Entrevista a Marius Corici

CTF365 - LOGOHoy en Dragonjar tenemos el placer de realizar una entrevista a Marius Corici, Marius es el fundador de uno de los proyectos con mas éxito en el ámbito de la seguridad. Se trata de Hack a server una plataforma desde la que podremos entrenar nuestras habilidades teniendo un entorno controlado. Pero de esto hablaremos mañana, primero de todo, os dejo con la entrevista a Marius.

1-Who is Marius Corici?


Lazy entrepreneur (equivalent for lazy administrator). Thinking a lot to do less, preserving energy, providing simplicity. This is how I would describe myself.

In 2003 I started doing business in the plumbing industry and co-founded ITS Group, a franchise for Romstal Company, the biggest plumbing installations retailer from South-Eastern Europe. After that, in 2007 I moved into Artificial Intelligence field and founded Intelligentics, a group for Natural Language Processing. My first online startup project was SentiMatrix a Real Time Sentiment Analysis Tool. It didn't workout. Lesson learned: It's not enough to have an idea as long as you don't have the right team.

 Now, I am very focused on infosec and got involved in all the biggest independent startup security projects in Romania; Hack a Server, HackAdemy, and CTF365.

2-What is your relationship with the world of security?


Is true that security attracted me since 1998 when I got my first private internet connection. Fooling around with scanners and tried different things like all big boys did, but other than this, none. Just pure passion to do same thing in a different, easy, affordable and funny way. As I state before, I like to pick up a problem and try to improve/optimize its actual solution. That online entrepreneurs do. There are a lot of problems out there and security is one of them.

3-What is the project hack a server?

Hack a Server it’s a two sided market place where companies deploy their replica servers and hackers try to find vulnerabilities, report them and get paid for what they love to do most: Hacking Servers. All covered by anonymity and confidentiality.

Using the power of crowd-source, HackaServer helps companies to improve their security by finding and report vulnerabilities/flaws on their servers and web applications.

All big companies have their own Bug Bounty Programs. Google have it, Facebook have it, Mozilla have it, PayPal have it. Now everybody can have it using Hack a Server. The only difference is that on our platform all are Real Life Replica Servers/application without any sensitive data on it.

4-How did this idea?

My friend and associate Marius Chis came and tell me that he would like to do an online startup project with me. He wanted to invest in SentiMatrix (that Real Time Sentiment Analysis Tool), I told him that would be waste of money and he said to come up with an idea. The idea come up when waiting to a doctor cabinet for my younger daughter, I was thinking about how much I hate online games and how I can mix together with something else like security and crowd source. And then it stroked me. Within 2 days we meet again, I told this Hack a Server idea and he got it in less than 30 seconds which was more than ok having in view that he didn't knew anything about online, security, gaming and crowd source.
5-How the community has accepted the project?
Like in any other community when a “New kid on the block” appears on stage; we have enthusiasts, evangelists, early adopters and haters too. The thing is that most of penetration testing companies and professional independent pentesters, sees us like a menace for their activity and for the pentest market. This menace is not true at all and I tell you why.

 Pentest companies does a great job and there is a growing need for pentest industry, but this kind of job “by the book” have its high price which cannot be afford by small and medium companies.

HaS cover a gap between those companies that can afford a pentest report or/and are forced by laws (e.g. financial companies, government institutions, strategic companies etc.) and those companies that they can’t afford, are not forced by laws and have a need for strength theirs security (e.g. companies that build web apps, outsourcing companies – where they get like a few tens of thousands dollars/project- startup companies etc.).

We don't compete them, we complete them.

All those miss perception will change in time as we start to participate at different InfoSec events such Hacktivity where we had our Hello Workshop. HackaServer received positive feedback from Hacktivity conference held in Budapest.

6-What new features can bring to the project?


We have some features that would be nice to implement in future iterations but the best features will be those that our paying customers will ask for. This is the way a startup add new features. Is not about what we think would be nice to have, is about what our paying customer ask for.

7-Could you explain the hack a server infrastructure?

Almost all our infrastructure is running on free or open-source software. For the moment we are using the KVM hyper visor and libvirt to manage it. The VPN solution we have chosen is OpenVPN because it is cross platform and it's available almost anywhere.

 8-What is the future of Hack a Server?


We have 3 directions, I’ll tell you two. The third one I’ll keep for myself… yet. HaS will become a major player for InfoSec and war gaming niche. In Infosec, beside HaS, our backend module will be open sourced and we aim CS faculties all over the world to use it as a platform on their security courses. It will be way more exciting to learn security while having fun. Isn’t it? Also our backend can be used as a PenTest Lab for companies that provide paid training courses but there will be a cost.

For war game, we will push HaS for CTF competitions (Capture The Flag) all over the world. We give free access to use our infrastructure to CS faculties and InfoSec conferences that wants to have CTF competitions.
9-Last question, how many collaborators in the project help you?

We are three founders; me, Marius Chis - CFO and Andrei Nistor as CTO and we have a dream team of three others. Valentin Bud - System Engineering, Ionut Popescu - Network Engineering, Alexandru Ardelean - Python. Among them Razvan Maita on marketing + SEO, Danut Mihai Florian - Graphic design.

They are not collaborators, they are my friends because most of them do their job for free, working on other companies, but all of them believe in the project and they are sure that Hack a Server finally will payoff.

 There were others who helped us a lot. I said that I'll have to do a special thanks page for all those people who somehow they left a piece of their work on this project.

command center

Podéis encontrar a Marius en la cuenta de Twitter de Hack a Server