2020 was a crazy year for me. Part of me feels bad for not blogging in well over a year; however, another part of me doesn’t regret it. If you’ve followed me online, you will know I’ve started a Youtube channel, have made aquantainces and friends with many in our industry, and have got my dream job as a red teamer. In a mere 8 months, we’ve reached over 1300 followers on Twitter, a little over 900 subscribers on Youtube, picked up one official mentee, and a handful of unofficial mentees. That’s a win for both you and myself! I wouldn’t be able to do this without the support of all of you, and this is still just the beginning. The main goal still stands: to change your life, and give you the tools you need to survive in InfoSec - specifically, pentesting and red teaming.
2019 Recap
Last year was both rough, and unusually easy for me. Shortly before starting this blog, I had passed the OSCP certification offered by Offensive Security. At the time, I was working as a network engineer for my employer doing a combo role of vulnerability management, network security engineering, and capacity management. It was a lot of stuff for one person to take on, and at times I felt like there was no room for error, complaining, or improving. I was on the fast road to burnout, but I’ve also been lucky enough to have great leadership. They saw my potential, and sent me to Wild West Hacking Fest in Deadwood, South Dakota.
I’m a huge fan of South Dakota, and in my opinion, the West side of the state has some of the most beautiful scenery on Earth. While there, I met a number of people in the industry: Johnny Long, Joff Thyer, Tim Medin, and many others! It was great! People were pwning stuff in the back of the first floor at the CTF, talks were going on non-stop, and I even tag-teamed with a nice lady at the lock-picking village. I ran up and distracted the guy with the badge, while she casually passed by him with the scanner, then we did all of the coding stuff and cloned the guy’s badge to open the door….it was AWESOME.
Three people really stood out to me during that time. Technically, four people…although, I didn’t actually meet one of them. I was on a mission to meet the legendary Ed Skoudis, but it just didn’t work out for whatever reason. Instead…something more special happened! I sat in on a talk by The Cyber Mentor about mentorship and asking good questions. Originally, I was hoping to just shake Heath’s hand, and say “hey, big fan!” after his talk, but he got swarmed by others, so I was just like…meh…maybe another time. Later that night, I was feeling kind of defeated not having the courage to go up and talk to those I look up to. Luckily, both Ed and Heath reached back out to me, and said “hey, everybody’s at the hotel, come join!”
So after awkwardly walking around aimlessly, I got in line for a beer when Amber (Heath’s wife) was like “Hey! Do you want a sticker?!” So I was like “yeah, I’ll take a sticker!” It didn’t occur to me at the time that it was in fact Amber who had given the stickers to me, but nonetheless, I was like “hey, where did you get these?” and that’s when she pointed to Heath. I was like “oh snap! hey!” Sometimes, I’m pretty awkward, but in my head I was like “I will probably never have this opportunity again, so f**k it…don’t be weird” and offered to buy him a beer. That ended up being one of the most awesome nights of my life, just chilling and having a great time with Heath, Amber, and Jake Knowlton.
The best advice I can give anyone that meets someone they look up to: don’t put them on a pedastal. The people we look up to are just that - people. I think telling myself to just keep it nice and casual is what led to having a wonderful 2-3 hours with the three of them, and looking back, I wouldn’t have traded that experience for anything else. This specific moment, hanging out with the three of them, also became a turning point in my career.
“Stop What You’re Doing, and Get Into The Field”
It’s a really bizarre feeling when someone you look up to addresses you as a peer. It’s been almost 2 years since that conference, but one thing is for certain, I don’t think I would be doing the things I am now if Heath hadn’t lit a fire under my ass that night. I can’t recall exactly what was said, and I want to make perfectly clear I’m paraphrasing, but Heath said something along the lines of, “You have a CVE, OSCP, and you’re working toward OSCE? Why are you in vulnerability management? Just stop what you’re doing, and get into the field.”
Veterans have a way of talking to each other that not a lot of people understand, but there’s a certain directness and urgency to it that we all understand. He was right. I was in a miserable spot in my life, working three roles under one, in a relationship with my ex-fiance that was all but already over, and still wondering if I was good enough to work in this field.
Pro tip: if you’re at a point where you’re disabling the safety features of a Ford Focus at a conference…you should have been in the field a long time ago.
Sometimes that external validation is needed. With all said and done, I left WWHF with some new knowledge, friends, and perspective. If you’re wondering if you’re good enough for the field…the answer is yes. So, stop what you’re doing, and get into the field! So to Jake, Heath, and Amber…thank you all for the wonderful time that night, and I hope to run into all of you again someday!
2020 Recap
Skip ahead a few months, and now it’s January 2020, and I’m interviewing for the job I have now - red team. In that time, I dropped two more CVE’s: CVE-2019-19383 and CVE-2019-19943, building up my network, and was on the verge of taking the OSCE exam. Jumping straight into red teaming without having previously held a penetration testing role is a big jump. You really have to be on point with your knowledge and understanding. That’s not being gate-keepy, that’s just the way it is. Even still a year into this role, there are some fundamental red team concepts that I’m still learning, but every day it gets a little easier.
The interview process itself was fairly straightforward. I had two rounds of interviews: one was a kind of high-level interview, the other was a technical interview. The only problem I really had was navigating my way around HR, and at one point I thought I was going to get roadblocked out from it due to a lack of working experience as a pentester/red teamer. After some careful resume tweaking, and really selling myself, the HR people took a second look, and gave me the approval to move forward.
It’s been smooth sailing ever since! There’s been some minor things here and there, but overall I felt like the transition from vulnerability management to red teaming was natural for me. In fact, I cannot even imagine doing anything else with my life. Breaking into stuff and evading detection gets my heart racing. Sometimes, I wonder if penetration testing would be just as interesting, but to be honest…I don’t think I would make a good penetration tester, because it’s just…a little too formulaic for me. I need a goal when I’m doing these things, and the potential of getting caught introduces a little anarchy and chaos into the mix - which I love. Ultimately, the goal is to help the defenders get better at their jobs, and the organization more prepared to detect and respond to real bad guys.
With all of that, 2020 also brought yet another zero-day! This time documented under CVE-2020-7209. This was a really awesome find that I worked with Chris Inzinga, and developed the now OffSec-banned Github_Autopwn project. Seriously, this was a cool project, and within an hour or two of having the code finished, Chris and I each found zero-days. This is probably the worst static code analyzer in existance, but hey…if it works, it works, am I right?
Some downsides to 2020: I got sick twice, lost a family member, and I’m no longer with my ex-fiance. Aside from that, 2020 has treated me very well on the professional development front. I’ve made so many new friends, have heard so many interesting stories through doing interviews for Youtube, and have seen the direct impact of sharing my knowledge both at work and online.
Road To OSCEv3
Shortly after taking the red team job, I took the OSCE exam, and passed on the first try. I could go into a whole blog post about that experience, but if you would like to see the highlights, I recommend my Youtube video on this subject:
In my honest opinion (maybe a little biased), this is the only true review of the Cracking The Perimeter course, in video format, on the internet. There are a number of others, but they don’t really explain what the course is about. The three new certifications offered by Offensive Security (OSWE, OSEP, and OSED) are on my hit list for 2021/2022 so I can reclaim my legitimatacy as an OSCE. If I can endure the pain and suffering beyond that, I may make an attempt at OSEE someday, but we have to cover a lot of ground before even thinking about doing that.
If you would like more information on what skills are needed to develop your skillsets into advanced territory, I kindly refer you to my video with one of Offensive Security’s course authors - Morten Schenk:
It is unbelievable that there are people as intelligent and talented as Morten in this world. He’s a wonderful person, and I’m glad to interact with him frequently online to pick his brain for knowledge. This is kind of the point with this blog post, because even beyond people like Morten, I’ve interviewed so many others that have that same level of intelligence and tenacity for progress.
eCPPT
VetSec was very generous, and sponsored me to take the eCPPT certification by eLearnSecurity. I’ve prepared a write-up on my experiences going through the Penetration Testing Professional course for VetSec, and hopefully they make that available for all of you to read in the near future! I wish I could say more on this matter, but out of respect to my agreement with VetSec, I’m holding off until they’ve published my write-up for them. If you would like a little bit of insight, you can see my chat with InfiniteLogins on certifications, and maybe get a little better understanding if this one is right for you:
CRTO
Recently, I’ve been grinding away on my knowledge of Cobalt Strike, and penetration testing within Active Directory environments. I want to hold off on doing a full-blown review of this course until I’ve had a chance to take the exam, but overall…it has been a completely worthwhile experience. Rasta Mouse has done an excellent job with this course, and I would recommend it to anybody wanting to round-out their skillsets.
The Importance of Making Friends
It’s no secret that growing one’s network is of utmost importance these days. Unfortunately, not a lot of people will explain why. Here’s some theories I have why it’s important to grow your network: you never know what role someone will play in your life later on, exchange of knowledge, everybody likes having friends, and everyone has an interesting story to tell.
I’ve had the pleasure and honor of having met with these fine folks:
- Tib3rius
- Davin Jackson
- Chris Inzinga
- Alh4zr3d
- Connor McGarr
- InfiniteLogins
- CybersecurityMeg
- FalconSpy
- Morten Schenk
These fine people, among many others that I have learned from over the past few years, are among the best in the entire industry. I’m truly grateful that each of them has taken time to share their knowledge and stories with me. I wouldn’t have much of the knowledge I do now if it weren’t for these friends of mine, and that’s why it’s important for you to reach out to as many people as you can. As I said earlier, you never know what role someone might play in your life, and it’s important to spend the little time we have on this planet taking in as many experiences as we can!
What’s Next?
At this moment…I don’t have a freaking clue what’s next. What I do know is that I want to continue developing my own skills, and those of my following. I want to bring all of you along for the ride as I meet new people, explore new knowledge, maybe drop some more 0-days, and just keep grinding toward whatever the goal is.
Ultimately, the real theme here is that the friends I’ve made have contributed greatly to my career, and my personal well-being. I’m truly thankful having met every one of you (even if I haven’t mentioned you here)! That’s what this field is all about: building each other up, and making each other better. With that being said, I’m done ranting. Let’s make 2021 the year we want it to be!