It’s mad to think that I’ve been working here for nearly a year now! I still get super excited whenever someone asks me to explain what I do for a living: ‘I hack things, and teach other people how to hack things’ – and I bloody love it! I’m on the offensive side of cybersecurity which, at Immersive Labs, means I spend a lot of time breaking things and making things for other people to break.
My work day starts with a cup of tea, as any self-respecting day should. I check my emails then start on a technical quality assessment (tech QA) that has sidled into my in-tray. A tech QA involves playing through a teammate’s lab before it goes live onto the platform. The aim is to check that the lab does what it says in the ‘Learning Outcomes’. I can make a solid start on this one before the morning stand-up.
The first of many cups of tea for the day...
Lockdown is tough, but as a company and a team, we’re trying to make the best of it. We now have daily standups at 09:45 to check in with the team. Some of these are optional so you can join if you wish to see a friendly face, and we skip them on our 10% time day to reduce Zoom fatigue. It’s hard not to miss the office atmosphere, but we have discovered that several members of the content team can run a cracking virtual pub quiz!
When you just can't get comfortable, you gotta get creative...
After the standup, I check in with one of our newest recruits in the content team. She’s only been here a few weeks but she’s off to a flying start. She knows what she’s doing so I leave her to it.
I finish up the tech QA and send it back with some requests for changes. Now I can turn my attention to the CANBus labs which are all in various states of tech QA. CANBus is the technology used in modern cars, and for the past few months I’ve been working with a contractor to build a series of labs on car hacking. The contractor is an awesome dude who’s a wiz at hacking vehicles! I, on the other hand, have been learning on the fly. We’re almost ready to release the first set of labs — they’re really quite different to any of our current labs but they’re shaping up nicely and I’m excited to see them go live.
I’m trying to work out the best way to document the series in our Git repository. After attempting different approaches I message one of my fellow contenteers to ask his advice. This leads to a Slack call to discuss the best method and what processes should be put in place for outlier scenarios like this one. Whilst on the call I also quiz him about Docker permissions, as one of my lab uplifts has been giving me grief. He’s able to determine the cause of my Docker issue, suggest a solution and also come up with a plan for the CANBus series.
Just hacking the mainframe...
The call took me up to lunchtime, but I now know more about Docker then I did before — always a win. Plus, I now know how to debug it if the error crops up in future endeavours.
There are a couple of meetings after lunch. The first is with the entire content team to review what everyone has been up to during the last two weeks. It’s a good chance to find out what day-to-day work is like for the different sub-teams. It also provides an opportunity to raise blockers and get assistance from other members of the team. The following meeting is with a few select members of the content team — those involved with the web app hacking series. It’s what I’ll move back to when the CANBus series is finished, only this time I’ll be collaborating on it with another of our new recruits. I’m looking forward to working with him: he has a lot more experience in application hacking and it will be great to have someone to bounce ideas off.
After the meetings, I do some more work on the lab uplift now that we’ve determined the offending lines of code. It’s one of our older labs so I’m uplifting it to match our current style of content and to update the tech stack to our new structure. It becomes an interesting challenge of optimizing the Docker container and using the full extent of the layers and technology created to support the lab building process. It’s enjoyable and I find the more I learn about Docker the more I appreciate it. I also love the thought and effort that has gone into our GitHub repository to make Docker more accessible for the team — it’s an elegant solution, and very satisfying to work with.
As the day comes to a close I resubmit my pull request with the changes and improvements I’ve added. I check my emails once more, only to find that another CANBus lab has been tech QAed. It’s cleared all the checks so I send it onto the next stage. That will do for today. I end the day as I started it: with another cup of tea.
If you're looking for a new job, we'd love to hear from you. Browse our open job opportunities and find out more about #LifeAtImmersiveLabs here:
25 February 2021
Latest Blog posts
Patch Newsday: 14 September 2021 – Lousy Browsers and Arsey RCEs
15 September 2021
Analyzing the CVE-2021-40444 exploit
13 September 2021
Take the power back: Tool-up against a notorious global threat group with our new FIN7 series
13 September 2021
Episode 44: Rotten Apple or Privacy Nuts?
2 September 2021
Patch Newsday 10 August: Ironic exploitation and the spectre of PrintNightmare
10 August 2021
Kaseya supply chain attack: Prepare to respond with the Cyber Crisis Simulator
27 July 2021