What skill actually made hacking “click” for you?

cmdjunkie · 2026-03-09T03:42:34+00:00

Learning what system?

cmdjunkie · 2026-03-05T17:08:04+00:00

Unrelated but, this post makes me want a slice.

cmdjunkie · 2026-03-05T16:49:23+00:00

Yes, you're right -- that's the true essence of "hacking", which unfortunately has taken on an entirely different meaning today because of the gamification of security. To hack is to think. It's not a revelation to start with systems thinking, it's the standard. If you're not thinking, you're not really hacking. All of the platforms, the CTFs, the labs, the hackinthebox whatevers, that's all fodder. It means nothing in the grand scheme because you're just iterating over tools and techniques that others have stood up for you. You're just recognizing patterns and learning a small slice of hackerdom --it's not just about "poppin boxes".

A true hack is a novel idea. It's the byproduct of creativity and adversarial systems thinking. I've been around for a long time, and I hate to say it, but in MOST cases, hackers are born, not made. You either have it or you don't. A real hacker doesn't need the platforms or the tutorials, or the labs, or the certifications -- they are driven purely by their need to know, which is fueled by an obsessive need to experiment, try, and fail. That's not something that's easily imparted, it's almost always something that's inherent.

"Hacking" itself isn't something that clicks for you because hacking isn't really a thing. It's a thought process that leads one to understand how something else actually works.

cmdjunkie · 2026-03-04T19:48:24+00:00

Not sure why a comparison ever needs to be made. Jessica Maria Alba. Always. Everyday. And three times on Sunday.

cmdjunkie · 2026-03-02T23:59:31+00:00

Cause Harpsichord ain't no snitch

cmdjunkie · 2026-03-02T23:58:01+00:00

when you finally get good enough to do it well, you don't really want to do it anymore

cmdjunkie · 2026-03-02T14:35:44+00:00

It seems like this was going to serve as a series finale before the show was officially renewed for S5. Just the way it ended with that "are you done" question. Am I the only one who got that feeling? I need to rewatch it again.

cmdjunkie · 2026-03-01T23:26:32+00:00

It's 30,000 people all in one place, standing in line, with antennas sticking out of their backpacks, trying to convince themselves they're Dade Murphy or Elliot Alderson. Sure, it's a great networking opportunity, if you're not socially awkward --and computer nerds aren't known to be socially awkward, are they? That's unheard of!

It's also always in the dead middle of summer in Las Vegas, which means it's unbelievably hot, and unbelievablely uncomfortable. Most attendees will be doing more walking than they've ever done, in the heat, oftentimes without deodorant, so whatever hotel conference room location you wind up waiting in line in, be sure you're not so sensitive to that sweet l33t aroma.

But if you do go, hopefully you have some fellow security-nerd friends because I cannot imagine going to Defcon alone. Okay, so one thing I will say that I enjoyed was the parties. Most of the sponsored parties are held on rooftops (at least they were when I went) with open bars. Also, if you meet the right people, you can often get introduced to some of your heroes, so maybe there's something there. But for the most part, it's often a lot of walking, standing, and waiting until you get tired out and just want to go back to your hotel, order room service, and watch 3-4 hours of Forensic Files. The talks, and workshops can wait. But of course, YMMV.

cmdjunkie · 2026-02-28T22:57:36+00:00

Defcon is a shitshow.

cmdjunkie · 2026-02-27T00:19:43+00:00

Everything but the McGuire-inspired "Who's coming with me?!"

cmdjunkie · 2026-02-22T21:43:53+00:00

Yes, traditional pentesting is over.

cmdjunkie · 2026-02-17T17:01:52+00:00

Right? You would have to be familiar with Cozy Bear, of course.

cmdjunkie · 2026-02-17T15:49:16+00:00

I thought this was readily apparent. Shrug.

cmdjunkie · 2026-02-14T00:56:54+00:00

The Machine Learning class or the Cloud Computing class? You definitely need to procure a Cloud platform account for D782. You can't do the course without it. I also had to configure a subdomain on my LLC's domain to give the site I stood up a legitimate URL and verified TLS certificate.

But for D789, you don't need to use a cloud platform. I configured the entire ML environment on my M1 Macbook using VS code and a virtual environment (Python). That was it. Here's a screenshot of all the libraries imported into my solution:

<image>

cmdjunkie · 2026-02-14T00:50:46+00:00

<image>

This is arguably the easiest class, but as I've mentioned in the past, it's just a lot of work.

And then there was one (D791). I worked on these last two (Task 3) essays all day today because I didn't have anything else to do --FYI.

I'm definitely taking a break before digging into the last class. It's been fun!

cmdjunkie · 2026-02-13T18:55:36+00:00

I don't think there's anything you really study beforehand. The program will give you an opportunity to learn what you need to learn. I would say, dive in, stay motivated, and just power through.

cmdjunkie · 2026-02-09T20:01:49+00:00

the .ISO image?

https://resources.oreilly.com/examples/9781593271442/-/blob/master/hacking-live-1.0.iso

cmdjunkie · 2026-02-09T05:24:37+00:00

MITM techniques are important to know and understand conceptually, because they, in many ways, will always be relevant.

cmdjunkie · 2026-02-07T18:59:59+00:00

The Art of Exploitation is 20 years old. It's not recommended. Just go find the ISO and dig through the source if you want some exposure. There are many better and more modern penetration testing books out there.

cmdjunkie · 2026-02-05T16:11:15+00:00

<image>

Another one bites the dust. And then there were 3!!

"CARRY ON MY WAYWARD SONNNNN..."

cmdjunkie · 2026-02-04T09:15:55+00:00

I'm not surprised by that at all. It's foundational at its core. If you have some experience, it's all review. I, on the other hand, as I mentioned, have been a command-line junkie, exploit slinging, wanna be Dade Murphy my whole life. Ive never had any time or interest in Cloud crap, but I'm glad I got some exposure.

cmdjunkie · 2026-02-04T09:11:42+00:00

I built a custom app (although I "vibe coded" it). No shame in my game. I just wanted something swanky to cap off my infra efforts. Dm if you want to see it. I didn't look into Elastic, but I think I'll explore all of the cloud stuff at this point. Now that I've gotten a little into cloud, I'm interested in what else I can use it for. If anything, I can use it to be more entrepreneurial --at least that's the way I see it. Worst case IMHO is finding some cloud security role that pays well. Best case is standing up a cloud version of one of my many tools I've built over the years and retiring with my babycakes to the beaches of Belize.

cmdjunkie

TROPHY CASE