qf0's Blog

I recently got in a car wreck that caused my Android Auto to malfunction. Don’t worry, I’m fine and my car is repaired. I was unable to play YouTube videos and music via Android Auto post crash, but Waze audio worked fine. I had a 7+ hour drive after the crash, so I had to fix this.

Local music files and YouTube videos names wouldn’t show on my Toyota’s infotainment display, even though it was shown as playing on my Pixel. Bluetooth worked fine, but I had to plug in my Pixel to charge for the long drive. So, I went to the YouTube Music app, and played a free ad riddled Joe Rogan Experience Podcast Episode (I don’t listen to Joe Rogan, personally).

Surprisingly, it played and worked fine via Android Auto! Afterwards, I tried playing a YouTube Music Video via FireFox and it worked! However, it would resume playing the Joe Rogan video every 10ish minutes which irked me. So, I restarted my phone, and re-plugged it in. It still showed the Joe Rogan Episode Title as playing as an audio source on my Toyota’s Infotainment system, but this time didn’t play it!

So, now I can listen to local music and FireFox YouTube Music videos as normal, but just can’t skip or skip to the next song via my Toyota’s infotainment system. Which hardly worked well anyway when it did function properly. So, since I have UBlock Origin instaleld in my Pixel’s FireFox Browser, I can listen to music ad-free without giving Google any of my money for playing via the YouTube Music App.

YouTube NonStop, and SponsorBlock are good extenstions for chill experiences for the FireFox Pixel Android Auto experience. There’s … other methods to crack/patch the YouTube Android app directly, or sideloading a chill version of YouTube with SponsorBlock + UBlock Origin harded code, but it’s risky to do so since there’s a risk of the cracks being malicious.

I purchased my first car, a Toyota Corolla Hybrid 202x with 7k miles for $20k. It has a range of $515 miles and 51 MPG. It takes $23 dollars to fill him up! Anyways, I bought a Comma 3X device from comma.ai (Founded by geohot) and installed sunnypilot (fork of openpilot).

It’s pretty impressive! It can stop at stop lights, stop signs, and the weird thing with a white line that has stop written on the road. It does ok at roundabouts and at left/right turns. Plus it changes lanes by itself! All for $1.5k compared to Tesla’s FSD which costs $10k. I love my Corolla and I expect it to last a long time especially since Toyota has a reputation of making reliable cars.

Note: Personal health issues ahead. Posting to help others in similar situtations. I don’t want your pitty or to make you feel sorry for me. Enjoy good vibes instead elsewhere.

Laying in my bed, my pain in my lower back was so excurasting that I cried. My Mom gave me her heating pad, and I took some advil. My back still hurt. This was a normal day for me before I decided to get help. I didn’t want to get on medicine and become a pill head. I didn’t want to seem weak. I’m only 19 I thought, so I should suck it up. Besides, I don’t have good health insurance, so my family and I couldn’t afford to do anything about it. Swimming, streching, and walking may temporarily help, but the pain always comes back. I’m too young for this shit I say to myself.

One night, the pain got so bad that I implored my Mom and Grandma to take me to the local hospital. They gave me some muscle relaxers and some sticky pad thing. It helped, but the pain is still there. Luckily, I got medicaid, so I didn’t financially burden my family. A few months later, I got a full-time job with actual proper health insurance. So, I went to my doctor, and he refered me to Physical Therapy. The dude gave me a fucking dodgeball to place behind my back and made me do excerises. Of course it didn’t help, and he misdisanogised me. My new doctor in Chicago said he shouldn’t have told me I had x condition when he didn’t even order an x-ray or MRI. The new doctor sent me to physical therapy in Chicago, and it actually helped me a little bit. Unfortunately it only helped the pain temporiarly. After months he sent me to back surgeon, and he said he didn’t see anything in my MRI. So he sent me to an arthitics doctor that ordered some tests, but didn’t find anything.

I moved back home, and my doctor sent me to pain management. They gave me muscle relaxers and something for the pain. They also sent me to a chriopractor (psudeoscience), but it actually made me feel 100% healed. Until an hour later. Then he stopped pulling on my legs and cracking my back which resulted in the relief. Then I moved to college, and couldn’t get any help for my back due to the colleges garbage insurance. Moved back home, got another MRI and x-ray. Finally a new pain mangement doctor saw I have socloisics and arthistis. They perscribed me something different and it helps. It doesn’t cure me though. Now, I’m in the proceess of getting steroid injections and they’re going to try burning nerves. Back pain fucking sucks and the insurance game irks me. I’ve been dealing with this shit for multiple years, and everyday I’m still in pain. I’m not as bad as I was, but I’m still hurting. In hindsight, I wish I started treatment eariler and stayed in the same location.

Meanwhile, I’m dealing with mental health issues where I dry heave and worry constantly. Also depression, anxiety, dyslexia and 5 other formal diagnoses. I should’ve started treatment for that stuff a long time ago, but I wanted to be normal. I didn’t last two months at my first three jobs, because of my mental health sympthoms. It makes getting a job signficantly more difficult. Many people with Autism are unemployed much less combined with all the shit I have. Anyways, remote jobs I lasted the longest, but I left after a year max. I’m unemployed now and haven’t been able to get a job since December 2024. Health wise I’m in a much better place, but I have a long way to go. Keep your head up and lock in.

I recently got approved for a license at Corellium which is a virtualization service for iOS, Android, and some other cool OS’s. This isn’t my first time using Corellium, because I used it profesionnally at some of my previous employers. Some of the things I noticed is that they increased the price of the pay as you go from $1 to $3 an hour. Also, the professional amature annual license is $800/y! The enterprice edition was only $70/y for 1 device if I’m recalling correctly. No NDA was signed btw and others have reviewed this service. The self hosted option which I presume that government clients require due to their weird classified standards costed $40-80k and is a mini server hosted on-site. It took about 5-10 minutes to create an iPhone 15 Pro Max device, and it came preinstalled with Cydia which was cool.

Apple’s App Store doesn’t work, and you have to install the .ipa’s via sideloading. So, I thought ok easy I’ll just grab it from Armconverter, wrong!!! You’ll also have to re-sign it since it doesn’t accept app store signed applications. I just gave up after that, because I didn’t want to setup an Apple free Development app and test out various Linux scripts to sign .ipa files. That irked me a lot, but oh well. Also, I noticed that they offer the latest iOS devices, but only old Android phones. So I couldn’t create a virtual Pixel 8 device. To be fair, they started off doing iOS and I can just install Android Studio and start an emulated Pixel or Android TV.

I used Burp Suite Professional during web application pen tests for Fortnue 500 companies and I have access as a independent security person. To be candid, it’s a rip off to buy a license for $400 and there’s many cracked versions of the professional edition on the interwebz.

While yes, I do and used to use it professionally as well as now. It’s scan feature SHOULD NOT be depended on to do a proper job and 90% of it’s finding are noise as well as just plain false positives. The tools are very useful while following OWASP’s testing methodology, but again you shouldn’t use Burp or any other automated vulnerability scanner for your assessment. If you do, then you’re probably a skid honestly.

First of all, this post isn’t to gain pity and is simply to explain what I’ve had to overcome with my disabilities. I presume some employers or schools will reject me for openly disclosing my disabilities, but in that case, it’s a good [litmus test](https://en.wikipedia.org/wiki/Litmus_test_(politics), because I don’t want to work somewhere with such prejudices.

People with Autism Spectrum Disorder (ASD) aren’t limited to shitty jobs like working at McDonalds. My local community college has a program to “train” people with ASD to work fast food jobs which I find disgusting. I’ve completed k-12, and some college at demanding schools such as Tulane and Berea College. Also, I’ve worked in Cybersecurity and as a Programmer at top tier companies. Companies such as Chase, Simons Foundation, Microsoft and IBM actualy have programs for folks with Autism for white collar jobs.

The only accommodations that I’ve asked for was the use of a calculator and tasks etc. in writing since I forgot things often or have to re-read a few times to internalize stuff. Medicine helps me a ton and I’ve performed above my peers for my last 4 jobs and made notable accomplishments. I’m high functioning, but I’ve read of other folks working for Microsoft who are lower functioning.

People with Autism and other discords have a very low employment rate and not many employers are willing to hire us which is depressing. It’s near impossible to accuse someone of not hiring you because of your Autism unless they wrote it down in the interview notes which would be stupid of them to do. Very fear cases of disability discrimination is successful and may earn you a “bad apple” label.

It sorta makes sense, because why hire someone who may cause more trouble than a neurotypical employee? Well, even the military and NGA found that their employees with Autism have less errors and better performance than people who are neurotypical.

It irks me that military members can find out they have Autism while enlisted and stay in, but it’s disqualifying if you try to enlist while already diagnosed. More and more employers are creating Autism programs at companies and I wish more would. Many of my employers didn’t have such a program, but I still excelled.

1. The Pasta Bar hours got extended to 1:30pm instead of 11am-1pm to allow for students with classes from 12-1pm to get Pasta. Changed the next day after I emailed Dining about it.
2. Students now get textbooks via PDF for free from the library. Berea gives students $400 each semester for textbooks, but I perfer PDFs as do some other students. Berea Admin initially wanted to charge me to get the PDF formats, but I recalled that Open Library is allowed under the DMCA. So, after some long back and forths, as well as Berea College consulting a lawyer, students can now get free PDF textbooks!!!! I was also motiviated by Aaron Swartz finding a loophole to get free textbooks via the return policy.
3. Student Insurance now covers external Psychologists outside the White House clinic! The pyschologist as the contracted White House clinic near campus wouldn’t perscribe my needed Xanax and Adderal as well as not offering to help me find alt medicine. So after months of complaining they finally relented!
4. I’m also in the process of further recourse for not providing me proper disability accommodations. I’ve been called “lazy” and “whiney” for my complaints as well as passive aggressiveness and even got called to a panel lol. Just ignore them and keep advocating for reasonable improvements.

Welp, I finished my freshman year of Berea College with a 3.24 GPA. I never read my textbooks and just attended lectures since most had an attendance policy, but I still got A’s and B’s! I also got to do some coolish stuff at work such as rooting Kindles for their use as a display with Raspberry PI’s for a CS course and learned some web development as well as devops type stuff. However, there’s some much unfortunate news…I’m suspended! Oh noes!! Wanna know why? no? Well too bad, and you’re still reading anyway. I failed my remedial math class twice, because the head of the Remedial Math Department is dead set on me not being able to use a calculator. Even though the disability office agreed with me that I need a calculator and I’ve always had to use one since grade school, but she fought to take it away from me even though the disability office let me use it for the first few weeks when I was in my remedial math class.

They created a disability panel and even though two+ people thought I should have use to the calculator, they took it away. I appealed to Berea’s appeal process, but their laywer and the new Berea College President both upheld the decision. Then, I appealed to the Department of Education in Kentucky as well as the feds, but they just saw I appealed internally and said they aren’t going to sue then closed the case. I reached out to some legal places, and one lawyer said that they’ll call me back, but then ghosted me and ignored my follow up calls. So I got fucked and failed twice without my calculator accomoditation. I sent them my pyschologist raw testing data and my k-12 records, but the Remedial Math director still stuck to her decision. To those who think I’m just a trouble maker or something, well you can go away. I literally got disagnoised by multiple subject matter experts and this one lady with a Bachelor’s in Math thinks she knows better than doctors.

Anyway, so I’m appealing my suspenison, but honestly I fucking hated it there anyway. I applied as a transfer student to Capitol College and Roosevelt University and got accepted to both, but it’s too expensive for me to attend. I’m probably just going to attend Community College again since it was the same quality of education I was getting at Tulane, but cheaper.

I’m now funemployed and was offered some internships (both with the US Government), but one was rescended and the other with a Department of Energy National Lab didn’t pay enough to pay for their high CoL area, so I would’ve been loosing money going and I was going to do borning plugin development work with assemby. So, no thanks felciha, I rather live rent free with my fam and enjoy home food again instead of the shitty Berea College dining food.

I’ve applied to a few hundred places, but none of them resulted in an offer. Even the CS grads at Berea are struggling like me though and they never even gotten to work in the industry like I have for 2+ years. I’m confident that I can return to working full-time with my multiple contributions and skills though. I have a large bit of savings that can last me a few years, so I’m not too screwed over.

Some of the goals of this summer that I have are to find more vulnerabilities and to help make software better that I use a lot.

Listen, while some of the government knows what they’re doing, a lot of it doesn’t and there’s still some fuck ups from agencies that are mainly competent. Don’t think that even big boy agenices like CIA or FBI doesn’t fuck up or you should listen to them 100%. Don’t be playing these appeal to authority fallicies on me. The US Government loves to ignore people or well it may just be me when you report computer bugs or flaws to them. I’ve found and reported bugs as well as vulnerabilities to CIA, FBI, and DoJ. Guess what, they all left me on read. The EGO these people have…smh. Anyway, here’s a list of bugs and vulnerabilities I found:

CIA: Extra space in a job posting and I think a misspelled word too, but they never fixed it or get back to me. Well this one was a noisy report anyway. Two CIA servers that were vulnerabile to some OpenSSH ndays regarding LPE. I mean they were post-auth, but guess what they still ignored me, but I think I recall them fixing this.

FBI: They had an externally facing website called atlas that accepted fed PKI authenticiation (Like the military’s CAD system) or just a username/password combo. I reported this to them and they stopped showing it externally a few days later, but they still left me on read smh.

DOJ: A hyperlink in a report about DPRK’s APT recent TTPs included a hyperlink to a North Korean website instead of a website it was suppose to link to (.gov site). I reported this, but they never replied and didn’t re-issue it with a correction. One press release about an old Xbox Underground hacker had an improper hyperlink that just linked the the file path of the document like file://C://Users/Emily/Documents/Justin_Beiber_PR.pdf. I actually found a second time that they did this, but they never fixed it and left me on read. THE NERVE.

TL;DR: The US Government loves reading people on read and ignoring reports, but it’s ok I still lowkey love you <3.

I bought a new PC for a cheaper price from Hong Kong. I was worried about backdoors from the CCP, so here’s some steps I’ve done so far to check for backdoors: Dumped the BIOS firmware using Chipsec and uploaded it to VirusTotal and Hyrbid-Analysis as well as light research using UFEI viewer etc. The motherboard was custom made in Shenzhen which is in mainland China which is concerning, but honestly a lot of hardware comes from there and there’s a pretty cool marketplace in Shenzhen. The chips on the board look legit. Of course there could be a special chip that I overlooked, but I’m not skilled enough to detect something like that and the companies I reached out that specialize in supply chain security left me on read, so :/.

Of course there could be backdoors in the hard drive they included, but that’s really rare and I can just buy a new hard drive for cheap. Overall, I’m pretty confident it doesn’t have any backdoors, and I’m just a young random dude in the midwest, so I doubt they would target me. I’m planning to at least disable Intel ME using the HAP backdoor, and I’m going to try to port Coreboot to my motherboard or use Purism Libre mini “Pureboot” fork for a similar motherboard.

Huh, I thought I already made a post about this, but I must’ve deleted it due to career impacting fears. Anyway, I started cheating/hacking in video games back in 2011 and that’s how I got in to reverse engineer + programming + security. I started a console skid and then moved to PC gaming and cheating which is a lot easier. I used to hang out with a lot of “blackhat” type folks like Teh1337 aka Carter Feldman, XeEaton, Lizard Squad skids, Everydaynine etc. One funny ancedote is Chrome x Modz being sued by Take Two aka the GTA devs. Actually, I interviewed for a job for Rockstar/Take Two a couple of years, and asked my interviewer if the rumor was true that they wanted to go with Battleye, but they wanted too much money and my interviewer got quite irked lol.

PC Anti-cheats: Tier 1, Battleye, EAC, ESEA Tier 5, VAC

I cheated in Dayz Mod back in 2012 and was there when Bastian first implemented the kernal driver anti-cheat which people freak out about now even though 95% of anti-virus and anti-cheat software are kernal mode now. There was funny blunders by Battleye such as not having CRC checks after loading in game, so you could just stop the Battleye service and use Cheat Engine lol. Also the Manual Map DDL Injector/Side Loading stemmed from Battleye’s update and you could just modify strings/icons that Battleye checked for like “BlackBone” etc and resign the driver to bypass Battleye. Also, a method existed where you could just replace a DLL in the games folder to load your cheats because VAC + Battleye didn’t do hash checks for game files lol. Battleye actually got pwned by some kids and they only got caught because they charge $2 for Battleye unbans on MPGH. Oh, and who could forget manually banning people as well as banning people who just visited cheating websites and people tricking people to go there to get them banned.

Battleye also started the trend where they did KGB/CIA level stuff like inflitrating private cheats and cheating communities by paying, getting people to use their ID for verification and even putting exploits in their own games to provide bona fides lol, and even offering jobs to cheaters to get them to snitch. In case you think that I’m lying, then watch Eugen Harton’s GDC talk. Many anti-cheats followed Battleye’s initivates such as EAC etc. and they’ve done a good job at reducing cheats.

Welp, I finished my first semester at Berea, and I’ve started the second semester. It’s very boring here and I want to go back to working full-time. The Computer Science classes are super easy. Last semester I got a 3.0+ GPA and I skipped classes often and stopped reading the textbook after midterms. I’m still fighting some accommodation saga and drama. On the plus side I’m a full-ride scholarship and I think of college as a free vacation.

Oh yeah, I lost my virginity. It was underwhelming honestly, and yes I practiced safe sex. Asked for consent every step for the first time, used non-latex non-expired condoms (incase she was allgeric to Latex), and bought plan-b post sex. Oh, and I got a STD test and I’m negative. It didn’t turn in to a serious thing because she’s much older than me. While this is a private thing, I feel comfortable sharing here since it’s psudeo-anaonymous and she told her co-workers/friends anyway. I haven’t told anyone IRL and probably won’t.

Berea now feels like summer camp or a military base. You’re free to go but you’re spoonfed and babystted like a child. The way faculty and professors treat students is very infantilizing. I’m just ready to get out of here and get back to where I need to be which is working and making actual positive contributions to the world. I’m probably going to stop blogging since barely anyone reads my blog.

Last August, I resigned from my remote Computer Security job, and started as an undergraduate student at Berea College. You might be wondering why I left the industry to go back to college, and well it’s simple. Most employers I want to work at (e.g. .gov) or hedge funds still require at least a Bachelor’s unfortunately. Event though I have over two years of full-time experience, have worked at placed like IBM, and Microsoft, and found two 0days, I still get disqualifed due to the lack of pedigree. So, when I heard about Berea College in the Midwest Venture Partners Slack server (owned by tptacek, their Hacker New username)

I thought that I should apply, and I got accepted! Berea attends to only admit low-income students who otherwise couldn’t of went to college, and since my mom is disabled, I qualified BTW [0]. I’m majoring in Computer Science, and I transfered from Tulane. Like Aaron Swartz’s “Stanford Diaries” I wanted to share my experience at college, albiet not post daily blog posts lik Swartz did [1].

Like Swartz, Sowell, Holt, and others, I don’t like education very well and I guess that I have let others know that. When asked what I think of Berea so far, I’ve replied: “It’s like a jail. My room is small, my mattress is like that one a person in jail gets.”. I’ve evened told Dr. Nixion this, who laughed, and probably thought I was joking and I’m not. We aren’t allowed to install Veracrypt, or image a new OS, as well as having a lot of other limitations on our campus provided laptops (which I’ve been told I can keep post grad). There’s Microsoft’s EDR installed on our machines, and IT/IS&S probably has the capability to remotely run and execute a PE on our machines. I can technically disable EDR, Dell’s anonnying updater etc, and then spoof any CRC/heartbeat checks, but that’d probably get me kicked out, lol.

The first week of student orientation was annoying and exhaustive. There were daily required events and meeting which were powerslides going over basic things with some crowd questions thrown in. Then of course there was praying, and other religious stuff. This included similar things on the weekends as well which irked me since I was used to having the weekends to myself to do R&R.

The second week which included introduction to labor and classes was boring and anonnying. I still wish that the lecture slides and a recording of the lecture would be uploaded on Moodle (yes, Berea uses Moodle instead of Canvas like many other colleges), so I could skip the noise to the high signal stuff instead of feeling like I’m watching a boring YouTube video that I can’t skip.

The third week and on were just more of the same stuff. Lectures with has more PowerSlides and boring unskipable lectures with sometimes a tirade and crowd participation mixed in. Work is just helping students when they ask or need help with Computer Science stuff.

Berea’s Student Health Insurance is garbage, and the local health services, specifically mental health doesn’t accept insurance which screws over essentially every student at Berea [2]. There’s free licensed therapist on campus, but they haven’t been great in my experience and I think one shared HIPAA protected info internally to other Berea faculty (yes, I’ve reported the violation). Also, the White House clinic nurse psychiatrist is against perscribing Adderal and Xanax. Since my mom is on Medicare and I can’t afford to pay the premium for even private Bronze insurance, and since many mental health services places locally don’t accept insurance at all, then I’m sort of screwed [4]. I wonder if other Berea students aren’t able to get on their parents insurance (which is capped at age 26 btw) and have a similar issue. I’ve brought this up internally at Berea to the budsman and the person in charge of insurance, but haven’t heard anything yet despite multiple follow ups. I got in trouble too for cursing in an email saying it’s bit of a joke now that still nothing has been done which some Berea staff thought was uncivil (lol).

Every student is required to work at least 10 hours per week, and I was lucky enough to work in Engineering/Computer Science as a lab assistant. However, I’ve heard horror stories of freshman being foisted in to janitor (at dining), or grounds jobs and they can’t move out of them. Especially if they fired from their past job. There’s news article documenting how awful working in dining, and from the few people I know who work in dining, it does suck and Gus (the Budsman) tried to censor the articles. Which I’ve heard, that Berea fucked off after getting a legal letter from the Foundation for Individual Rights in Education [5][6]. Speaking of The Berea Torch, I told The Berea Torch founder/writier Ülvi Gitaliyev about the Berea medicial issue, and I had the following conversation with him Him: “We aren’t your slave” Me: “So, I’m supposed to do your job for you and write the entire article myself?” Him: “well we aren’t paid” Me: “There’s lots of journalists not paid that still investigate and write thing” him: “well we don’t have time. As you know Berea is pretty busy” me: “…” him: “send us more information.”. So I figured I’d go ahead and write about it myself.

The “Free Tution Promise” is bit misleading or a scam, because there’s many students who still pay out of pocket, and one student who is international still has to pay $20,000 per year I recall. It’s less than other colleges, sure, but not 100% free. Also, the federal government gives Berea funding each year to pay it’s student workers ($6/hr) which is below min wage, but Berea says other aid results in it being $34/hr, but the rest goes towards your tution and you don’t get the actual cash like the $6/hr.

There’s private security on campus called “Public Safety Officers”, which is confusing imo since only students and Berea employees can use Public Safety. Public Safety wrongly ticketed my car three times even with the proper decals, but they voided all the improper tickets and eventually stopped doing it. I had a pair of expensive shorts stolen from my laundry, but they still haven’t found them unfortunately, so I’m burned out of $60 and have to continue using the same washing/drying machines.

Cheating happends often at Berea. Students have learned to use LLVM and other AI models like Google Bard to make their papers etc by asking it about the citiations off of Wikipedia about the subject they have to write about, and then either use a rephrasing site/app or tell ChatGPT to rephrase to as a human and use bogus citiations with some real ones mixed in.

I often hear Berea employees talking about the Berea “community” and President Nixon (no, not the former POTUS Nixon) mentioned that we, students are “Bereans” and that it’s unique which it isn’t. Companies like Google, and Meta call their employees Googlers and Metamates (eww), so it’s not a unique thing. The “community” bit I found to be superficial. Berea College is just a bubble and there’s cliques instead of a legit community.

1. Berea’s Educational Opportunity Commitment
2. Stanford Diary Day 3 (CBA to find Day 1)
3. Berea’s Overview of Student Health Insurance
4. 
5. Health Insurance Levels
6. The Berea Torch Dining Student Job Horror Story
7. Richmond Article About Censoring

When I was 15, I knew I wanted to serve my country, and I even lost 100+lbs & did unoffical workouts with U.S. Navy Special Warfare hopefuls who took the Physical Screening Test (PST) at the recreation center I worked out at. I wanted to enlist as either the Navy Diver (ND) or Special Operator (SO/Seal) rating. Unfortunately, my ADHD/Dyslexia/ASD among other things disqualified me. All of those Stew Smith or the official sealswcc Physical Training Guide work outswere for naught.
I even convinced my mom to sign my enlist form after I turned 17.

Looking back though, I’m somewhat glad I got rejected, because even the fitest people I trained with who had auto qualifying PST scores either got injuried or dropped on request (DOR/quit). They ended up being assigned as an undesignated sailor. Undesignated sailors scrape paint, paint boats/ships and other jobs. They were angry, bitter and that’s how a lot of hopefuls turned out from what I read on Reddit, military.com and so on. At least I was fortunate enough to work in technology at 18 and not have to wake up early to chip paint.

If I didn’t get disqualified, then I wish I would have enlisted in the U.S. Army, because they have three Special Mission Units such as Task Force Orange (ISA etc.), Delta Force (CAG, The Unit), and the Regimental Reconnaissance Company (RRC). The Navy, and the AirForce only has two Special Mission Units (24th STS, and Development Group). Also the U.S. Army has a lot of shooter MOS’s such as Rangers, Infantryman, Special Forces, and so on. The Army also has the 17c MOS which is their cyber security MOS and allows for young soliders to earn a TS/SCI clearance and be attached to Task Force Orange or the 75th Ranger Regiment. I called the Task Force Orange recruiter office, and they confirmed they allow 17c to attend selection, and that if selected it would be possible to be their last PCS.

NSWDG (Naval Special Warfare Development Group) requires three years of service and good performance evaluation. If you are medically dropped from BUD/s, then sometimes it takes two years and good evals to be considered to even go back. You can Google “NSWDG Navy” to see the recruitment PDFs.

I recently purchased an Onn streaming device, before the Prime day Fire Stick 4k sale. After a few Google searches, and looking on Reddit, I wasn’t able to find an answer if sideloading on an Onn is possible. However, after successfully sideloading myself I found the answer and thought I’d make a blog post showing how I did it for uhh educational purposes.

1. Download Downloader app. Search in the search box under Search Apps, and select install.
2. Open Downloader.
3. Enter the number shortner or navigate to download URL of the APK you’d like to install.
4. Download the app/APK.
5. It will open the download page so click on the app/APK.
6. Select install.
7. Eventually it will prompt you to the setting to allow the APK to be installed from an unknown source. Select yes if you indeed want to install the app/APK.
8. I had to switch back using the arrow button next to the home button and select install again.
9. Profit?? The app/APK should be installed now!!!

I want to note that if you want to uninstall the app, then you have to go to settings, apps, and then select uninstall. Pressing the white “ok” button only gives unknown apps the ability to open or move it’s position unfortunately. Also, please scan unknown apps on VirusTotal. I wish there was an online hybrid-analysis like site for analysing APK files but there isn’t as far I could tell. So, be wary of unknown apps.

To download an app/APK from Downloader’s number shortner on PC browse to https://afv.news/ in a web browser. Looking at the mainifest is a good start for analysis.

Also, yes, the Downloader app is on the Google Play Store once again, https://www.aftvnews.com/my-downloader-app-is-back-in-the-google-play-store-for-android-tv-google-tv-devices/.

You may be wondering, why v2.0? Well, when I was 13-16, I was obese too. I lost 105+ lbs by exercising. Unfortunately, after some adversity and personal issues, I’ve gained the weight back and then some.

I currently weigh 272 lbs and I’m 5’8. Havard’s BMI calculator signals that I’m indeed obese. I’m in my young 20s by the way. Back pain, and other things have justified to myself this unacceptable weight gain activities. However, excuses are BS, and this is unacceptable.

I can’t even walk without being winded. I’m changing my diet which has been enabling this unhealthy weight gain, and I’ll be exercising more. My goal is to return to a normal weight limit and disengage from self destructive bad self control judgement.

I created a Twitch channel (OG username. Twitch app on my phone claimed 3 char usernames are ok, but Twitch.tv on my laptop says 4 chars) and even streamed for a bit, but I used a bit of data, phone got hot and I feel uncomfortable sharing personal identifiable information, so I stopped.

Anyway, I hope my journey will be fruitful.

I stumbled on a bug in Crumbl Cookie’s Android app where if you select a custom tip amount, and select $0, then try to pay, it’ll give a payment related error. I verified this with two different payment methods, and when I changed the tip to $1 it worked. I’ve tried contacting them, but their Android email, but it bounced.

I’ve made some FOIA requests regarding a few OG computer related infamous groups/people and here’s what I’ve gathered so far.

Inner Circle, OG computer hacking group: FBI Inner Circle Vault PDF

John Mcafee: FBI Vault Part 1 awaiting part 2

Jerome T. Heckenkamp, affilated with Unix Terroist and other OGs: In-Progress

Operation Buccaneer, first US operation against Warez groups AFAIU: In-Progress

I lived in one of the largest cities in the United States for a year. Prior to relocating, I grew up in a small suburb. Here’s a few pros/cons that I gathered from my experience.

Pros:

Convenience of sidewalks for trekking, and walking to the ATM or to get groceries.

Very nice, cheap and convenient public transportation.

Nice views.

Occasional nice accessible events.

Cons:

Panhandlers, loud people on the train plugging their YouTube music channel, kooks, and solictors. Anecdote: Once had a person follow me for 2 blocks to solict me to donate to something for sports, assault me by touching my shoes (although complementing them) and then threaten to hit me afterwards.

Delayed, or filled public transportation (specfically around 0900 and 1700). Also, having to be wary of which train to get on based on reputation, and which car to get in to. The first car with the conductor and not looking anyone in the eye + not holding a cell phone was the advise I learned from Reddit.

Pet and sometimes human waste on the sidewalks. Lots of apartments around, so people obviously have to walk their pets to get exercise and use the bathroom. Even though they clean up #2, it still leaves a mark, and #1 is still disgusting. I wished everyone would just have cats.

High cost of living. High taxs etc.

Construction. Always seemed like something was being worked on and it’d be annoying to have to adjust my path home due to it.

Aggresive drivers. Having to be extra careful crossing the road, because some will ignore basic driving principles & safety. Lots of honking.

Moving. Having to reverse a parking spot to load my rented moving truck, and navigating the truck through tiny streets was not fun. I recommend buying a ubox or similar to move and to hire a Registered Mover [0].

I’ve since moved back to suburbia due to the cons listed ^.

1. DOT’s Moving Registry

Internships with pay data: https://github.com/qf0/qf0.github.io/blob/main/files/STEM%20Internships%20spreadsheet.xlsx Use H1B data, glassdoor, Linkedin, Google, or search the job description/law suits for pay data if it isn’t listed.

Blind top Leetcode recommendations, HackerRank, HackTheBox, Leetcode, Cracking the Coding Interview, Elements of Programming Interviews in n Programming Language etc. are still useful for Security Engineer interns, and/or full-time roles as you’ll see below.

From Google:

Career advice:

Parisa Tabriz

Chris Palmer

Foundational books and general infosec references: Counterhack Reloaded - http://www.amazon.com/Counter-Hack-Reloaded-Step-Step/dp/0131481045

Hacking exposed - http://www.hackingexposed.com/

Phrack ‘zine and back catalog - www.phrack.com

[Advanced] Silence on the Wire by Michal Zalewski

Security Engineering

Security Engineering by Ross Anderso

Web Application Security

Tangled Web by Michal Zalewski

Web App Hacker’s Handbook by Dafydd Stuttard and Marcus Pinto

Operating System Security

Mac Hacker’s handbook by Charlie Miller, Dino Dai Zovi

Cryptography

Handbook of Applied Cryptography by Menezes et al.

Cryptography Engineering by Niels Ferguson, Bruce Schneier, Tadayoshi Kohno

Applied Cryptography by Bruce Schneier

Reverse Engineering

Practical Reverse Engineering by Bruce Dang

Secrets of Reversing by Eldad Eilam

Assessments / Pen-Testing / Exploitation

[Assessment] The Art of Software Security Assessment by Mark dowd, John McDonald, Justin Schuh

[Exploitation] Hacking: Art of Exploitation by Jon Erickson

[Pentesting/Intro] Network Security Assessment by Chris McNab

[Malware] Practical Malware Analysis by Michael Sikorski, Andrew Honig

[Pentesting] The Hacker Playbook 2: Practical Guide to Penetration testing by Peter Kim

[Exploitation] Shellcoders Handbook by Chris Anley

Scripting/Coding

[Python] Violent Python: A cookbook for Hackers, Forensic Analysts, Penetration testers and Security Engineers by TJ O’Conor

[Python] Dive into Python and Dive into Python 3 [free e-books and exercises]

[Algorithms] Introduction to Algorithms by Thomas Cormen, Charles Leiserson, Ronald Rivest, Clifford Stein

Programming Pearls by Jon Bentley

Detection strategies https://www.sans.org/reading-room/whitepapers/detection

Well Known CTFs CSAW CTF: https://ctf.isis.poly.edu/

Plaid CTF: http://play.plaidctf.com/

Defcon CTF: https://www.defcon.org/html/links/dc-ctf.html

Hands on Security Challenges http://www.root-me.org/?lang=en

http://www.crackmes.de/

http://www.malware-traffic-analysis.net/

http://contagiodump.blogspot.com/2013/04/collection-of-pcap-files-from-malware.html

Training Courses http://www.sans.org/course/intrusion-detection-in-depth

https://www.sans.org/course/hacker-techniques-exploits-incident-handling

https://www.sans.org/media/security-training/courses/sec_essentials.php

Network fundamentals and protocols Various layers of the OSI (http://en.wikipedia.org/wiki/OSI_model) or IP (http://en.wikipedia.org/wiki/Internet_protocol_suite) models

DHCP, DNS, IP Suite, HTTP, etc. (there are too many protocols to list that are interesting or important)

Examples:

HTTP: http://www.tutorialspoint.com/http/

DNS: https://technet.microsoft.com/en-us/library/cc775637(v=ws.10).aspx

Identifying malware on the network + IDS signatures: https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

Malware Analysis: https://zeltser.com/mastering-4-stages-of-malware-analysis/

https://www.virustotal.com/

https://www.blackhat.com/docs/us-15/materials/us-15-MarquisBoire-Big-Game-Hunting-The-Peculiarities-Of-Nation-State-Malware-Research.pdf

Cryptography: http://www.cs.umd.edu/~waa/414-F11/IntroToCrypto.pdf

http://www.amazon.com/Applied-Cryptography-Protocols-Algorithms-Source/dp/0471117099

http://www.sans.edu/research/security-laboratory/article/hash-functions

Host forensics http://windowsir.blogspot.com/

Some miscellaneous topic agnostic resources: https://github.com/kbandla/APTnotes

https://www.reddit.com/r/netsec/wiki/start

http://www.covert.io/security-datascience-papers/

Some analysis of common mass malware and current events: http://malware.dontneedcoffee.com/

https://www.fireeye.com/blog.html

http://contagiodump.blogspot.com/

Tools: http://holisticinfosec.blogspot.com/

Meetups and groups: CitySec: https://www.reddit.com/r/netsec/wiki/meetups/citysec

Local Defcon: https://www.defcon.org/html/defcon-groups/dc-groups-index.html

BSides: http://www.securitybsides.com/w/page/12194156/FrontPage

From Amazon: Amazon loop interview prep: https://www.youtube.com/watch?v=Vh20A2TMVKE

Amazon phone screen prep: https://www.youtube.com/watch?v=A-SzF5xYJPY

Meta offical Security role prep:

Product Security Tech Screen Interview Prep Technical skills aren’t the same as interview skills, so even the most experienced engineers need to prepare and practice to do well in an interview. For example, it’s difficult for interviewers to get a clear signal on coding ability from someone who hasn’t practiced solving new problems under time constraints. This can make someone who’s simply under-prepared look under-qualified. This guide can help you plan, practice, and prepare for your initial technical screen at Facebook. What You’ll Find in This Guide: What We Look For How to Prepare How to Approach Problems During Your Interview What to Practice: An Example Tech Screen Study WHAT WE LOOK FOR Coding Communication. Are you asking for requirements and clarity when necessary, or are you just diving into the code? Your initial tech screen should be a conversation, so don’t forget to ask questions. Problem solving. We’re evaluating how you comprehend and explain complex ideas. Are you providing the reasoning behind a particular solution? Developing and comparing multiple solutions? Using appropriate data structures? Speaking about space and time complexity? Optimizing your solution? Coding. Can you convert solutions to executable code? Is the code organized and does it capture the right logical structure? Do you notice edge cases and failure scenarios? Verification. Are you considering a reasonable number of test cases or coming up with a good argument for why your code is correct? If your solution has bugs, are you able to walk through your own logic to find them and explain what the code is doing? Security Be able to identify security flaws via code review and demonstrate deep understanding of the issues found. We want you to be able to explain your approach to code review and explain the risk of each issue and how the issue might get exploited. Suggest fixes with practical security and defense-in-depth in mind. Here is a read on how Facebook

Designs Security for Billions (https://about.fb.com/news/2019/01/designing-security- for-billions/)

Topics that may be covered: Web Security OWASP Top 10 In depth understand of SOP (Same Origin Policy) CSRF XSS (Reflected and DOM) SQL injection HTTPS Cryptography: Encryption at rest and in transit Symmetric encryption and its applications PublicKeyCryptography and its applications Credentials (password) storage and Hashing Native Security Typical native code (C++) issues such as buffer overflows and how they’re exploited Use-after-free Integer overflows Leaking uninitiated memory Memory corruption Mobile Security OWASP Mobile Top 10 Platform security model and promises Access to resources and IPC from security perspective (ie. Data storage) Mobile app interactions (Binder/Intents or URIs) What should you focus on when writing secure apps Development lifecycle and eco-system (Google Play/AppStore) HOW TO PREPARE How to prepare for a security engineer interview tips

(https://medium.com/@eraymitrani/how-to-prepare-for-a-security-engineer-interview- 6cf1d84de22f)

Interviewers can only assess your skills and abilities based on what you show them during your interview, so it’s important to plan and prepare to best showcase your strengths. In addition to the preparation guidance below, this video: https://vimeo.com/357608978 (password: fbprep) will give you an example of what to expect during the coding portion of the technical screen.

Before you practice, plan! Be honest with yourself—only you know how much prep time you’ll need. Make the most of your prep time by following these steps to plan your approach with your recruiter before you start practicing. Schedule time to study and practice. For the security practical portion, you should be able to spot security issues in a timely manner and be able to explain the vulnerabilities and how to mitigate. Brush up on the security topics listed above if you need to. Revision and repetition will strengthen your understanding of core concepts. Use key practice strategies to practice effectively. Reading through sample questions, recognizing concepts, and having a vague understanding of these concepts won’t be enough to help you shine. You need to practice! Make sure you’re setting your practice sessions up for success by following these tips from engineers who’ve been through the process. Practice coding the way you’ll code during your tech screen. Use CoderPad.io if your interview is via phone or video call, or use a whiteboard or pen and paper if your interview will be in person. Check with your recruiter if you’re not sure which format you’ll use. Set a time constraint when you practice problems. In your tech screen, you’ll be asked to solve 1-2 coding problems in under 30 minutes. Code in your strongest language. Provide the most efficient solution and find and fix the bugs yourself. Practice talking through the problem space and possible solutions before you dive in and talk through your decisions out loud as you code. Interviewers will be evaluating your thought process as well as your coding abilities. Explaining your decisions as you code is crucial to helping them understand your choices. The more you practice this, the more natural it will feel during the interview. Understand the types of problems you may encounter Practice a variety of different problems—and understand why we ask them—so you’re prepared to solve them during your interview. Don’t be surprised if the questions sound contrived. Problems may be different than what you’re probably tackling in a day-to-day job. We won’t ask a “puzzle” question, but questions may be different than real-world questions because they need to be described and solved in 10-20 minutes. Problems may assess the depth of your knowledge and your versatility. For example, your interviewer might ask you to solve a problem any way you want. Then, they could add constraints on the running or space characteristics and ask you to solve it again. Problems may focus on edge cases. You might be asked to parse some data format or mini language. Your answers demonstrate your ability to handle multiple states in your head. Problems may test how well you know how things work under the hood. For example, you might be asked to implement well-known library functions.

Decide what resources you’ll use to prepare It’s easy to be overwhelmed by the number of online resources or the detail in an entire theoretical algorithms book. Here are some sites that our engineers found helpful when preparing for their coding interviews Top sites for practice problems from Facebook: Facebook Sample Interview Problems and Solutions Leet Code Video prep guides for tech interviews: Cracking the Facebook Coding Interview: The Approach https://vimeo.com/157480836 Cracking the Facebook Coding Interview: Problem Walk-through https://vimeo.com/158532188 The password is FB_IPS. Portions of the videos that cover soft skills tips may be more relevant for preparing for your onsite interview than for preparing for your initial tech screen. Example tech screen study list: See exercises below for an example list compiled from Facebook’s engineering team you can use as a starting point to help you prepare. Feel free to tailor it to your specific practice needs. HOW TO APPROACH PROBLEMS DURING YOUR INTERVIEW Before you code: Ask clarifying questions. Talk through the problem and ask follow-up questions to make sure you understand the exact problem you’re trying to solve before you jump into building the solution. Let us know if you’ve seen the problem previously. That will help us understand your context. Present multiple potential solutions, if possible. Talk through which solution you’re choosing and why While you code: Ask questions and plan your solution rather than jumping right into implementation. Explain your decisions to the interviewer and be open to feedback. It’s totally fine to present a rough solution in the beginning and iterate as you go. Defensive coding is important, but don’t focus on details to the detriment of the overall solution. If you’re not sure if a given error handling or edge case is important, ask the interviewer. Be flexible. Some problems have elegant solutions, and some must be brute forced. If you get stuck, just describe your best approach and ask the interviewer if you should go that route. It’s much better to have non-optimal but working code than just an idea with nothing written down.

Be open to changing your mind if you think you’ve started your solution in the wrong way and pay attention to whether the interviewer is trying to guide you to a better approach. Take the interviewer’s hints to improve your code. If you can’t remember the order or arguments to a function or its name, just say so, leave a placeholder and move on. Don’t get hunt up on syntax. Iterate rather than immediately trying to jump to the clever solution. If you can’t explain your concept clearly in five minutes, it’s probably too complex.

Consider (and be prepared to talk about): Different algorithms and algorithmic techniques, such as sorting, divide-and-conquer, recursion, etc. Data structures, particularly those used most often (array, stack/queue, hashset/hashmap/hashtable/dictionary, heap, graph, etc.) O memory constraints on the complexity of the algorithm you’re writing and its running time as expressed by big-O notation. Generally, avoid solutions with lots of edge cases or huge if/else if/else blocks, in most cases. Deciding between iteration and recursion can be an important step. WHAT TO PRACTICE: An Example Tech Screen Study List Everyone could use a refresher in at least one core area! Before your initial tech screen, brush up on CS fundamentals— especially algorithms, data structures, object-oriented design, and design patterns in general. Review foundational techniques—recursion, graph theory, combinatorial problems, and so on. Looking for more detailed guidance on what to review for your tech screen? The exercises below have been helpful for many engineers preparing for a Facebook tech screen and can assist you in solidifying your understanding of data structures and algorithms. Feel free to use this list as a starting point and tailor it to suit your areas of need.

Exercises Overview: Each exercise could take you up to one hour. These solutions are written in Java, but you will be able to use your language of preference in an interview. Remember how to analyze how “good” your solution is: how long does it take for your solution to complete? Watch this video to get familiar with Big O Notation. Note: These exercises assume you have knowledge in coding but not necessarily knowledge of binary trees, sorting algorithms, or related concepts.

Topic 1 | Arrays & Strings Exercises: A Very Big Sum (Warm-up, learning how to use HackerRank) Designer PDF Viewer Left Rotation Topic 2 | Lists Pre-work: If you need to familiarize yourself with how lists work, watch this video Exercises: Insert a Node at a Position Given in a List Cycle Detection

Topic 3 | Stacks & Queues Pre-work: If you need a refresher, take a look at this video https://www.youtube.com/watch?v=wjI1WNcIntg&feature=youtu.be Exercises Balanced Brackets Queue Using Two Stacks Topic 4 | Hash & Maps Pre-work: If you need a refresher, take a look at this video Exercises Ice Cream Parlor Colorful Number (This one might be challenging. Remember, if you get stuck, refer to our proposed solution.) Topic 5 | Sorting Algorithms Pre-work: If you need a refresher take a look at this video: Merge Sort Exercises: Insertion Sort part 2 Quicksort part 2

Topic 6 | Graphs (BFS & DFS) Theory: Watch this video to understand what a graph is and how to traverse it Exercises: Breath First Search Snakes and Ladders Topic 7 | Recursion Theory: Watch this video to review concepts on recursion Exercises: Fibonacci Numbers Solutions: All solutions are available in this public repository: https://github.com/lolapriego/coursework

Some folks started off by doing AOL/AIM hacking like Zuckerberg/ytcracker, but I got in to computer security at least the web application/PC side by discovering HackForums.net (HF) by doing a Google search for a “Hacking site” after watching a YouTube video about “Anonymous” or as I like to say now, “Anonymouse/Anonymoose”. I quickly signedup in 2012 after lurking the forums for a while. What is a “RAT”, or “botnet”? I wondered after seeing it on HF. Soon after, I had my Darkcomet stub, and a few infections by following a tutorial on HF with my home IP… I won’t say my handles, or any other PII, because my old posts are embarrassing, and I was a young skid (script kiddie) back then.

Also, because I naively paid for “1337” which was a pay to get title on the forums with my real name, and the DB was dumped later on. Krebsonsecurity later doxed Malwaretech and linked him back to his HF profile by people posting his dox in a thread there, and by searching the HF dump. I was very gulible and naive back then, and was exploited a few times. However, at least I learned a lot, and it started my interest in computer security non related to video games. Of course there was some video game cheating sub forums which I enjoyed browsing.

I befriended some people, which included a person connected to the Blackshades RAT which the FBI arrested. Also, Betamonkey (maker of betabotnet), and a few other botnet developers. Also I learned about “Booters” which would DDoS someone or a website offline, for a price. Usually a botnet with thousands of infected computers, and features like grabbing someone’s IP from Skype/Cloudflare real IP grab. There even were sellers selling infected computer “installs”, which where infected computers running their malware, but they would install your malware on there as well for a lump sum.

However, most “install” sellers would run their botnet’s own anti-virus/malware cleaner to get rid of your malware, so they could have it for themselves again. I also learned about cryptocurrently, and other psuedoanonymous payment methods such as Liberty Reverse which was shut down by the DOJ and other entities due to money laundering. Also “Lizard squad” members were also active on HF.

FBI recently posted on their front page that DDoS services such as Booters and “Stressers” aka legal guise similar to “remote support” RATs to sell illegal software/service that the ToS states is only for legal WhiteHat things. Which motivated me to write this blog post about HF. I learned about Exploit Kits, and I talked to a Russian government affilated seller of the orange exploit kit over XAMPP about renting it.

Looking back, I’m glad I never did any real damage to anyone, and remedied my ethics and maturity issues shorty after joining HF. I hope others are living more productive lives that I used to talk to. BTW, all things stated here are past the statue of limitations, and I have repented.

Like others, I emjoyed playing the 1st Watch Dogs game, and it’s UI that could remotely hack or utilize it’s facial rec system. So, I started thinking about how such a thing could be made possible by using OSS projectors which already has facial rec tech and things like reverse image search to make my own vision assistant thingy.

To emulate Watch Dog’s person info thingy, I could use facial rec, and then mobile data to reverse image search then scrape any social media where they have a profile pic on to grab their IRL name, handle, and if they have Linkedin they job title. Then perhaps use H1B or Glassdoor data to get their estimated base salary/TC like in Watch Dogs. Asking ChatGPT to summarize their Twiiter, or other social media post for quriks like “Posts about Sushi” would be a way to gather a qurik statement.

I watched Predator 2018 and saw that Predator’s UI can translate text in real time, and I thought about Yandex’s or Google Translate service. For a device to process this, I thought getting a Google Glass devkit or using cardboard to hold my phone and creating an app to use my camerea for input. I know that IL has laws against using biometircs, but other states don’t have laws for facial rec AFAIK. Of course, I’m not even sure if such an app could handle lots of faces on a Chicago, or NYC sidewalk and render in full-time.

I need to learn more about Kotlin/Andriod app development, and see if there’s a DirectX like library that I can use to draw HUD/UI elements, bounding boxes etc. Also how clear the picture of someone’s faces needs to be for an accurate reverse image search to match. Of course I’d like thermial like predator vision, but proper thermal imaging costs too much.

1. STEMCore (program to remedy needed STEM skills fast at select places).
2. Deep Springs College (small, but free)
3. Berea College (small, free for vast majority of students)
4. NSA CAE colleges

I recently noticed that Amazon now allows for consumers to enable TOTP MFA. For a while, I put off adding my phone number to force Amazon to send me email OTPs instead of SMS OTP, because of the fear of SIM swapping. Email OTPs are not that great either, but since I have a strong password and Google’s Advance Security, it’s better than SMS OTP IMO. Amazon doesn’t allow for adding a support phrase password like Charles Schwab does sadly.

Charles Schwab offers MFA via Symatec’s VIP mobile application, but there’s a GitHub repo to generate a TOTP key instead. Chase only offers SMS MFA, but allows U2F MFA for Buisness accounts, and presumably for their high net worth clients/JP Morgan Private Clients. I talked to the Chase CISO, and he stated that they are working on Chase app auth pushes similar to Duo Mobile, but it’s only available for certain people currently. I have Google Fi and since I have Google’s Advance Security, I feel a bit more confident against SIM swapping. However, the SMS could still be intercepted. Chase claims to offer support based password/phrase, but I haven’t been asked for it whenever I called their support in the past multiple times. Charles Schwab always asks for my support phrase/password, though.

Recently, I wanted to purchase a new pair of sunglasses, and I went down a rabbit hole. I thought I’d blog my experience. My last pair of sunglasses (Oaklyes) which I purchased when I was a teenager, became damaged on some parts of the lens. I figures I might could get it repaired, but they became a bit small for me anyways (I know I could’ve purchased bigger frames, yes). I started my search on Reddit, specfically the r/buyitforlife subreddit. I didn’t like the styles, but I saw some Mmilitary sunglasses which looked nice. After some Googling I found out about the military glasses specs and about OHSA’s z97.1 secure glass specs.

That brought me to looking at military spec and z97.1 approved sunglasses. Those specs are usually reversered for safety glasses, but I was interested in having secure/safe sunglasses. I discovered that Oakley, which is part of the group along with Prada, Ray-ban and other big namers have a monopoly for polarized sunglasses to an extent. has a military org entity. Some companies made them in the US to meet the US DoD’s requirements. Eventually I found the U.S. Army’s approved vendor for eyewear glasses and purchased one from Amazon (directly from Amazon), because I had to have a CAC/military ID to purchase directly from them.

Overall I like my cheap safe new sunglasses and enjoyed my journey about learning about this stuff.

On various forums, I’ve seen what appears to be a notion that simply scanning an unknown portable executable(PE) through VirusTotal, anti-virus, or Hybird-Analysis would detect all malcious programs. However, this is incorrect and I’ll explain why in this blog post. VirusTotal scans a PE through various Anti-Virus software. This will show if a PE matches a fingerprint related to know malware. This is called signature based detection. Signature based detection can be bypassed though. Methods such as packing, using a polymorphic engine, adding junk code, renaming variables, functiong, and/or encrypting/obfuscating can result in a new PE signature resulting in no detection.

Tailored malware made or modified for a target would also usually bypass signature based detection, and some advanced malware could it’s being ran through VirusTotal, and/or Hybird-Analysis and not run the malware’s payload. Such can be acomplished through fingerprinting VirusTotal system things like a Google IP, or OS license or such foruth. Or simply by adding an if statement delay to not run if the host OS’s clock is not matching a certian date. Behaviour based detection can be bypassed by also preventing execution of detection of analysis and by changing the malware payload’s options/methods. Anti-virus vendors usually grab the PE’s uploaded to VirusTotal and such for manaual or advance analysis for discovery of complex/new malware.

Running unknown/sus PE/files in a virtual machine (network off. Unless someone is willing to risk wasteing a VM escape 0day on you. Which can go for a bit of money based on Zerodium’s 0day price chart) is usually a save bet. Manually doing reverse engineering is the only way to truely know if a PE/file is malware or not. Reverse Engineering requires a lot of skill, and time however. Especially for black box (no source code) advance malware. Don’t always trust positive reviews of software online. There’s services to buy botted reviews/ratings and download points can be replaced with malware if someone hijacks a privileged account. Conclusion: Anti-virus, and online scanners such as VirusTotal can be fooled. Manual reverse engineering is the only way to know for sure if a PE/file is safe.

SandboxEscaper had a really useful and nice blog post on finding vulnerabilites, but it appears to have been deleted unfortunately. I’ve tried using archive.org/archive.is to find an archived copy of it, but it was fruitless. I thought posting what I recall from it might be useful for others.

1. Manually searching might lead to some vulns that aren’t found with fuzzers or scanners that most other researchers use.
2. Testing if n-days were actually patched, and looking for bypasses might be fruitful.
3. Looking around where 0/n-days where found in the past might be fruitful.
4. Reading writeups from respectable researchers such as Project Zero members to learn and try to build an exploit from past n-days.

My tips: Read Windows Internals (the book), WinAPI (Microsoft Docs), Intel’s assembly manauls, and Practical Reverse Engineering (book).

I currently have a mid 750s credit score with a few years of credit. When I was first starting out, I had no job and was in college. I did some open-source intelligence to gather information on what I should do, and mistakes I should avoid. Generally, I like to learn from the mistakes of others rather than learn the hard way. One Reddit user stated that getting a secured card would be easier for college students, and I applied for some, but I got rejected due to not having any credit and not working. Finally, Discover took a chance on me and gave me a small limit credit card. After I got that I called their support to get a support password added to my account, and to request a certian type of card style with good points.

One thread gave the advice of getting the statement date, and due date. Then paying all of the balance expect less than 10%, so the statement will show 10% or less than utilization percentile and thus give a higher FICO score. That method has worked very well for me. Also not missing a due date, and paying on time or setting up payments. Though that requires you to have the money to be able to pay that amount off etc. The interest rate seems higher than credit union rates, so if I wanted to borrow money, then I’d recommend going to a credit union.

Useful FICO Score Reverse Engineered Posts:

• FICO 8 Reverse Engineered Reddit Thread
• Fico Forums Reverse Engineered thread

NSA phone hardening guide(imessage/facetime seems to be common attack vectors, so disabling those on iphones would be wise, but disabling those exculusive features sort of defeats the purpose of having an iphone.)

Sim swapping migration: Google Fi with Google’s advance security enabled. Mint might be an option as well (if they use TOTP etc.) and their support security.

Librem phones, GrapheneOS, Replicant

Phone/sms spam migration: enabling block calls not in recent call log/allowlisted in contacts. [Apple’s KB article on how to enable message unsolicted call feature] (https://support.apple.com/en-us/HT207099) [Apple’s KB article 2] (https://support.apple.com/guide/iphone/block-filter-and-report-messages-iph) https://www.fcc.gov/call-blocking https://www.donotcall.gov/ Might could register a phone number with Twilio to give out/sign up and then set up to forward to real number. https://www.twilio.com/labs/twimlets

Calisthenics is used by the military while doing PT, and I recommend it to others. Below is a few links to the Navy’s public calisthenics PT guides/training programs. https://www.sealswcc.com/training/navy-seal-swcc-physical-training-guide.html

https://www.navyfitness.org/fitness/noffs-training

I decided to write a post about how to prevent identity theft or well do the most you can do. Register an account on irs.gov, ssa.gov, signup for incoming mail notifications from usps, fedex, dhl, and ups. Enable MFA (TOTP or physical token based) on all accounts and use randomly generated passwords from KeePass or another secure password manager. Freeze your credit at big 4 credit bureaus and other places that allow you to do it like KYC places etc. [1]. Shred documents with PII/PI with a microcut shredder. Don’t give PII/PI to unsolicted vistors/callers. Never give out your SSN to anyone that doesn’t need it or to shady sites.

This is helpful as well: https://uit.stanford.edu/security/identity-theft

1. https://www.consumerfinance.gov/consumer-tools/credit-reports-and-scores/consumer-reporting-companies/companies-list/

The drinks are overpriced and the bar staff like forces you to purchase a drink. Also the fact that you’re trusting the bar tender or anyone else not to drug your drink. The job requirements to become a bar tender is low afaik and there’s usually no background check etc. Plus the work itself is usually sketchy.

It’s hard to even have a conversation because the music is usually so loud. People usually go to bars to have casual sex or to drink with other people, but usually unruly people gos to bars so it isn’t attractive to me.

When you drink at home you don’t have to worry about how you’re going to get home or someone taking advantage of you.

The membership fee is usually some ridiculous amount like $100 and some gyms try to cajole you in to singing a contract.

Most gyms have such a high amount of traffic that you can’t really workout without someone stealing the machine you’re using etc.

Working out at home is the cheapest and best option in my opinion. You can do calisthenics at home which is the natural way to work out. Plus you don’t get pressured to purchase stuff and get odd stares etc. The U.S. Navy has a mobile app that has workouts and nutrition advice etc. https://www.applocker.navy.mil/#!/apps/EA7A70B4-50E4-44D2-8362-5BCC2296D49F.

I’m going to talk about the different type of k-12 schools, and colleges there are. Mind you I attended a private university, public college, public k12 school system for a while, and private k12. So I might have some biases.

So, public k12 schools quality seem to vary by the location. From my personal experience my k12 education wasn’t great. There are non profits that pay teachers more money to decrease the turnover rate(https://en.wikipedia.org/wiki/Math_for_America), and teachers for america that place competent teachers in schools that need them the most. https://en.wikipedia.org/wiki/Teach_For_America

So, there’s different types of private schools. There’s private homeschools, and college preparatory schools(https://en.wikipedia.org/wiki/College-preparatory_school). I personally think that homeschooling the best option in this day and age. It’s cheap (depends on if one parent can afford to be home, or if a tutor could be afforded.), and generally provides a higher quality of education. Many of the IMO, and Mathcount winners were homeschooled. Reid Barton was homeschooled, and later went on to earn his doctorate in Mathematics. There are tons of high quality open educational resources like OpenStax, or Khan Academy that can be used as a homeschooling curriculum. There’s also good books that can be purchased for homeschooling (Art of Problem Solving books etc.). John Holt was an advocator for homeschooling. He attended Exeter (a prestigious college prep school), studied at Yale, taught k12, and servered in WW2. I recommend reading one of his books, or watching one the YouTube videos with him in it. Stanford has a online high school (https://en.wikipedia.org/wiki/Stanford_University_Online_High_School), and some universites have privacy lab schools. Khan Academy just opened their own lab school (https://en.wikipedia.org/wiki/Khan_Lab_School). There are selective private kindergartens https://www.imdb.com/title/tt1270833/.

Diplomia Mills etc. Avoid.

Community Colleges are a great option for a lot of people. You can take general education courses there for cheaper than at a four year college, and then transfer to save money. Community Colleges are funded by the community, or state. Most provide free GED preparation, and a course to learn English.

Some can be worth it. Just make sure that you pick a in demand major. There are colleges that offer cheap or free tuition. Olin College of Engineering, Deep Springs College, Caltech, Harvard, and Stanford.

Diplomia Mills etc. Avoid.

So, this blog post is going to talk about computers affect your health. I’m primiarly going to focus on the physical aspects.

Laptops have a small screen, touchpad, and keyboard. Therefor making you violate ergonomic guidelines. They’re convenient, and portable. However, what’s the convenience worth if they cause you pain? I recommend reading the following Harvard Medical School articles to read more about this. https://www.health.harvard.edu/pain/prevent-pain-from-computer-use https://www.health.harvard.edu/pain/pandemic-posture-hurting-your-back-you-can-fix-it

Have you ever bumped in to someone on the sidewalk that was walking while texting? Or that you almost ran over while cyling, or driving? Well even if you didn’t you can still get my point by reading these articles. https://www.fcc.gov/distracted-walking-campus-concern https://www.standard.co.uk/news/crime/cctv-footage-shows-how-distraction-thieves-use-trick-to-steal-your-phone-in-seconds-a3455111.html They cause deaths by texting while driving. https://www.nhtsa.gov/risky-driving/distracted-driving Phones also cause bad posture and therefore are egronomic. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6527223/ Phones are also harmful to children. Even though most parents use phones as a pacifier. https://www.youtube.com/watch?v=BwyDCHf5iCY The legal age, and most terms of service requires people to be at least 13 years of ago to register on many websites. Which I assume Apple has a similar requirement.

PCs are bad ergonomically. https://www.health.harvard.edu/pain/prevent-pain-from-computer-use Tower PCs are often heavy to carry. CRTs monitors are very heavy.

So, I recently moved across the country to a new city. I’m going to be vague about where I moved to due to fears of harassment, doxing etc. Also because I’m a private person. I feel comfortable sharing vague details about my moving journey to my publicly viewable indexed blog. I was working remotely for my current employer. Then I decided to relocate to a big city. I can work remotely from anywhere I want. But I picked a big city due to being sick of living in rural areas. Though I briefly lived in a medium city. Though it still felt like where I lived before. While just being more expensive. I virtual toured a few different apartments, and studios.

Finally deciding on this one place with cheap rent, and it’s near public transit. So after I found where I wanted to live, I started to do research on what would be the cheapest way to get my stuff, and myself there. I looked at the U-Hual box thing, moving companies, and different rent a truck companies. Finally deciding on a reputable truck rental company. Some of my family dumpster dived for cardboard boxes. Then It took about 1 and a half hours to load everything in to the truck. Then it took me a day of driving, night stay, and two more hours of driving to get to my new home. I speedran my moving journey, haha. I only stopped to use the bathroom twice. I wouldn’t recommend it to others. I do recommend getting insurance on the moving truck though. I had a few scares along the way. Especially driving in big cities. I was very scard while driving in cities. Since I didn’t have much prior experience driving in big cities before. But after all I made it in one piece, and on time :).

• Quantitative Trading Summary by HeadlandsTech
• Jane Street talks
• The Man Who Solved the Market: How Jim Simons Launched the Quant Revolution
• When Genius Fails
• More Money Than God

Screenshoting and recording:

• Google’s Official Recorder
• Chromium Flag Shortcuts/keybinds:
• Shift & ? to show menu of keybinds in gmail.

• Aaron Swartz’s resume 1
• Aaron Swartz’s resume 2
• Steve Job’s resume
• Reid Barton’s resume
• Sergey Brin’s resume
• Singapore’s kid resume/site
• Philp Gale’s resume
• Dr. Whalen RenTech resume
• Dr. Frey’s RenTech resume Community College -> PhD -> RenTech

• Stephen Glass
• https://web.archive.org/web/20051027050024/http://www.aaronsw.com/weblog/001616
• https://www.thecrimson.com/flyby/article/2010/5/24/yale-later-harvard-caught/

• OG School Stuff
• OG School Stuff //todo: find and add all of his Stanford posts, academic research fraud, and Google locking his account (2006 est.).

• Microsoft’s docs
• The C# Programming Language
• C# in Depth by Skeet

• C++ Concurrency in Action
• Effective Modern C++
• Google’s C++ Style Guide
• The C++ Programing Language

//Add Herb Suter Books and the C++ book by the creator for his Texas college course on C++

• K&R/The C Programming Language
• Caltech’s link to C style guide
• Modern C
• C A Software Engineering Approach
• Expert C Programming: Deep C Secrets
• Caltech’s CS 11
• Effective C
• Secure Coding in C and C++
• CERT C Coding Standard

• The Java Programming language
• Effective Java
• Elements of Programming Interviews in Java
• Intellij/Eclipse are good IDEs. I perfer Intellij

• Learning Python
• NSA FOIA’s internal Python course

• The Art of Computer Programming
• Oxford’s Computer Science reading/resources
• Practical Reverse Engineering

//Add the good windows debug book. I think it was called something like Windbg advance or something. It isn’t Windows internals.

• GiveWell
• Effective altruism

• Charles Schwab Investor Checking (No ATM fees + offers MFA)
• Pentagon Federal Credit Union’s Saving Account (0.45 APY)
• Marcus by Goldman Sachs 0.50 APY + offers MFA
• Capital One’s 3.30% APY!

//i-savings bonds/some CD rates seem better

• US Goverment’s Consumer Site
• US Goverment’s Investor Site
• IRS Site Identity Protection PIN
• US Goverment’s Identity Theft Site
• IRS Tax Payer Advocate
• IRS Free File
• IRS/Treasury find CPA etc.
• Natural Diaster prep
• US Labor rights

//Add myg0t/half life 2/Valve things, and ytcracker/cam0 (currently works at Amazon)

• Jerome Heckenkamp/Unix Terrorist story TODO
• UGNazi hacking group
• Out of the Inner Circle
• Wired’s Cosmos story
• Xbox Underground
• Inner Cricle
• The_414s
• The Masters of Deception
• Stanford’s Data Sanitization guide
• Columbia’s Travel Security Guide
• Qube’s site
• Microsoft’s Safety Scanner
• Microsoft’s Security Blog
• KrebsonSecurity
• AOL Underground Podcast
• Darknet Diaries
• secret.club //whoops I thought I’d already added this
• Eaton Works Blog //Super talented

• Department of Education Accreditation Search
• Find Community/City College by State
• Department of Education College Scorecard

• Julia Fox
• Thomas Sowell
• John Holt
• Moral of mazes
• Nickel and dimed
• Reid Barton
• Jack Parsons
• John Mcafee
• George Hotz
• Aaron Swartz
• Martin Shkreli
• David Goggins
• Jim Simons
• Kate Warne
• Lynn Conway
• Herbert O. Yardley
• Agnes Meyer Driscoll
• Elizebeth Smith Friedman
• Genevieve Grotjan Feinstein
• Ann Z. Caracristi
• Grace Hopper
• Ada Lovelance
• Évariste Galois
• Paul Morphy

• The Babadook
• Sinister
• V/H/S

• Orange is The New Black
• Hot Fuzz
• Predestination
• The Prisoner
• The Simpsons
• Community
• The Good Place
• The Wire
• The Sopranos
• Garden State 04

• Open Library
• WordCat
• isbn.nu
• isbn search (Found on Stonybrook’s website)
• Sometimes a local library can get a book to loan to you.

• Google Fi
• Google Fiber
• Google Advance Protection
• Mint Mobile (cheaper than Google Fi and offers TOTP). Might be vulnerabile to t-mobile sim swapping by a retail employee. Since Google Fi uses T-Mobile and another phone network I’m not sure if it would be possible for a T-Mobile employee to sim swap a Google Fi subscripter.
• US Mobile is as cheap at Mint Mobile as well as offers various sim swap protections + unlimited data.

• Missing part of my CS education
• teachyourselfcs
• Jane Street’s interview prep weblog post
• Another Jane Street weblog post about interviewing
• Two Sigma interview prep
• Google’s interview prep
• Meta’s interview prep
• interviewcake
• leetcode
• elements of programming interviews books
• purple squirrel book

Referrals help you start the interview process faster and might even bypass some steps in the process.

• refer.me
• teamblind.com Good to register even if you’re interning. They don’t check if an email address is now invalid.

• Hacker News
• Art of Problem Solving
• OpenStax
• Khan Academy
• Superuser
• MathOverflow
• Financial Times
• The New Yorker
• Quanta Magazine
• Spectrum News
• TorrentFreak
• Slashdot
• Boing Boing

Some of you may know, that modern cars can be as much of a security threat as a smartphone. If not, you can check out this forbes article , or this techdirt article to learn how modern cars share your location, and can be used as a listening device. OnStar, SirusXM etc. Have been used by the feds/LE against criminals. Of course I’m not a criminal, but I’d definitely like to disable this feature. To keep my conversations, and location within my car private. In one case in the above articles, a driver didn’t even pay for OnStar/SirusXM. However the feds were still able to listen remotely by the in car microphone.

Few ways come to mind to accomplish this. Physically removing, or disconnecting the microphone, and OnStar etc from my car comes first. So, of course I’m not a mechanic. So I started to think of other ways to do it. I was reading my car’s manual, and stumbled on the fuses page. I found OnStar/SirusXM, located my fuse box, and simply removed the fuse. I tested a OnStar/SirusXM feature, and it didn’t work. Success! However, there are a few down sides of disabling OnStar/SirusXM. Such as the USB ports in my car no longer work, so I can’t charge my phone or listen to local media. Convenience, or privacy I suppose.

I’ve actually disabled this in my car multiple years ago, just got around to writing this. Of course I would like to physically remove the microphone etc. from my car. However, like I said, I’m not a mechanic. I don’t want to brick my car either lol. The simplicity of plugging the fuse back in to re-enable such features is nice as well.

I feel like Cryptocurrency is very mainstream these days. In almost any gas station, or grocery store there’s a BTC ATM. I was shopping at a local rural grocery store, that doesn’t even have a “normal” ATM mind you. Now has a BTC ATM. I was somewhat taken by surprise. This post will mainly talk about history of Cryptocurrency, U.S. Law Enforcement etc. The first sorta Cryptocurrency I used, was LR (Liberty Reserve). I was purchasing something from a persob, who requested funds be sent by LR. I’d heard of LR prior to that transaction, however I never used it. I’d previously used such online payment services, such as PayPal, Western Union etc. Anyhow, so I created a account, used a card to buy virtual currency then sent it the seller. I never used LR much after that. Until my PayPal account was “Limited”, meaning that I was no longer allowed to register new PayPal accounts, Send or Receive money. Due to breaking PayPal’s ToS, being underage.

So after that occured(PP being limited), I made the switch to using LR for most, if not all of my online transactions. LR also had other benefits, such as not giving any of my PI(Personal Information) to the seller. Also allowed me to buy stuff even though of the underage part, ha. After a while though, I used LR less and less. Moving on the other things in my life, that didn’t require, or accepted LR for payment. After a while a online acquaintance told me about BTC (Bitcoin). I disliked that there was a delay in the transaction being sent. However, other than that I liked it. Mind you, this was when 1 BTC was worth like $10-100 USD. So BTC became my new method of buying/selling stuff online. I didn’t understand much about how the price rises, mining etc. Just that there was a delay, and no PI was disclosed, and it wasn’t a scam, ha. I would buy BTC from “online friends” in exchange for gift cards etc. However after a while, I again moved on in life. To stuff that didn’t require, accepted BTC to buy stuff with. So I sent my friend all of my BTC (Don’t know how much I had), and deleted my wallet information. Some years later, when BTC was around $300 USD. BTC, once again attracted my attention. BTC started to gain more of my attention.

Anyway, eventually LR (Liberty Reserve) got shut down by the feds. I thought the BTC dev(s), who controlled most BTC would’ve been charged, and the feds would crash the market or something. However, that day never came. So yeah, then BTC rised to 18k usd for 1 coin. Lot of main stream attention and stuff. Since then, ETH, Bitcoin Cash have been released. Which are improved versions of BTC.

Peter Thiel recently said in an interview, and talked about cryptocurrency. Thiel said in the interview that he thinks that E-Gold may have inspired for BTC to have been created.

Thanks for reading.

Sim swapping is a modern attack to hijack peoples accounts. In this post, I’ll discuss ways to reduce your chances of being SIM swapped.

SIM Swapping is done whenver a attacker uses Social Engineering to convice a phone provider to swap your phone number to theirs. Or by a employee that is paid to do so internally.

Try to keep your online indentiy seperate from your real life. Most people who are SIM swapped are crypto users, who post on forums talking about crypto etc. Sometimes sites get their database dumped with emails, names etc. Use different alias’s. Use different emails. Change your phone number often. There are tons of sites databases being dumped often with personal information. Register your phone under a different name, or use one just for bank/coinbase 2FA. Have seperate for one social life etc. camo Famous case of hacking Paris Hiltons phone, by pwning phone company then just looking her up by her real name. Who might I add, is currently in jail again. Have a phone provider such as Google Fi (tied to your Google account), Verizon, or t-mobile. Or a sat phone provider. Who have serious security teams, and proccesses who can help victims that have been SIM swapped.

In a Reddit AMA (Ask Me Anything), former AOL’s CEO Steve Case confirmed that Mark Zuckerberg was an AOL hacker. By stating the following to someone who was apologizing for their role in the AOL hacking scene:

Yikes! Well, I’m glad you got this off your chest! 🙂 The hacking of AOL was a real challenge for us. As AOL grew in prominence, it became a big target. 
Of course, some of the hackers have gone on to do more productive things. It sounds like that is the case with you, and 
it also was the case with Mark Zuckerberg! Went I first met him 6 or 7 years ago he said he learned how to 
program by hacking AIM! But, thankfully, rather than focusing on bring AOL down, he shifted to build Facebook up! 

There’s also comments on the Reddit thread by ytcracker etc. I presumed this story would’ve gotten published by major digital media sites by now. However, only one blog posted about this in 2014 that I could find. Myspace Tom was also a hacker back in the day.

Like many others, when I was younger. I owned a Xbox 360 console. The Xbox 360 is one of the most popular game consoles in the past decade. With 85.50 Million units sold. Like any other gaming scene, there tends to be some sort of underground cheating scene, and typically game development company would have a dedicated anti-cheat team etc. The Xbox 360 was no expection. Like the orginal xbox. It was eventually pwned. Hackers found ways to execute unsigned code. If you’re interested in learning more in-depth how the Xbox 360 was pwned, or more about underground Xbox 360 stories. You can do so here Wired Article Darknet Daries Series. This blog will focus on counter measures that Microsoft used to try and catch hackers.

In 2008, when the NEX dashboard was relased. Microsoft deployed a fingerprinting technique to try and identify some hackers who posted videos of them hacking. Hackers often had game capture cards that would directly capture dthe isplay of their xbox 360, record videos and publish them online. Typically an average video would display booting up console, loading a game, then loading in to a match. I overlooked this when I was younger, and recently just noticed it. The Xbox 360 logo on the Dashboard (Main Menu) prints the console’s serial number in morse code with rings around the logo. Which is very clever on Microsoft’s part. Xbox 360 underground hackers would often censor their gametag, and other identifiable information prior to publishing cheating, or hacking videos. Although most forgot to censor the logo area. Some Xbox 360 underground hackers back in the day, received cease and desist letters from Microsoft. Some got their development kit, or console bricked remotely. Most just got banned. I wonder if this fingerprint method was used to identify some of them.