Introduction
Hey, my name is David De Lille, I’m a student in computer engineering at the university of Ghent, and I just finished an internship at NVISO. In this blog post, I want to give a quick roundup of how I experienced my 6 weeks as an intern at NVISO.
Why NVISO?
I kind of stumbled into my internship. Daan Raman, an alumni of UGent, came to give a presentation about Metasploit at our university. Knowing that NVISO also supports theses, I went up to him after the talk and asked him about the possibility of an internship and it all went from there. Looking back, it was clearly the right choice.
Details of the internships
Despite them not having prepared or had any internships before, they came up with a really good offer, which included a lot less making coffee than I had expected. Basically, NVISO split up the internship of 6 weeks into 3 parts, to give me a taste of the different aspects of the work done at the company.
In the first part, I got to join the NVISO team on a field job. They took me along on an actual pentest and had me look for rogue access points, unauthorized modems that allow an attacker to access the internal network of a company, using a high-powered WiFi antenna. I also got to manage a rented Amazon server that was used to crack a long list of password hashes that were discovered during the tests.
For the second part of the internship, I was given a small project to develop software to complement their existing security research. If you’ve read the previous blog posts, you’ll know all about ApkScan. In the way that ApkScan currently works, all the suspect files have to be uploaded manually by users, which means the server is often idling. To prevent this, I had to implement a script that can automatically retrieve samples of Android applications and forward it to the ApkScan server.
Finally, the last part focused on helping to organize a hacking challenge for the security conference BruCON 2013, which happened in September. The goal was to test a participants’ hacking skills in the form of a contest. Each person would get a certain amount of time to complete a set of tasks. Correctly completing each task awarded the player some points a bit of extra time. At the end of the conference, the top 4 hackers won a Raspberry PI!
conclusions
I had a lot of fun doing this internship and highly recommend it to every student who has room for it in his/her curriculum. I got a taste of what it’s like working for a security firm and gained some valuable experience in all 3 parts of my internship.
