.png)
With the world in quarantine and isolation because of COVID-19, I decided to publish a blog post reminding us of more cheerful times.
Take yourself back to the last time you spent weeks hammering away at a seemingly impossible challenge, and quickly fast-forward to when you finished that problem.
Do you remember your intense excitement and satisfaction? How did you celebrate your success? I asked security researchers how they celebrate finding 0days, APTs in the wild, new malware, and other big successes. Here are the results.
Thomas Roth @StackSmashing
Founder of leveldown, co-founder of keylabsio
“I once had a celebratory cake for an 0day
otherwise I tend to [celebrate] with a nice beer in the evening :)”
Ashley Shen @ashley_shen_920
Security Engineer at Google Threat Analysis Group
“I usually celebrate with picking a restaurant from my do-eat list and have a good meal with friends :)”
Yahav Azran @Yahav_Azran
Independent Security Vulnerability Researcher
“I like celebrating a new 0day by playing a good old FPS game with my colleagues 🔫”
Ned Williamson @NedWilliamson
iOS Hacker, formerly 3DS/Chrome Hacking
“I like fashion, so sometimes if I find a really big bug I’ll buy something I was saving to get. But these days I don’t do that as much. I’m mostly disconnected from the ups and downs of finding results since that’s just better for my mental health. The journey is the reward :)”
The Kernel Programmer @userlandkernel
Cybersecurity student researching Embedded Operating Systems
”[I celebrate] by calling friends and paying for festival tickets ;) And of course I jump up from my hours of sitting and scream out yeaaaaah baby”
Niklas B @_niklasb
Pwn2Own competitor. Captain of CTF team @KITCTF
”[I celebrate] usually through months of anxiety in expectation of the death of the 0day”
Shahar Tal @Jifa
VP Research, Security Research Labs at Cellebrite
“Every success has its own due celebration. I wouldn’t say there’s a winning format. Sometimes we join to toast with Whiskey, sometimes we go out for [street food] :) I’m open to celebratory 0day choreography if you have any dance suggestions.”
Stalmans @_staaldraad
Senior Security Engineer, Product Security at Heroku
“There is the immediate celebration when that “itch” pays off or the exploit chain comes together. That is usually a bunch of shouting and then rapidly trying to explain it all to my wife. Then depending on how tough it was (or how tired I am) it is either celebratory take-out from our favorite place or going out for a great dinner.”
Hadar Feldman @HadarFeldman
Security Researcher and Product Manager at Microsoft
“Whiskey”
Brandon Falk @gamozolabs
Security Researcher at Gamozo Labs
“Largely varies based on my expectations of the target. Could go anywhere from a “jeez finally” to “holy shit poppin bottles” Usually just an excited yell, and drinks with friends later that night”
Jon Sawyer @jcase
Offensive Security Researcher
“Significant one that will put food on the table? Rum. Everyday one? Notta”
Damien Miller @damienmiller
Information Security Researcher at Google
“Usually just have a glass of wine and enjoy the relief that something large is complete”
Ben Hunter @B_H101
Security and Malware Researcher at enSilo
“Honestly I just close the jira ticket, feel nice for 15 min and move on to the next thing”
Yarden Shafir @yarden_shafir
Software Engineer at CrowdStrike and Windows Internals Expert
“Usually just tell people about it a lot and move on to all the other tasks I was supposed to be doing while I worked on it”
Reflection
I believe celebrating success healthy praises our hard earned winning moments, which balance out the inevitable occasional shortcomings on the “roller coaster” of research (and life). I sincerely enjoyed learning each researcher’s celebratory tradition because it brought out his or her unique and interesting character, even though I didn’t publish everyone’s response. Furthermore, I wholly encourage following each of the security researchers mentioned on Twitter - I personally enjoy their tweets and the interesting research they publish.
I hope I managed to slightly brighten your day and maybe even remind you of more joyful times to help you get through this tough period.
Self plug: Follow me on Twitter @whtaguy for new blog posts and infosec tweets.
Let me know how you celebrate your infosec success in the comments or on twitter :)