Hello, dear readers! A lot has passed since last we spoke.
On February 2, I competed in the Trace Labs Global Missing Persons CTF, accompanied by three fellow hackers I met at the Dallas Hackers Association. We called ourselves the “DHA Dream Team.” Out of 138 teams competing in the event, we placed 7th overall — significantly better than I could have expected, considering it was our first proper CTF event.
On February 10, I was hired by a wonderful company called Critical Start. I didn’t get a job as a penetration tester as I’d originally planned, but instead was hired as a SOC analyst. To be honest, I’m not disappointed… I’m confident that if I wanted to transition into a pentesting role at Critical Start, I definitely could. But it’s been quite enlightening working on the blue-team side of things, especially at this company. We work with a broad range of companies with diverse environments, using state-of-the-art security tools, and in the short time I’ve been working for this company, I’ve already learned a great deal about how the defensive side operates. To top it off, I’ve found that despite my lack of professional experience, my 20+ years of personal experience in the realms of software engineering and hacking have given me quite an edge among my peers, even among those that have been working at the company for years. I am confident that if I apply myself, I can rise through the ranks quickly.
But I haven’t let my defensive career dull my offensive sensibilities — quite the opposite. In the SOC, we’ve got a team of hackers that have been working together, targeting systems from HackTheBox and VulnHub in order to keep our hacker skills sharp. In addition, we’ve been training the next wave of hackers, introducing many of our blue-team comrades to the red-team side of things. I’ve always had a passion for leadership and teaching, and I enjoy sharing my knowledge with others.
On that note, I want to finally bring to light a personal project I’ve been working on, which I hope will help the next generation of hackers to learn and grow:
The No Skids Allowed! project is all about education through documentation. My aim is to write a guide that teaches new hackers the basic tactics, techniques and procedures necessary to excel in the realm of penetration testing. The guide’s main focus is its walk-throughs, which guide the reader step-by-step through various VulnHub and HackTheBox systems, detailing the methodology and tools used to gain access and control over these systems. Each walk-through is cross-referenced with sections detailing the various tools and techniques used in the walk-through, so that readers can dig deeper if they wish.
As of the writing of this post, there are only two walk-throughs included in the guide. However, more will follow, and each new walk-through will bring new additions to the tools and techniques populating the rest of the guide.
To top it off, I’m starting an official No Skids Alliance Team on Keybase, so that anyone interested in hacking can join up, learn new skills, and collaborate on projects! I expect growth will be slow to start, but I hope this team will become a haven for hackers of all skill levels.
Well, that’s about all I’ve got for this post. Tomorrow, I’ll be competing in another Trace Labs Missing Persons CTF, and while I don’t expect to nab 7th place again (perhaps it was beginner’s luck?) I do hope to have some fun and learn a lot.
I’ll be back soon with more updates from hackerland. Until then, stay safe, sane, and six feet apart. Don’t catch COVID — and more importantly, don’t pass it on.
P.S. I almost forgot! The
No Skids Allowed! website is also available through Tor!