Zero Day Discovery and Infosec Success Celebrations
Take yourself back to the last time you spent weeks hammering away at a seemingly impossible challenge, and quickly fast-forward to when you finished that problem.
Do you remember your intense excitement and satisfaction? How did you celebrate your success?
I asked security researchers how they celebrate finding 0days, APTs in the wild, new malware, and other big successes.
Here are the results.
Thomas Roth @StackSmashing
Founder of leveldown, co-founder of keylabsio"I once had a celebratory cake for an 0day"
"otherwise I tend to [celebrate] with a nice beer in the evening :)"
![]() |
Thomas's celebratory 0day cake |
Ashley Shen @ashley_shen_920
Security Engineer at Google Threat Analysis Group"I usually celebrate with picking a restaurant from my do-eat list and have a good meal with friends :)"
Yahav Azran @Yahav_Azran
Independent Security Vulnerability Researcher"I like celebrating a new 0day by playing a good old FPS game with my colleagues 🔫"
Ned Williamson @NedWilliamson
iOS Hacker, formerly 3DS/Chrome Hacking"I like fashion, so sometimes if I find a really big bug I'll buy something I was saving to get. But these days I don't do that as much. I'm mostly disconnected from the ups and downs of finding results since that's just better for my mental health. The journey is the reward :)"
The Kernel Programmer @userlandkernel
Cybersecurity student researching Embedded Operating Systems"[I celebrate] by calling friends and paying for festival tickets ;) And of course I jump up from my hours of sitting and scream out yeaaaaah baby"
Niklas B @_niklasb
Pwn2Own competitor. Captain of CTF team @KITCTF"[I celebrate] usually through months of anxiety in expectation of the death of the 0day"
Shahar Tal @Jifa
VP Research, Security Research Labs at Cellebrite"Every success has its own due celebration. I wouldn’t say there’s a winning format.
Sometimes we join to toast with Whiskey, sometimes we go out for [street food] :)
I’m open to celebratory 0day choreography if you have any dance suggestions."
Stalmans @_staaldraad
Senior Security Engineer, Product Security at Heroku"There is the immediate celebration when that "itch" pays off or the exploit chain comes together. That is usually a bunch of shouting and then rapidly trying to explain it all to my wife. Then depending on how tough it was (or how tired I am) it is either celebratory take-out from our favorite place or going out for a great dinner."
Raise A Glass
Those of us that celebrate with alcohol. Cheers!Hadar Feldman @HadarFeldman
Security Researcher and Product Manager at Microsoft"Whiskey"
Brandon Falk @gamozolabs
Security Researcher at Gamozo Labs"Largely varies based on my expectations of the target. Could go anywhere from a "jeez finally" to "holy shit poppin bottles" Usually just an excited yell, and drinks with friends later that night"
Jon Sawyer @jcase
Offensive Security Researcher"Significant one that will put food on the table? Rum. Everyday one? Notta"
Damien Miller @damienmiller
Information Security Researcher at Google"Usually just have a glass of wine and enjoy the relief that something large is complete"
Extra Diligent Researchers
Those of us that celebrate with more work. Let's go!Ben Hunter @B_H101
Security and Malware Researcher at enSilo"Honestly I just close the jira ticket, feel nice for 15 min and move on to the next thing"
Yarden Shafir @yarden_shafir
Software Engineer at CrowdStrike and Windows Internals Expert"Usually just tell people about it a lot and move on to all the other tasks I was supposed to be doing while I worked on it"
Reflection
I believe celebrating success healthy praises our hard earned winning moments, which balance out the inevitable occasional shortcomings on the "roller coaster" of research (and life). I sincerely enjoyed reviewing each researcher's celebratory tradition because it brought out his or her unique and interesting character, even though I didn't publish everyone's response. Furthermore, I wholly encourage following each of the security researchers mentioned on Twitter - I personally enjoy their tweets and the interesting research they publish.I hope I managed to slightly brighten your day and maybe even remind you of more joyful times to help you get through this tough period.
Self plug: Follow me on Twitter @va_start for new blog posts and infosec tweets.
Let me know how you celebrate your infosec success in the comments or on twitter :)
Comments
Post a Comment