2019 in review
By Greenjam94
Another year, maybe decade, has come and gone and it’s time for me to review 2019. I realize I have not blogged consistently and that’s due to a couple different reasons. Work is busy, I burned out while studying, and there are some personal changes in my life. All that said, not much has changed my priorities. I still want to learn to be a better hacker and to give back to the community that gave me so much.
When this blog took off under my old domain greenjam94.me I committed to monthly posts. In 2020 my goal is to restart this and hopefully get some more consistent traffic to the site.
In the beginning of 2019, I purchased a new domain for my blog. hackerunder.dev was made possible by Google releasing the .dev TLD (Top level domain). My idea behind the name was “hacker under development”. I hope to include content based on my transition from a web developer to hacker. While I have many years of community experience and work for a top tier training company, my official job title has always been Developer or Software Engineer. My first blog post of 2019 was related to setting up a fresh WordPress instance when I forgot my password. I needed to reset it by directly accessing the server.
Shortly after that first post, I attended an event in March by Jayson Brown. He taught a class about attacking linux servers. The class used the Bandit challenges from OverTheWire. I summarized what he covered in a blog post a few years back when I attended the “beta” of this class. After this class, I wrote another post for this class on scripting. Part of the Bandit challenges really relied on being able to write a script. During the beta trial I struggled with these challenges. This inspired me to make a scripting blog post when I reviewed Jayson’s course again. Scripting is a key part of hacking as it automates a lot of the tasks that take too long manually.
In April, I attempted Offensive Security’s PWK (Pentesting with Kali) course again. This was my fourth attempt at it. I reviewed the course material and hit the labs hard. While I was able to unlock every network in the lab, it wasn’t enough. I have a bad habit of going hard to start the course, getting further than I have in previous attempts, still managing to fail the exam, and then taking a “break”. I know where I struggled in the exam. Windows privilege escalation is something I don’t have much practice on and it really messed me up in the exam. My new study plan has been to review HTB machines that are similar to the OSCP exams. TJnull has a post on netsecfocus where he lists machines to attack.
May was a busy month for me but there’s two things I would like to share with the world. Firstly, I volunteered at Converge Detroit again this year and had a good time. I helped at registration for a short shift and was a floater for the rest of the conference. It was a good opportunity to network with the Detroit infosec community and #misec in general. Later in the month, I went to Philadelphia with my girlfriend’s family and explored the city. The main reason for that trip was to surprise her at the Love statue and propose. I am excited she said yes and we are engaged!
In June, I moved out of my parent’s basement to Pennsylvania so I could be with my Fiancee. Work allows me to work from home so there wasn’t a career shift, but it’s been hard to adjust. I have been able to find a church and a MMA gym to stay active at. I miss my misec community and have to rely on streams and the slack channel to stay in touch.
WMCAT of Grand Rapids and Merit hosted a Purple Team CTF event in July. Work wanted me to attend with some of our upper level management to meet with them about their CTF environment. I got a first hand chance to participate and see what Merit offered. It was a jeopardy style event with a live target environment. I got pretty far on the web app hacking section. However I ran out of time when I had to brute force certain credentials.
In October, I went to GrrCON for my 5th year. One of my favorite cons and the first I ever attended back in 2015, GrrCON has continued to be a conference I’m always happy to volunteer at. The organizers and other returning staff always make it worthwhile and put on a great event. This year I was on a team that was in charge of the vendor area. We were responsible for keeping vendors happy or at least in touch with the building staff. It was a great networking experience as always and I can’t wait to volunteer again next year.
My last conference of the year was BSides Detroit. This was special for me because I was an Organizer. For months leading up to the conference, I attended weekly calls with a dedicated team. The event was a success and got good feedback. I look forward to doubling my efforts for helping with next years event.
Thanks to work, I get to work closely with the team behind Kali at Offensive Security. It’s my responsibility to get AWS and Azure images of Kali updated in the cloud. I push forward on the project despite struggling to get the Azure image updated. G0tmi1k has honored me by updating the kali about us page to include my name as a helper.
This year I’ve gone through a lot. I got engaged to the love of my life. Work had a lot of positive changes and advancements. I burned out on studying and would rather binge Netflix or play Minecraft than try to hack a difficult machine. Looking back at 2019, there’s a few things I want to take note of to improve for the future.
- Always keep learning
- Maintain your health
- Prioritize what’s important
Always keep learning, for me that’s continuing to focus on hacking labs and understanding new exploits. It’s easy to retreat from it all and forget things. Keep your health in mind, get enough sleep, good food, and move. When working from home, it is too easy to eat bad food and get lazy. I’m happy I was able to find an MMA gym and start working out 2-3 days a week. Before training at the new gym, I weighted 210 lbs. Now I am down to 193 lbs, it is progress. Something I need to work on more is keeping track of all my tasks and prioritize things. Every day I want to eat, play, and sleep. A goal for me to improve is track my goals and prioritize my tasks both inside and outside of work.
Look forward to my next post where I will share some of my goals and plans for 2020.