This page has been machine-translated from the original page.
With half of 2021 coming to an end today, I started writing this retrospective post to look back on what I have worked on this year and to revise my goals for the second half.
My goals at the start of 2021
So, to start abruptly, these were the goals I had set for myself on January 1, 2021.
- Develop my own Raspberry Pi OS
- Become able to solve reversing challenges in CTFs
- Reach light blue in AtCoder
- Reach HackTheBox ProHacker
- Update my blog seriously
- Write a technical doujin book
- Make OSS commits
- Obtain CISSP / PenTest+
- Obtain higher-level Azure certifications
- Become a little better at Rust and CWhat I achieved
Among these goals, I was able to accomplish several of them.
First, I successfully reached “HackTheBox ProHacker.”
As for “become able to solve reversing challenges in CTFs,” the goal itself is a bit vague, so it is hard to judge, but I was able to fully solve the Rev challenges in beginner-friendly CTFs such as WaniCTF and SECCON for Beginners, so I think it is fair to count that as achieved.
I also achieved the “OSS commits” goal.
I sent a few pull requests to the open-source YARA repository, and they were successfully merged.
Things I am still working on
Next are the things I am still working on.
Regarding “write a technical doujin book,” I will be exhibiting at Tech Book Fest 11 in July, so I am writing hard for it now.
Proofreading and reviews still lie ahead, but for now I already have something close to 100 pages, so I think I can at least manage to publish it.
As for “update my blog seriously,” I have been writing at a pace of a few posts per month, so I think it is fair to say that things are going smoothly.
Regarding “reach light blue in AtCoder,” I have still been participating in contests.
In May, I even managed to get my first light-blue performance.
However, I still have not even reached green, so it looks like I have a long way to go.
As for “become a little better at Rust and C,” I have been reading books about Rust and occasionally writing C and C++ in CTFs and competitive programming, so I will mark that as in progress.
To be honest, I feel like I do not need to touch Rust right now, so for a while I plan to focus mainly on C++.
Things I have not done at all
I will also write down the things I have not worked on at this point.
I wrote “develop my own Raspberry Pi OS,” but I have done nothing on that front.
I have been busy recently and have let books like the Mikan OS book and embedded-OS books pile up, so I want to get through them properly before the end of the year.
I have also done nothing toward “obtaining CISSP / PenTest+” or “obtaining higher-level Azure certifications.”
Why is it that I have no motivation at all for certification study…?
That is a challenge for the future.
New things I started / things I am thinking of starting
Although I did not list them as goals, there are also things I started this year or am thinking of starting.
The first new thing I started this year was “web application development.”
I am not a programmer, so until now I had basically only written code as a hobby, but this year I joined an NPO that develops services as pro bono work, and that led me to do things resembling team development from time to time.
The next thing I started was “studying English.”
That said, I have been slacking lately.
When I think about my future in various ways, I feel like I should at least be able to handle business communication, but I cannot quite get motivated, so all I feel is impatience.
Other things I am thinking of trying in the future are “creating CTF problems” and “video streaming.”
As for “creating CTF problems,” I am thinking of doing it completely for my own study. I think it would be fun to place the problems I create on some server and make it feel like a permanent CTF.
As for “video streaming,” I am a little interested in VR modeling, so I am thinking of creating some avatar and casually trying video streaming. Inspired by kurenaif.
What I worked on month by month
Now then, I roughly recalled what I did over the last six months, so I will record it here.
January
At the beginning of the year, I was working quite a lot on my own OS.
I finished a second pass through the blue DIY-OS book, and I think my understanding deepened quite a bit.
January was also when I became brown in AtCoder.
At the time I was riding a streak of green-level performances and felt the momentum building, so I was thinking, “A rank-up is just around the corner!” But even after half a year I am still brown. Hang in there.
In the second half of January, I also went back through the Spiral book.
I got through it all, but I still feel weak on the fundamentals, so I need to review it again.
February
In February, I mainly focused on competitive programming.
I also tried creating a VR avatar.
In the latter half of February, I reduced the pace of competitive programming and resumed HackTheBox.
I think that was because I had started being able to solve active Medium boxes and could see ProHacker coming into view.
March
Continuing from February, I mainly worked on competitive programming and HackTheBox.
This was also around the time I reached ProHacker.
I was still steadily working on my own OS in March as well, including reviewing and modifying Haribote OS.
I also published Haribote OS built inside a WSL2 Docker container.
April
In April, I participated in picoCTF2021.
I feel like that was when my CTF motivation really took off.
In picoCTF, the ARM assembly challenge taught me a lot, so I also wrote a write-up.
It was also around this time that I started carefully investigating and verifying vulnerabilities.
In April, I wrote about HeartBleed and Blue.
Windows kernel debugging was seriously tough…
- Learning the Heartbleed vulnerability with HackTheBox “Valentine” - Qiita
- Learning the EternalBlue vulnerability with HackTheBox “Blue” - Qiita
Besides picoCTF, in April I also participated in angstromCTF, hackpacCTF, and heroCTF.
That was quite a lot.
I mainly work on reversing challenges, and there were some CTFs that I fully cleared, so I can feel myself gradually improving.
May
I boldly signed up for Tech Book Fest, so I spent about half of May dedicating my resources to writing.
In May, I participated in WaniCTF and SECCON for Beginners, and in both cases I completely cleared the reversing challenges, which felt very rewarding.
I also participated in dctf and pwn2win, but I retired early from pwn2win because it did not seem like the organizers wanted anyone to solve the reversing challenges at all (despite top-class teams taking part, the solver count was almost zero).
As for competitive programming, I bombed an ABC at the start of May with zero solves and lost 100 rating points, which broke my spirit. On top of that, I was busy with writing, pro bono work, and CTFs, so I slacked off for about three weeks.
In the contest at the end of the month, I achieved my personal best by getting a light-blue performance for the first time in a quick gray-difficulty solve race.
Looking toward the second half of 2021
As usual, in 2021 I had too many things I wanted to do and kept my hands in all kinds of areas.
Being curiosity-driven is nothing new for me, so I think it is fine if I continue to devote myself to whatever feels enjoyable at the time.
That said, since this is a retrospective, I do want to review my goals.
In the second half of 2021, I especially want to focus on the following.
- Reach light blue in AtCoder
- Become able to solve Rev/Crypto/Pwn
- Take the TOEIC
- Bug huntingAs for competitive programming, at this point I am continuing mostly out of stubbornness and frustration, and progress has been hard to come by. Reaching light blue within the year may be a high bar, but I want to do my best somehow.
For CTFs, although I have focused mainly on reversing until now, I want to start taking on crypto and pwn as well.
I especially want to work on crypto aggressively, because I have heard it also helps with mathematics and competitive programming.
As for the TOEIC, I have actually never taken the real exam even once, so for now I at least want to sit for it.
As for studying… I have to do it.
For bug hunting, I want to take on a new challenge in the latter half of this year.
A bounty may be difficult right away, but I would at least like to get a CVE.
So, with half of this year already gone, I will keep doing my best for the rest of it.