Maybe. All I read is that he was QA. That can mean anything from game tester to someone who tests internal tooling. I haven’t seen an actual description of his role.
I honestly don’t know, but since he ended up in cyber security, I’m guessing it wasn’t games testing, but probably internal tooling. Orgs like Blizzard have a lot of non-gaming related tech, like websites, databases, etc.
I haven’t seen any disclosure about what his role was, just that he started as QA and ended up doing cyber security, both of which likely didn’t involve any coding.
He did technically end up in cybersecurity, but basically yeah, a role that involves almost zero actual technical skill.
He did social engineering, aka, worming his way into people’s emails and texts and social circles, sending fake ‘your account has been comprimised, send me your user name and password to fix’ type shit.
Ironically, social engineering is quite a fitting uh, subclass, for a low technical skill, high charisma narcissist to slot into.
He thought hacking and DEFCON was the coolest convention to go to, so him and some buddies… won the scavenger hunt badge, I believe thats more or less running around the Con with your network analyzer open on your phone, to find wifi/bluetooth enabled hidden scavenger hunt items, maybe with a couple extra steps.
Its literally a gimmick badge, its not really anything to do with actual pentesting, nothing like developing a totally novel exploit.
EDIT: Like, I am reasonably confident I know more about ethical hacking than he does, just having futzed around with tryhackme and some other free online sort of, ‘basics of hacking’ tutorials with simulated demonstrations on VMs, for a few years in my spare time.
Ask him what SYN, SYN-ACK and ACK are, and why they are important, and I’m guessing he would have to look it up, whilst making it look like he is not looking it up.
It’s also probably the most common type of breach. It’s way easier to compromise tech support than find a vulnerability, so it makes a ton of sense for a company like Blizzard to have an auditing team to test the various attack vectors.
A lot of roles like QA and cyber security sound glamorous, but that’s because people like glamorous titles. If you’ve spent even a tiny amount of time working in a relevant industry (in this case, anything touching computers), you should be able to read between the lines. That “sanitation engineer” is probably just a janitor or garbage truck driver, not the person in charge of the city water filtration services or something.
scavenger hunt badge
I haven’t been, but yeah, that sounds likely. Things like that are to get people new to the industry excited, not to actually challenge hardcore hackers.
I’ve attended and even spoken at some tech conferences, and they’re like 90% entry level stuff with a handful of interesting events and talks that actually break some new ground. I’m in senior level position now, and conferences are something I’d send my juniors to for networking and to get an idea of how they want to grow their career, but I don’t really attend anymore. I imagine cyber security conferences are similar.
Ask him what SYN, SYN-ACK and ACK are
Lol, that’s basic TCP stack stuff, I doubt he would’ve gone that low level at a company like Blizzard. You get to that level when you’re looking for amplification attacks at a place like Cloudflare or the military.
At Blizzard, they most likely want to make sure they’re up to date on security patches, their tech support is following the proper scripts, and IT isn’t getting lazy reviewing reports and whatnot. Basically, liability coverage in case there’s a real breach so their insurance can cover any losses.
But yeah, streamers like to appear like they know their stuff because that’s what gets people to watch.
It’s also probably the most common type of breach. It’s way easier to compromise tech support than find a vulnerability, so it makes a ton of sense for a company like Blizzard to have an auditing team to test the various attack vectors.
Yep, absolutely.
The uh, funniest one that sticks in my memory was the hack of basically an early build of GTA 6.
Somebody social engineered their way into someone at Rockstar who had some level of admin acces, I think via fake / intercepted and reformed 2FA auths to the target’s phone, along with some spear phishing.
Then, they were proficient enough to exploit thier way throughout the intranet… but not smart enough to cover all their tracks.
A lot of roles like QA and cyber security sound glamorous, but that’s because people like glamorous titles. If you’ve spent even a tiny amount of time working in a relevant industry (in this case, anything touching computers), you should be able to read between the lines.
You would think this, but everywhere I have worked in the industry… most people cannot infact read between the lines.
I’ve attended and even spoken at some tech conferences, and they’re like 90% entry level stuff with a handful of interesting events and talks that actually break some new ground.
Impressive!
I’ve been to some, never spoken though… also, not DEFCON though.
I imagine cyber security conferences are similar. (mostly exist for networking)
I agree.
But yeah, streamers like to appear like they know their stuff because that’s what gets people to watch.
Yeah, but Thor takes it to an uncommon point of basically being a conman, with his so much of his reputation built, by himself, on vastly overstated credentials.
Its like getting a 2 year nursing assistant degrer and then acting as if you can safely perform a brain surgery.
ve been to some, never spoken though… also, not DEFCON though.
Yeah, I’ve spoken at local JS and Go confs with several hundred to a couple thousand attendees (my sessions were small, like 30 people), and attended a couple others.
DEFCON is much larger, but looking at the schedule, it seems pretty similar, a mix of relatively entry level stuff and more advanced topics. So someone attending doesn’t say much other than that they’re interested in cyber security.
Its like getting a 2 year nursing assistant degrer and then acting as if you can safely perform a brain surgery.
Interesting. I haven’t watched enough of his stuff to know what claims he’s made.
Probably not in the direct sense, given that he uh ‘used to work’ at Blizzard.
As a game tester.
By that metric, I am an ex MSFT employee, because I did that routinely as well.
(I then went on to actually work for MSFT as a database admin/dev, but you get the idea)
He’s is an extremely useful and extremely idiotic useful idiot, like uh, Tim Pool.
Maybe. All I read is that he was QA. That can mean anything from game tester to someone who tests internal tooling. I haven’t seen an actual description of his role.
Ah, thats true, that is more accurate.
So he was … testing tools for testing games, or some kind of internal process?
I honestly don’t know, but since he ended up in cyber security, I’m guessing it wasn’t games testing, but probably internal tooling. Orgs like Blizzard have a lot of non-gaming related tech, like websites, databases, etc.
I haven’t seen any disclosure about what his role was, just that he started as QA and ended up doing cyber security, both of which likely didn’t involve any coding.
He did technically end up in cybersecurity, but basically yeah, a role that involves almost zero actual technical skill.
He did social engineering, aka, worming his way into people’s emails and texts and social circles, sending fake ‘your account has been comprimised, send me your user name and password to fix’ type shit.
Ironically, social engineering is quite a fitting uh, subclass, for a low technical skill, high charisma narcissist to slot into.
He thought hacking and DEFCON was the coolest convention to go to, so him and some buddies… won the scavenger hunt badge, I believe thats more or less running around the Con with your network analyzer open on your phone, to find wifi/bluetooth enabled hidden scavenger hunt items, maybe with a couple extra steps.
Its literally a gimmick badge, its not really anything to do with actual pentesting, nothing like developing a totally novel exploit.
EDIT: Like, I am reasonably confident I know more about ethical hacking than he does, just having futzed around with tryhackme and some other free online sort of, ‘basics of hacking’ tutorials with simulated demonstrations on VMs, for a few years in my spare time.
Ask him what SYN, SYN-ACK and ACK are, and why they are important, and I’m guessing he would have to look it up, whilst making it look like he is not looking it up.
It’s also probably the most common type of breach. It’s way easier to compromise tech support than find a vulnerability, so it makes a ton of sense for a company like Blizzard to have an auditing team to test the various attack vectors.
A lot of roles like QA and cyber security sound glamorous, but that’s because people like glamorous titles. If you’ve spent even a tiny amount of time working in a relevant industry (in this case, anything touching computers), you should be able to read between the lines. That “sanitation engineer” is probably just a janitor or garbage truck driver, not the person in charge of the city water filtration services or something.
I haven’t been, but yeah, that sounds likely. Things like that are to get people new to the industry excited, not to actually challenge hardcore hackers.
I’ve attended and even spoken at some tech conferences, and they’re like 90% entry level stuff with a handful of interesting events and talks that actually break some new ground. I’m in senior level position now, and conferences are something I’d send my juniors to for networking and to get an idea of how they want to grow their career, but I don’t really attend anymore. I imagine cyber security conferences are similar.
Lol, that’s basic TCP stack stuff, I doubt he would’ve gone that low level at a company like Blizzard. You get to that level when you’re looking for amplification attacks at a place like Cloudflare or the military.
At Blizzard, they most likely want to make sure they’re up to date on security patches, their tech support is following the proper scripts, and IT isn’t getting lazy reviewing reports and whatnot. Basically, liability coverage in case there’s a real breach so their insurance can cover any losses.
But yeah, streamers like to appear like they know their stuff because that’s what gets people to watch.
Yep, absolutely.
The uh, funniest one that sticks in my memory was the hack of basically an early build of GTA 6.
Somebody social engineered their way into someone at Rockstar who had some level of admin acces, I think via fake / intercepted and reformed 2FA auths to the target’s phone, along with some spear phishing.
Then, they were proficient enough to exploit thier way throughout the intranet… but not smart enough to cover all their tracks.
You would think this, but everywhere I have worked in the industry… most people cannot infact read between the lines.
Impressive!
I’ve been to some, never spoken though… also, not DEFCON though.
I agree.
Yeah, but Thor takes it to an uncommon point of basically being a conman, with his so much of his reputation built, by himself, on vastly overstated credentials.
Its like getting a 2 year nursing assistant degrer and then acting as if you can safely perform a brain surgery.
Yeah, I’ve spoken at local JS and Go confs with several hundred to a couple thousand attendees (my sessions were small, like 30 people), and attended a couple others.
DEFCON is much larger, but looking at the schedule, it seems pretty similar, a mix of relatively entry level stuff and more advanced topics. So someone attending doesn’t say much other than that they’re interested in cyber security.
Interesting. I haven’t watched enough of his stuff to know what claims he’s made.