Another year down, so it's 2018 review time!
doyler.net 2018 Review - Introduction
The timing was great this year, and I got to wait until after the 1st unlike last year.
No blogiversary post this year, but I'm hoping to do something special for my 200th consecutive post!
Lies, Damned Lies, and Statistics
First, I managed to beat my goal of 70,000 views by over 13%!
For the second year in a row, my most popular post was the pfSense DNSBL post. This is a very popular post, and is a very high result in a lot of organic traffic. My second and fourth most popular were about new wireless cards and configuration/installation, which are also mostly search engine traffic.
An even larger part of my traffic came from the US this year, but I still really like looking at this chart.
My traffic generation was still terrible, and this is definitely a place that I need to focus on next year. That said, it is nice having so many referrals from search engines.
While I cannot grab the search history for my entire year, my wireless card posts drove traffic for the last few months.
Unsurprisingly, GitHub is my most common for outgoing clicks. I've thought about adding referral and/or affiliate links for monetization, so this might be an option for 2019.
I still can't figure out what is causing my most popular day or time, but it is still different from last year's. While my most popular time is still 10am, the day changed from Monday to Wednesday.
Highlights
I was nowhere near my 2017 record of 689 views in one day. This year, my best day was 335 views on September 12th. That said, I made 0 Reddit links to my blog this year. I need to post more on Reddit, as that is where the burst traffic definitely comes from.
That day, it was mostly just generic traffic and views on the eCPPT post, which is always popular.
CTF Write-Ups
While this was a misc. category for my post last year, I got through a bunch this year! That said, I still have some that I'd like to finish from years ago, so hopefully I can get to them.
- Custom Cryptography + OSINT (EverSec CTF @ BSidesRDU)
- More EverSec S3 Subdomain Hijacking (BSidesRDU 2018)
- SQLite Injection in the EverSec CTF (BSidesRDU 2018)
- Zsteg for Easy Flags in the EverSec CTF (BSidesRDU 2018)
- Subdomain Hijacking in the EverSec CTF (BSides Raleigh ’17)
- EverSec CTF (BSides Raleigh 2017) Strange Data #3
- Nodejs Code Injection (EverSec CTF – BSides Raleigh 2017)
XSS
While I only had two XSS posts this year, they were still pretty neat. I've got some in my draft folder for next year, so I hope to finish those too.
Conferences
I went to another 6 conferences this year, and again spoke at 3! I don't really have at topic in mind yet, so these numbers may be smaller next year.
- BSidesRDU 2018 – Only the Names Have Changed
- DerbyCon 8 – Evolution
- Black Hat / DEF CON 26 – Talks > CTFs???
- (Speaker) BrrCon 2018 – Honestly, not Really that Cold
- (Speaker) BSides Denver 2018 – Hacking the Mile High City
- (Speaker) CarolinaCon 14 – Shall we Play a Game?
Assembly (x86)
I know I posted a lot about x86 this year, but that was due to the SLAE certification. This was a great course, and I definitely learned a ton. I didn't want to re-link all of my posts, just the most interesting ones here.
- Custom Shellcode Crypter – SLAE Exam Assignment #7
- Polymorphic Shellcode – SLAE Exam Assignment #6
- Shellcode Encoding – Random Bytewise XOR (SLAE Exam #4)
- Egg Hunter Shellcode – SLAE Exam Assignment #3
- Execve Shellcode – Includes Arguments and Generator!
Certifications
This year I managed to knock out another two certifications, which I'm definitely proud of. I haven't done my SLAE review/exam post yet, so I will just link to the first post I made about it. I plan on getting my OSCE next year, but I am not sure what else yet. I've already paid for the eCRE and the eCPTX, but I'm also looking at the pTrace Advanced Software Explotation as an option.
- GXPN Review – SANS660 (Advanced Penetration Testing, Exploit Writing, and Ethical Hacking)
- Assembly Hello World – Making SLAE Progress!
Tooling
I didn't release any updates for my most popular tools or release anything terribly novel. That said, if I include this category again, maybe I'll do better next year!
- Nmap Alarm – For When the Target Won’t Stay Online
- IpExpander v1.0 – Using Python netaddr to Expand IP Ranges
- Python dotx Conversion to docx for Automated Documents
Miscellaneous
I had a few other neat posts this year, that I wanted to re-share. The book review was a ton of work, and I'm still really proud of that one.
- WiFi QR Code Creation for Functional Decorations
- HELK Installation and Configuration – A Hunting I Will Go!
- Cracking Codes with Python by Al Sweigart – Book Review
- Extract Android Chrome Tabs via USB Debugging
- Indala Badge Cloning in macOS with Proxmark
Goals for 2019
Based on this year's statistics, plus my yearly insights, I should probably aim for 80,000 views next year.
That said, I almost hit that this year, so it doesn't feel like a great goal. I think I will aim for 85,000 views, but I'm willing to adjust this if I spend more time on traffic generation next year.
Other than that, I haven't missed a post in over three years now, and I don't plan on starting next year.
2018 Review - Conclusion
This was a great year for my blog, and it definitely kept me slightly motivated during some rougher times.
I also increased my average words per post a lot, which I hope speaks to their quality.
If you have any ideas for more topics, monetization ideas, or ways to branch out, then please let me know! I've got ideas of book(s), courses, consultancies, etc. always bouncing around in my head.
He currently serves as a Principal Penetration Testing Consultant for Secureworks. His previous position was a Senior Penetration Tester for a major financial institution.
When he's not figuring out what cert to get next or side project to work on, he enjoys playing video games, traveling, and watching sports.