Zero Day Discovery and Infosec Success Celebrations

-
With the world in quarantine and isolation because of COVID-19, I decided to publish a blog post reminding us of more cheerful times.

Take yourself back to the last time you spent weeks hammering away at a seemingly impossible challenge, and quickly fast-forward to when you finished that problem.

Do you remember your intense excitement and satisfaction? How did you celebrate your success?

I asked security researchers how they celebrate finding 0days, APTs in the wild, new malware, and other big successes. 

Here are the results.

Thomas Roth @StackSmashing

Founder of leveldown, co-founder of keylabsio
"I once had a celebratory cake for an 0day"
"otherwise I tend to [celebrate] with a nice beer in the evening :)"
Thomas's celebratory 0day cake

Ashley Shen @ashley_shen_920

Security Engineer at Google Threat Analysis Group
"I usually celebrate with picking a restaurant from my do-eat list and have a good meal with friends :)"

Yahav Azran @Yahav_Azran

Independent Security Vulnerability Researcher 
"I like celebrating a new 0day by playing a good old FPS game with my colleagues 🔫"

Ned Williamson @NedWilliamson

iOS Hacker, formerly 3DS/Chrome Hacking
"I like fashion, so sometimes if I find a really big bug I'll buy something I was saving to get. But these days I don't do that as much. I'm mostly disconnected from the ups and downs of finding results since that's just better for my mental health. The journey is the reward :)"

The Kernel Programmer @userlandkernel

Cybersecurity student researching Embedded Operating Systems
"[I celebrate] by calling friends and paying for festival tickets ;) And of course I jump up from my hours of sitting and scream out yeaaaaah baby"

Niklas B @_niklasb

Pwn2Own competitor. Captain of CTF team @KITCTF
"[I celebrate] usually through months of anxiety in expectation of the death of the 0day"

Shahar Tal @Jifa

VP Research, Security Research Labs at Cellebrite
"Every success has its own due celebration. I wouldn’t say there’s a winning format.
Sometimes we join to toast with Whiskey, sometimes we go out for [street food] :)
I’m open to celebratory 0day choreography if you have any dance suggestions."

Stalmans @_staaldraad

Senior Security Engineer, Product Security at Heroku
"There is the immediate celebration when that "itch" pays off or the exploit chain comes together. That is usually a bunch of shouting and then rapidly trying to explain it all to my wife. Then depending on how tough it was (or how tired I am) it is either celebratory take-out from our favorite place or going out for a great dinner."

Raise A Glass

Those of us that celebrate with alcohol. Cheers!

Hadar Feldman @HadarFeldman

Security Researcher and Product Manager at Microsoft
"Whiskey"

Brandon Falk @gamozolabs

Security Researcher at Gamozo Labs
"Largely varies based on my expectations of the target. Could go anywhere from a "jeez finally" to "holy shit poppin bottles" Usually just an excited yell, and drinks with friends later that night"

Jon Sawyer @jcase

Offensive Security Researcher
"Significant one that will put food on the table? Rum. Everyday one? Notta"

Damien Miller @damienmiller

Information Security Researcher at Google
"Usually just have a glass of wine and enjoy the relief that something large is complete"

Extra Diligent Researchers

Those of us that celebrate with more work. Let's go!

Ben Hunter @B_H101

Security and Malware Researcher at enSilo
"Honestly I just close the jira ticket, feel nice for 15 min and move on to the next thing"

 Yarden Shafir @yarden_shafir

Software Engineer at CrowdStrike and Windows Internals Expert
"Usually just tell people about it a lot and move on to all the other tasks I was supposed to be doing while I worked on it"

Reflection

I believe celebrating success healthy praises our hard earned winning moments, which balance out the inevitable occasional shortcomings on the "roller coaster" of research (and life). I sincerely enjoyed reviewing each researcher's celebratory tradition because it brought out his or her unique and interesting character, even though I didn't publish everyone's response. Furthermore, I wholly encourage following each of the security researchers mentioned on Twitter - I personally enjoy their tweets and the interesting research they publish.

I hope I managed to slightly brighten your day and maybe even remind you of more joyful times to help you get through this tough period.


Self plug: Follow me on Twitter @va_start for new blog posts and infosec tweets.

Let me know how you celebrate your infosec success in the comments or on twitter :)

Comments

Post a Comment

Popular posts from this blog

Guy's 30 Reverse Engineering Tips & Tricks

-
Image
Good morning lovely people!

During April I challenged myself to tweet 1 reverse engineering tip every day. For your viewing pleasure, here I aggregated all 30 tips.

Be sure to follow me @va_start for my latest tweets and more reverse engineering extravaganza.
Leave a comment on this post or tag me on Twitter - I reply pretty quickly :)

If the tweets aren't displayed properly (for example if there are no pictures), temporarily turn off tracker protection, which blocks loading the required resources from twitter
Tips & Tricks Tip 1 *Reverse Engineering Tip 1/30*
long branch-less functions w/many xors & rols are usually hash functions. IDA view of MD5 func:#BinReversingTipspic.twitter.com/cLSGfxNupK — Guy🏂 (@va_start) April 1, 2020 Tip 2 -Reversing Tip 2/30-
Building on the last tip, after finding a hash function, google its constant to identify the exact hash algorithm. #BinReversingTipspic.twitter.com/MJJIBY9pde — Guy🏂 (@va_start) April 2, 2020 Tip 3 -Reversing Tip 3/30-
Read more

Calling Arbitrary Functions In EXEs: Performing Calls to EXE Functions Like DLL Exports

-
Image
Motivation When reversing or fuzzing an executable, being able to run an arbitrary function with controlled data is extremely helpful. Through iteratively playing with the function's parameters and examining the output, we can better understand the function's logic.
Background A dll (Dynamic Linked Library) with our target function would allow us to conveniently review and test the function as we wish. The only problem is that usually the function we want to examine resides in an exe, not a dll. Converting¹ an exe to a dll is a solvable challenge. After all, both an exe and a dll share the same PE (Portable Executable) file format.  So let's explore, how can we convert¹ an exe to a dll?
Spoiler: there are a few more steps than just changing the extension 😉
¹ "convert to DLL" = fundamentally behave like a DLL.

I'll use this exe created from the following code and target the decode_string function for demonstration purposes throughout this post.

Challenges Th…
Read more

Attacking The Network's Security Core - Hunting For Vulnerabilities In A Network Security Tool

-
Image
A network can only be as secure as the tools used to secure it Overview This is Part 1 in a 4 part series about my process hunting for vulnerabilities in a network auditing tool (used to protect networks by detecting and fixing security holes) and fully exploiting one of the vulnerabilities I found. I recommend reading the series in ascending numeric order. Links to parts 2, 3, and 4 at the end of this post.
Target 🎯I decided to look for (and successfully found) vulnerabilities in network security tool, as a vulnerability in such a tool could allow attackers to hide themselves in an otherwise secure network, or even be exploited for lateral movement.

One such network security tool that came to mind is Nipper-ng, a firewall security auditing tool and firewall configuration parser. In addition to being a security product itself, Nipper-ng is used behind the scenes in other security products such as ManageEngine's OpManager and Firewall Analyzer. The tool is also included in all i…
Read more