I’m a Security Researcher at Faraday but I’m also a Molecular Biology Ph.D. student. I know this is a strange combination, so let me tell you how I transitioned from biologist to hacker. The doctoral program faced me with challenges of diverse nature. During the first year, the necessity of analyzing complex biological data sparked my interest in programming. For this endeavor, I learned data processing, analysis, and visualization with R and Python. But I wanted to achieve a deeper understanding of how computers work and what makes an algorithm performant so I decided to enroll in Computer Science and began taking courses at night after my Ph.D. hours.
This was a game-changer for me. I became immersed in the world of algorithms and data structures and fell in love with Thomas Cormen’s book on the subject. During that time I learned C++ and became curious about the strange cryptic low-level code that the compiler generates. Around the same time, I heard about an entry-level CTF organized by Fundación Sadosky. So I grabbed a friend and a book on Assembly and signed up. The day of the event came and I had read about half the book by then, so we started trying our luck with the reversing challenges. We managed to solve various problems and ended in fourth place. Originally, the prizes were for the first three teams but the organizers saw our effort and were impressed by the fact that we only tackled reversing problems, even some of the hard ones, so they managed to get us tickets for an upcoming security conference: Ekoparty 2018.
This conference unveiled a new world before my eyes. I was amazed by all the talks and workshops, and there I realized I wanted to become a hacker. During the conference, I attended a workshop on HackTheBox that inspired me to learn about penetration testing. Since then I reached Pro-Hacker rank and developed many skills along the way. I learned to search for exploits and tailor them to fit each box scenario, to write custom Python scripts that take advantage of other vulnerabilities, to launch reverse shells, and to escalate privileges on Linux boxes. But I had a real passion for the low level, so I took two computer organization courses for the following semesters where I learned how to code in Assembly and not just how to break it. We coded some simple device drivers and even made a toy operating system. As a final project, I developed optimized versions of bioinformatic algorithms using SIMD instructions. You can find some of these projects in my GitHub profile. After that, I took another course on operating systems where I learned about synchronization and concurrency problems. This revealed to me a previously hidden layer of complexity in how computer systems work, which I found fascinating.
With a group of classmates interested in security, I started a hacking club where we share write-ups and participate in various CTF competitions. I wrote some binary exploitation challenges and gave a workshop to introduce the other members to buffer overflows and return-oriented programming. I also enjoy participating in CTFs with my other team, fernetInjection, you can find some of my write-ups in my blog.