My Name is Dan

USA. Working in Information Security. White hat. Gamer. Dad. Views are my own. Though feel free to use my notes. I’m not going to pretend to have all the answers, but I took down a lot of notes and I feel like I should preserve them somehow.

Thus: this site.

I initially bought this site to host my 2020 Holiday Hack Challenge Writeup, and I figured that I was considering adding my notes to a public page, so why not? Additionally, I have also created writeups for the 2021 Holiday Hack Challenge Writeup (which I received a ‘Super Honorable Mention’ for), and the 2022 Holiday Hack Challenge Writeup.

Why “Agr0”?

This comes from a nickname of mine, “Angry Dan.” My gamer tag is Agro_dan. I just shortened it to Agro, and since Agro is taken in most places I just stylized it and made the last “o” a zero. Besides, shouldn’t all hackers have a cool handle?

Also, a side note…I think I’m a pretty nice guy. I don’t have a quick temper and I’m certainly not mean. I’m just cursed with a face that always looks angry. It’s nothing personal I promise.

Why did you make this site?

I have an immense collection of OneNote documents and Obsidian notes that I’ve created over the years as a means of remembering things I’ve learned previously. I figured I might as well publish some of what I’ve learned. This makes it easier for me to recall since it’s on a public medium, and I also get the benefit of saying “I wrote about that on my site, you can see my notes here.” Then I smile, throw in some finger-guns, hit a three-pointer from downtown and moonwalk out of the room like I own the place because that never actually happens but I hope one day it will.

What is your preferred OS?

In my profession I’ve always found it better to remain OS-agnostic. I game on Windows, I code and admin in Arch BTW, I pentest on Kali, and sometimes I even use MacOS for things. Y’know, as long as someone else is paying for it. Use the right tool for the job.

Where did you get your training?

I got my start in IT as a ColdFusion web developer once upon a time. I eventually became a system administrator for Unix/Linux infrastructure. After that I transitioned to Cyber Security, and with a background in learning how to build things, it was a pretty smooth transition to learning how to exploit that architecture. Since becoming a full time Information Security Specialist, I have obtained a fair amount of SANS training, as well as a large amount of self-training. The sheer amount of help and informational tools available to people who just want to get into the field these days is staggering. So much more than 10 or 15 years ago, and I can attest to that! All it takes is a willingness to learn.

Do you use any AI to produce articles on this site?

I figured in this age of artificial intelligence that this should be stated up front. I never use AI to write any article on my site. I do use AI for some of the busywork things, like creating a contrived example. Like, “Hey AI, give me an example of XML using arbitrary data about cats” or something. I’ve always had a tendency of using the m-dash long before I even knew that it was called an m-dash. Now I’m trying to get out of the habit of doing that with the fear that someone would accuse me of just copy-pasting some AI slop. I really hate AI slop but it’s a byproduct of the era. While most people can use AI as a tool as it should be used, some people unfortunately just forward entire emails into an LLM and just copy-paste whatever it spits out as the email reply. It’s incredibly obvious to those that know what to look for. Don’t be that person. Let’s all try to be as human to each other as possible. AI is a tool and we should use it appropriately, and never as a replacement for our own human creativity.

Some Links

That said, when it comes to places to learn things online, my biggest recommendation is Hack The Box. Not only do they have a full academy for specific attack methods, the entire platform is based on the concept of investigative learning. No hand-holding, just figure it out. Learn the technology. Get engrossed in it, then exploit it. I have found that not only is it extremely humbling in some cases, but I always walk away from it learning more than I did before. And no, they are not paying me for placement, I am just a really happy customer.

pwn.college is a great resource if binary exploitation is your thing. It really offers a great way of learning from the ground up. Some of these challenges are incredibly eye-opening, you’ll learn how to do things with the standard linux libraries you never knew possible! And it’s free!

Advent of Code is a yearly set of coding challenges that they release (not surprisingly) around December. It’s not information security based, but if you’re a developer of any sort, or especially if you are trying to learn a new language, I can’t recommend this resource enough. I continue to hone my skills with Go since 2022!

If you’ve spent any time messing with HTB, you have most likely heard of Ippsec, a fantastic sherpa through the older retired boxes. His youtube videos are extremely useful in explaining how to tailor attacks, what to look for, and how to approach different scenarios.

Additionally, Oxdf is another fine resource for more written examples of HTB, as well as random CTF challenges and other exploits. He has a really great set of videos for coding through the Advent of Code challenges that I used to help me complete it for 2022.

And finally, I can’t recommend John Hammond enough. Not only is he a super cool guy, he has a really awesome way of explaining things that really resonate. One of my favorite infosec influencers (if that’s a thing), hands down.

Do you have any advice for someone just starting out?

I always give the same advice to anyone that asks this, and it’s to start up your own personal lab. I tend to use VMWare to do it virtually, but when I first started I just snagged up old PCs that people were throwing away anyway and tried out different Linux/Unix operating systems. From there I started on self-made projects: run a website, host a wiki that you can store your recipes on, run a DHCP and DNS server, or go for broke and just make stuff up to add to your network. A long time ago I wrote a little script that just alerted me whenever a new device joined my wireless network. The point is, the more you create, the more you learn about the service. Knowing how things work is the key to understanding how they can be exploited, and setting up a homelab to do it is one of the most rewarding things you can do. There are plenty of cheap low-power PCs that need a home, don’t let them get thrown into a landfill with all the other E-waste!

Additionally, I tend to learn best while doing. A lot of courses on Udemy and Pluralsight can help you learn the fundamentals of things, but if you’re anything like me you’ll learn best getting your hands dirty actually performing the exploitation. For things like that I highly suggest using the tools that are available to you, and in some cases completely free as well. CTFs are awesome to hone your skills, but by-and-large I find that CTFs are mostly just for fun and barely ever based on true-to-life scenarios of an actual pentester, with a few choice exceptions. For that reason I suggest things like HackTheBox, TryHackMe, and for the binhackers, pwn.college is an incredible resource.

How can I get in touch with you?

Probably the best way to contact me is via LinkedIn. I have an email associated with this site and it works, but I tend to get a lot of scammy requests so most of them get ignored. I’m happy to visit cyber security clubs to see what you’re all about and can even give presentations or talks!