Zero Day Discovery and Infosec Success Celebrations

With the world in quarantine and isolation because of COVID-19, I decided to publish a blog post reminding us of more cheerful times.

Take yourself back to the last time you spent weeks hammering away at a seemingly impossible challenge, and quickly fast-forward to when you finished that problem.

Do you remember your intense excitement and satisfaction? How did you celebrate your success?

I asked security researchers how they celebrate finding 0days, APTs in the wild, new malware, and other big successes. 

Here are the results.

Thomas Roth @StackSmashing

Founder of leveldown, co-founder of keylabsio
"I once had a celebratory cake for an 0day"
"otherwise I tend to [celebrate] with a nice beer in the evening :)"
Thomas's celebratory 0day cake

Ashley Shen @ashley_shen_920

Security Engineer at Google Threat Analysis Group
"I usually celebrate with picking a restaurant from my do-eat list and have a good meal with friends :)"

Yahav Azran @Yahav_Azran

Independent Security Vulnerability Researcher 
"I like celebrating a new 0day by playing a good old FPS game with my colleagues 🔫"

Ned Williamson @NedWilliamson

iOS Hacker, formerly 3DS/Chrome Hacking
"I like fashion, so sometimes if I find a really big bug I'll buy something I was saving to get. But these days I don't do that as much. I'm mostly disconnected from the ups and downs of finding results since that's just better for my mental health. The journey is the reward :)"

The Kernel Programmer @userlandkernel

Cybersecurity student researching Embedded Operating Systems
"[I celebrate] by calling friends and paying for festival tickets ;) And of course I jump up from my hours of sitting and scream out yeaaaaah baby"

Niklas B @_niklasb

Pwn2Own competitor. Captain of CTF team @KITCTF
"[I celebrate] usually through months of anxiety in expectation of the death of the 0day"

Shahar Tal @Jifa

VP Research, Security Research Labs at Cellebrite
"Every success has its own due celebration. I wouldn’t say there’s a winning format.
Sometimes we join to toast with Whiskey, sometimes we go out for [street food] :)
I’m open to celebratory 0day choreography if you have any dance suggestions."

Stalmans @_staaldraad

Senior Security Engineer, Product Security at Heroku
"There is the immediate celebration when that "itch" pays off or the exploit chain comes together. That is usually a bunch of shouting and then rapidly trying to explain it all to my wife. Then depending on how tough it was (or how tired I am) it is either celebratory take-out from our favorite place or going out for a great dinner."

Raise A Glass

Those of us that celebrate with alcohol. Cheers!

Hadar Feldman @HadarFeldman

Security Researcher and Product Manager at Microsoft
"Whiskey"

Brandon Falk @gamozolabs

Security Researcher at Gamozo Labs
"Largely varies based on my expectations of the target. Could go anywhere from a "jeez finally" to "holy shit poppin bottles" Usually just an excited yell, and drinks with friends later that night"

Jon Sawyer @jcase

Offensive Security Researcher
"Significant one that will put food on the table? Rum. Everyday one? Notta"

Damien Miller @damienmiller

Information Security Researcher at Google
"Usually just have a glass of wine and enjoy the relief that something large is complete"

Extra Diligent Researchers

Those of us that celebrate with more work. Let's go!

Ben Hunter @B_H101

Security and Malware Researcher at enSilo
"Honestly I just close the jira ticket, feel nice for 15 min and move on to the next thing"

 Yarden Shafir @yarden_shafir

Software Engineer at CrowdStrike and Windows Internals Expert
"Usually just tell people about it a lot and move on to all the other tasks I was supposed to be doing while I worked on it"

Reflection

I believe celebrating success healthy praises our hard earned winning moments, which balance out the inevitable occasional shortcomings on the "roller coaster" of research (and life). I sincerely enjoyed reviewing each researcher's celebratory tradition because it brought out his or her unique and interesting character, even though I didn't publish everyone's response. Furthermore, I wholly encourage following each of the security researchers mentioned on Twitter - I personally enjoy their tweets and the interesting research they publish.

I hope I managed to slightly brighten your day and maybe even remind you of more joyful times to help you get through this tough period.


Self plug: Follow me on Twitter @va_start for new blog posts and infosec tweets.

Let me know how you celebrate your infosec success in the comments or on twitter :)

Comments

Popular posts from this blog

Guy's 30 Reverse Engineering Tips & Tricks

uTorrent CVE-2020-8437 Vulnerability And Exploit Overview

Calling Arbitrary Functions In EXEs: Performing Calls to EXE Functions Like DLL Exports