linuxmemes

And this is exactly why I don't make those jokes to people unless I know very well they'll get it

Same. I was working on a help desk years ago helping another agent with a call where the customer was being ignorant and I sent him a message that said something like "does he want us to wipe his ass for him too?" (Not that exactly but in the context of the situation it would have been similarly insulting). Next reply I get from the other agent was "he said no".

😬

Yeah, you don't want toddlers learning gun safety the hard way

I mean.... it's the best way to learn by being stupid and doing mistakes, but truly some mistakes are too much damage and does not help to learn or if we talk about other jobs can kill somebody.

I remember one interview I had with a candidate. It was for a database analyst position that required SQL.

The first round was typically a phone screen where I chat with the candidate, get to know them a bit.

Second round was code review. I asked them to do a SQL query that did x.

The queries were simple. The goal was to get the candidate to walk through the query.

I had one candid that, over screen share, wrote the query flawlessly. Then I asked them to explain what it was doing. The candidate froze.

I can get understand getting nervous so I moved onto an insert statement. I had them write one and then do another without using certain terms (often leading to a sub query).

Again, flawless. I asked what situations would you use one over the other.

Again, they froze. I started to get suspicious that they were cheating and had them, instead of typing the answer, say the answer. When they couldn't, I knew enough that it wasn't going to work.

The way this reads I think the company did not actually provide a good sandboxed environemt. So when they rm -rf /'d the thing they actually deleted a lot of stuff the recruiters still needed (likely the pentest environments for other candidates). Because imo that's the only reason I can think of to just outright ban a candidate from applying for any other role at the company.

How are you supposed to fine 7 vulernabilities in an hour anyways?

Threaten the interviewer with a knife until they give you at least 7 vulnerabilities. tapsheadmeme

Using Kali? Easy if you have training. The capstone for our security course a decade ago was too find and exploit 5 remote machines (4 on the same network, 1 was on a second network only one of the machines had access to) in an hour with Kali. I found all 5 but could only exploit 3 of them. If I didn't have to exploit any of them 7 would be reasonably easy to find.

Kali basically has a library of known exploits and you just run the scanner on a target.

This isn't novel exploit discovery. This is "which of these 10 windows machines hasn't been updated in 3 years?"

It's going to be a system set up with known vulnerabilities that should be easy to locate using common tools already installed on Kali; a real world scenario should (at least in theory) not be that simple, but in a capture the flag pentest environment, that's pretty normal

You can see that the first machine is at /dvwa which is the Damn Vulnerable Web Application and is made for practicing hacking. If you have a basic understanding of the vulnerabilities there finding 7 of them is easy peasy.

It's clear the kid wasn't up to the job. Why sit the interview?

Haha fair, I don’t know anything about this poster other than this meme they made, and I didn’t want to post without attributing the original source.

On modern Linux versions you need to add --no-preserve-root or it won't work as nicely

Months 1-3: hey he’s new, just getting used to things

Months 4-6: he’s not good, but maybe trainable?

Months 7-9: he needs to be on a PIP so we can CYA and fire him

Months 10-12: phase out and fire

Rinse and repeat at new companies every year for 5 years, get hired as Engineering Manager at sixth job.

Chill out. They may be German or something where shit like that is concatenated into one word.