Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜

Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.

First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.

Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.

Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.

Dealing with attacks and getting hacked.

Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.

linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)

How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!

One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)

Dealing with different kinds of attacks:

Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.

So yah, hereby :P

Storytime!

This customer comes in and practically throws a computer on the counter.

Customer: This computer isn't working. I've ran the diagnostics and it says it's software. *places a dvd case with a 32 bit Windows 7 disk in it on the counter* It had Windows 10 on it, but I want Windows 7 on it.

Me: Well, you may have issues with the drivers if you put Windows 7 on it--

Customer: I don't care, I just want Windows 7.

Me: You SHOULD care. That means no wifi, no display, no mouse... Windows 7 doesn't like Windows 10 hardware.

Customer: Then... check to see Windows 7 compatibility!

Me: Alright.... *makes notes to check for Windows 7 compatibility*

Me: So has this Windows 7 been used before?

Customer: Yes, it has.

Me: On how many computers?

Customer: I've installed it on two computers and it works just fine.

Me: That's weird because Windows license keys are for one computer only. Are both of them connected to the internet?

Customer: Yes.

Me: Well, okay then... *finishes up ticket*

Customer: I work in this field and I just don't understand why they don't come with the disks anymore. How much is a Windows 10 disk?

Me: *gives price*

Customer: And do you have any?

Me: Let me check *I go to where they are, find some and come back out*

Me: Unfortunately we're out at the moment and would have to special order some back in.

Customer: OK. So then how much to fix this computer?

Me: *price of installing Windows and backing up data*

Customer: That's halfway to the price of a new one of these!

Me: Well yes, an HP at Walmart... But you do have that option if you want to take it.

Customer: Well, why does it cost that much?

Me: Well, it's $labor1 to install Windows, $labor2 to do some basic setup and drivers, and $labor3 to backup and restore data.

Customer: Oh, well I don't want data.

Me: Okay, well then it would be $total - $labor3

Customer: ...Okay, fine

Me: *updates the ticket*

When she finally left I put it on the bench and the first message said "SMART ERROR." I then did 4 different tests that said "lol, the hard drive is failing."

If you "worked in this field," you would know that a SMART error is hard drive related.

If you worked in this field, you would know that Windows is only a 1PC license, so why are you lying about installing it with no issues on other computers?

If you worked in this field, you would know you would want a 64bit Windows on your computer.

If you worked in this field, you would know how to find a Windows 10 installation media online.

If you worked in this field, you would know that HPs are not good computers to get.

IF YOU FUCKING WORKED IN THIS FIELD YOU WOULDN'T BE SUCH A FUCKING CUNT.

To those that think they can't make it.
To those that are put down by those that don't understand you.
And to those that have never had a dream come true.

Not a rant, but the story of how I got into programming

I've always been into tech/electronics. I remember being told once that when I was 3, I used to take plug sockets to pieces. When I was 7, I built a computer with my dad.
There isn't a thing in my room that hasn't been dismantled and put back together again. Except for the things that weren't put back together again ;)

When I was 15, I got a phone for Christmas. It was a pretty crappy phone, the LG P350 (optimus ME). But I loved it all the same.
However I knew it could do a lot more. It ran a bloated, slow version of Android 2.2.
So I went searching, how can I make it faster, how to make it do more. And I found a huge community around Android ROMs. Obviously the first thing I did was flashed this ROM. Sure, there were bugs, but I was instantly in love with it. My phone was freed.

From there I went on to exploring what else can be done.
I wanted to learn how to script, so over the weekend I wrote a 1000 line batch (Windows cmd) script that would root the phone and flash a recovery environment onto it. Pretty basic. Lots of switch statements, but I was proud of it. I'd achieved something. It wasn't new to the world, but it was my first experience at programming.

But it wasn't enough, I needed more.
So I set out to actually building the roms. I installed Linux. I wanted to learn how to utilise Linux better, so I rewrote my script in bash.
By this time, I'd joined a team for developing on similar spec'd phones. Without the funds to by new devices, we began working on more radical projects.
Between us, we ported newer kernels to our devices. We rebased much of the chipset drivers onto newer equivalents to add new features.

And then..

Well, it was exam season. I was suffering from personal issues (which I will not detail), and that, with the work on Android, I ended up failing the exams.
I still passed, but not to the level I expected.

So I gave up on school, and went head first into a new kind of development. "continue doing what you love. You'll make it" is what I told myself.

I found python by contributing to an IRC bot. I learnt it by reading the codebase. Anything I didn't understand, I researched. Anything I wanted to do, google was there to help me through it.

Then it was exam season again. Even though I'd given up on school, I was still going. It was easier to stay in than do anything about it.
A few weeks before the exams, I had a panic attack. I was behind on coursework, and I knew I would do poorly on exams.
So I dropped out.
I was disappointed, my family was disappointed.
So I did the only thing I felt I could do. I set out to get a job as a developer.

At this stage, I'd not done anything special. So I started aiming bigger. Contributing to projects maintained by Sony and Google, learning from them. Building my own projects to assist with my old Android friends.
I managed to land a contract, however due to the stresses at home, I had to drop it after a month.
Everything was going well, I felt ready to get a full time job as a developer, after 2 years of experience in the community.

Then I had to wake up.
Unfortunately, my advisors (I was a job seeker at the time) didn't understand the potential of learning to be a developer. With them, it's "university for a skilled job".
They see the word "computer" on a CV, they instantly say "tech support".
I played ball, I did what I could for them. But they'd always put me down, saying I wasn't good enough, that I'd never get a job.
I hated them. I'd row with them every other day.

By God, I would prove them wrong.

And then I found them. Or, to be more precise, they found me. A startup in London got in contact with me. They seemed like decent people. I spoke with their developers, and they knew their stuff, these were people that I can learn from.
I travelled 4 hours to go for an interview, then 4 hours back.
When I got the email saying they'd move me to London, I was over the moon.
I did exactly what everyone was telling me I couldn't do.

1.5 years later, I'm still working with them. We all respect each other, and we all learn from each other.

I'm ever grateful to them for taking a shot with me. I had no professional experience, and I was by no means the most skilled individual they interviewed.

Many people have a dream. I won't lie, I once dreamed of working at Google. But after the journey I've been through, I wouldn't have where I am now any other way. Though, in time, I wish to share this dream with another.
I hope that all of you reach your dreams too.

Sorry for the long post. The details are brief, but there are only 5k characters ;)

For the first time that I can remember I see ordinary people everywhere are unhappy with windows. In XP through win8 days I'd see people complaining about one crash here or there, but most of the times you had to be more experienced to notice why windows sucks.

Now, this week I already heard three complaints of people wanting to back to windows 7.

And I feel so happy... I feel waves of joy growing in me, as I burst in a sarcastic, obscure laughter.

Why do?

Because somewhere deep inside I hate windows.

Not becausebthe great amounts of frustration I used to have with it. But because it's so crazy I don't even consider it an OS, but rather a patchwork.

Microsoft's code base must be so fucked up they don't even know what to it with anymore.

That's my idea at least.

Buy it's good to see ordinary people are getting fed up of windows. This might be a way one of my dreams will come true, the day which Microsoft will not be able to maintain Windows anymore, and I think it's not more than ten years until we reach this day.

As a final result, if one day windows really gets to die, I want to be present, but not unnarmed, so I can shoot it at least 15 times, just to make sure this piece of crap is already dead.

Bye

So recently I installed Windows 7 on my thiccpad to get Hyperdimension Neptunia to run (yes 50GB wasted just to run a game)... And boy did I love the experience.

ThinkPads are business hardware, remember that. And it's been booting Debian rock solid since.. pretty much forever. There are no hardware issues here. Just saying.

With that out of the way I flashed Windows 7 Ultimate on a USB stick and attempted to boot it... Oh yay, first hurdle to overcome. It can't boot in UEFI mode. Move on Debian, you too shall boot in BIOS mode now! But okay, whatever right. So I set it to BIOS mode and shuffled Debian's partitions around a bit to be left with 3 partitions where Windows could stick in one more.

Installed, it asks for activation. Now my ThinkPad comes with a Windows 7 Pro license key, so fuck it let's just use that and Windows will be able to disable the features that are only available for Ultimate users, right? How convenient would that be, to have one ISO for all the half a dozen editions that each Windows release has? And have the system just disable (or since we're in the installer anyway, not install them in the first place) features depending on what key you used? Haha no, this is Microsoft! Developers developers developers DEVELOPERS!!! Oh and Zune, if anyone remembers that clusterfuck. Crackhead Microsoft.

But okay whatever, no activation then and I'll just fetch Windows Loader from my webserver afterwards to keygen my way through. Too bad you didn't accept that key Microsoft! Wouldn't that have been nice.

So finally booted into the installed system now, and behold finally we find something nice! Apparently Windows 7 Enterprise and Ultimate offer a native NFS driver. That's awesome! That way I don't have to adjust my file server at all. Just some fuckery with registry keys to get the UID and GID correct, but I'll forgive it for that. It's not exactly "native" to Windows after all. The fact that it even has a built-in driver for it is something I found pretty neat already.

Fast-forward a few hours and it's time to Re Boot.. drivers from Lenovo that required reboots and whatnot. Fire the system back up, and low and behold the network drive doesn't mount anymore. I've read that this is apparently due to Windows (not always but often) mounting the network drive before the network comes up. Absolutely brilliant! Move out shitstaind, have you seen this beauty of an init Mr. Poet?

But fuck it we can mount that manually after every single boot.. you know, convenient like that. C O P E.

With it now manually mounted, let's watch a movie! I've recently seen Pyro's review on The Platform and I absolutely loved it. The movie itself is quite good too. Open the directory on my file server and.. oh. Windows.. you just put db.thumb on it and db.thumb:encryptable. I shit you not, with the colon and everything. I thought that file names couldn't contain colons Windows! I thought that was illegal in NTFS. Why you doing this in NFS mate? And "encryptable", am I already infected with ransomware??? If it wasn't for the fact that that could also be disabled with something as easy as a registry key, I would've thought I contracted ransomware!

Oh and sound to go with that video, let's pair up some Bluetooth headphones with that Bluetooth driver I installed earlier! Except.. haha nope. Apparently you don't get that either.

Right so let's just navigate the system in its Aero glory... Gonna need to flick the mouse for that. Except it's excruciatingly slow, even the fastest speed is slower than what I'm used to on Linux.. and it's jerky as hell (Linux doesn't have any of that at higher speed). But hey it can compensate for that! Except that slows down the mouse even more. And occasionally the mouse driver gets fucked up too. Wanna scroll on Telegram messages in a chat where you're admin? Well fuck you mate, let me select all these messages for you and auto scroll at supersonic speeds! And God forbid that you press delete with that admin access of yours. Oh maybe I'll do it for you, helpful OS I am!

And the most saddening part of it all? I'd argue that Windows 7 is the best operating system that Microsoft ever released. Yeah. That's the best they could come up with. But at least it plays le games!

Don't feed the pigeons.
A cautionary tale.
When you feed the pigeons they keep coming back. They don't stop pestering you for help, and they don't ever listen to you.
I gave my father-in-law my old laptop, and installed the latest version of Office 2016 because I'm a nice guy.
Now, every week at family dinner there's something he needs me to help him with.
Mind you, his previous computer had Windows XP and the one I gave him had Windows 7. So it was quite the texh upgrade for him.
Except one of his octagenarian siblings wrote a family recipe book, and wrote it in Word Processor. (because Old People!) Well fuck of course it has pictures, clip art, special formatting, vertical and horizontal lines. It worked fine on XP because Word Processor was supported by XP.
The following is me explaining to him over the phone why his recipe book wouldn't load into Word. I was in his house picking up 2000 rounds of ammo for my and my wife's pistols (target practice) while he was out and about.
FIL: "It's the link on the desktop. It comes up in Word on the old computer but when I tried to put it on the new computer it wouldn't work. I used a thumb drive."
Me: "Okay well I tried to..."
FIL: "I don't know why it would work in Word on one computer and not the next."
Me: "Okay, well I clicked on the link to the file on your old desktop and it opened in Word Processor, not Word."
FIL: "No it opens in Word on the old computer, but it won't open on the new one."
Me: "It opens in Word Processor on the old computer, it won't open in Word on..."
FIL: "Which computer are you sitting at? The old one is on the left." (as if I wouldn't recognize the computer I had for three years and just gave him a month ago!)
Me: "The old one."
FIL: "Okay so it should open in Word on the old computer."
Me: "It won't. It will open in..."
FIL: "I was thinking maybe it had something to do with a screen that popped up when I logged in to the new computer. Something about antivirus software?"
Me: "It will open in Word Processor on your old computer, but it isn't formatted..."
FIL: "Yeah, it's a '.-w-p-s' file so it should work in Word."
Me: "Word Processor is a different program from Word. This opens in Word Processor."
(long silence)
FIL: "So which one do I have?"
Me: "You have Word Processor on the old computer."
FIL: "So how do I get Word Processor on the new computer?"
Me: "You don't. It is defunct software, it was discontinued ten years ago. You can try to get a converter online, but there's no guarantee it'll work."
FIL: "Alright, I'll be home in a few minutes. I'll take a look then."
This was at 10pm last night, and I'd been out all day since 7:30am. He still didn't believe me that the book was written in Word Processor until I showed him the different startup screen for Word Processor, where it says "Word Processor" plain as day.
I fed the pigeon. And it looks like there's more of this to come.

Am I the only one who hates the current status of Windows 10 where it's slow as fuck on an HDD? And I honestly don't like it's design... Even today I started messing with a Windows 7 PC and loved the OS theme and design again (though the icons may need a change). Well, back to my Elementary OS I go...