From an infosec perspective, this year was the bee’s knees. I managed to attend OWASP AppSec California, SBCTF, LayerOne and ShellCon, but sadly I missed DEFCON. The best training that I took this year was also the cheapest, Aaron Guzman’s (@scriptingxss)) IoT Firmware Exploitation and Reverse Engineering Training thought me a lot about IoT security. I earned three more certifications: eCPPT, CCSK v4 and OSCP. I also had SLAE planned for this year, but the last two assignments are unfortunately not too exciting, so I’m still dragging my feet there. The highlight of the year was a whole week of threat modeling on a “new” product, which gave me the opportunity to meet smart people and ask questions about their craft. I also achieved first place on the SBCTF ‘18 with the clusterduck team. My only regret is that I spent too little time on IoT/hardware hacking, but at least I managed to set up my lab.

Music-wise, I started the year with a Digitakt, but after the vaporware Overbridge support I sold it and promised myself not to buy Elektron products for a while. I switched to Bitwig Studio from Ableton Live because Linux. I still hate their subscription based pricing model, but the DAW matured a lot and the new modulators are game changing. I also started using u-he Zebra2, Hive and BazilleCM instead of NI Massive and other Komplete synths. I’m still using Reaktor though, there are some really exotic ensambles that would cost an arm and leg if they came in a plugin form. Unfortunately, I didn’t spend enough time on making music, but I wrote a new song for a compilation, so that’s nice. The distortion is really fuzzy.

Next year, I plan to do more appsec, more travelling, more music and MORE EVERYTHING.