Security Consultant Spotlight: Dax Labrador

Dax Labrador

Director, Professional Services, Philippines

Dax Labrador is the Director of Professional Services based in the Philippines and has been with VikingCloud for over five years. He manages a team of vulnerability and penetration testers and is responsible for designing and improving the tester’s processes and day-to-day operations. He also leads teams on security-related projects, such as developing in-house penetration testing tools.

Before joining VikingCloud, Dax held various positions with Trustwave and Bugcrowd and worked for nearly ten years at Hewlett-Packard (HP) on their Fortify on Demand team (a Security-as-a-Service testing solution). At HP, Dax was a penetration tester and later managed a team of highly skilled penetration testers and contributed to designing HP Fortify on Demand Incident Response and its Red Team methodology.

Dax’s passion is Information Security, and he’s been active in the security and hacking community for nearly 20 years. He founded ROOTCON, the largest annual hacking conference in the Philippines in 2008, and in 2023, the conference was attended by 600+ professionals. Dax has also been invited to speak on various topics, including the Darkweb and Starting your Infosec Career at several Manila universities - De LaSalle University, Polytechnic University of the Philippines, and University of the Philippines – Diliman Campus.

Interview with Dax

Q: What’s your favorite security vulnerability and why?

A: "There are two security vulnerabilities that I think are especially interesting. The first is a buffer overflow, which I like because of how it behaves. Once you identify your buffer overflow point, it can chain several attacks like code execution. The MS RPC DCOM Interface Overflow (CVE-2003-0352) is a classic example of this vulnerability. This vulnerability was undetected for nearly five years, mainly because companies delayed their response to attacks rather than being proactive.

My other favorite vulnerability is SQLi or SQL injection. This can be found primarily in web applications. Many companies are still too inexperienced to use frameworks to create their applications. Frameworks are designed so developers do not need to worry about sanitizing inputs from their web applications. It’s on my list of favorite vulnerabilities due to the nature of the vulnerability — once exploited, you get a very tangible result that could lead to chaining other attacks."

Q: What is the primary cause of breaches you see most often? Do you have any relatable stories you can share?

A: "The primary cause of breaches is when organizations are too relaxed – and reactive – when it comes to their security. Unfortunately, most come to realize that dealing with security breaches after the fact are much more costly than implementing security measures upfront. I have worked with several private companies and government agencies with a reactive approach to security — they don’t typically invest in security unless a breach happens. That’s too little too late – and costly to the organization."

Q: If you could give one piece of advice to our customers, what would it be?

A: "If you spend more on coffee than on information security, most likely, you will be hacked! Implementing information security can be a daunting and intimidating task. The best way to approach this is to utilize the skills of professional penetration testers like those at Vikingcloud — a team of top-notch penetration testers helping customers secure their online assets."

Dax’s extensive information security experience and knowledge make him a powerful addition to the VikingCloud team.  His passion and enthusiasm for the hacking industry are evident in the time and resources he’s given to founding and maintaining the ROOTCON conference. His work and team leadership make him an integral part of the Cyber Threat Unit, and we’re thrilled that he’s part of the VikingCloud team.

Learn more about Dax on LinkedIn: https://www.linkedin.com/in/daxlabrador/.