I’ve been brought up in a small touristy coastal village surround by industry in Holland.
While i was going trough NovaCollege ICT I had my first job cleaning dishes at a restaurant in my village.
Collage, cracking and cooking
before I’ve finished college I had worked my way up to sous-chef and helped bringing the restaurant into the 21 century by building and maintaining the website of the restaurant. at school founded a crack-group with a couple of my classmates, reverse-engineering and patching comercial software.
Electrical training and pwning
After a couple of years working for the restaurant and helping people around the village with small IT problems and setting up websites.
I got offered a scholarship to be trained as industrial electrical engineer by a nearby Steel plant.
We were given laptops to use, the user restrictions got in the way very soon as part of the training we had to program PLC’s .
But couldn’t install the required drivers. the sysadmin had a day of but i was happy to help out by booting from my bootable tool disk i always carried around and uploading the sam file to my home pc and searched in my rainbow table for the admins LM hash. Turend out it was a 4 character long password.
As I get bored and distracted sometimes and my curiosity took the lead. I figured out soon enough that the sysadmin also used the same password for many things and i stated snooping around, finding more hashes and passwords, gaining more and more access.
I finished the basic training in a year and and got a internship at the electronics repair department of the steel plant and continued working there for a couple of years while going to college 1 day in the week.
Back to the kitchen
At some point I decided I wanted to see more of the world while im still young and I quit my job at the steel plant and got season job as a cook in ski-resort in Austria.
I enjoyed a season of cooking, skiing, apre ski and ARP spoofing the hotels wifi network and watching guests facebook conversations. The internet connection was to slow to steam videos and the tv was only German dubbed this was my form of entertainment.
I returned to Holland with plans to stay there of two months and continue my adventure Mallorca.
Change of plans
Live is unpredictable. When i came back to Holland I got the news that my mother was diagnosed colon cancer. Luckily it was recognized in a early stage and could be treated. But I canceled my plans to go to Mallorca anyway to be close, just in case.
Love is in the air
While I was staying in Holland for longer than I planed to do. I met a beautiful girl, her smile made me forget all of my plans to party around the globe. I moved in with her and got a job as a cook at a restaurant a friend of mine had opened a year before.
Back to the tech
The startup restaurant where I was working was suffering of a slow tourist season. At the end of the season the owner told he had to close the doors of the restaurant.
As I wasn’t to keen on working as a cook during the low seasons. I looked around for something that sparked my intrest and found a job as a service engineer, repairing sewer inspection cameras. The cameras looked like tiny mars rovers and were loaded with sensors lot of fun to play with.
Reverse engineering obsolete software.
Old model sewer inspection cameras were still used by a lot of costumers, but the development of the software to readout the cameras sensors was stopped some were around the time that MS dos and i386 was the standard.
In the spare time at work i took the liberty to reverse engineer the software. I learned about the communication protocol, managed not only to readout the sensors but also to send control commands and wrote my own testing software in python to do automated testing.
Lack of challenges.
In the beginning its all new and exciting. But most of the repairs were reoccurring and became boring to me. The company had slimmed down the department I was working at. With less people there was less time to spend and most of the interesting issues were escalated to the manufacturer.
I started to look around for something new and challenging
From the sewers into the mud
A friend of mine tipped me about a job opening at a drilling-mud-treatment-plant. They just got a new installation and were looking to train people with a technical background as process operators.
i first thought that this was not for me. Motioning an installation seemed boring. But a conversation with the plant manager convinced me that this was not the case. This was a brand new installation still in beta phase. There was a lot of improving and debugging to do. The installation was now run by the manufacturer and i was going to be the first one to be trained.
I agreed to take the job, and got assigned as trainee to one of the engineers from the manufacturer that designed the installation.
I had a lot of fun learning new things and working with the manufacturer to improve the installation and writing scripts to automate some of the administrative work, like extracting of measurements from the SCADA interface to calculate the day production, notifications on greasing and checkups based on the run time of some parts.
Thanks OPEC.
Due to some decisions made by big oil cartels the price of crude oil plummeted at the end of 2014 and our costumers halted the drilling until prices were up again.
This ment we ran out of mud to process and we had to shut down the installation and send the manufacturers employs home.
At first I thought this was just a temporary thing. But it had caused the manufacturer some financial problems and they had to pull the plug on the project.
Still had a job, but no work.
I was still employed by the mud plant but I spend most of my time looking for things to do and waiting for stuff to breakdown.
Days started to feel like weeks and weeks like years. I started looking for something else.
Plastic fantastic
I applied for a job at the research and development department of a disposables and packaging manufacturer. but they were more interested in me for maintenance function. Since they were looking for someone with more PLC programming experience.
they convinced me that there was time there for me to get more experience with PLC’s and i took a year contract for the maintenance job.
They just opened a new factory hall and were shutting down a old one at the other site of Holland. so in the first half of the year the i spend most of my time breaking down and building up various installations. I enjoyed learning about different types of robots and injection molding installations.
Once the moving was done, I got in to the routine work of changing molds on the machines and re-adjusting the robots to produce different products. fun at fist, but it gets boring very quick.
Near the end of my contract I confronted my manager about PLC programming promises made and that the only PLC related work i had done was exchanging defected modules. He told me there was no time. We got into a argument and later in a agreement that I was to finish the time left on my contract and our ways would part.
Done hopping and switching.
I am now unemployed and I decided to take my time and figure out what i like to do and what i don’t like.
I need to find the perfect job to satisfy my needs of learning / discovering new things, and play with technology. I’ve been hopping jobs and switching careers for a while now and I decide this need to stop.
What the CTF, hacking is a game?
A friend of mine just went to OSCP training and got a job as a pentester
he told me about this game him and his colleagues were playing and that I should check it out.
I told him I’m not a gamer. Yeah, I was playing around with a lot of games when I was younger but most of the time I just ended up modifying the game and had more fun doing that than playing the games.
He told me this was not a game gamers play.
this was a game hackers play and he would like me to join his team.
I laughed and told him my hacking days were in the past.
Curiosity killed the cat ‘flag.txt’
I was a bit curious about these CTF’s he was talking about I decided to check it out on my own. I found out that i din’t need to dive into 24h long brain braking competitions straight away. There were a lot of practice challenges hosted around the web.
i though meh, lets give it a try and started playing on ctfs.me.
The satisfaction I had been looking for.
After solving my first couple of challenges I was hooked. I saw my handle climbing in the score list. I was craving flags and living for the pwns.
There were a lot of things I knew,
lot of things i knew a bit about never played with,
some things that were completely new.
Even some things that shocked and surprised me.
Like the difference between ‘==’ and ‘===’ in php
or how a format sting attack can not only leak data, but also write to a memory address.
This is fun, now what?
Now I’m learning more and more about various security technologies, methodes and systems.
Preparing for the next CTF.
Preparing for my job as reverse engineer or pentester.
Showcase my skills on this webpage.