A Simple page about me
What can I say. This is what I do for a living.
I am currently employed
by the US Navy working at the Fleet Information Warfare Center (FIWC) in N33 Red
Team Operations. Nothing better than having a license to hack!
(Finally, I can sleep at night)
I started with CNA (Computer Network Attack) about the same as everyone else. I got tired of being
winnuked on IRC ;) so, I began to play with various programs and techniques I found
on the 'net to tell when someone was scanning me. (Among other things) That lead to me
Scanning other people (Among other things) and yet another script kiddy was
born. Being a CTO in the Navy,
I've been around communications security in one form or another since 1993.
The IP based network side of things began to develop around 1995ish and lead to me being assigned as the Systems
Administrator for my last three years in Naples Italy. Of course, all my
'hackish' activities were conducted at home with my own computers..... not at
work. ;)
I transferred to FIWC in
May 2000 after attending the Navy's Network Security and Vulnerabilities
Technician (NSVT) school in Pensacola Florida. When I first heard of 'The Red
Team', I knew I had to be a member of the crew. Within three months, I was sent
to San Diego Ca, for a two week crash review/course, was dumped 75 miles south
of the border (long story but worth mentioning), Bob's your
uncle and I'm on the team! A founding member no less. Prior to this, Red Team
was just a few guys getting together now and then to perform various operations.
They didn't even have an 'N' designator or an actual office. This was our first
real operation. A few months later, the five of us were given a
60'x100'x40' box
of an empty room complete with bare concrete floors, girder ceilings with power lines hanging
down and no air conditioning.
We were in heaven. We immediately named it the ROC for Red Team Operations
Center (say Rock). We grabbed
as many computers, tables, racks, hubs and Cat 5 cable as we could carry from
the dumpster and went to work building ourselves a true operations center. A
baseline network and server was already running (in the loosest sense of
the word) so we decided to keep the general layout. I tell you, there is nothing
more beautiful than dozens of half built computers in open bay racks, network
cables draped over conduit and power cords snaking across the floor :)
It quickly became apparent that we needed to develop our programming skills further
than they were. PERL became the language of choice for everything from simple administration
to complex socket based applications. Later, we adopted MySQL for our
databasing needs and
the rest... is history.
Being involved in Computer Intrusion as much as I have, I began to see trends in networks. It seemed
like I was seeing the same basic vulnerabilities over and over again. (The
oldest sins being committed in the newest ways) "If they would just do this one little thing,"
I would think to myself "All these types of attacks could be stopped!" Thus, packet-security was born. It
seemed like it was time for a simple and straight forward website to improve the security of small networks.
Nothing crazy or expensive. No product names flashing around to sell you
projects. Common sense router ACLs, public access servers isolated from your
network and keeping an eye on your networks
can increase your security posture ten fold. Throw in a comprehensive user policy, warning banners and an occasional
audit of the networks and your chances of getting hacked drop even further!
These are the things I have learned over the years. This is what I expect this website
to be about.
Update to this! I got out of the Navy on May 8th and was hired by ManTech to work at the State Department as a Red Teamer. We'll leave it at that for now.
-Bagarre