My journey through cybersecurity

My Journey. My Story. My Path.

The interest I had in IT, particularly in cybersecurity, began in those early days. I would sit in high school classes and write code on paper. I then transcribed the code onto my old AMD 386DX2 computer, running at 40MHz with 8MB of RAM and an 80MB hard disk. Despite its limitations, that setup served me well for a long time since I couldn't afford a better one. In school, I achieved good grades without much effort. However, when I went to university, things changed. I wanted to focus exclusively on programming, which led me to work on various projects. I often found myself skipping classes because the pace of my programming class wasn't challenging enough. Looking back, I realize that I was forcing myself into something that didn't quite fit. It's worth noting that many high-profile hackers do not have university degrees or obtain them later in their journey.

During that time, I started experimenting with computer security. I performed my first social engineering attempts on Bulletin Board Systems (BBS) that were prevalent before the internet became widespread. My real exposure to hacking and vulnerabilities came through a Windows bug that allowed attackers to reset victims' connections, effectively 'nuking' them offline. One attack involved sending a stream of ASCII characters to port 139 of a Windows machine. Using IRC scripting language, I created a network listener that not only stopped the attack but also notified me whenever someone attempted to 'nuke' me. After some time, I discovered that by refusing to process the incoming gibberish and simply repeating the data back to the attacker, I could 'nuke' them offline, often resulting in a Windows blue screen.

These experiences fueled my desire to learn more and improve my skills. I delved into more attacks, such as the Pentium F00F bug and the winmodem ATZ bug, which allowed remote attackers to reset modems with crafted packets. It was during this period that I realized I was just as capable as the individuals creating these tools. So, I set out to learn Linux, embarking on one of the most extensive learning experiences of my life. I learned through trial and error, starting with the installation of Slackware 3.5 and configuring my pppd script to connect to the internet. Since I didn't have a CD-ROM drive, I had to rely on the floppy format of Slackware, downloading 155 floppy disks at a mere 33.6kbps. To put it in perspective, today's 3G network on a cellphone would be 20 to 30 times faster. The installation process involved dealing with occasional disk corruptions, likely due to their recycled nature.

After a while, I became proficient with Linux and started installing it for others to gain experience with different distributions like RedHat. I then explored attacks like boink and teardrop, delving into ICMP and its potential to take others offline. At this point, my Linux skills were advanced. I could compile software and make minor changes to its source code. However, I still felt that I wasn't as skilled as the individuals who created these tools during my teenage years.

The next phase of my journey took me into the realm of software development. I honed my skills in various programming languages and witnessed the evolution of web technologies from PHP to Web 2.0, WASM, and now Web 3.0. Despite my personal progress, I still didn't consider myself on par with the developers who had inspired me in my youth. We really are our own worst critics.

Dealing with the aftermath of being a university dropout and constantly criticizing myself for not excelling within the education system, I eventually had an opportunity to move from my small town to a larger city. In that position, I made many valuable friendships, some of which I still consider to be close friends today. I also gained a deep understanding of the structure and workings of one of Canada's largest service providers. After some time in that position, I transitioned to a major telecommunications equipment provider that had recently been acquired and was seeking to expand its telecom engineer backbone team. Working there, I had the privilege of collaborating with industry experts from around the world and learning about groundbreaking technologies that were emerging in the market.

While telecom wasn't as intuitive to me as it could have been, my fascination with the phone system and the hours spent exploring its capabilities (such as the 2600Hz phenomenon) provided a solid foundation. With the decline of phone phreaking, I found myself gravitating towards freelance web development to sustain my income. Unfortunately, it didn't turn out to be as lucrative as I had hoped, due to various factors.

Then, the COVID-19 pandemic struck, and everything came to a halt. Businesses halted their spending, resulting in little to no income for me. However, I saw this as an opportunity to immerse myself in the world of cybersecurity and get up to date with the current landscape. The cybersecurity landscape had drastically evolved since my teenage years, with the proliferation of hacking labs, bug bounty programs, and open discussions about hacking online. It was mind-blowing. I made a conscious decision to return to the field of computer security, but this time, leaving behind the black hat activities of my youth, as engaging in such activities now would likely result in legal consequences.

In 2021, I became extremely serious about my cybersecurity journey. I joined platforms like Hack The Box, Try Hack Me, and Pentester Labs, committing myself to intensive learning. As a result, I successfully obtained my eLearnSecurity Junior Penetration Tester certification at the end of the year. In 2022, I enrolled in several courses and certifications related to Microsoft Azure, aiming to familiarize myself with the Microsoft ecosystem and delve deeper into cloud technologies.

Back to Who Am I page