2019 Review for doyler.net – Moving on Up

Last year is already over, so here is my 2019 review!

doyler.net 2019 Review - Introduction

If you haven't seen my other yearly review posts, this will be similar in style and formatting to those.

I ended up behind a few posts this year due to my break, but I still plan on finishing those up!

Statistics

I missed my goal of 85,000 views (as well as last year's 79,393) by a bit this year, but that's alright.

This is the third year that my most popular post was the pfSense DNSBL one. This post is mostly organic traffic, which is great. The rest of my top five were still related to wireless cards or attacks, so this is search engine traffic as well.

My US traffic was a bit lower this year, but this is always a fun graphic to look at.

I'm still bad at traffic generation, so I need to improve that in 2020.

I generated a report for my search traffic for all of 2019, which was cool to see. The searches are very similar to last year's, which is interesting to note.

GitHub is still far and away my biggest outgoing click, but it's also what I link to the most.

While Wednesday is still my most popular day, the time is now 9am (instead of 12pm).

Highlights

I finally have a new record for views in one day! On January 20th this year I had 874 views (up from 689 views in a day back in 2017).

There was a lot of traffic on my post from January 19th about a Vulnserver exploit.

CTF/Challenge Write-Ups

I had even more write-ups for CTFs and various challenges this year, so hopefully they were helpful.

There are also still some from older conferences that I've either been holding onto or procrastinating on.

• Casino Royale VulnHub Walkthrough – Bond, James Bond
• Intigriti XSS Challenge – Fun with DOM XSS
• Cracking 256-bit RSA Keys – Surprisingly Simple!
• Bank of America CTF – Challenge Coins @ DerbyCon 9
• BofA CTF Part 2 – Climbing the Scoreboard (DerbyCon 9)
• BofA Forensics and Volatility for the Win (DerbyCon 9)
• FaradaySec CTF – JavaScript Encryption Plus Trolling
• BSides RDU EverSec CTF – Challenge Solutions
• Reverse Electron Apps – EverSecMeet at BSidesRDU
• Using SerializationDumper for Java Deserialization and CTFs
• CSP Bypass via old jQuery – Thanks parseHTML!
• Hack the Box Nibbles Walkthrough – First HtB!

Conferences

I only attended a few conferences this year, and only spoke at one of them.

I'm hoping to speak at some more next year, but I still don't have a topic in mind yet.

• NorthSec 2019 – Into the Great White North
• (Speaker) BSidesRDU 2019 – Security Dumpster Fire
• DerbyCon 9 - Finish Line (September 2019)

2019 Review - Disclosures/Vulnerability Write-ups

I reported a few vulnerabilities this year and got to release the public disclosures along with the CVE information.

There was also a fun finding that I had on a production system, shortly after someone else's disclosure.

• (Mine) PTC ThingWorx Vulnerability (CVE-2018-20092)
• (Mine) NateMail Vulnerabilities (3.0.15) – XSS (CVE-2019-13392) and Open Redirect
• Jira Username Enumeration (CVE-2019-8446)

XSS

XSS wasn't a priority of mine this year, but I still wrote posts for three different filter bypasses.

• XSS Without Spaces – Finally, an Easier Filter
• Referer XSS with a Side of Link Injection
• XSS Without Slashes – A Little Bit Harder Now

Certifications

While it seemed like a slower year, I finished and/or blogged about two new certifications in 2019

• SLAE Review and Exam – SecurityTube Linux Assembly Expert
• OSCE Review and Exam – I Tried (Even) Harder!

2019 Review - Vulnserver

I worked on a few vulnserver exploits as well, as preparation for my OSCE as well as fun afterwards. I still want to finish every command, so stay on the lookout for those posts.

• Three Byte Overwrite to Exploit Vulnserver TRUN
• Vulnserver TRUN – This Time, We Go Vanilla (EIP)
• Vulnserver LTER – Extreme SEH Overwrite (Part 1)
• Vulnserver LTER SEH Continued (Part 2)
• Vulnserver LTER EIP Overwrite – A Little Easier This Time

Miscellaneous

I also had a few other posts this year that I wanted to re-share.

• Boofuzz Introduction – Installation and Basic Usage
• PMKID Attack Using Hcxdumptool and Hashcat
• IKE Aggressive Mode VPN – ike-scan + ikeforce
• AFL Introduction – Installation and Basic Fuzzing
• Basic xortool Usage and Flag Capturing
• Fan Hacking 101 – All Your Fans are Belong to Us

Goals for 2020

Based on this year's stats, plus what happened, I'm going to set my goal back down to 80,000 views for next year.

I also want to finish my goal of 1337+ Twitter followers, which I'm pretty close to already.

2019 Review - Conclusion

This was another great year, and I'm glad that I've stuck with this for so long.

I increased my average words per post AGAIN, from 1132 to 1151.

I'm always open for monetization ideas, branching out, or guest posts, so let me know!

doyler

Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.

When he's not figuring out what cert to get next or side project to work on, he enjoys playing video games, traveling, and watching sports.

Common passed on this blog, I made it to a jam.