Hacking with Git: The Video & Slides
15th May 2018, by
This is the first post in a series about my talk "hacking with Git" which was delivered at BSides Scotland 2018. It is really about linking you to the video on the BSides Scotland youtube page.
Hacking with Git Video
Without further ado, as they say "roll VT":
Hacking with Git Slides
A few brave souls came up to me after the talk and asked for the slides. I have removed the demo videos and left you with a more reasonable PDF file here:
What is coming next?
Above you have the video of what I did and the slides. What you do not have is access to the tools that were shown. I am working on getting those out as soon as possible (between work and life). My plan for that is to split them into more manageable chunks to come out of this blog later as shown below:
- Hacking with Git: Git-Fingerprint tool release - Released 06/06/2018
- Hacking with Git: Git-Enum metasploit module release - Released 26/09/2018
- Hacking with Git: Git-Shell Proof of Concept - Released 26/10/2018
A bit of motivation
You can stop reading there as the talk and plan is laid out. The rest of this is pure indulgence.
But if you want to stay for a dose of reality, here is a tiny bit about my motivations for doing this. We can chip them down into two categories:
- Commitment to learning and sharing.
- Fighting the daemons within.
The first category is easy. Anyone who knows me will find that I spend every week learning something new. Wherever I have worked I have been sought out by people in need of mentoring. I have been doing that at an individual level for years. At some point in 2017 I figured it might be time to try and influence more people simultaneously by going out the house.
Fighting the daemons though..
I have never spoken at a security conference before. While I have spoken at the local Glasgow Defcon meetup (DC44141) a few times, talking at a "BSides" or something like that feels more of a grown up thing to do. For a start I was doing it sober. In the light of day, and with ticket paying punters relying on a talk happening. I even had to try and sell it ahead of time to make sure people were interested. Imagine doing that then backing out at the last second?
There is reams of work in the field about Imposter Syndrome. Let's just say there was a dose of that. But that is the little daemon. The freaking big one is this: I have experienced panic attacks for the last couple of years. I am talking sitting still and having your heart rate leap to peak cardio style panic. Fight or flight and in reality you are sat on the sofa.
Everyone has their own "personal crazy" (as I put it) to deal with. However, my daemons were starting to limit my life. The suckers were influencing travel plans, making me stay at home more. Day to day life was still great, but yea. I was getting reclusive and elusive to friends and family. I knew this was stupid, but no amount of yelling that inside my head was cutting through. So now I am drowning that daemon in a sea of evidence by just doing stuff anyway. Which seems to work for me.
So, in January 2018 I set myself some goals:
Had a jog today and cleared my thoughts for 2018. Going to try and talk at a security conference I think. Also: record some music, and play an open mic night. The talk and the mic are to push me to do things I am uncomfortable doing.— Paul Ritchie (@cornerpirate) Jan 1, 2018
The process of preparing this talk. Learning a whole bunch of new skills. Going to the speakers dinner the night before, meeting with my amazing Secarma colleagues who came up the night before, helping run the CTF after the event, etc etc. It was all monumental for me.
I wouldn't say the daemons within are gone. But I sure grabbed a lighter and an aerosol and burned them badly with my make-shift flamethrower.
Anywhoo. That is that.