I took the process the wrong way

2020 has been quite a weird year for me and not just because of covid-19. I’ve earned my Sec+, I’ve read more InfoSec related books, I’ve spent a lot of time on TryHackMe and OverTheWire platforms, I’ve switched my job (again) and I’ve started the University.

It is a lot of changing, at least for me and that’s why I lost sight.

Yes, I have to admit it, I failed and I’m gonna explain it to you so that may help you.

The beginnings

Before 2020, as I was approaching to the ICT security universe, I’ve found myself overwhelmed with a myriad of information. Try to google “How to start a career in cybersecurity1” and you will be suddenly submerged with exabytes of data. When I’ve finally found a starting point in this plethora of stuff, I’ve encountered quite immediately the CTF world.

CTF experience

The first time I’ve encountered a CTF was on Hacker101 (I was wondering to become a Bug Hunter but I was just experimenting and trying to find myself, tbh). Then I’ve discovered HackTheBox and I’ve immediately fallen in love with it, unfortunately, I was not good enough to start striking and pwning boxes, so I left and keep studying from other sources.

Then between the end of 2019 and the beginning of 2020, I’ve found TryHackMe and OverTheWire. I’ve started doing the beginner challenges on both. I was slowly building my stack of skills and I was happy with that. Day by day, I was doing more rooms (as THM calls its challenges), by doing so I was building a checklist/script to follow.  I’ve climbed the leaderboards and I’ve been under the 1000th place for a while.

For me, reaching that goal was an obsession. Once I’ve got there, by looking behind I was not 100% proud of myself.

The why

I was thinking: “What the heck is wrong with me?". Despite I’ve reached one of my goals, I was not happy, I was not satisfied, I was not excited. Something was wrong.

Most of the time along the path that took me under the 1000th place I was not learning at all, I was on autopilot with just fundamental knowledge. I was trying to rush it just to capture that damned flag. I was not applying for real.

Here’s how I was doing it:

  • Think a bit about the challenge and try to figure out how to proceed in it
  • Applying my knowledge:   - If it works > good   - If it doesn’t work > let’s check some write-ups

And here we are with the write-ups.

I can hear some of you asking yourself “So what’s wrong with write-ups?".

Write-ups

I was thinking that they’re not bad too. It’s awesome that if I can’t get to the solution, I can learn it from the write-ups.

Unfortunately, we are not dealing with write-ups made by bug hunters as PoC or for educational purposes. Generally speaking, the kind of write-ups that we find for CTF-like platforms are copy-pasted commands written by script kiddies for script kiddies2 with a few reasoning behind them.

Don’t be silly guys, let’s talk straight, that’s the reality. Go looking for some write-ups, very few people know how to do them in the CTF world. Sincerely, for the write-ups that I’ve written, I classify myself as a script kiddie too.

Realizing the truth

That’s it, I am a script kiddie. Go read my write-ups on medium, they’re not good. I’ve tried to expose the reasoning behind the commands but most of the time I’ve failed at it. Why? Because I’ve passed my last months on reading crappy write-ups thinking that I was on the right way and because I didn’t take my time to learn and not rush it. I was totally wrong.

That’s why I failed.

The solution

It has been a while when I’ve posted my last write-up, that’s partly because hopping on a new job took me new challenges to beat, and joining the University took me boring subjects to study, so I’m struggling to find time for CTFs. And then because I’ve felt that I’ve needed to take a step back and reflect on myself. Now I am happy to have done it.

The next time I will do a write-up, I won’t include any specific commands or at least I will limit them, then I will try to outline the reasoning behind them at the best.

So for those who are in a situation like this do not give up, do not give in. Take a break from all these amazing worlds to reflect on yourself, meditate, find your way, be humble and be honest with yourself.

Only once you really realize that you are a script kiddie, you can really rise through the ranks.

I would like to say way more stuff, but I don’t want to make an infinite article. I’m gonna close it leaving to you my mantra:

Be just yourself, do not rush it, embrace simplicity, enjoy the journey.

-Wirzka.

  1. Honey don’t flame me, I know that ICT sec and CyberSec are not the same things :) ↩︎

  2. Mate please interrupt your flame again, I am one of these script kiddies ;) ↩︎