2024 - The Year of Learning More and More
2024 marks 13 years in security, 10 in offensive security, and 11 of blogging. This year has been about growth, learning, and sharing knowledge. From leadership insights to career reflections, this "year in review" celebrates technical contributions, personal achievements, and key milestones.
For the last few years, I have made a post looking back on the content I have produced on this blog, and this year is no different; 2024 marks my 13th year working in security, my 10th year in offensive security, and my 11th year publishing posts to this blog. The blog has taken many forms over the last 11 years starting out on zerosec.co.uk
on a WordPress iteration and moving through to something self-hosted to now Ghost on blog.zsec.uk, it's been a solid decade and a wee bit!
This year has been a learning, growth, and knowledge-sharing journey. I’ve published several blog posts, and this post serves as a “year in review” – a timeline reflecting on my technical contributions to the community, personal achievements, and moments of enjoyment.
I kicked the year off with two blog posts all about leadership and my progress through my career; I have learnt a lot over the last decade from lots of great people, I have had great mentors, managers* and leaders (*and some not so great ones but I've still learnt from those, like that one guy who said that killing myself would do better for everyone, yeah outstanding leadership there).
Both were less focused on the technical side of the house but more on what I learnt from leading a team and striking a balance between keeping my skills up and ensuring my team's success.
From poor leaders, I've learned what doesn't work: breaking the team's trust, operating without transparency (a lack of communication), employing a destructive and unempathetic approach, micromanaging, and setting people up for failure. These traits have stood out as particularly detrimental in my observations and progression.
One of the most significant lessons I’ve learned over the past few years is balancing care for your team with care for yourself. As a leader, looking out for your team is essential, but it’s equally vital to prioritise your own well-being – much like putting on your own oxygen mask before helping others.
This realisation has underscored how self-care and personal well-being are foundational to effectively leading and supporting others. If you do not look after yourself how can you be expected to look out for others!
With this in mind, it took a lot of thinking but it was also the year that WeegieCast which was originally started by David Manuel and I was sunsetted, David decided to leave to focus on himself, and while I continued on with two or three more episodes on my own, I opted to focus on more of the things I wanted to pursue.
Taking what I learned from leadership and mindset, I made a significant change in May of this year, transitioning into a new role away from leading and running a team and returning to my roots as an individual contributor.
Stepping out of the firing line allowed me to return to the hands-on keyboard work I love, allowing me to continue my real passion, hacking things and solving problems. It has seen me do a lot more research and write more tools; here are some of the research blog posts I have written this year:
This research on dashcams took a long time, and I was waiting for BlackVue to do something about the issues, but they opted not to. As a result, the issues prevailed, and they could not care less!
Following on from dashcams I opted to dive a little deeper into Windows SxS after seeing a proof of concept published by another researcher it took me down a rabbit hole of automation and tool creation, it also saw me find other interesting things along the way.
My third and final research post this year was centred around using systems administration techniques in an adversarial manner, I coined the term and technique LOLSearches or Living Off The Land Searches for searching both SharePoint and Explorer alike. Something I do a lot of in engagements is live off the land without the need for bringing in external tooling, and I decided to share this with a wider audience to raise awareness, especially after my good friend Neil Lines did a great talk at Steelcon this year all about living off the land and building great recon.
In addition, I published quite a few tools ranging from simple Python tools to actual proofs of concept CVE scanners:
One of the most useful tools I wrote this year was PotUtils and it spawned off the back of a long discussion with Mr John Carroll and some of the tools he had put together for parsing hashcat. It parses the pot file and produces wordlist based on previously cracked passwords allowing for diving deeper into permutations and other interesting trends.
The next two tools I developed were designed to assist with scenario creation for Xintra Labs’ exercises. I contributed to building the attack scenarios for the Virus Vipers and TechTonik Inc labs. Both involved tool creation and additional content development. While I didn’t write tools for one of them this year, I did during its initial development. It was a fascinating process, resulting in engaging tooling and content.
I got into writing more CSharp this year and I am in the process of porting some well known python tools to CSharp for additional use cases on domain-joined systems and without the need for SOCKS proxies.
I also contributed to many open-source tools and projects https://github.com/ZephrFish and I'm happy that I continue to write small utils for things. Some tools I hope to publish in 2025 include VBE Decoder extension for VSCode, SharpCMLoot and other tools for the automation of building labs.
I also finally got around to starting my home lab series on building a NUC stack consisting of two parts so far, I was hoping to publish the 3rd before EoY, but instead of writing blog posts, I've been playing a lot of video games over the holiday period which has been pretty relaxing and pleasant to get away from security/tech for a bit. Here are the first two parts if you're interested:
Finally, as per my typical approach, I delivered several talks and attended a few conferences; the talks I delivered this year were as follows. Unfortunately only 1/3 were recorded 😦:
- SecuriTay 2024 - Measure Twice, Cut Once - The Importance of Lab-ing out Attack Paths
- Steelcon 2024 - Mastering Shadows: Blending [Offensive] Intelligence with Adversarial Emulation.
- FalCon Europe 2024 - Think Like An Adversary - I delivered this with a colleague in the blue team, James Benson who did an excellent job of representing the blue side of the house and giving an insight into the inner workings of how blue handles adversarial activity. (If accepted, I may re-deliver this talk in 2025 at another security conference, and hopefully, it'll get recorded this time!)
If you've made it this far, thank you once again for reading another of my posts, I will not commit to a certain amount of posts next year, but I want to at least publish part 3 of my NUC series and possibly some other research.
If you can think of anyone who might be interested in getting into security too my books can be found here https://leanpub.com/b/LearningTheRopes I link them because they benefit others and also any profits from them pay for the hosting of this blog!
Here's to another great year in 2025!