Logo root@nayyyr:~/blog#
A 2024 Retrospective

A 2024 Retrospective

an00b an00b
December 31, 2024
8 min read
info
Next Post Latest post!
Previous Post HTB Business CTF: Swarm (but just root)
Table of Contents

The Whole Thing

It’s been a while. The last post I made was back in May, and the last non-writeup posts (that weren’t just rambling of my experiences) I did were back in January and February of 2023. I never really wanted to let this blog fall by the wayside like it has now, as it’s something I see happen with literally anyone and everyone in this industry, but 2024 has certainly been a year for me.

Now normally, I don’t stream-of-consciousness write end of year reflections, share resolutions, etc. out in public, much less put them here, but it felt necessary this time around. Maybe it’s sitting at home with a bunch of sick family members instead of doing something else, maybe it’s feeling like there was a lack of content here and I needed to fill the void, but as you can guess from the header, this is more of a brain dump and a reset here.

The real short story of my 2024 is that I graduated with undergrad degrees in Computer Science and Math in December of 2023, got a job in March 2024, and have basically just worked a penetration testing/security consulting job since then up until this point. On paper, this sounds pretty good, which it certainly is given the current state of the world, but I can’t help but feel slightly unfulfilled.

I started my journey with computer science, infosec, cybersecurity, whatever you want to call it, around the end of 2020. Prior to that, all I knew computer-wise was a little bit of Python, some Java for programming FTC robots, and that was about it. That year being the beginning of COVID era, it seems like a bunch of other people had similar ideas. I look around at people who started around the same time as me, and they’re finding kernel exploits in Ubuntu, three-peating DEF CON CTF Finals, writing debuggers for assembly, and I’m sure there’s plenty more.

So one begins to wonder, why am I not there yet? To be clear, I’m not looking at them and feeling pity on myself, or trying to pivot into a message about how I just didn’t hustle and grind hard enough. Ultimately, what I’ve realized over the last year is that I am not as far past mediocrity as I hoped I would be or that I want to be, mostly related to my technical abilities but also a bit beyond that. CTFs and certifications don’t immediately prepare you to take on an application that has a monorepo of hundreds if not thousands of files, or a network scope where they give you multiple /16’s where there’s firewalling and ping disabled, or a cloud environment with a bunch of custom wrappers and contingencies that force you to rethink exactly what is an isn’t a security risk.

In hindsight, I think I spent a good chunk of my time after starting my job trying to get a better sense of what goes into modern infrastructure, because I hadn’t worked a job outside of academia until this point.

But to come back to the main point, and addressing why I’m not where I want to be, I think the biggest chunk of it was and is my mindset. I find that with a lot of things, I am willing to put in the time and effort until I get to a place where I either feel “good enough” or I feel like working beyond that point would be too tedious. Not saying I don’t try, you don’t get an offsec job out of university without having some level of commitment, but where others can dig deep into a single topic and truly master all of the minutia and nuances that come with the subject, I just haven’t. If I want to be a better reverse engineer, I need to hunker down and practice moving through assembly and control flow graphs, and not relying on decompilation to do everything for me. If I want to be a better web tester, I need to be willing to try literally everything against a weird endpoint instead of just trying low hanging fruit and moving on. If I want to be a better red teamer, I better know the mechanics of relaying and Windows privileges instead of praying that some impacket tool does it all for me.

At the end of the day, I know I want to spend 2025 and recommit myself to improvement, hopefully while still being able to have a life outside of work. There were things I wanted to do this year, but just didn’t get around to, mostly because I let myself get away with doing less than I know I’m capable of. Stuff like:

  • Doing a conference talk
  • Finishing blogs on
    • Using lattices in cryptography
    • Short blogs on my experience with Security+ and BSCP
    • Flare On 11 (also spending more than just 2 hours on the event)
    • Some more stuff on reversing
  • Putting at least one box or challenge out on some platform

I’m sure there’s more but this is an ad hoc post anyway and you get the point.

Now, given all of this, I want to reiterate (assuming I said it earlier, but I’m not going back to check), that this year wasn’t all too bad. Frankly, I think a good chunk what feels like slowed progress has mostly been adjusting to a life beyond school and academics (mainly because that is where I thrived, until I didn’t). So I think with that, I feel like, as corny as it may sound, I’ve improved socially and personality-wise? Won’t get into everything, but I’ve developed habits to have regular physical activity, I’m funnier than me from 2023, I try to stay in touch with people more often, etc. Not that these things weren’t happening before, but they’re better.

So what’s in store for 2025 now?

I hate writing resolutions because my goals can change after 3-6 months, but this is where my head’s at now:

  • Give a conference talk
  • Put at least one box or challenge on a CTF platform (this one has been on the list since 2022 but maybe it happens this time)
  • Get better at reverse engineering
  • OSWE
  • Climb V5 + learn to lead climb

I don’t feel like elaborating on these, but I think this is definitely a place to start. There was certainly a point in time or an alternate timeline where I would write “qualify for DEF CON/Real World CTF/Hackceler8 finals” but I think that can come as a consequence of these other things, not really something I specifically feel like hyper-focusing.

We’ll see what happens. And by “we’ll see”, I mean I’ll just do what I can and hopefully am not stuck in my house around this time next year. I also hope this is the last of any posts that are like this, or if they do end up being rambly, at least I hope that I make them useful to anyone else. I leave you with a list of some of my favorite tracks and tunes I listened to over the past year (maybe not necessarily out this year):

https://www.youtube.com/playlist?list=PLCtCcE3zzfIoDJ8n3vF_BDcpoSELikmhb

o7, and I hope to see you on the other side of 2025.

also, big thank you to anyone who even reads any of this in the first place, or anyone who has ever gained something valuable from what I write. A lot of the infrequency of posts has more to do with wanting to deliver something better as opposed to replaying information that’s already out there, but I’ve gotten some of the kindest comments in response to the things I’ve written, it’s just hard to settle on a topic or something I’m happy with.

Next Post Latest post!
Previous Post HTB Business CTF: Swarm (but just root)