Completely self-taught Cybersecurity enthusiast • Red, Blue and Purple Teaming
In 2014 on my birthday, I received my first ever device- a Toshiba laptop shipped with Windows 7. Now, as a just-recently-turned 7 year old, I was already hooked the moment I opened *the* Web Browser- Internet Explorer. I started off like most people (maybe), watching YouTube videos, playing Web Browser games, browsing tech support forums when I had problems with the laptop, to the point where I eventually just started remembering everything, like where the Control Panel was, how to use Powershell and Command Prompt, and every problem I had just became muscle memory. I would fix the issue(s) myself, troubleshoot with the Wi-Fi off (I was decently smart back then), and then I would just go back to watching YouTube videos or listening to music when everything was done. I didn't really do anything too interesting during this time, but I do remember bits and pieces of me using screen recording software to document on how I would fix certain issues, bugs, etc. I wish I still had those videos, however that laptop is long gone, but it still remains a HUGE part of me and who I am today. If not for that super simple Toshiba laptop and all the curiosity around troubleshooting and modifying certain aspects of Windows 7, where would I really be today?
Stepping into 2015: "Wait, I can experiment with troll virus batch scripts to better understand how systems could be abused?", now this was the part in my life where technology was just now starting to click. Task Manager was always opened the moment I booted Windows, any nasty processes running in the background would obviously terminate if they saw the PID and/or Process Name of 'Task Manager', I was already thinking way ahead and became hypervigilant around computer security before I even got the chance to turn 8 years old. I was doing really lame batch scripting back then, I'd barely even call it 'scripting'. They all went a little something like: '@echo off' and of course, the good old: 'color 4' then proceeding to write pretty genuine computer-crashing batch scripts like opening Internet Explorer tabs over and over with a loop, and then unironically ending it all with a CMD window opening executing 'tree'. Ah, the good old days- well, my good old days. Nothing else really that much interesting happened during this timeline, as I got quiet with IT and just wanted to use computers for personal use rather than understanding them. I did however at one point bypass blocked websites in Primary School through a VPN to play web games, I helped everyone else in my class set it up. Not my proudest moment, but this was 2016 or 2017-ish, I was no older than 9-10 and just wanted to be the "kid who knows how to use technology", even if that meant technology was just a simple VPN bypass.
Welcome everybody into the Script Kiddie stage of my life. I was interested in Game Development for a while, and when you're 11-12, you straight away download Unity, watch a few videos on C# and end up just ripping the code, trying to understand it so that you could even modify it to your liking, and then giving up on every project anyway. Burn out, ripping code, using tools I didn't fully understand, it was so bad. The worst part? That feeling that you were actually accomplishing something, like you were on top of the world. That whole rush just from watching terminals spit outputs I didn't get, it's such a strange feeling, one I don't think I'll ever experience again. Now during this time, I knew some people in Cyber through school, there was an older person there who knew quite a bunch about IT and we just got to chatting one day, eventually hitting each others DM's. He shared me a login, said it was an SSH login. Gave me the IP address, username, password, and told me something like "Look around, don't touch anything". I barely knew SSH, infact I knew NOTHING about SSH. After looking at some tutorials, (yeah, it was pretty bad) I installed PuTTY, entered all the information and was immediately bombarded with ASCII text flowing the screen, text about 'Active Hosts', etc etc. I thought it was so cool, like it was some Hollywood-Hacker style terminal output. What I didn't realize at the time was that I just logged into the root account of a massive graveyard, zombie computer farm: a botnet, most likely from Malware. You see, my friend at the time was not the owner, he knew someone who lived in the United States, he was the owner. I got into contact with him with the help of my friend and we all just kinda sat around and talked about computers. Never in my life have I felt so embarrassed, truly red in the face because I mentioned I was using Windows 8.1 (I had a new laptop at this point). A quick side note: I forgot everything I learnt throughout the years of basic computer security- I was smarter with that at 7-8 than 11-12. One day, just to skip ahead all the random dialogue, I was told to install AnyDesk, I think you know where this is going. I let the 'person' have full control of my computer, because being the naive pre-teen I was, I thought he maybe would've helped set some things up for me to become a "31337 hacker". So yeah, I make this really dumb mistake, and I mean you can NOT make a dumber mistake than this one. After letting this person with this huge botnet of 10's of thousands of zombie computers have full remote control over my computer, I walk away to get some milk (I like milk). I come back, he's showing me my address, my logins, all that good stuff any cybercriminal would want when targeting somebody. I never paniced so hard in my life by the way, I immediately shut down my computer and blocked that person on everything I had him on and I just never saw him again. Lesson to be learnt at this age; Don't fall for this type of attack, it was so lame and it just worked because I was so, so so dumb back then. I don't even think I nuked Windows after that, I think I legitimately kept using it normally. Of course I looked around for any weird applications that couldve been installed, I uninstalled AnyDesk, checked Task Manager so often you would think I had bad memory, it was my first real world example of being the victim in this scenario, and I was just a kid. This scared me away from technology, understandably for quite a while. It got real quiet.
Wow, was this the period of my life where it was non stop curiosity, like that itch just never went away to learn more and go even deeper. Near the end of 2021- around October, I grabbed an old laptop I had that I would use at high school and kind of got curious around Cyber/IT again. This time, it wasn't virtual machines running Security-based distros or Linux Mint- I really wanted to learn how to flash distros like Tails to a flashdrive. So, October 2022- this was my first experience with flashing an OS to a USB stick. Now, would you believe me if I said that in just 1 year from that date, I went from learning to flash Linux on to a physical media, to scripting perfect ethical hacking tools and releasing them to the public? Getting into Surveillance and IP Cameras around my city just to take pictures of myself by screenshotting the 2 second interval updating webpage? Exploiting LED-signs to read whatever I type? (Make your passwords complex, people!) Browsing TOR for hours a day/night to fuel my curiosity? I was a complete, 100% full-proof Linux user from this point forward. I abandoned anything Windows and just went straight to Arch Linux. I was setting up Pentesting VMs with QEMU for Bug Bounty hunting and CTFs. I loved CTFs, the same way I loved Duolingo- you win by learning, and I love winning, and I love learning. So it was everyday for me, using platforms like HackTheBox and TryHackMe for CTFs, and Hackerone for BBPs!
In 2023, I started going to a secondary college as high school just wasn't for me- I dropped out of high school sometime around 2022 for personal and mental health purposes. Little did I know, that this secondary college would let me study *anything* I wanted to do and become later in life! So, I went in on my first day, got to work on the same laptop I used in high school, doing Web Development while running a combination of Fedora and Artix. Don't skip over the 'Web Developer' section though, I was genuinely super serious about becoming a Full-Stack Web Dev for a job, or possibly even my own, like freelancing and/or building web templates for web builder companies/businesses, think Wix, Squarespace, or even Shopify if I was lucky enough, etc etc, the list went on in my head. I have used AI previously, I used it back in 2018 when I think GPT-2 was released and used websites like 'Talk to Transformer' and 'AI Dungeon', AI sucked so bad back then it was just terrible. I had no idea it was going to come back and just completely destroy my dream of being a Web Developer- you see, in Near Mid-2023, ChatGPT was really booming and could now generate full frontends and backends of Web Applications. "Oh, so like Vanilla JavaScript and.." nope. It was generating *fluent enough* backends in Python, Ruby on Rails, Flask, good frontend frameworks like React at the time, Vue.js and I imagine now it's probably extremely good at Svelte. So, as you could imagine, I got extremely burnt out and stopped doing Web Development to actually think about maybe pursuing Cybersecurity. There was an assignment coming up in my class about whatever project you made depending on what field you were pursuing and you would showcase it to your teacher like a Ted Talk. This assignment was due in April, and I only got back into the Cybersecurity rhythm in late-March- I literally had no project to showcase, I mean, what would I even show, me typing on a terminal and saying the entire time; "Yeah this thing right here, it can be used for reallllll bad stuff, cybercrime and such", I mean I was completely lost. Thankfully, one of the tools I had scripted back in 2022 were published on an old Github account and it was PERFECT for the assignment I thought, and I was correct! It was a tool that just scraped the internet for IP cameras with no admin passwords (just to clarify, this IS legal), it worked only in the CLi and had options to choose what countries, states and cities to scrape from. I chose Australia as, well, I live here, and it was fetching all of these active IP cameras around Australia and I opened a few to show to my teacher and she was just in awe, and I seriously mean that when I say it. She couldn't believe that you could do this with just a terminal (she's IT, but not Cybersecurity), and I kind of played it off like "Yeahhh, this was so easy to code". She asked me "Could you use this for surveillance, against criminals?" I replied with "Yes." and proceeded to show her the rest of the tool's options to find more cameras around someone's residence/streets. I showed her all the code to make it work, she said it was the most unique project she's seen and we basically wrapped it up there. Next day I go to class, she quite literally handed me a piece of paper, a piece of paper on how to join the AFP (Australian Federal Police). She said something as she handed it to me like, "I really think you should work with AFP or ACSC"- and for those of you that don't know ACSC, it's the Australian Cyber Security Centre, in the Australian Signals Directorate (ASD) Agency. It's like Australia's FBI/NSA (Australia's CIA is 100% ASIO, go look it up if you're curious). So I really looked at it and thanked her so much. Now, I need to specify that this timeline from here on out was a blur for me, but I remember dropping out of the secondary college in May due to some personal issues. Since dropping out, I've been fully self-taught, and never walked into anything school-related since.
Mastering my skills in everything IT-related, but most specifically Cybersecurity, from Offensive to Defensive Security, Red to Blue to Purple Teaming, watching Cybersecurity documentaries, reading Cybersecurity RSS feeds, practicing my programming, anything! This world needs better security, let's face it, and I really want to help with that. If we're diving head-first into a new world where everything is digitalized, let's make sure it's 100% secure before shipping it out. As of now, I'm trying to step into the extremely professional world of Cybersecurity. Whether I pursue roles such as a Penetration Tester, Security Analyst, Help Desk Consultant, or a combination of these, I know deep down this is what I was meant to do my entire life. I continue to learn, I don't feel that burn-out anymore, it's just so exciting everytime to boot up an OS and know I'm going to be productive today. Of course, I'm still learning by myself, by teaching myself, but I've always found that most effective for me. I'm not so active with CTFs as much anymore, just kind of scripting some tools here and there but I believe I'll get back into that routine. I've been using flashcard software like Anki for programming, language learning, certain sciences, just 30 or so minutes a day of learning some hobbies I like! This is kind of where my story ends, of course only in text-form, I'm still progressing every single day and I'm not giving up even on my worst day. So, to the future of Cybersecurity, and for my future, your future, let's have a toast. 🥂 If you’ve taken the time to read this, thank you, it genuinely means a lot. This Web Portfolio reflects both my technical work and my curiosity, and I’m excited to keep learning- forever. If you ever need to get in contact with me, the 'Contact' button is right up there on the navbar! If you want to see some of my projects (some still being worked on), go ahead and click on 'Portfolio' at the top of the navbar as well!