PTAAS EXCHANGE
If you missed the PtaaS Exchange in person, join us virtually to learn how to improve your security program in 2023.

Pentester Spotlight: Razvan Ionescu, Romania's 3rd GIAC Security Expert

Razvan Ionescu has been pentesting with the Cobalt Core since 2018. He recently became a GIAC Security Expert, Romania's third. Read more about Razvan in his Pentester Spotlight.

Pentester Origin Story: How did you first get involved in pentesting?

Most of us have seen at least one movie with hackers typing very fast on their keyboards in front of black screens with green text flowing around. 😆

I remember watching Hackers, which appeared in 1995, starring Angelina Jolie (https://www.imdb.com/title/tt0113243/). For a 7-year-old kid, it was pretty intense and left me with a few “wow” moments and the thought that maybe someday I will “save the planet” – while hacking ethically, of course.

Fast forward to my MSc studies in Security of Complex Networks at the Polytechnic University of Bucharest, where I meet my mentor and current colleague, Adrian Furtuna. It’s there where I hear for the first time about Backtrack 5 (Kali’s previous name) and penetration testing as a job. And as a cherry on top, the lab exam was my first ever live CTF (Capture the Flag) competition against all my colleagues. 

The feeling I had during that “race” made me decide between pursuing such a career. 

Right after I achieved my MSc I joined Intel; I started working as a Security QA Engineer and Penetration Tester.

 

What motivates you when it comes to pentesting? 

The feedback I receive after penetration tests motivates me a lot. A happy and thankful client is always a blessing.

Also, having the opportunity to deliver penetration tests to a broad range of industries (e.g. banking, transportation, telecommunication, etc.), and to meet very different types of people along the way – keeps me motivated.

The fact that pentesting is a continuous journey during which you keep learning and achieving goals drives me. As a pentester, I must be up to date with the latest cybersecurity threats, the most recent attacks, and the newest tools and methodologies. That’s because I believe the client deserves quality results, relevant reports, and support to achieve their goal of becoming more resilient against cyber attacks. This type of harmony also motivates me.

Giving back to the community is another source of motivation. If you find a very exciting and important vulnerability, first you disclose it to your client, and – after it is fixed – you may share it with others so that all other pentesters can learn from your experience. 

All these things keep me wanting to continue in cybersecurity and pursue constant improvement.

 

What do you feel makes a good pentest engagement?  

A great pentest engagement is a combination of three things:

  • a very clear scope defined by the client
  • an interesting and challenging underlying technology
  • strong and clear communication between the pentest team and the client 

I believe that a very good pentester learns something new during each good engagement.

Of course, when the pentester finds a couple of critical or high-risk vulnerabilities, that makes a pentest a lot more memorable.

What kind of targets excites you the most? Do you have a favorite vulnerability type?

I enjoy performing web application penetration tests mostly, and my favorite vulnerabilities are the ones related to business logic, such as various bypasses or even account takeovers.

I also get excited when “low hanging fruits” type of vulns (e.g. disposable email addresses allowed for registration purposes) can be leveraged to escalate users’ privileges (guess a valid username, reset password, and profit).

Where do you go to learn about different security concepts? Are there specific pages/handles you follow? 

During the past 7-8 years, I focused on a self-learning, studying, and certifying myself. My latest achievement – and the one I am most proud of – is the GSE (GIAC Security Expert) certification (https://www.giac.org/certified-professional/Razvan-Costin-Ionescu/153622). It was a long six-year journey (because of the COVID-19 pandemic), culminating with three hands-on exams, each four hours long. In very few words, it was an intense emotional rollercoaster.

The joy I felt when I received the email stating:  “I’m pleased to share that you have PASSED the lab and are now a GSE! Congratulations!” was probably close to what Nobel Prize winners feel when they are nominated 🙂. Unofficially, I am the 3rd Romanian person in the world who achieved this certification, and this was a nice ego boost. 🙂

Regularly, I try to organize my time and sharpen my skill set using various platforms such as:

  • Portswigger Academy
  • TryHackMe
  • HackTheBox
  • TCM-Security

I also participate in competitions (CTFs) because I love the challenges of real-life scenarios that force you to think outside the box. 

Following cybersecurity Twitter accounts or Reddit threads is always a good way to stay anchored in the reality of one of the most fast-paced industries in the world.

 

How do you conduct research and recon for a pentest?

Depending on the type of engagement (infrastructure, web, mobile, API), I always conduct some research and plan the recon accordingly. There is a famous quote by Abraham Lincoln says, “Give me six hours to chop down a tree, and I will spend the first four sharpening the axe.”

Since it's my job to be familiar with the tech stack, I take time to familiarize myself with the underlying technologies I have to test.

I also perform OSINT activities, making sure I gather all publicly available information that might help me compromise the target. Sometimes I don’t have to knock on the door repeatedly if the door is unlocked (leaked “keys”).

In the end, enumeration is the key to a successful pentest, and I do this thoroughly at the beginning of the project and many times over during the engagement.

 

What are the go-to tools you leverage?

For recon, I use Nmap, Amass, DirBuster, Google Dorks for OSINT activities. 

I use automated scanners through the Pentest-Tools.com platform or other open-source or commercial tools for the vulnerability scanning phase.

I use proxies such as BurpSuite Pro or ZAP during the manual testing phase, which should take the most time in an engagement.

For reporting, I rely on online tools which generate Docx / pdf reports, such as Pentest-Tools.com or Cobalt’s platform. These options transform a pentest's “boring” part into a smooth and pleasant experience.

What advice would you offer to someone interested in getting into pentesting? What do you wish you had known before you started?

 

Don’t be afraid to try new things! Think outside the box. Try to think like an attacker.

If you have time, go for an MSc degree in cyber security because it’s a great starting point. Otherwise, go and build an app from scratch, break it and then fix it. Rise and repeat.

Try to connect with cybersecurity experts and local communities. Join conferences like DefCamp or Black Hat, and watch past cyber security talks and demos on Youtube.

Subscribe and listen to awesome infosec podcasts such as Pentester Diaries, Cyber Empathy, or Darknet Diaries

Get your hands on various hacking platforms that can guide you from 0 to hero in cybersecurity.

Join a startup as a Junior Penetration Tester as early as possible and grow from there.

I wish I had all the learning and practical resources we had ten years ago when I joined this field.😊

 

What do you wish every company/customer knew before starting a pentest?

An ideal customer knows what a penetration test implies: its phases and requirements. Considering that penetration tests are time-boxed and, most of the time, best effort, it would be tremendously helpful for both parties (client and penetration testing team) to communicate openly and efficiently during the entire project period.

It helps companies understand that, as long as they are more open, supportive, and less restrictive, they will receive a more relevant report with actionable items they can tackle as soon as possible. 

 

What do you like to do outside of hacking?

I am the father of 2 wonderful daughters, and I try to be the best version of myself every day for them and my amazingly supportive wife. 

In terms of hobbies, I enjoy playing geocaching and squash from time to time.

I also like to do wood-crafting in my spare time, and I hope to one day have my workshop.

What are your short-term and long-term goals? 

A few months ago, I achieved one of the hardest-to-get certifications in cybersecurity and became a GIAC Security Expert. Because of the COVID pandemic, it took me six years to sit and take the hands-on lab exams. So, I might say that this was one of the longest-term goals in my life that I accomplished. 

My next short-term goals are to finish all the online security courses I started before the end of the year and focus more on red teaming, social engineering, and human hacking. :)

As for my long-term goals, I intend to continue to learn, grow and diversify my areas of expertise and invest in my personal time with my family.

Back to Blog
About Shelby Matthews
Shelby Matthews is a Community Content Associate at Cobalt. She works to empower the Core and provide them with a platform to produce content. She graduated from the University of Missouri with a degree in Journalism and uses it to bring the Cobalt Core's stories to life. More By Shelby Matthews
Pentester Spotlight: Alexis Fernández, Retired Developer takes on Pentesting
Alexis Fernandez has been a member of the Cobalt Core for a little over a year now. He started in security as a Web Developer before switching to ethical hacking.
Blog
Oct 26, 2022
Pentester Spotlight: Apoorva Jois; Do you want to build or break?
Do you want to build or break? That's the million-dollar question that got Core Pentester Apoorva Jois interested in hacking. She walked us through her journey as a Pentester on the younger side of the industry.
Blog
Aug 26, 2022
A pentester's guide to entrepreneurship
Shashank was Cobalt's first ever pentester. Now he is the CEO and Founder of his company CredShields, a security audit company, while still testing in the Core.
Blog
Nov 16, 2022