2016: Securing my future
It has been a while since I’ve blogged, so I thought I would use this post to recap my 2016 and outline my goals for 2017. 2016 has been a great year: I’ve gotten more involved at University, further pursued my passion for computer security and achieved a few personal goals.
To kick off my school involvement in 2016 I organized a second Pebble hackathon called “Time for Another Round”. Once again it was a 24 hour hackathon (with an overnight break) which was sponsored by Pebble. The idea was for participants to create apps for the Pebble smartwatch and hopefully learn something new. Overall the hackathon was a huge success, I had over 30 students participate and they created some awesome apps. There were also 2 Pebblers which had traveled up from Detroit to participate in the event! You can read more about the hackathon in the follow up blog post I wrote.
Unfortunately as of November, 2016 Pebble no longer exists as they were bought out by fitbit. I must admit I really enjoyed being a community developer for pebble! I got to run monthly meetups for over a year, run 2 Pebble hackathons, build some amazing libraries & apps but most of all got to meet some amazing developers at the 2015 Pebble developer retreat in San Francisco. Even though the official Pebble company no longer exists the community still lives on through the Rebble project.
In 2016 I also got more involved with associations within the school, specifically the IEEE uOttawa student branch. It all happened because during the school year of 2016 a bunch of my friends started hanging out in the IEEE office. When elections time came in april the the past exec convinced me to run and thus I was elected to be the McNaughton Centre Director. So far during my time as an exec with IEEE I have been able to participate and assist in running multiple events. Battle Royale (9 and X) were both extrememly successful LAN parties, each of which attracted over 100 participants. I enjoyed helping run the events so much that I volunteered to be one of the Overlords for BR 11 which will be taking place in November 2017. I also had the chance to participated in IEEEXtreme, a 24 hour coding competition hosted by IEEE international. My team placed in the top 10% world wide!
I feel that as the MCNaughton Centre director for the 2016/17 term I have fulfilled my goals. At the start of the year I had set a few small goals for my self:
- Organize the IEEE office
- Run 1 event/semester to promote IEEE and get students involved
I believe that I achieved both of these goals to their full extent. The first one was completed when I had organized an office cleanup during the fall semester. During this cleanup we were able to create 3 more private work areas for students along with cleaning off the workbench area. The office cleanup was a team effort and was a huge success, students are constantly using the newly created workspaces. I also managed to get our stereo system working again (including the FM radio)!
As for promoting the branch through events, near the beginning of the year I organized a server room tour at uOttawa. We had approximately 15 people attend this tour. Then in the winter semester I organized a technical talk with Tanya Janca, the OWASP Ottawa co-organizer, about hacking your own app. We had approximately 25 students show up to that event. I’d say with organizing these two events along with helping out with plenty of other events I have succeeded in my second goal to run events and promote the IEEE student branch.
2016 was the year of security for me. It all started in the summer of 2016 when I got my first security related job with redcanari. While working for Redcanari aside from software development I also assisted in enterprise level penetration testing while being mentored by industry professionals. They taught me how to search for the OWASP top 10 and defence methods to prevent them. Redcanari also introduced me to the world of security based capture the flags or CTFs for short.
In August I got to participate (remotely) in my first ever CTF, BSides Las Vegas. This CTF was a Red (attack) vs Blue (defence) style ctf where I was on the red team due to the fact that my colleague from Redcanari was the red team leader. It was the first time I got to pwn hosts for fun and I learned quite a bit, I even made a FreePBX module to get a root shell! Following the CTF in august I then participated in BSides Ottawa which was a jeopardy style CTF where participants had to pwn apps & servers to find the flags. My team “Hack.Carleton” ended up placing second overall, which was quite impressive considering we were a bunch of university students against teams of industry professionals! Those two CTFs inspired me to write & host my own CTF at uOttawa in which approximately 30 students showed up for a night of hacking and learning. The CTF I built was hosted on AWS and I used FBCTF as the team management platform. The CTF I created also served as tryouts for CySCOTT, which was a hacking challenge between local universities hosted by the Tom Levasseur & the Mayor of Ottawa. My team placed second in the CySCOTT competition! Finally, just last month, some students from uOttawa and I managed to place first in the OWASP CTF.
In the middle of the summer I found my first major security vulnerability which I responsibly disclosed to ASUS. You can read more about that security issue in my blog post following the responsible disclosure. Later on in the fall I was doing some research with a fellow Pebble developer, Rob, when we came across a vulnerability in the Pebble app ecosystem. Again we responsibly disclosed it to Pebble’s whitehat program but this time I was rewarded for my efforts. I also wrote up about that disclosure in a separate blog post.
Moving into 2017 I will be able to continue improving my knowledge in the field of computer security during a 3 month product security internship at Github. This June I will be traveling to San Francisco to participate in a 3 month internship at Github as a product security intern. I will be working in a team of industry professionals learning from some of the best and helping improve a product which I use on a daily basis. Continuing back into school in 2017 I’m planning to start a security club which will have weekly meetings with lightning talks, much like the click jacking lightning talk I gave.
However 2016 was more than just school and security, it was also a year for some personal improvement. Nearing the end of 2016 I decided to participate in Movember. For those of you who don’t know Movember is a fundraiser which takes place during the month of Novermber to raise funds for Men’s cancers & health. This was the second year that I’ve participated. I chose to dedicate my movember campaign to my Uncle who is dying of cancer. My goal was to raise $500 and for every $10 donated I would donate $1. I’m glad to say not only did I reach my goal of $500 but I surpassed it raising a grand total of $609! Thank you to everyone who donated, this wouldn’t have been possible without you!
This movember I also participated in their MOVEmber move challenge which encourages participants to live a more active and healthy lifestyle. To do this I got a personal trainer at the uOttawa gym and started going to the gym on a weekly basis. I have continued this into 2017 now attending the gym 3 times per week (though I’ve slacked off a bit lately due to exams). Next up I’m hoping to slowly change my diet to something a bit better for my body but that will come in due time.
Finally they year wouldn’t be complete without a rig update right?!? This past christmas I spoiled my gaming rig and upgraded the entire thing to a custom hardline watercooling loop. Expect more in a future blog post but for now here is a sexy image of my current rig: