both more often and it’s his dream to have a garage big enough to hold the tools needed for both endeavors.
That’s about all we have for this week, you can find us on Twitter @domaintools, all of the articles mentioned in our podcast will always be included on our podcast recap. Catch us Wednesdays at 9 AM Pacific time when we publish our next podcast and blog.
*A special thanks to John Roderick for our incredible podcast music!