Sign in Subscribe
hacking

We've all got to start somewhere

Ceisc

7 min read
We've all got to start somewhere

Hi, I'm Ceisc, and this is my first attempt to make a blog. My motivation for this blog is to track my journey from where I am now to where I'm hoping to be.

A little background first:

Background

From quite an early age I've had a deep fascination with technology and computers. It all started when my parents bought me and my sister a Sinclair ZX Spectrum +2.

Initially it was used for playing games - there were some awesome games we had for it (awesome, at least, for a young child who'd not had much exposure to computers before). I remember playing Bomber Bob (in Pentagon Capers) for many an hour. I'm resisting the temptation to find and play it online as I fear that it won't be quite the same as it was.

My parents got me a subscription to a Spectrum based magazine and in it there were snippets of BASIC code to follow along with any information on how to cheat at some of the games, using PEEK and POKE commands, I believe (My memory is a bit fuzzy on this - it was quite some time back).

Using this, I got my first taste of computer programming and was in love with it. I'd only created some very basic programs, some little more than printing content to the screen in a loop or drawing a flag on the screen. We borrowed some books from the library which contained source code for a choose your own adventure type game. I don't believe that I ever completed writing one out for the machine, but looking through the code taught me quite a deal. In order not to spoil the content of the game, they'd used some basic form of obfuscation on the text elements of game. I spent some time working out how it was obscured and manually translating it back into something readable.

Around this time, one of my dad's friend's sons started writing his own code for a Spectrum 48K and was generous enough to give me a copy of his game. It was a relatively simple baseball game where you fed instructions to the players on how they should try to hit the ball and then you'd watch the animation of the ball being pitched toward the player and then flying off, hopefully in the direction you'd instructed. The game was written in BASIC and, although I never managed to make any significant changes to it, it showed me the possibilities of what you can do with a computer.

The Spectrum was a much used part of my early childhood. It got so much use that some of the controls for the tape player broke off - we ended up having to use the handle of a teaspoon to activate the tape player to load games.

After a few years of using the Spectrum I asked my parents to buy me my own computer for Christmas. They agreed to buy the computer itself but said that I'd need to pay for the monitor for it myself (I think they'd got fed up of my continuous use of the only television which we had in the house at the time). So the fateful day arrived and the last present I was allowed to open up was my brand new Amiga 600 complete with monitor (I would be paying off the cost of the monitor over the next few months from my pocket money). It featured new things which I'd seen before but not actually owned - such as a floppy drive. Much quicker and easier than the tape drive on the Spectrum and I no longer required spoons to load up new games.

There were some awesome games to be played on the Amiga. I spent a large amount of time playing Knights of the Sky, Lemmings 2, and Dune. I also discovered that the Amiga was programmable with the right tools. I got hold of a basic copy of AMOS and started using that. I believe, at the time, AMOS was derided as not being a 'proper' language/platform on which to program but I didn't care - I had a way of controlling the computer to get it to do things I wanted it to do. AMOS also introduced me to the frustrations some development environments give you. There was a keyboard shortcut which enabled you to delete a whole line of code which was remarkably close to the buttons you needed to press to delete the last character you typed - I lost track of the number of times I had to rewrite lines due to making a trivial mistake and then compounding it by deleting the line rather than just the character.

With the Amiga and AMOS, I never created any masterpieces. Despite this it continued to develop my interest in, and love for, controlling computers through code.

Spin on a few years and we get to the point where I got full time access to a PC. It was a 486 which my friend had lent to me. I can't remember the full spec on it, but it, again, gave me access to try my hand at programming on a different system. I started trying to learn Java with a view to converting a two-player choose your own adventure book game which I'd previously played. I also, at this time, started looking into assembly language.

I went off to university at the age of 18, embarking on a Software Engineering degree. Most of the course involved using Java and, as a side project, I developed some games in Java Applets running in IE using bindings for OpenGL.

Whilst at university I found an interest in doing things with computers which were not intended by the owners of the machines. For example, I found that the web server used by the learning establishment I was at had an open share to the root of the web content. I also discovered that it would run any executable I dumped in one of the folders when accessed through the website. I went off and built a nice executable which I could provide parameters to which would allow me to browse around the file system of the machine (and not just what was being exposed from the open share I'd found).

Obviously, looking back at this time, I realise that I really shouldn't have been doing these things without authorisation. Still, it gave me a taste of hacking and I discovered it was something which gave me a thrill and gave me enough of a mental challenge to keep me interested in doing such things.

After university, I got my first job working in IT. The role was basically a tech support role, but I quickly turned it around into a mix of tech support and software development, having found a way to massively streamline the main system the company used.

From here, I've had a few jobs in the IT field. From the tech support/development job I moved into a couple of pure software development jobs and my current job is running an IT team and developing any software the business requires to keep things running.

Going Forward

Over the past few years I have spent quite a lot of time reverse engineering/decompiling code in order to get my code to integrate into and enhance systems which weren't necessarily meant to be integrated with. I've also spent quite a lot of time looking into how to secure the assets which the companies I've worked for have to try to stop malicious parties getting in.

I've really enjoyed and been challenged by the processes around IT security and reversing software and have come to the conclusion I would like to move my career more in that direction.

As such, my plan now is to ramp up my skills and knowledge in the realm of InfoSec with a view to moving my career away from the SysAdmin side of things (which I kind of enjoy, but not as much as I'd like) and more into full time security work.

I recently started looking at CTFs along with sites like TryHackMe and HackTheBox and have really enjoyed what they offer and the skills which they are teaching me. I've also started following various InfoSec professionals/companies on Twitter to gain as much knowledge as I can.

A lot of what I have learned recently has been where there are gaps in my knowledge and what I need to start looking for resources for going forward. I'm very much looking forward to furthering my knowledge in these areas and hope to be able to compete better at the CTFs going forward.

Roadmap

My current plan to further educate myself and to be able to demonstrate my knowledge in the InfoSec arena is as follows:

  • Complete all the rooms on TryHackMe
  • Complete all the boxes on HackTheBox
  • Study for and complete the OSCP (Offensive Security Certified Professional)
  • Potentially look into doing the OSCE (Offensive Security Certified Expert)

Whilst working my way through this roadmap I intend to write up a lot of what I do on this blog. The reasons for this are:

  • To cement any knowledge I've acquired by forcing myself into turning the thoughts into writing
  • To remind myself how I have done things
  • To show myself what I've done and how far I've come (I have a tendency to forget successes and focus on failures, and so I feel that I need this from the point of view of my mental health when I come up against obstacles)
  • To improve my ability to write
  • Potentially to assist other people who are following a similar path

I think that just about wraps up where I've come from, where I am, what I'm doing and where I'm going, along with why I've decided to start blogging about it.

Thanks to everyone for reading this far. Hopefully you'll come back for the next instalment of this blog once I have something else to write about (which will most likely be a write-up for either a CTF of a TryHackMe challenge).

Sign up for more like this.

Enter your email
Subscribe