With the world in quarantine and isolation because of COVID-19, I decided to publish a blog post reminding us of more cheerful times.

Take yourself back to the last time you spent weeks hammering away at a seemingly impossible challenge, and quickly fast-forward to when you finished that problem.

Do you remember your intense excitement and satisfaction? How did you celebrate your success? I asked security researchers how they celebrate finding 0days, APTs in the wild, new malware, and other big successes. Here are the results.

Thomas Roth @StackSmashing

Founder of leveldown, co-founder of keylabsio

“I once had a celebratory cake for an 0day

otherwise I tend to [celebrate] with a nice beer in the evening :)”

Thomas's celebratory 0day cake

Ashley Shen @ashley_shen_920

Security Engineer at Google Threat Analysis Group

“I usually celebrate with picking a restaurant from my do-eat list and have a good meal with friends :)”

Yahav Azran @Yahav_Azran

Independent Security Vulnerability Researcher

“I like celebrating a new 0day by playing a good old FPS game with my colleagues 🔫”

Ned Williamson @NedWilliamson

iOS Hacker, formerly 3DS/Chrome Hacking

“I like fashion, so sometimes if I find a really big bug I’ll buy something I was saving to get. But these days I don’t do that as much. I’m mostly disconnected from the ups and downs of finding results since that’s just better for my mental health. The journey is the reward :)”

The Kernel Programmer @userlandkernel

Cybersecurity student researching Embedded Operating Systems

”[I celebrate] by calling friends and paying for festival tickets ;) And of course I jump up from my hours of sitting and scream out yeaaaaah baby”

Niklas B @_niklasb

Pwn2Own competitor. Captain of CTF team @KITCTF

”[I celebrate] usually through months of anxiety in expectation of the death of the 0day”

Shahar Tal @Jifa

VP Research, Security Research Labs at Cellebrite

“Every success has its own due celebration. I wouldn’t say there’s a winning format. Sometimes we join to toast with Whiskey, sometimes we go out for [street food] :) I’m open to celebratory 0day choreography if you have any dance suggestions.”

Stalmans @_staaldraad

Senior Security Engineer, Product Security at Heroku

“There is the immediate celebration when that “itch” pays off or the exploit chain comes together. That is usually a bunch of shouting and then rapidly trying to explain it all to my wife. Then depending on how tough it was (or how tired I am) it is either celebratory take-out from our favorite place or going out for a great dinner.”

Hadar Feldman @HadarFeldman

Security Researcher and Product Manager at Microsoft


Brandon Falk @gamozolabs

Security Researcher at Gamozo Labs

“Largely varies based on my expectations of the target. Could go anywhere from a “jeez finally” to “holy shit poppin bottles” Usually just an excited yell, and drinks with friends later that night”

Jon Sawyer @jcase

Offensive Security Researcher

“Significant one that will put food on the table? Rum. Everyday one? Notta”

Damien Miller @damienmiller

Information Security Researcher at Google

“Usually just have a glass of wine and enjoy the relief that something large is complete”

Ben Hunter @B_H101

Security and Malware Researcher at enSilo

“Honestly I just close the jira ticket, feel nice for 15 min and move on to the next thing”

Yarden Shafir @yarden_shafir

Software Engineer at CrowdStrike and Windows Internals Expert

“Usually just tell people about it a lot and move on to all the other tasks I was supposed to be doing while I worked on it”


I believe celebrating success healthy praises our hard earned winning moments, which balance out the inevitable occasional shortcomings on the “roller coaster” of research (and life). I sincerely enjoyed learning each researcher’s celebratory tradition because it brought out his or her unique and interesting character, even though I didn’t publish everyone’s response. Furthermore, I wholly encourage following each of the security researchers mentioned on Twitter - I personally enjoy their tweets and the interesting research they publish.

I hope I managed to slightly brighten your day and maybe even remind you of more joyful times to help you get through this tough period.

Self plug: Follow me on Twitter @whtaguy for new blog posts and infosec tweets.

Let me know how you celebrate your infosec success in the comments or on twitter :)