... on a pentesting platform. that became my main 'social network'!
It feels like the natural progression from my walking down the stack: In the last year I re-lived my history of a physicist in IT or an IT security specialist trained as a physicist. I investigated the security of embedded systems and sniffed network traffic - mostly related to monitoring and control of physical devices for 'generating' or storing energy.
I wanted to fill in gaps of knowledge, I turned to classic introductions to computer science, and I caught up on C/C++ and Python. But trying to hack systems is still another kind of skill: I had been a 'defender' for many years, explaining to others how to secure their systems, but I lacked the skills of an attacker.
After I had dabbled in forensics of unknown files and in using automated testing tools with modest success, I decided I want to learn this craft thoroughly. Or was it? Maybe I just want to play and see how far I can get. It was a surprise that I was actually able to hack the entry challenge for that pentesting platform. Fast-forward: I had hacked more than 80% of the active boxes.
My experiences there are both very humbling and very gratifying. Sometimes I struggle with even getting an exploit tool to run as I lack some basic knowledge of compile switches. But sometimes I discover I can leverage some things I didn't even realize consciously or ancient things buried deep in my memory. Who knew that ASP and VBScript would ever be useful again? And my preferences of Python and C++ (for non-destructive purposes) feels eerie now - I could not have picked the languages for my exploit tools better! My adventures with learning SQL Server a few years ago also come in handy, and what I considered my most unprofessional hacks turned out to be most useful: Stringing together 'applications' from scripts and compiles code in different languages, burying one into the other, not being afraid of loads of different quotes embracing each other. As a side effect, I am also more daring when it comes to my non-malicious code now: I have no problems any more to state publicly that I write an application in C# that adds VBA macros to Excel and executes them!
My immersion in this addictive platform also told me something about my learning preferences ... again. I had known it but it was not that explicit: I want to learn from solving problems. That was my intuitive answer once, when colleague had asked how I make myself familiar with new technologies, a freshly released operating system at that time. I replied that I try to solve one specific problem on that new system (involving X.509 certificates then) - and then expand my knowledge from there. I have pontificated about my love of reading textbooks and immersing myself in abstract theory, and this is not a contradiction: Hadn't I ploughed through the later chapters of Structure and Interpretation of Computer Programs - the ingenious explanation how compilers and assembly works - I might not enjoy my attempts to create buffer overflows that much. Which is a topic I need much much more reading and playing with, by the way.
I know am saying the same things again and again and again - here, on my blog, and on social media. It seems my websites have run their course for the time being - I am not actively trying to search for new content to create, and I feel like writing articles that flow naturally, rather than writing semi-scholarly papers with code and data. So I am leaving this article here, on the site that nobody reads, as a hidden away note maybe.
I have always wondered why my English articles about science, career (and the universe and everything) have different tone than my German ones.
The English version dated 2008 differed from the German version. After reading Bertrand Russell I dare to say that my English way of thinking about science was more Russell-like whereas my German version was a little bit too fluffy and written in 'longing for consensus mode'. Probably the statement on 'popular science books' was a bit too harsh.
Today I consider the following the most important aspect of science - both in retrospect as well as with respect to my current relation to science:
I am still most interested in the fundamentals of physics and in theoretical physics. Such as: Explaining why the sky is blue or how a heat pump works - both in words and pictures but also drilling down to the mathematical proofs. I admit that this is not primarily driven by the necessity to build technical solutions (although I do not object to apply that knowledge to real-life problems, of course). I believe that this way of scientific thinking has a value that stands on its own. It is not just 'technology' and 'formulas', it is rather part of our culture.
I re-discovered some really old books on physics last year. In contrast to the saying of the exponential growth of knowledge the very core of physics is unchanged. Strong foundations are even more valuable today in order to judge the overflow by so-called new stuff. I feel that immersing in these details and the full broad picture of nature as seen through the eyes of science allows to thrive (survive?) in modern project busywork more easily.