So, I guess it’s time to get things started around here eh?
I’m RedTeamRedShirt, a Web Monkey turned Red Team student from the UK looking to try his hand at a career in Ethical Hacking / Penetration Testing and the related disciplines. I’m quite literally just starting on a journey that I hope will one day see me switch from “Web” to “Cyber”.
I’ve started this blog to help me document my journey as I attempt to break into a different industry, to give me something to look back on and refer to, but also in case any of my findings or musings can be of any help to others with a similar goal.
For the last 10 years I’ve been developing websites, online stores and integrations for SME and Enterprise clients, predominantly using WordPress, PHP, MySQL, JS, HTML, CSS, and have done more than my fair share with hosting, workflows, tooling etc.
Although crafting things for the web will always be close to my heart after I dived into it head-first during my teenage years in the ’90s, I’ve come to the point where I am totally disenfranchised with my craft, and as a result, I’ve lost the passion, interest and excitement I used to have.
So, why turn to Ethical Hacking, Penetration Testing and the like? “Hacking” in the most general sense is something that has always interested me, but I’ve never really done a deep dive.
Whether it be making video game mods as a teenager, building my own PCs, playing around with various Linux distributions myself over the years, following big incidents like the Stuxnet outbreak, paying close (frankly too close) attention to the Russian intervention in the 2016 U.S election and the ongoing fallout from that, and all manner of leaks, operations and scandals that have made the headlines over the years, I’ve always been interested in the how more than why.
I’m genuinely interested in the “Cyber arena” so to speak, and lately I’ve realised that my career so far has given me at least some of the underlying technical and soft skills required to at least try ethical hacking as a career path. I mean, why not?
Y.O.L.O AMIRITE? (forgive me)
Now, without getting too sensational, I have to say that the Darknet Diaries podcast ran by the supremely talented Mr Jack Rhysider has been a bit of a catalyst in recent months, along with other podcasts such as McAfee’s Hackable.
With respect to Darknet Diaries, listening to tales of “Red Team” folks going about their business have been exciting and enthralling, but beneath all the glamour and drama there is a message that the Red Team isn’t just for a privileged or genius-level talented few; it’s a field that anyone with the right amount of skill and work ethic can break into. While I’ve been listening to the detail, I’ve realised that it’s a perfectly viable path to go down.
I am fully aware that, especially in my late 30s, I am never going to be involved in any of the truly serious, dramatic work involving the government, the military or FTSE 100 / Fortune 500 companies. That kind of stuff is pie-in-the-sky and can be reserved for when I’m asleep and dreaming.
My goal over the next 12-18 months is to get into the private sector in some way if I can and just enjoy every minute of it, seeing where the journey takes me. I have no intention of getting carried away with myself, and I just want to learn and put what I learn to use.
When I look at what I do now, and then look at ethical hacking from a Red Shirt’s point of view after doing the research into what a typical Penetration Test involves (digital or physical I guess), it’s pretty fucking cool right?
Receive your target, carry out in-depth reconnaissance on the target, make your preparations, execute the plan to spec and then carry out any other necessary actions after the fact before reflecting on and documenting what you did. That sounds like the kind of thing that is right up my street, and would actually engage me in a way that software development hasn’t been lately.
That said, there are a huge number of similarities and parallels to software development (probably why it’s such an appealing switch), but with the added bonus that you get to put your Sherlock and Wargames knowledge to good use throughout. Haha!
It would also be foolish of me not to admit that I do have a bit of a machiavellian side to me that is largely left unsatisfied, so why not put it to good use? I mean what’s the worst that can happen, I lie to someone but ultimately help them or their organisation improve their security? Small price to pay in my opinion.
At the time of writing I’m diving into the world of Kali Linux and Metasploit, (re)discovering shell commands and techniques, reading and watching pretty much everything I can get my hands on and absolutely loving it.
I’m giving myself next year to really get as much experience under my belt as well as whatever relevant courses and certifications I’m able to afford and achieve before actively looking for employment; whether this is a realistic goal remains to be seen, but the absolute worst case scenario is that I end up doing this as a super-interesting hobby, which isn’t a bad thing at all.
Anyway, that’s enough rambling for now. I hope to post a couple of times per week depending on how much free time I have away from family and work life, and I’ll do my best to keep things interesting! Hit me up on Twitter and say hello, but I warn you, I’ll likely bleed you dry of any and all information I can get! 🙂