Knowing Null: 0x00pf pico - A Little Bit Of Everything (Even Security!)

interview

#1

Hello again!

It’s been a while since the last Knowing Null. For those of you knew to the series, my name is skidd0 and Knowing Null is an interview series where I pester and prod the top minds of 0x00sec about themselves and then post it all publicly–a dream come true for us paranoid hackers!

Today, we’ve got an O.G. from the old guard: @0x00pf

Be sure to cast your vote in the poll at the bottom for who should be my next guest. Here we go!

Professional career and advice

  1. For starters, can you tell us a bit about yourself and your current role/job/work?

I’m a telecommunications engineer specialised on computer networks and signal processing. Currently I work as system engineer. This roughly means that I build systems were SW is the central element but it isn’t isolated. That SW has to run on specific HW, specific networks, specific protocols… And you need to bring all this pieces together.

You may be coding, reviewing requirements, configuring firewalls, analysing the power consumption of some device/schematics, purchasing HW, debugging a protocol with wireshark, drawing up test plans, discussing clauses in contracts and attending lots of meetings. Switching context may be a bit stressing sometimes :slight_smile:

  1. How did you first get into the field? (What was your first hack?)

Strictly speaking, I do not work on security, even when security is part of my job. A small part. So I’ll answer the second question instead.

Those of you that know me, have heard me saying that, infosec is just one facet of hacking. So what I consider my first hack is not related to security at all.

It actually was a self-modifying BASIC program that re-writes part of itself at run-time based on user inputs. It was a nice reverse engineering exercise to figure out the tokenized representation of BASIC programs. I’m still proud of it after all these years.

On a more security related context I would say that my first hack was cracking a game to get infinite lives. I loved to see game’s artwork, but I have always been a bad gamer… So I learned to hack games just to go through all the screens and enjoy all the pixelart from the 80s :slight_smile: . That helped a lot to get fluent with assembly.

  1. Can you give a rough map from your beginnings to where you are now?

I have to say I’m quite old, probably one of the oldest around here, so it is going to be pretty long map :slight_smile:

  • Started learning BASIC on a Z80A (3.58MHz) computer in the 80s and then assembly. I also learned a lot about programming hardware (that computer had specific video and audio chips, it even had an 8255), manage interrupts and other low level stuff.
  • Then I’ve got a PC-XT (8088-2 8MHz) and learned x86 assembly and explored again HW programming (8259 PIC, video, etc…) and MS-DOS internals (TSRs programs, hooking on int 0x21 and so forth).
  • Then I learned Pascal. Structured programming, recursion, dynamic data structures (lists, trees, etc…). All this stuff was facinating for somebody that only knew BASIC and ASM
  • C was next and become my preferred language.
  • At that time I also started university and got more interest on electronics, signal processing, information theory and advanced math… I’d got a 386SX at 16MHz :scream:
  • During those years I did a lot of signal processing/scientific SW (FFTs, digital filtering, math) and graphical programming playing with VGA registers and the VESA extensions for high resolution modes. All that required a lot of optimisation for the programs to work well in a 16MHz CPU.
  • Got an account on a SystemV machine and Internet access using a VT220 terminal. No web at that time. Just FTP or FTP-Mail, rudimentary text interfaces over telnet and sometimes a Gopher server popped up. Usenet was a good source of info. Learned a bit of UNIX and started reading RFCs
  • Then around mid-90s. Got into Windows programming. Windows 3.11, WIN16 API. Then WIN32, GDI, DirectX, concurrency, all that stuff. Windows 95 didn’t worked well so I moved to GNU/Linux and got access to all those cool programming languages.
  • In the meantime learned Motorola’s 68K assembly at Uni. It was beautiful compared to Intel. Well designed, clean and elegant… I just had to say that :slight_smile:
  • Then learned TCL/TK, Java, Xlib, Mottif, GTK and SDL programming, SystemV IPC, networking.
  • Explored web development in its early stages: HTML, CGIs (got into Perl), PHP. Servlets/JSP came a bit later.
  • Learned C++ in the late 90s. Then looked into Smalltalk, CLOS, Self, Eiffel, Beta/gBeta… and realised C++ sucked and was the ugliest OOP language ever. Just my opinion. You guys can keep suffering it XD
  • Uni was over and started to work. I worked in many different companies and positions: Researcher on computer vision, system engineer, database design/admin, web developer, development of lab equipment, distributed systems, all kind of funny buses/devices came along (VXI, cPCI, GPIB, RS-XXX, …), 3D visualisation… and more.

That is roughly it. At work I had to do a lot of different things and learned much more, but it was easier to jump into those new topics that the first steps I mentioned above.

So, as you can see I have never been really into security. But security has been around all the time :slight_smile:

  1. What is one of the biggest struggles you overcame? And what’s been the biggest lesson you’ve learned in your career?

I think the biggest struggles is to deal with management. It is funny when they force you to provide an unrealistic schedule for a project and then the project gets delayed beyond your original estimations…That just makes projects stressful and inefficient and promotes crappy results.

My lessons learned. Everything you learn, sooner or later will be useful, if you are in the right path (I mean you learn about what you like and you work on what you like). For instance, many people say: I waste my time at university learning things not useful to me . When this happens, it usually means that you are on the wrong path, learning something and wanting to do something else. Choose the right path for you and everything will be smooth. And, yes, this sounds easier than it really is.

Another lesson I learned is that technology keeps repeating. What I had learned in the 80s I have seen it again and again on supposedly new technologies for decades… new consoles, new microcontrollers, the IOT devices. That made very easy for me to jump into them even when they where brand-new :slight_smile: . Also reading the classics (CS papers from the 60s) give you a different point of view with regards to those not-so-new technologies.

  1. Any advice for someone trying to land in a similar role/job?

Just do what you like, even when it doesn’t look like something immediately useful for a job. Just keep doing things and opportunities will pop-up. Opportunities will be aligned with what you do… that’s why you have to do what you like :slight_smile:

That is to get in a role like mine. However, I do not think many people will like to land in a similar role/job :slight_smile:

Fun, personal stuff

  1. Windows, Mac, or Linux? What do you run?

GNU/Linux

  1. Programming language(s) of choice?

C and Perl for scripting… Python is for wimps :slight_smile: (just trolling, to get some warm flames in the comments :slight_smile: )

  1. Do you use a mechanical keyboard? Is it ortholinear?

No

  1. Do you have any other hobbies or interests outside of infosec?

As many others, I do exercise. I have found the philosophy of sports and hacking very similar. Learn the basics, get a good foundation and then progress… At the beginning things may look impossible, but if you keep going you end up mastering the thing. And it feels good.

Remember Mens Sana in Corpore Sano. Just move!

  1. Any other fun gadgets or hardware at home/the office?

Nothing really fun. I have a good collection of different microcontrollers (AVRs, Propellers, Arduinos, Teensies, NodeMCUs…), SBCs and small routers to play with. I usually have cool devices at my office but I cannot talk about those :slight_smile:

Final Stuff

  1. How’d you find 0x00sec?

I was a NullByte author when the excision happened. There was a discussion on IRC about the issue and in a couple of days 0x00sec was up and I’ve got registered. I actually was one of the few people that submitted a post as a pull request on github, before discourse was chosen as the final/current platform :slight_smile:

  1. Any other fun fact or detail you’d like to share with the community?

I always found funny that I’ve got into infosec (as a hobbyist), out of my ignorance. I think that is why I’m pretty fine with ignorance, and have problems tolerating stupidity.

I start looking into all this stuff many years ago, when I though I was hacked. I think that happen to many of us. I was surfing the web very late at night and suddenly my hard drive started to spin like crazy. I thought somebody broke in my computer and was scanning the whole hard-drive. I’d got disconnected and I realised that I didn’t know how to figure out what happened. Got a bunch of documents and read non-stop for days. After that, I find out that the disk spinning was caused by the cronjob that generates the indexes for tools like locate or whereis , that was schedule late at night :). So I felt stupid, but I learned a lot and got more interested on the topic :slight_smile:

That was more than 15 years ago. A few years later I forgot about infosec and got more interested on other stuff. Then not long ago something similar happened to me and I jumped again into this… and know what?.. things haven’t changed much in 15 years XDDD.

  1. Do you have any advice for new, up-and-coming hackers?

If you just want to be a hacker you are screwed. Sorry guys. If you want to know how things work… then you will eventually become a hacker. It is a matter of having the right motivation and goals. At least this is how I see it… the classical way. You are a hacker when others hackers call you hacker . Calling yourself hacker is pretty lame . Sorry again guys.

On top of that, learn the basics , even when they look useless nowadays. The basics give you perspective and helps to set-up the right mindset with simpler concepts. Furthermore, getting to understand the basics will let you understand anything new way faster… That is because most of the new stuff is not really new :slight_smile:

Note that this two things go side by side. If you want to know how things work you will eventually have to learn the basics. If you just want to be a hacker you will just go for the cool tools (somebody else wrote) and you won’t learn a shit. You become just another skid.

Just my humble opinion of course.

  1. Is there anything you’d like to say to the 0x00sec community?

You are awesome gals and guys!. There are tons of talent in here and I’m very glad to see young people interested on learning and researching and sharing. That is really encouraging for somebody like me that have been sharing that view for many years… 0x00sec rocks!

  1. Can you give us a HEX for your hat “color”?

#C0FFEE

Thanks for joining! Vote below for our next guest. See you then!

  • Nitrax
  • maderas
  • dtm
  • IoTh1nkN0t
  • _py
  • nugget
  • egy
  • Rain
  • slobber
  • yuu

0 voters


(Eye Have You) #2

Wonderful interview!

I’m still new to the community, and though I’ve done plenty of research myself I’d say I’m just getting my foot in the door in regards to hacking, so it’s nice to see things like this that help to give newcomers like me perspective on where I am and where life could lead me.

This is great advice! In fact, “All knowledge is useful knowledge” is a personal mantra of mine (or at the very least should be). Any time I find myself wondering if I’m wasting my time focusing on something that might be seen as “useless” I remind myself that just because I might not see a point to the knowledge in the moment, it may be applicable in unexpected circumstances.

:fire: :fire: :fire: (as requested <3)


#3

I knew @0x00pf was an absolute titan but I didn’t know he was actually a God.


(Security Architect & Founder) #4

Bro, about damn time.

@0x00pf is a long living legend, and he’s given so much to this community.

Without members like Pico, this place wouldn’t exist today.


#5

Awesome to finally get a Knowing Null about @0x00pf,
like @pry0cc said, would for sure not be the same without his amazing posts!


#6

I must admit that these interviews are awesome! Keep going :slight_smile: !


(Cawabunga) #7

Thats what i thought!

“Knowing Null” is great! I love it!
Thank you bros


(Dawn Michelle Kimber) #8

These interviews are great! I am new to the community, and this gives me something to strive for!


#9

Quality interview!!! I am truly amazed by the community. Great quotes and lessons to be learned from here. Thanks pico!

P.S: well-picked title as usual skiddo : )