Hands-On Hacking with James Gillkey

Summary: In this episode of Exploring Information Security, host Tim De Block sits down with James Gillkey to discuss hands-on hacking training at ShowMeCon. James is revamping a long-standing pentesting training course to bring modern techniques, updated tools, and a focus on efficiency to security professionals. He shares insights into building effective training labs, leveraging Python virtual environments, and incorporating real-world offensive security methodologies into a structured learning experience. Topics Discussed The evolution of hands-on hacking training and its history Setting up virtualized pentesting environments with Python and GitHub tools Common mistakes in pentesting and how to avoid them The balance between red team engagements and SOC awareness The importance of password cracking, enumeration, and network recon How cloud security assessments differ from traditional network pentesting The role of AI in pentesting and whether it’s a useful tool or a shortcut ShowMeCon’s Fallout-themed hacking lab and what to expect in the training Key Takeaways Hands-on experience is crucial. The best way to learn pentesting is by doing it. Virtualized environments simplify tool management and prevent conflicts. AI is an emerging tool in pentesting, but it doesn’t replace fundamental knowledge. Cloud security requires a different mindset due to its unique challenges and toolsets. Communication with SOC teams is essential to avoid unnecessary panic during testing. Efficiency matters. The goal of the training is to give students actionable skills they can use immediately.