Zero Day Discovery and Infosec Success Celebrations

-
With the world in quarantine and isolation because of COVID-19, I decided to publish a blog post reminding us of more cheerful times.

Take yourself back to the last time you spent weeks hammering away at a seemingly impossible challenge, and quickly fast-forward to when you finished that problem.

Do you remember your intense excitement and satisfaction? How did you celebrate your success?

I asked security researchers how they celebrate finding 0days, APTs in the wild, new malware, and other big successes. 

Here are the results.

Thomas Roth @StackSmashing

Founder of leveldown, co-founder of keylabsio
"I once had a celebratory cake for an 0day"
"otherwise I tend to [celebrate] with a nice beer in the evening :)"
Thomas's celebratory 0day cake

Ashley Shen @ashley_shen_920

Security Engineer at Google Threat Analysis Group
"I usually celebrate with picking a restaurant from my do-eat list and have a good meal with friends :)"

Yahav Azran @Yahav_Azran

Independent Security Vulnerability Researcher 
"I like celebrating a new 0day by playing a good old FPS game with my colleagues 🔫"

Ned Williamson @NedWilliamson

iOS Hacker, formerly 3DS/Chrome Hacking
"I like fashion, so sometimes if I find a really big bug I'll buy something I was saving to get. But these days I don't do that as much. I'm mostly disconnected from the ups and downs of finding results since that's just better for my mental health. The journey is the reward :)"

The Kernel Programmer @userlandkernel

Cybersecurity student researching Embedded Operating Systems
"[I celebrate] by calling friends and paying for festival tickets ;) And of course I jump up from my hours of sitting and scream out yeaaaaah baby"

Niklas B @_niklasb

Pwn2Own competitor. Captain of CTF team @KITCTF
"[I celebrate] usually through months of anxiety in expectation of the death of the 0day"

Shahar Tal @Jifa

VP Research, Security Research Labs at Cellebrite
"Every success has its own due celebration. I wouldn’t say there’s a winning format.
Sometimes we join to toast with Whiskey, sometimes we go out for [street food] :)
I’m open to celebratory 0day choreography if you have any dance suggestions."

Stalmans @_staaldraad

Senior Security Engineer, Product Security at Heroku
"There is the immediate celebration when that "itch" pays off or the exploit chain comes together. That is usually a bunch of shouting and then rapidly trying to explain it all to my wife. Then depending on how tough it was (or how tired I am) it is either celebratory take-out from our favorite place or going out for a great dinner."

Raise A Glass

Those of us that celebrate with alcohol. Cheers!

Hadar Feldman @HadarFeldman

Security Researcher and Product Manager at Microsoft
"Whiskey"

Brandon Falk @gamozolabs

Security Researcher at Gamozo Labs
"Largely varies based on my expectations of the target. Could go anywhere from a "jeez finally" to "holy shit poppin bottles" Usually just an excited yell, and drinks with friends later that night"

Jon Sawyer @jcase

Offensive Security Researcher
"Significant one that will put food on the table? Rum. Everyday one? Notta"

Damien Miller @damienmiller

Information Security Researcher at Google
"Usually just have a glass of wine and enjoy the relief that something large is complete"

Extra Diligent Researchers

Those of us that celebrate with more work. Let's go!

Ben Hunter @B_H101

Security and Malware Researcher at enSilo
"Honestly I just close the jira ticket, feel nice for 15 min and move on to the next thing"

 Yarden Shafir @yarden_shafir

Software Engineer at CrowdStrike and Windows Internals Expert
"Usually just tell people about it a lot and move on to all the other tasks I was supposed to be doing while I worked on it"

Reflection

I believe celebrating success healthy praises our hard earned winning moments, which balance out the inevitable occasional shortcomings on the "roller coaster" of research (and life). I sincerely enjoyed reviewing each researcher's celebratory tradition because it brought out his or her unique and interesting character, even though I didn't publish everyone's response. Furthermore, I wholly encourage following each of the security researchers mentioned on Twitter - I personally enjoy their tweets and the interesting research they publish.

I hope I managed to slightly brighten your day and maybe even remind you of more joyful times to help you get through this tough period.


Self plug: Follow me on Twitter @va_start for new blog posts and infosec tweets.

Let me know how you celebrate your infosec success in the comments or on twitter :)

Comments

Post a Comment

Popular posts from this blog

uTorrent CVE-2020-8437 Vulnerability And Exploit Overview

-
Image
The world’s most popular torrent client, uTorrent, contained a security vulnerability — later to be called CVE-2020-8437— that could be exploited by a remote attacker to crash and corrupt any uTorrent instance connected to the internet. As white-hat hackers, my friend (who wishes to remain anonymous) and I reported this vulnerability as soon as we found it and it was quickly fixed. Now, after ample time has been given for users to update, it’s safe to disclose an overview of the vulnerability and how to exploit it. Torrent Protocol - What You Need To Know Torrent downloads utilize simultaneous connections to multiple peers (other people downloading the same file), creating a decentralized download network that benefits the collective peer group. Each peer can upload and download data to and from any other peer, eliminating any single point of failure or bandwidth bottleneck, resulting in a faster and more stable download for all peers. Peers communicate with each other using the BitTor
Read more

D-Link Router CVE-2021-27342 Timing Side-Channel Attack Vulnerability Writeup

-
Image
I recently bought a new DIR-842 home router, and immediately (as any hacker would) started toying with it - I can’t call it mine until I pop a shell on it. Rather quickly I found I can enable telnet through the admin web gui, and then connect to telnet with an admin user. But that was too easy, so let’s see if we can find a bug/vulnerability. easy work getting a shell I continued looking for a bug in the router’s telnet implementation because it’s an attractive target: it’s remotely accessible, and as learned by previously connecting as system admin, it runs with high privileges. Also, instead of searching for a memory corruption vulnerability, I focused on finding a more easily exploitable logic vulnerability. CVE-2021-27342 Brute Force Protection Bypass The router’s telnet authentication is protected with an anti-brute force mechanism that limits an attacker’s password guessing speed by delaying the “access denied” response of failed logins. However, this protection’s implementation
Read more

Guy's 30 Reverse Engineering Tips & Tricks

-
Image
Good morning lovely people! During April I challenged myself to tweet 1 reverse engineering tip every day. For your viewing pleasure, here I aggregated all 30 tips. Be sure to follow me @whtaguy for my latest tweets and more reverse engineering extravaganza. Leave a comment on this post or tag me on Twitter - I reply pretty quickly :) If the tweets aren't displayed properly (for example if there are no pictures), temporarily turn off tracker protection, which blocks loading the required resources from twitter Tips & Tricks Tip 1 *Reverse Engineering Tip 1/30* long branch-less functions w/many xors & rols are usually hash functions. IDA view of MD5 func: #BinReversingTips pic.twitter.com/cLSGfxNupK — Guy🏂 (@whtaguy) April 1, 2020 Tip 2 -Reversing Tip 2/30- Building on the last tip, after finding a hash function, google its constant to identify the exact hash algorithm. #BinReversingTips pic.twitter.com/MJJIBY9pde — Guy🏂 (@whtaguy) Apri
Read more