HTB (Hack The Box) offers a free and premium (VIP) tier for its members. It’s a great platform for learning ethical hacking (along with Try Hack Me). I promised myself that after I’d gotten through the free content that I would treat myself to VIP membership, but have yet to do so. You see, I discovered that there are unintended benefits of free membership. In addition to lots of free content including the seasons machines, there is a little known way of learning on HTB: Peer snooping.
You see, when you access a machine via a non-VIP account you are essentially sharing the (virtual) machine with other users. And when you have a foothold on a box and you are stuck on privilege escalation you can snoop on other players. You can look at who else is logged on and you can monitor what they are doing. You can see what tools, commands, CVEs, etc they are trying and can learn from them.
So next time you are trying a HTB machine and you have a foothold (a login with shell) try snooping on others that are also trying to pwn the machine. You may learn something.
Avatar tracking
People are attached to images, especially the ones they use to represent themselves online. Even if it’s not a photo of themselves, it will usually mean something to them and can be unique on a pixel-level.
With services like Gravatar it’s easier to track someone by their avatar. Grab a copy of their avatar and paste it into reverse image search engines and you could find where that image has been used across the net. You could find the email addresses and accounts associated with that individual. You could build a map of their haunts online.
Your avatar is like a fingerprint. It allows you to be tracked almost as much as an email address. So take care when creating yours.
Only so many books
I read an article once on the art of finishing. It was more how to end something than finish it. If you are several chapters into a book and you are not enjoying it, put it down and read something else. Don’t force yourself to keep going in the hope that it gets better. If you are 15-20 minutes into a TV show or movie and you are bored just turn it off and go find something more interesting to watch.
There are so many books in this world that there really is no excuse to waste your time reading something boring. There are only so many books that you can read.
Take the average life expectancy for your country and gender, minus your current age, and times by twelve. Now times that by the amount of books that you generally read in a month. That’s how many books you have left to read, in theory. I’m guessing that it’s not a huge number. So why waste time on books that don’t interest you? Fill the time with books you enjoy. There are only so many books you can read.
The price of beer
Have you noticed how a trip into your nearest town will expose you to a wide range of prices when it comes to beer?
And by this I mean exactly the same beer.
You could pop into your local Wetherspoons and pay 1.99 a pint, and then nip into an independent and pay anywhere from 2.55 to 4.50 for the same pint, or an upmarket themed pub and pay 7.99 for the same exact pint?
So what’s going on here? What are you actually paying for? Is it the beer, the staff plus bricks and mortar overheads, tax, the ambience, or something else? How can the same product vary in price by so much?
Thoughts?
Car modifications vs insurance
Over the years I’ve modified many cars that I’ve owned. Everything from small modifications that improve security or passenger comfort, to engine, suspension, and braking modifications. And there’s one thing I’ve learned with insurance companies. It’s how you explain the nature of modification in terms of how it affects performance and risk that affects the cost of your insurance.
One of the many jobs I’ve had in my career was working on the development of car insurance software and I got to see first hand how the process works behind the scenes. You essentially start off with a baseline insurance quote based on the stock version of your vehicle. Then you add the modifications, and the underwriter, the actual company that will insure the vehicle, reviews the modifications based on their understanding of the changes made, plus algorithms involving risk, the amount of time the car is likely to be driven on the road, etc. Then an additional amount is arrived at and added to the baseline cost to provide you with your individual quote.
So the key here is to ensure that you correctly inform your insurance company about all modifications that have been made to the vehicle, while trying to get the lowest quote you can. And there is an art in doing this.
Note: You must inform your insurance company of every and all modifications that have been made to the vehicle otherwise your insurance is null and void. It does not pay to lie! Many modifications are now standard, in that they are a selectable option, such as alloy wheels, wider wheel arches etc. Here I am talking about modifications which can be interpreted or stated in different ways.
As an example I once modified an Austin Mini by installing a ‘stage 1 kit’. There are at least two ways of informing the insurance company about this particular modification, those being that:
1 – I have increased the vehicle’s bhp by 20%
2 – I have increased the vehicle’s bhp by 8bhp
Both are factually correct. However as an experiment when repeating statement one to the potential insurer I was quoted a three-figure increase to my insurance, whereas with statement two they said it’s so low that they will note it on my policy but that it would not affect the premium in any way.
Notice the difference?
The art of patching software
Patching software can be a fine art.
I mean, when do you do it?
Too soon and you run the risk of a bricked device or loss of services due to an unforeseen bug or inadequate testing.
Too late and you risk exposing yourself to CVEs and known vulnerabilities.
It’s a fine art working out just when to take a software update. It pays to backup first so that you have a recovery option should an early update fail. You can then restore from backup and wait until the patch is stable before trying again.
So when do you patch?
The most expensive liquid is..
..printer ink.
No seriously, I have been thinking about this for some time. By volume printer ink is one of the most expensive liquids known to man. It’s so expensive that supermarkets have even taken to putting security tags on the cartridges it sells to reduce theft. It’s more expensive than alcohol and most top-shelf perfumes per volume.
Long gone are the days where you would take your USB sticks to a print centre to print copies of your resume (CV) or dissertation. Nowadays most people want to print from the comfort of their own home using their inkjet printer. And they apparently are prepared to pay to do so.
Buying a new or replacement printer generally involves weighing up the cost of the ink. Most manufacturers will sell you a printer at cost or even a loss knowing that they will make the money back on the ink. With third-party ink sellers trying to steal market share they’ll try every trick in the book to make sure that you buy their ink using firmware updates that ensure that third-party ink is not recognised, or makes it appear to run-out sooner, to selling you ink subscriptions that automatically send you ink when you are getting low, at a premium of course.
Considering that we are talking millilitres here not litres it’s amazing that you are paying a small fortune for such a small quantity of liquid, yet somehow the home printing industry has mastered the art of making liquid gold.
Real friends vs acquaintances
I’ve been thinking a lot about friends recently. Thinking about the difference between real friends and acquaintances. A friend, to me, is someone you’ve hung out with, had beers or coffee with while discussing life for many hours over periods of time. people that you invite to parties etc. Whereas an acquaintance is someone you’ve met, maybe you worked with them, were introduced to them at a party, or just connected to them on LinkedIn after meeting them at a networking event, and have retained some form of connection.
I tend to keep in touch with both, otherwise you tend to lose contact and an acquaintance then becomes someone you knew, once, long ago.
I’ve been thinking more and more about the definition of a true friend, a real friend. It’s rare for us to have more than a handful of these, if any. My mother (and grandmother) used to say that if they didn’t make a regular effort to keep in touch with their ‘friends’ then they would lose touch altogether. But is that the definition of a friend? A true friend? If you are the one that has to do all the work to keep that connection alive, and if you stop you will never hear from them again, is that friendship, or just networking?
I realised that I had become the third generation in my family that carries out this process of ‘maintaining friends’. So I took a look at my list of ‘friends’ and wondered: if I did not reach out to any of them for a long period of time, would they even notice? How many would reach out to check if I was ok?
I’d already decided that I needed a digital detox for a while and decided to combine it with the following experiment: I would not contact anyone for 6 months and see what happens. I included literally every person I knew – family and friend – in this experiment.
My immediate family reached out in the first week of course. After a month three friends reached out to see if I was ok. Two more after about two months. Then one at about the four month mark, but only because they wanted something and not to see how I was. That was it. Five people out of about 600+ across my socials and contact list in 6 months.
I discussed the experiment with various people and I learned that a lot of them generally have an immediate circle of very close friends and family and everyone else is outside of that, and that they can be generally lazy in terms of keeping in touch with those outside, but that doesn’t mean they are any less of a friend despite no contact for a period of time, even years. It’s just that they don’t view friendships and contact in the same way that others might.
For me it was a useful exercise as it allowed me to re-focus my effort to be close friends with those that want to be in regular contact and will reach out if you drop off the grid for longer than usual. It doesn’t mean I’m now less of a friend to everyone else, they are just in a different circle. Let’s call them acquaintances.
The work-life balance
Having a work-life balance is very important. You don’t live to work, you work to live. You work to pay the bills and have a comfortable life.
I’ve previously mentioned that it’s worth knowing how much it costs to fund your lifestyle. This is very important so you know how much you need to earn in order to keep a roof over your head and food on the table. If you can work smarter, not harder, all the better. It’s a great feeling to know that you only need to work three to six months a year to pay the bills for the whole year. You can then take time off or have long breaks between employments.
When I first started dating my wife (to-be), she was an employee with an annual holiday allowance of 25-days. We would look at the calendar for the upcoming year and note all the bank holidays and take those 25-days and use them to make weekends longer here and there and bank-holiday weekends even longer. We worked out that we could have short breaks every month. We would plan out where we were going next, somewhere in our home country or maybe abroad. Both the holiday itself and the anticipation of the upcoming holiday helped maintain a great work-life balance. We would often have 12 holidays a year. One year we had 14!
Another thing I like to do is to take “me days”. These are days when I know that no one is going to be home during the day. My wife will be out and the kids will be at school and I’ll have the place to myself. I’ll book it a month in advance so both my clients and family are ok with the date. Then I’ll start planning what food I’ll have. Maybe pizza or a takeaway. What snacks I’ll have and what beer I’ll be drinking. Not the large packs of beer but a carefully chosen selection of real ales from independent breweries. Then I’ll choose what video game I’ll be playing or movies I’ll watch. It may sound strange to you but this is heaven to me. I’ll get up, have my favourite breakfast and I’ll probably stay in my PJs all day long. I’ll play my video games and watch TV with no interruptions. After lunch I’ll open my first beer and continue gaming until the family comes home. Sometimes they’ll just leave me gaming till bedtime. Bliss!
Your “me day” may be different. Maybe you prefer a spa day or a day at the golf course or racetrack. Whatever your preference, the key is to just take a me day every once in a while to unwind, chill-out and enjoy yourself.
I had a colleague once to whom I explained the concept of ‘me days’ and who informed me that he couldn’t do it as he’ll be leaving money on the table. His thinking was that a day off meant a day’s money lost. Going from contract to contract working every day to earn as much money as you can is no way to live. Would you not rather enjoy what you do and be able to afford to take time off whenever you wanted?
Another rule of mine is that I don’t work my birthday. It’s the biggest ‘me day’ of the year so no way am I working that day. I’m far too busy celebrating me.
One other thing I’d like to point out about a good work-life balance is that the power people have over you is an illusion. Think about that for a second. When you are interviewing and are negotiating terms, at no point in the conversation does your new client say “..and I will have the right to berate you, to talk down at you, to shout at you when I feel like it, and generally treat you badly”, yet this happens. I’ve had clients shout at me as if they own me. They don’t. If you let them treat you this way then you are giving them the illusion of power and they will continue and this can lead to stress, anxiety and other mental health issues developing. The trick is to nip this in the bud quickly. Do it calmly and professionally but make sure that they understand that this is not acceptable and that if they cannot continue to be professional then you are prepared to walk away from the contract.
So remember that your health and well-being comes first. You are working so that you and your family can have a good life. You are not working just to work or just to earn money. You want a great life and you need money to do that, but not at the expense of your well-being.
Family and health come first!
Job security is a myth
In the past, many people would leave education and commit to a single company for their entire career, retiring after decades of service. Those days are behind us. Today, both freelancers and employees can expect to work for more than five companies over their careers.
Gaining experience across different companies provides valuable insights into what works and what doesn’t. Each role offers lessons, whether positive or negative. You’ll observe various approaches to solving common problems and may even bring your past experiences to the table, helping to address challenges in new ways.
Diversity in your career can be both enriching and enjoyable. Working across different sectors can broaden your skill set and expose you to unique experiences. For instance, I once found myself back in an office where I had previously worked, but with a different client, project manager, and team—only I was the constant. In another instance, I jokingly noted in a meeting that, if awarded the contract, I would have worked on every floor of the building, having already tackled projects on four out of five floors for various clients. I got the contract and completed the set!
Embrace new opportunities and don’t shy away from stepping outside your comfort zone—but always manage the associated risks.
Whenever I join a new company, I often encounter employees who express admiration for freelancing but deem it too risky. Even after discussing risk mitigation strategies, they often cling to the notion of job security. I once had a conversation with two managers in the company canteen. When I asked them what they meant by “job security,” they replied, “We are both managers here, so the company must give us three months’ notice.”
I then pointed out, “So you’re saying you have three months of job security?” To which they said yes. I responded, “I’ve just signed a one-year contract with your employer that neither side can terminate. By your definition, I actually have more job security than you do.” That made them reconsider their perspective.
To me, the concept of job security is a myth—largely a construct employers use to retain key talent. In my experience, companies prioritise their shareholders and profit margins. If you lack a vested interest, you may find yourself expendable. Look around: businesses are sold, and loyal employees are let go to boost profits. Ultimately, your primary loyalty should be to yourself and your family’s financial well-being.