The Beginning of Everything
21 Feb 2015And so, after some set up, a lot of learning and a bit of testing, a blog is now live and hosted on github. For me, this is a very exciting day. The idea of a blog has always interested me, and I’ve set up a few in the past on various free hosting sites, but I always ran into a problem with them: I had nothing to blog about. Sure, I could write about my boring day to day adventures, but boring day to day adventures are boring. I needed something to write about. I needed a purpose.
Three days ago, I finally found that purpose. While browsing r/netsecstudents I came across this post to rawhex, which explained how someone can get infosec experience when that person isn’t in an infosec job. There’s a lot of great information in that post, but the thing that stood out to me the most was the fact he mentioned writing paper about something, even lightly, infosec related and putting that onto a github blog. I didn’t know a github blog was a thing, and since I had always been interested in a blog and had just started using github, I felt I had found a really neat combo. Not only that, I had found a purpose for my blog: to detail my adventures in the world of infosec and pen testing. Hurray!
I spent the rest of the night thinking about how I would set up my blog the next day, and everything that would entail. I saw so many good things coming out of it, but I also found something I felt was morally wrong: I was setting up a blog about my adventures purely as a display of my knowledge to help convince future employers to hire me. Now to me, that seemed incredibly selfish and a horrendous waste of time, energy and potential. I was preparing to publish something on the Internet purely for my own gain, aimed at only a few people, hopefully employers, without knowing if it would even help me get a job. Immediately, that old problem resurfaced.
That’s boring.
A blog is supposed to be read by people interested in what the blogger is blogging about, not by a few potential employers who may very well never even read this. My blog would still lack a true purpose and be run purely under the façade of something helpful to put on my resume or CV. I don’t want to be a liar, even to myself, so I needed another purpose. I thought for a while, and tried to create my ideal image of what this blog should be, and what I could make it into. Pretty quickly, I was able to remember two things that would serve as a new purpose:
- I love, and am good at, helping people, and
- I want a single, centralized place to learn everything about pen testing. From the command line to real world job situations.
And thus, I had a selfless purpose for a blog that other people may actually be inclined to read and maybe even learn from. A lot of pen testing-for-newbies sites are written by people who are no longer newbies. They’ve had real world experience and know everything a pen tester needs to know. But what they don’t fully know is to what extent we actual newbies don’t know. Many assume that the reader has experience with the command line, or knows their way around the unix file system, or other qualities. This never helped me, because I don’t know the command line. I don’t know my way around unix. I’m the family tech guy who is pretty ok with computers, has built a few, and can solve a lot of everyday customer help style problems. But venturing deeper into the OS isn’t something I’ve often done, and I don’t know all that awaits in the darkness down there. Its all complex, confusing and… interesting.
I want to know more, but finding easy to read guides is hard, and I’m sure I’m not the only one thinking that. So I decided that I would brave all the confusion and craziness and write a blog detailing my adventures. I’d write about what I learned, give some examples of how it works, and link to the site I learned it from. Eventually I’d have written a slightly unorganized guide on how to go from Computer Scrub Lord to Hacking Genius. Then, I could write an organized, easy to read, step by step guide about everything a pen tester could ever want to know. Something that could really help people like me who are adequate (through a professionals eyes) with a computer and understand technology pretty well, but don’t quite have the knowledge base to jump right into CTF and wargames. I could do something great.
So join me on my adventures through the crazy darkness. Compare and share what you know and what you’ve learned. Follow along and learn with me and we might just become the pen testers we’ve dreamed of, and additionally but undoubtably,
really cool.