My Second Year In InfoSec: OSEE, the Odyssey
Last updated
Last updated
In 2024, I took a second gap year to pursue the (OSEE) certification. Over the next seven months, I spent hours studying full time, eventually acquiring the OSEE. Along the way, I attended six live trainings and five conferences. Additionally, I found and reported to Microsoft, making the . I also joined as a Security Researcher. I think I may have had a .
This post builds directly off my . Once again, I've documented the resources I used to obtain the certification. I'll share the lessons learned, my experiences doing security research and going to conferences. I'll also try to answer whether the OSEE will help you find a job and why I changed my mind about going to college.
Below is a table of the study resources I used to build my initial foundation:
Off By One Security is a great source for advanced-level binary exploitation presentations and security interviews.
I read the first few chapters and gave up. Skimming it now, it looks good. I just think it was not suitable for my situation (learning C to write exploits/find vulnerabilities) at the time.
A lot of the content flew past me on my first time doing this course.
This course helped me break out of C tutorial hell.
I did not do the Computer-Vision related exercises.
On my first time I completed about ~half of the course, but I didn't fully understand the course materials.
It all began with a spur-of-the-moment decision. In August 2023, I thoughtlessly signed up for the live training (AWE) organized by SINCON. At the time, the AWE had not been offered in Singapore (my home country) for years, so seeing its return felt like a once-in-a-lifetime opportunity. At the time, I was preparing for the OSCE3 and had a 12 month gap before starting college. I estimated I'd complete the OSCE3 by early January 2024 , which left me with five months to prepare for the training and two months to pass the exam.
The extent of my thinking amounted to: "Since I took about three months per certification, seven months should be enough time for this harder certification. I mean, how hard could it be? I need something to do for the seven months after the OSCE3 anyways".
Having heard horror stories of the AWE live training selling out within 15 minutes of opening, I panicked and hurriedly convinced my parents to purchase the course. I had no knowledge of Windows exploitation, no idea what the OSEE covered, and no clue whether the OSEE was worth it.
Let me be clear - this was objectively a terrible mistake. Just because it worked out well for me in the end doesn't change the fact that I essentially signed my own death warrant.
Read every resource and write a roadmap
Dive in to the course and patch learning gaps as you go
Do all the exercises, extra miles, and practice exams
These three steps exploited these three respective qualities of the OSCE3:
They were widely reviewed, so I could create a roadmap of what to study and prepare for
They had minimal prerequisites, so I could just dive in from zero and learn as I go
They were pre-recorded, so I could rewatch the course videos again if I got stuck
The OSEE is a different beast entirely:
The AWE was a five-day live training. I couldn't rewatch it if I got stuck - so it was paramount that I came prepared. If I fell behind in class, I would have to catch up by relying solely the textbook and slides - something I couldn't afford with my short timeline.
It was clear I needed a new approach. What got me here, would not get me there. I had a poor idea of what I needed to study for and I only had five months before the live training began. In these kinds of situations - I rely on first principles. Since OSEE focuses on Windows Exploit Development, I assumed the exam would require writing Windows exploits. The AWE syllabus covers exploiting a hypervisor, a browser and a kernel driver, so I could use my ability to do those things as reasonable proxy for my progress at preparing for the live training. Developing a roadmap for how to exploit a hypervisor/browser/kernel driver was much easier. Searching GitHub for sample exploits told me that I needed to learn
C/C++ to write hypervisor and kernel exploits
What bug classes exist
How to exploit the heap
What exploit mitigations exist and how to bypass them.
This list was far from perfect, but it was enough to get started.
I started by watching some presentations to get a high-level understanding of Windows Usermode and Kernelmode Exploitation. I would take notes, then look into each part of the talk I didn't understand until I had a big-picture understanding of what each presentation was about.
I tried to escape by learning from books instead of videos. I searched far and wide for the "best book to learn C" - but I could never stick with each book because either it wasn't relevant enough for my needs (learning to write exploits) or that finishing the book would take months - time I did not have.
My next topic was learning about Heap Exploitation - which proved to be a challenge. Most of the resources I found were either for Linux or older versions of Windows like Win 7/XP. The ones that were modern were too technical for me to understand. I briefly considered learning Linux Heap Exploitation and then trying to map it over into Windows myself, but I dismissed the idea as it would take too long.
Below is a table of the Study Resources I used to prepare for the AWE live training:
I watched this in preparation for the Corelan HEAP Masterclass. Very helpful.
Corelan HEAP Exploit Development Masterclass exercises
I decided to revisit this course again to prepare for the Windows Internals For Security Engineers training. This time, I could understand the course much better.
Another great course.
I loved how Yarden covers the major components of Windows by sharing stories about why Microsoft made certain design decisions. She also taught me how to use dxcommands in WinDBG which are helpful.
One of the best courses I have taken.
Based on the lecture, I developed a three step approached that worked well, and I've used it in every live training I've attended since.
Before the training, try to read as much information about the topic as possible.
By reading a few Heap Exploitation blogposts before the Corelan Training, I familiarized myself with the core concepts, terminology and methodologies - reducing the chances I fell behind. This also allowed me to identify parts of the subject I had trouble understanding, which I could then bring as questions to Peter during the training.
During the training: Process the information, Summarize with Abbreviations, Develop a Question.
During the training, I directed my attention almost entirely on Peter, instead of the slides on the wall. I kept a list of abbreviations at the beginning of my notes. ( HM for Heap Manager, LFH for Low Fragmentation Heap, BEA for Back End Allocator) After each sentence, I would try to summarize each line Peter spoke using my abbreviations, write a few short bullet points in my notes. I did not mind if there were spelling mistakes.
At the same time, I would constantly try to engage with the material by developing questions. Some examples of ways I engaged include creating metaphors for the concepts being shared, trying to come up with ways to improve an exploit technique/bypass a mitigation that was taught. I would then write these "candidate questions" in italics besides the bullet points in my notes. If the question was important for me to understand the information being spoken currently, I would immediately raise my hand and ask it. An example of this would be clarifying the meaning of a specific term or resolving a contradiction between what was being said and my internal mental models.
If the question was an extension or example of what's currently being spoken, I would use my own discretion to decide between asking now and asking later when Peter was done with the topic. Examples of this would be like "Instead of doing X, could I do Y instead? Would it be better/worse and why?" or "Just to confirm, if for example there was an A, and we did B, C would happen?.
To my surprise, I was entirely wrong. Peter - and every instructor I've met since - patiently answered all my questions and even welcomed them eagerly. Instead of criticizing me, my classmates praised me for asking questions, as they gave them the chance to learn new insights from the instructor's answers.
If you're attending a live training and have a question - please don't be afraid to ask. There are no such things as "stupid questions" - asking questions allowed Peter to correct any misunderstandings I had about the topic, deepened my knowledge of the subject and gave me ideas to research when I got back.
After the training: I would practice applying the knowledge as much as I could.
After the course, I spent the entirety of the next month completing the first seven homework exercises from the Heap Masterclass. This was incredibly challenging and rewarding - it got me extremely comfortable with Heap Exploitation.
At the end of the month, I was confident I was ready for the Usermode half of the AWE live training. With a few months remaining, I set my sights on the final half: Kernelmode.
Since taking an in-person course to study Heap Exploitation worked so well, it made sense to try the same approach towards studying Kernelmode Exploitation. I looked around for live trainings on offer and found Yarden Shafir's Windows Internals for Security Engineers at OffensiveCon.
My previous exposure to Yarden was from her OffensiveCon talk which I really enjoyed. The course material seemed very relevant to AWE syllabus, so I decided to go for it. While I was there, I also purchased an OffensiveCon ticket reserved for students, since I thought it might be a fun experience.
It wasn't long before it was finally time for the AWE Live Training. Nearly half a year of preparation led me to a single class, and it did not disappoint. Even with all my training and prior preparation, I still learned so much from the class. Morten and Sickness are experts in the topic, and the AWE live training is a marvel - insanely comprehensive, cutting-edge research that's been neatly packaged and masterfully written.
The course covered every mitigation used in modern Windows as well as those yet to be widely adopted, and taught me how to bypass all of them. Morten and Sickness generously shared their experiences and methodology behind how they reverse engineered each target, found the vulnerability and developed an exploit.
As each day went by, the content taught got more and more complex. It was taking my full attention to not fall behind. Somehow, I seemed to have survived the first four days - but the last day was going to be the hardest. There was only one problem - I wasn't going to get a good night's sleep.
The training awarded challenge coins and stickers for students who completed each chapter's Extra Miles before the end of the last day. These swag have zero use and are merely souvenirs for students who want to go for it.
Personally, these Extra Miles ranged from doable ( sticker ) to difficult ( first coin ) to definitely-didn't-stay-up-all-night-and-fail-only-to-spend-the-entire-class-solving-it-instead-of-listening-to-the-instructor. ( second coin ) to didn't-even-bother-attempting. ( secret reward )
I'm a competitive person. When I set my sights on something, I work very hard to get it even if it seems impossible. This trait has served me well but if I'm not prudent about the goals I choose, I can end up making critical mistakes.
In the 53 days between 6 June and 29 July, I obtained the OSEE, found and reported two bugs in the Windows Kernel to MSRC, and joined PixiePoint Security. It was one of the busiest periods in my life.
At this point, I had covered the first half of the OSEE's syllabus, and I was feeling burned out. I'm not exactly sure why, but I ended up putting off the second half of the syllabus to reverse engineer a curious part of the Windows Kernel I had some unanswered questions about. I wanted to try applying the reverse engineering approach Morten shared that he used to find the bugs in the course, and I wanted a break from the grindy, goal-oriented work of studying the textbook to try my hand at something pointless.
I found it exhilarating uncovering esoteric knowledge about a specific part of Windows that seemed completely overlooked - and I dug myself deeper and deeper into the rabbit hole as I started suspecting there might actually be a vulnerability in the code.
I ended up finding nine "bug candidates" in the specific component - but when I looked into them I realized they weren't actual bugs because of one reason or another. As the nights grew longer and I realized how much time I was spending, I became increasingly dejected and desperate, obsessing longer and harder about the component.
After finding the first bug, I was ready to call it quits. However, I hadn't fully audited the component, and at the advice of a friend, I decided to finish the audit. I'm so glad I did, as I found another bug shortly after.
MSRC was right. I should have read the Microsoft Bug Bounty terms more carefully. However, I requested them to reevaluate my bounty eligibility because I did technically extend the disclosure policy by 14 days when my Case Reviewer asked me for an extension.
The bounty team did reevaluate my case and eventually awarded me a USD$2000 for reporting the bug, which was nice of them. In the end, I didn't after the disclosure period so I kind of shot myself in the foot for no reason.
By a fortunate stroke of serendipity, this led to a series of events that eventually culminated in me being employed at PixiePoint.
In my eyes, being nice and lucky matters far more than any certificate or training I've earned.
Personally, I don't go to conferences hoping to get something out of it - I go to conferences because it's incredibly refreshing to talk to like-minded people. It's a rare chance for me to step back from work and enjoy awesome food. It's also an opportunity for me to help others.
Note: I'm unable to review the course because I haven't completed it - I have not watched the last two days recordings. It would be unfair for me to prematurely judge the course. The ringzer0 crew was fantastic - they went above and beyond to make sure the virtual training went as smoothly as possible. They also honored a USD$200 discount on the course due to a mistake on their website.
Here are the prices for each course and conference I attended this year:
Zero Day Engineering Vulnerability Research
$2286 ()
OST2 Architecture 1001
FREE
OST2 Architecture 1002
FREE
OST2 Debuggers 1011
FREE
OST2 Debuggers 2011
FREE
OST2 Architecture 2001
FREE
OST2 Vulns 1001
FREE
OST2 Vulns 1002
FREE
OST2 Debuggers 3011
FREE
Corelan Heap Exploitation Masterclass
$3700
Windows Internals For Security Engineers
$6200
OffensiveCon Ticket
$2200
SINCON Ticket
OST2 Exploitation 4011
FREE
Advanced Windows Exploitation
$16329
Hacksys Windows Kernel Exploitation Foundation & Advanced
$5170 ()
Off By One Conference Ticket
$490.50
SGHack Ticket
$600
Hypervisor Development for Security Analysis
$6154
HEXACON Ticket
$1679
Total:
Note: this table does not include costs such as flight tickets, hotels, living expenses, etc.; the total costs are considerably higher. Please don' t misinterpret the meaning of this table. I'm sharing this table because I think it's important to be transparent about the costs of this journey, and because it's information I wished I knew before thoughtlessly signing up for the AWE live training. My circumstances were extremely unusual - I was committed to taking the AWE live training in May, and I was searching desperately for any way to prepare myself. In-person courses fulfilled that purpose for me, letting me rapidly bridge the gap between the OSCE3 and OSEE. As there was no precedent for what I was doing, I erred on the side of overspending and ended up buying more courses than what I ended up needing for the OSEE.
I'm fully aware that I'm in an extremely privileged position to have parents who financially supported me through these trainings and I'm very grateful for that.
I am NOT implying that trainings and conferences are overpriced. They are NOT. Having spoken to instructors and conference organizers, I know just how expensive it is to organize such events, how much effort it is to teach a class and how small of a cut an instructor gets. I am NOT implying that someone needs to take all of these courses to get the OSEE. They do NOT. They are plenty of free resources out there - such as one of my favorites: OST2 Exploitation 4011. I'm wholly certain that it's possible to get the OSEE with only the AWE and free resources. However, I also don't think that we should dismiss trainings entirely - if you need help learning a particular topic, and you want to learn it as fast as possible - I believe there is no harm trying to convince your company to sponsor a course.
The real question I was asking was "Is the OSEE alone enough to get me a job?" and I can say the answer is "very likely no". Let me explain.
The OSEE is an apex windows reverse engineering and exploit development certification. In my opinion, the industry with the most demand for these skills is the One might think that most vulnerability researchers would have this certificate. However, having met and as a (recently hired) vulnerability researcher; I have not met a.
Don't get me wrong - I'm not saying the OSEE is a bad course. In fact, it's one of the best courses I've taken. Rather, I'm saying it's a great way to get to the prerequisite knowledge to be a researcher, but it alone is not enough to get a job in the VR/expdev industry - you'll need to find actual bugs and write actual exploits. It's definitely not the only way to learn this prerequisite knowledge. In fact, it's a very uncommon way.
The last thing I want to do is peddle a myth that the OSEE guarantees a job in the VR/expdev industry. Make no mistake - it does not. I think it's important for me to say this, because I thought it did!
I'm not trying to gatekeep the OSEE or the VR/expdev industry - I think both are great, and I wish people working towards them the best of luck. However, it's important to realize I got extremely lucky this year. The most likely outcome for this year was me having to take another gap year and put in even more work and even then, I might still not have been able to break into the industry.
A lot has happened in the two years since I started this journey. Between 3000 hours of studying, four countries and 50,000 dollars, my life has changed so much sometimes I don't believe it's real.
Looking back, most of my memories share a constant feeling of being out of time. Despite having every day to myself, I was always chasing the next certificate. If there was another certificate more difficult than the OSEE, would I still be chasing after it? These days, I don't think about certificates any more. They have definitely changed my life by giving me the skills that formed the basis to what led to a career in the security research industry.
If we met at a conference this year, you received one of these "Reverse Engineer" cards signed by me. I'd like to thank you for playing an irreplaceable part in my journey this year, and I look forward to meeting you again.
by and
by Connor McGarr
Connor McGarr also has a great with numerous blogposts about topics covered in the OSEE ( e.g. : , )
by
State of Exploit Development and by Connor McGarr
by
by
OST2 by
OST2 by Xeno Kovah
OST2 by Xeno Kovah
OST2 by Xeno Kovah
OST2 by Xeno Kovah
by
OST2 by Xeno Kovah
by Valentina Palmiotti
OST2 by Xeno Kovah
Course by
See my review of the course .
by Stephen Sims (Off By One Security)
by
OST2 by
by
OST2 by
Fast forward five months: I was now an OSCE3 holder. There was no time to celebrate though, as now I had to . I realized early on that I couldn't approach the OSEE the same way I approached the OSCE3. Last year, I used a three step approach to acquire the OSCE3:
As an apex certification, there were very few certificate holders, and thus even fewer reviews of the course. In addition, the course was updated in 2021 - narrowing the set of relevant reviews even smaller. The two best reviews were 's (plus associated ) and 's . It's no exaggeration to say that without these two reviews, I may not have become an OSEE holder as quickly as I did.
From reading the , I could see there was a mountain of prerequisite knowledge I would need to learn. It looked closer to another language when I first read it. What in the world were ? What is a - could I eat it? Does a dream of robotic sheep?
After that, I took my first stab at learning C and C++. I started out with a video tutorial, which I quickly finished. However, I didn't feel "knowledgeable enough" after watching to move on, so I looked for another tutorial. I would then look at a windows kernel exploit on Github and ask myself, could I write that? Obviously I couldn't, so I felt like I had failed at "learning C" and needed more tutorials. Unknowingly, I had once again found myself stuck in .
Eventually, I ended up abandoning my attempt to learn C and shifted my focus on understanding the various bug classes. I stumbled upon 's , which delivered the content superbly but more importantly - forced me to just dive in to real C codebases and find real vulnerabilities. I cut my teeth staring at C code, and I came out of the course able to read and write C enough to carry on. Looking back, I have found no better way to learn something than by .
After the course, I looked for resources to learn Hypervisor Exploitation. I stumbled upon through their . I ended up taking the Zero Day Engineering's course, which while not directly relevant to the OSEE, gave me a neat beginner-friendly overview of the art of Vulnerability Research.
The best resources I found were from 's blog, but since they were written for Windows 7/XP, I realized I would need to go to attend Peter's to learn comprehensively and efficiently.
by Wei Chen
by
This is a fantastic resource but it was too technical for me at the time an largely flew over my head Links: ,
This was one of the best courses I've taken. My experience was so positive that I realized in-person courses could short-circuit the learning process and enable me to prepare for the AWE in time. I've spilled a lot of ink about why the Corelan Heap Exploitation Masterclass is so good: see my and .
OST2 by Cedric Halbronn
I decided to go through the course again, and this time I understood much more. The course is absolutely stellar and gave me the confidence to do independent security research. See my review of the . Cedric also teaches this course live as ""
by
OT2 by Xeno Kovah
by Yarden Shafir
by and Off By One Security
by
by wumb0
by wumb0
by Connor McGarr
by Antonio "s4tan" Parata
by Yarden Shafir
See my review of this .
by
by and
See my review of this .
It wasn't the first time hearing of the Corelan Heap Exploitation Masterclass. SINCON was also offering it in March the same year. However, as learning Heap Exploitation is a prerequisite to learning Hypervisors and Browser exploitation, I needed to take it as soon as possible. Checking the I found that Peter was teaching a class one month earlier - in Sydney.
As such, despite being a homebody who hadn't left my country in over half a decade, I prepared to travel to Sydney alone for the first time. I was anxious whether I would be able to keep pace with the in-person course. In my experience doing pre-recorded courses from OffSec and OpenSecurityTraining2, I would often rewind sections of each video multiple times because I missed something. I also frequently paused the video to take notes. I wouldn't be able to do either in a live setting - so I knew I had to work on my approach. I found this lecture about very practical and useful.
Initially, I was afraid of using this approach as I felt it was going to be disruptive to my classmates and disrespectful to the instructor. After all, that had been my experience within the traditional educational system - being . I decided to employ the strategy because I was desperate to obtain the OSEE, and that it was .
As an aside, my experience in Sydney was a showstopper. The food was top-notch, the training venue (PwC Australia) had a gorgeous view of the Sydney Harbor - and the facilities are excellent. If you're interested, Peter is offering the (as well as other locations ) - I can't recommend it enough if you're trying to learn Windows Heap Exploitation.
I employed the same approach towards Yarden's class as I did with Peter's class and it paid off. After the class, I opted to revisit Cedric's Exploitation 4011 course again to practice Kernelmode Exploitation instead of the assigned homework exercises as they were about using the and not as relevant to Kernel Exploitation. While doing the Exploitation 4011 course, I made an effort to use dxcommands whenever I could to practice, as well as try to apply the information I learned from Yarden's class into Cedric's class.
By the way, Cedric was also teaching the Exploitation 4011 course live at OffensiveCon that year as "Windows Exploit Engineering Foundation". If I could , I would have attended both courses live. I think that there is enormous value in attending classes in person even if the full course is online. The most important benefit is the ability to ask questions. I have no doubt that I would be able to learn the materials much faster if I was able to ask Cedric questions in-person and then use the
On a side note, my experience at OffensiveCon was also incredibly positive. The training and conference were organized really well. I especially liked the size of the conference room as it was perfect - small enough to meet new people but large enough to have your own space. I was incredibly lucky to have made friends with great people. If you're thinking of whether to go to - I can't recommend it enough.
I asked a fellow student whether he would be gunning for a challenge coin. He said that he would rather prioritize sleep and that these coins would end up collecting dust in a closet somewhere. He was 100% right. My coins are collecting dust as I type, serving as a physical reminder of the opportunity I squandered to learn the last and arguably most difficult chapter from the instructors. After the course, this mistake compounded to a boatload of stress for me. Due to some sudden time constraints, I ended up having to hurry through the last chapter. Honestly, I didn't get a good understanding of the topic. To add insult to injury, I didn't have time to do the final extra mile, which haunts me to this very day.
Reported to MSRC
Reported to MSRC
After another long night in the office, another bug candidate came into my head. I was halfway about to dismiss it, but decided to bring my laptop home and test it out. I still remember my heart beating wildly as I set up the conditions to trigger the bug within the kernel debugger. I pressed 'g' to continue execution - and it caused a . I leapt in the air in joy and shouted in the middle of the night "I FOUND A BUG!" before I had just found a zero day in Windows.
I decided to report the bug to Microsoft, and began writing a report. This was my first time doing something like this, so I looked at one of j00ru's reports on the as a template and filled in the details.
In the end, Microsoft awarded me a bounty of USD$2000 for each of the bugs I found: and . For CVE-2024-43535, I was initially told that since I was using a "strict 90-day disclosure policy", and that I was "going to publish an advisory whether or not a fix is available" it meant that my submission was not eligible for an award.
In June 2024, I attended the inaugural organized by . Some of my AWE classmates would be there, and I was looking forward to catching up with them.
I'm not some super socially adept person. I cringe looking back at the social faux pas I've made, and I have made a lot of them - but I don't need to be one. What really matters is the - just don't be "". Of course, I try to be friendly, I try to see situations as charitably as possible, I try to be positive. But what really matters is avoiding catastrophic mistakes - I try to avoid burning bridges as much as possible, I try to cultivate a positive reputation and I try to make things right when I mess up. I'll be the first one to admit that I've not been very good at it - and I'm doing my best to improve.
I am a beneficiary of undeserved good fortune. I've been enormously privileged to be born in a great country with supportive parents. I was lucky to find the two bugs and I was incredibly lucky for the events that occurred that led me to be employed at PixiePoint. The former was completely out of my control, but the latter was only possible because I increased my . I think security conferences are a great way to increase the % chance that something positive happens to you - like a new friend, a job opportunity or a research idea.
The OSEE exam was easier than I expected. It was still challenging, but I was quite comfortable with exploit development and reverse engineering at this point. Ironically, the main challenge was actually after it. In April, out of an abundance of caution, I signed up for the organized by .
I made the call to get the OSEE before I got , which unfortunately meant I had to schedule my exam 12 hours before the training. After the exam, I was quite exhausted and completely unprepared for the training which started at midnight. In the end, I was only able to attend the first two days before it started to take a toll on me - and I decided not to attend the last two days. Thankfully, , the instructor, provided recordings for the class to students, so I didn't miss out.
After the OSEE, I attended the inaugural conference, which was another great offensive security-focused conference in Singapore. The conference has a WhiskeyCon segment in the evening where attendees can drink a shot for five minutes of speaking time. I gave a lightning talk sharing the statistics from my journey thus far. As I'm a , I'd like to give thanks to the person who drank in my place.
I'm quite happy that the offensive security scene in Singapore has grown so much - two inaugural conferences in one year. I hope this growth continues in the years to come. STAR Labs has already announced , and I'll do my best to be there.
Lastly, in November I attended s course. This was organized by , and I enjoyed the training and conference. You can find my review of the course .
I had an unforgettable time in Paris. The food was sublime and the was beautiful. I enjoyed the conference talks and had a wonderful time meeting and making friends.
At the start of the year, I asked this question in the . Unfortunately, I didn't . Now that I'm an OSEE holder and I'm employed, I think I have some responsibility to pay it forward so at the risk of being wrong I'll try to . First, "Will the OSEE help me find a job?" is a terrible question - lots of things can help you find a job. Being friendly, going to conferences, writing blogposts, graduating from university are all things that can help you find a job.
Now that I'm employed, going to college has a higher . Each year I spend in college is a year's worth of salary and career experience I'm foregoing. ( the cost is even higher when factoring in tuition fees and the time value of money ) Let me be clear - I'm NOT saying that college is useless. There are sizable benefits to going to college for me, such as being able to get a work visa for some countries. I'll probably have to get a bachelor's degree in the future, but I'm not planning on getting one right now.
I've learned that I only got to where I am by . At every stage of my journey, I overcome challenges because someone far more knowledgeable than me generously shared their expertise. Without OST2, how long would I have spent bouncing back and forth around C tutorials? Without Peter's Heap Masterclass, would I understand Heap Exploitation as well as I do today? Without Cedric's Exploitation 4011, would I have had the confidence to find the two bugs?
If last year was about by . I've been awestruck by just how warm the security community has been to me. I'm proud to wake up everyday and work alongside some of the brightest minds in the industry. It's been an honor to have spent the last two years setting goals that seemed impossible at the time, conquer it, then share my learnings. I've pushed past limits I thought were unbreakable, and I hope to do the same in the years to come. I hope this retrospective can help you in some small way make better decisions, refine your approach, and avoid the silly mistakes I made.
To commemorate my journey, I asked five instructors I met in person to autograph a "" MTG card. This idea was inspired by , who gives out (far cooler) at conferences.
I'll be handing "Reverse Engineer" and other security-related MTG cards out in every training/conference I go. I post which events I'll be going to on .
