Unfortunately for reasons that are about to become clear, the final 2022 issue of the Valhalla Research Newsletter is going to be a bit different…
For reasons I don’t think I can discuss, myself and about 60 of my colleagues were let go by our company, three days before Christmas and 1 day before Christmas PTO was to begin.
It was absolutely brutal.
I have some complicated feelings about the layoffs that, again, I don’t think I can discuss and, regardless, don’t feel like airing out in this newsletter. It is unbelievably sad to see so much brilliance completely discarded during the holiday season, and I truly hope my friends and colleagues (and myself) find a new home.
I wrote a whole blog about how happy I was to transition into engineering, and I plan to stay in engineering if I can help it. Needless to say, if you have any interesting openings for a full-stack engineer, by all means shoot me an email, but I’m not going to turn this edition into a beg. You’re here for research, after all!
Well… I’m not going to give you that, either.
Next year I have some awesome research planned, and I think taking some time to send that out to the folks who volunteered to get my work straight to their inboxes deserve (or at least might be interested in) the plans.
More Rust!
I love Rust. It’s… such a great system language. You can build malware, API’s, video games, systems tools… basically anything. Hell, there’s even a front end framework for Rust now!
My plan is to start building out some useful tooling in Rust, starting with some memory scanning tools and app sec tooling to aid in my bug bounty research (more on that later) so be on the lookout for new stuff on my GitHub.
Bug Bounty!
I’ve taken several, really half-hearted stabs at bug bounty hunting in the past… It’s something that interests me deeply from a research (and, let’s be honest, financial) standpoint, and the way it assists in funding research and securing of systems is pretty cool.
This year I’m going to put some real effort into my offsec research, including studying bug bounty hunting. I plan on focusing on binary vulnerabilities, but I’m sure I’ll put some effort in on the web app side as well.
My goal for the year is to make $1 doing bug bounty hunting. Nothing insane, just getting a bug report submitted and making some cash as a reward.
Speaking of offsec…
I’m getting my OSCP this year, dammit!
Those of you that have followed me for a bit know that I took two stabs at the OSCP over the last couple years. Both failed. This year, I’m going to do things a little differently by first pursuing the PNPT from TCM Academy and doing some more pre-studying on Hack The Box and elsewhere before even starting the OSCP.
This has been a goal of mine for a while and at this point I don’t necessarily have any career plans to use the OSCP, it just genuinely bugs me that I haven’t done it successfully. I do think it has a place in my consulting in the future, though.
Speaking of which…
Getting my side hustles going
One thing I immediately regretted after being laid off was not pushing harder in my side hustles over the last year. I have a consultancy page that I set up mid-year last year or so, but I haven’t really marketed my services much and look to change that in the next year.
Business as an academic and a practical topic has always been incredibly interesting to me. I look at it (perhaps wrongly) in a similar way that I look at code: it’s an interesting, mostly quantifiable challenge set to solve. From a financial perspective, I have an okay start… with my one client I made a couple thousand dollars last year.
This year, I want to scale that up, both from my consultancy…
… and my SaaS!
I’m going to be launching a SaaS company next year, and I’m really looking forward to researching the business model and practical side of launching an internet-based business. The SaaS is pre-launch right now, but you all will be among the first to know when it launches.
I want to say I’ll launch another one, because I have one in the works, but we shall see…
Miscellaneous plans
I have several other things in the works: launching a software development class (or, more likely, several of them), doing some web scraping research, continuing to stream and upload high quality educational and research content to YouTube, and pushing my knowledge to the next level.
I’ve got big plans for this newsletter over the next year. As we move into a new year, I want to thank everyone for joining my wild ride this year. I appreciate all of you and hope that I can add value to your lives through research.