2019 In Review

January 1, 2020

2019 was an interesting year. While I had a lot of hurdles, I am grateful for everything that happened this past year. I made a goal to make a blog before January 1, 2020 and while as I am writing this is now January 1... yes, I am a bit late, but I did it. I decided that for my blog this would be a perfect first post. Talk a bit about how my year went but the positive things in it. A lot of good changes happened, and I would love to talk about them in this blog post.

WiCS Conference 2019 / Twitter / WAN Party

In March 2019, I had the opportunity to attend the WiCS Conference thanks to a scholarship WiCs provided to me. The WiCS Conference was the first ever big security conference I have been to. When I attended that conference, I didn’t know much about the field and when I was in the conference, I took time to attend workshops, network and ask a lot of questions. Having the opportunity to spend some days with other women who are interested in the same stuff as I was amazing. Seeing many amazing powerful women in last year’s conference made me strive to become one of them. I started studying more and involving myself more in the community. After attending that event I decided I wanted to be more involved in the security field, so I decided to create a twitter account. I started meeting more people who were part of the cyber security field and I got more immersed in that community. Ever since I did some things, I am proud of. One of the things was making a meetup for women who were attending Defcon. I contacted one of the party organizers from Defcon and told him how I was interested in making an event or a meetup for women who were attending the conference that week. As time passed, we changed the name of the activity to Ladies of Defcon meetup. The event was a success. In addition to the meetup I decided to make a discord server for the women who were attending all the security conferences that week. My goal for that discord was too make ladies get to know each other and have someone to be with when they attended Defcon. I learned that a lot of women travel alone, and I thought it would be more secure for them to get to know other women who were also attending. By the time Defcon came around we had around 150 members in the discord server which is called WAN PARTY. WAN stands for Women and Non-Binary. The community kept growing and it was successful. People I want to thank for helping me with the success of WAN Party and Ladies at Defcon party:

My first internship

This past summer I did my first internship which was a REU. I had the chance to do the Research Experience for Undergraduates program in Security and Privacy for Mobile Sensing and the Internet of Things at CSU. That internship was an amazing experience in so many ways. I had the opportunity to spend my summer at CSU and perform a research project. The topic of my research project was Continuous Mobile User Authentication. In this research our main goal was to observe the battery use of Continuous Authentication using Coaunthentication. The protocol that was used is a symmetric key protocol that uses AES encryption, challenge nonce, and updated keys with each run. With each transmission and forwarding of messages in the protocol, the Authenticator is able to verify that messages are being sent and received by the authorized Requestor and Collaborator because they can only be decrypted by keys they are meant to hold, the Requestor’s key being the one that is updated with each run of the protocol. Some other cool stuff I did in that research were:

  • Perform experiment with other apps running to acquire data representative of everyday user.
  • Perform experiment with same controls and acquire Collaborator data.
  • Solve watch Wi-Fi connectivity issue to acquire data from running app on watch.
  • Perform experiment with devices connected to mobile network instead of Wi-Fi to evaluate battery usage.

The project was super interesting because I got to use a lot of Java and Android Studio. Two things I haven’t used much, and I got to learn a lot of new stuff related to Android development and mobile sensing. As of now we are waiting for an answer to see if we can get the research paper, we wrote published.

Hacker Summer Camp

This year was my first year attending Hacker Summer Camp. At first, I applied for some scholarships but sadly I didn’t get accepted to any. A friend of mine @nemessisc decided to open a GoFundMe to help me attend Defcon. Thanks to that GoFundMe page I was able to get the funds to pay for the plane ticket and the badge. That week was one of the best weeks I’ve had in my life. I got to meet so many cool people, some of them I even admire and would always follow on social media. I got the opportunity to attend the workshop Exploit Development for Beginners at Defcon in which I had to be in my phone, laptop and iPad at the same time when the workshop tickets went live a few months prior in order to score a ticket. That workshop was amazing, I would say it is one of reasons in which I started liking offensive security more. I got to learn a lot of stuff there that now when I think of it is basic stuff but me being kind of new in infosec didn’t know much about that stuff even though it was always the part of the field I was the most interested at. I still remember the SQL Exercise we had to do which I didn’t have a clue how to do it and I spent almost all evening trying to figure it out.

I got a chance to visit some of the villages (I say some because there were some villages, I didn’t get the chance to go to) and my favorite of course was the Red Team village and the Lockpicking Village. At the lockpicking village I opened my first ever lock and that for me was one of the coolest feelings ever. I now like to freak out my mom by opening the door locks at the house and own a kit.

Besides Defcon, I got a chance to visit Diana Initiative which was thanks to the free Student tickets they had. My favorite part of Diana Initiative, I would say was the CTF. It was a beginners CTF, but I got the chance to learn some new stuff and met 2 amazing ladies which I now consider my friends and still talk to. I also went to their lockpicking village and spent like 2 hours just playing around with the different locks they had. I also had a chance to visit 2 talks which were great. I am grateful of everyone that helped me attend Hacker Summer Camp this year. I learned a lot of new things, I met some amazing people, one which I consider one of my best friends now, did a lot of networking and got a ton of swag. I would love to attend next year’s Defcon and improve my experience now that I know how it works. A goal I have for next year is to once again make a Defcon Ladies meetup but bigger this time with better activities and to volunteer at the Red Team village. I feel that now that I have more knowledge and have been to defcon at least once I can volunteer at the red team village. One of my goals are to one day be a red teamer or be part of a red team so volunteering there is a must.

Changing schools

The last thing I want to talk about is a big change I recently made in my life that I am happy I did which was changing universities. I was in a university for 4 years and I spent most of my time there unhappy. The last semester I had there I almost failed all my classes and that was the reason. I always was one to be responsible and have good grades, but I noticed that as years passed at that university, I was so unhappy that I stopped caring about the classes or even attending school. I decided to change to another school, and I am happy to say that I am doing so much better here. I have good grades, I made some amazing new friends, joined their CTF team and am now teaching other students about security topics. The first thing I did when applying for the university I am currently attending is if they had any security associations and they did. Once I found it, I decided to join that association/ctf team because I am super passionate about security and one thing, I love to do is bring that passion and knowledge to other people. In this case other students. In 2 weeks, I will give a workshop on penetration testing in which I am super excited about and a bit nervous not going to lie. Even though I changed universities, there are some people I am grateful of that helped me get started in the field at the other university.

With that I end this blog post on how my 2019 went. I want to thank those who are still reading and all of those who even though I didn’t mention here know that made my 2019 better by helping me in any shape or form. I am hoping on writing in this blog weekly. Here I will post writeups of CTFs I do, some retired HTB machines I am planning on doing and maybe even some Vulnhub writeups. Besides the writeups I will document my experience of every conference I go to and any interesting new topic I learn and want to share with you people. Thank you very much for reading and may this year be filled with many wonderful new experiences for you and me.

Ashley Ruiz

Computer Engineering student in InfoSec with an interest in Offensive Security


© 2020