About — ry4n

about_me

Hey, cheers for checking out my site. I’ve been interested in computers for as long as I can remember. I started learning to program when I was around 11 years old and spent a few years working on small projects to understand the basics. By the age of 12 I had my first introduction to the world of cyber security when encountering hackers in online games. After some digging I found some game hacking communities and asked as many questions as I could. Of course, given the gatekeep-y nature of the community around that time, many of those questions went unanswered.

It was around this time that I realised I would have to teach myself some low-level computing and networking basics if I wanted to understand anything. After a few more years of learning the fundamentals and asking as many questions as I could, I started to develop a real passion for cyber security. At this point I was around 15 or 16 years old and started putting my knowledge to use by reverse engineering malware. During this time I was part of a community of like-minded individuals that enjoyed sharing projects and software they had made. Unfortunately, some people used this as an opportunity to upload malware and steal from other users. I took it upon myself to download every single dodgy-looking file and would look through the strings, imports, exports, and network connections in a virtual machine to determine if the file was legitimate or not. At first I didn’t really know what I was doing, but over time I started to understand how to separate normal activity from malicious activity, making it much easier for me to identify a malicious sample. I didn’t know it at the time, but this was my first exposure to the “hacker mindset” and would change the way I solved problems up until this day.

At this point I was getting towards the end of high school and started focusing on what I wanted to do once I left. My school didn’t have a great computing department, so I didn’t really learn about many career options other than going to university, graduating, and becoming a software engineer. So that’s what I did. In September 2018, I accepted an offer with the University of Glasgow to study computer science. In my second year of university I discovered that being a software engineer wasn’t the only career path I could follow after graduation. I met some great people in the cyber security space and joined a community of students and professionals that helped me get started in my real cyber security journey. I learned about red team, blue team, bug bounties, and a certain website called HackTheBox, that really propelled my interests in offensive security.

Over the next few months I spent all my free time doing HackTheBox machines, taking part in CTF competitions, and learning as much as I possibly could alongside my university courses. I was starting to get very passionate about cyber security, so decided to get some friends together to make an unofficial cyber security club called “RevEng”, which was a play on reverse engineering and the word revenge… we were very cool. We would meet up a few times and play around with our laptops installing random distros or teaching each other new things we’d learned. Around this time I discovered that I could scan the local subway tickets with my phone and read the raw bytes, so I collected 10 or so tickets and made a big diagram and tried to figure out what each section of the ticket meant. I ended up moving on from the project as I wasn’t sure what else to do with it, but I ended up finishing it after graduating and wrote a blog post.

Once I realised that other people were interested in cyber security, I started an official society through the university. In the first few weeks we managed to get over 50 members and ran our first pub crawl. It was around this time that we took part in our first CTF competition as a team: pwnEd run by SIGINT from the University of Edinburgh. We booked a hostel and went up for the weekend. There were too many of us for one team, so we had to split into two and ended up coming second and third place in the end, taking home a total of £900! It was also around this time that we started running workshops and weekly meetings to teach others offensive and defensive security techniques.

Everything was going great, but the universe had different plans it seemed. In March 2020 the COVID-19 pandemic hit and all in-person classes were cancelled. This really impacted the society and it kind of fizzled out from there. Suddenly, I found myself with a lot more free time, so I started going on long late night hikes and visiting the gym a lot more. This is when I discovered a podcast called Darknet Diaries. Every time I went out for a walk I would listen to a new episode, sometimes extending my walk by a couple of hours to squeeze in another when I could. I specifically remember watching the sunset at the top of a hill while listening to the XBox Underground episodes, not wanting to leave because I was so stuck in the story. It was around this time that I started writing my first blog posts and found my first CVE.

Just before the pandemic hit, I managed to get a part-time job at the student IT Helpdesk in the university. I had only been working there for a few months before we were asked to work remotely until the whole pandemic shitstorm died down (spoiler alert: it didn’t). At this point I lived at home with my parents and I didn’t really have a lot going on since everything was closed due to the lockdown, so I started reading books on reverse engineering (specifically this one) and malware analysis to build on the foundations that I had learned when I was a teenager. A friend of mine was also running a malware analysis course and I somehow managed to convince him to let me join for free. To this day I have no idea how because he was selling seats for like $2,000 each. With all of these resources available to me I was able to learn a whole lot about reverse engineering and how computers work at a low level. Coupling this with my classes at university and suddenly everything started to piece together in my head. One day, in what I can only describe as some click in my brain, computers just started to make sense. Everything was just electrical pulses that represent one or zero at certain amplitudes and computers are just a series of circuits that we built to store those ones and zeros and perform certain logic. Networks are just connected devices sending bits, converting them into electrical pulses, and then converting them back to bits on the other side. Programming languages are just human-readable interfaces to writing new logic for the circuits in computers. Everything started to make sense, and all of a sudden I realised how much about computers I didn’t actually know - and it became a bit overwhelming.

Around this time I started my first internship at Barclays as a software engineer. However, the pandemic had just hit and the infrastructure for remote working was still pretty poor so the internship got cut short and I didn’t really learn a whole lot other than messing around with AWS services and building some serverless lambda functions. However, with the internship and my part-time job at the IT helpdesk, I built up a decent amount of savings and decided it was time for me to move out. At this point I kind of took a step back from computing and started to enjoy my life as a student. I had made a lot of friends with others that lived in the same building as me and we started having weekly movie and firepit sessions out the back garden (since the pandemic was still in full force). Looking back, this was probably the best thing that could have happened to me as I was starting to experience burnout. For the past 2 years I had been studying for my degree full-time, working at the IT helpdesk part-time, and spending all of my free time learning about cyber security. It wasn’t very sustainable. For the next year I did the bare minimum for my courses at university and spent a lot of time going out with friends, making memories, and enjoying life. Sure my grades took a small hit, and I wasn’t learning much about cyber security, but I was learning so much more about myself. The experiences and life lessons I learned during this time really shaped me into the person I am today.

This page is still a work in progress.