Hi, This is Brian Cao. I go by both Haoying and Brian. Welcome to my website!
Hi, This is Brian Cao. I go by both Haoying and Brian. Welcome to my website!
I'm a recent graduate from University of Michigan with a computer science degree. My goal is to gain an initial foothold (get it?) in the field of offsensive cybersecurity.
Besides that I am also interested in Linux, computer hardware, and Free Software. The goal I have for this website is for it to become a place for me to record my journey as I become a professional. This will include things like the various writeups I did for hacking challenges, updates on my homelab project, as well as tips for passing various certifications.
My first awareness of cybersecurity began during my senior year in high school, when I fell victim to a phishing campaign and had my social media account taken over. I realized that hackers didn't just exist in the news, but in our daily lives. I started taking steps to improve my digital OPSEC. I switched from Windows to Linux, started using secure browsers and a password manager, as well as limiting the information I share on the internet. This is when I stumbled across YouTube creators like Mental Outlaw, who often talks about the latest cybersecurity news and dives deep into how cyber attacks actually happens. His videos piqued my interest as I started to think about digital security from a more systematic approach.
What truly put me on the path to choose cybersecurity as my desired career is the computer security class I took in my university. The class was taught by Professor Alex Halderman, a famed election security researcher at U of M. He not only explained common exploitation techniques in a clear manner, he also challenged us to get hands-on with these techniques. But most importantly, I walked away from this class with an attacker's mindset. Security is a relative and often situational notion, and it is often held up by assumptions in the system's design that is both implicit and explicit. Someone with an attacker's mindset would think about what assumptions uphold security for a particular system, and how these assumptions can be easily broken.
With this mindset of an attacker, I began diving deeper into the world of penetration testing, the field where organizations hire professional ethical hackers to breach into their systems and give a detailed report of how it is done and what the organization needs to do to fix their system. I think this is the field where I can put my attacker's mindset to good use and provide the most value for the industry. I first obtained the eJPT certification, which is a junior Pentest certification that lays down the penetration testing methodology consisting of gathering information and finding vulnerabilities, exploiting vulnerabilities, escalating privileges, maintaining persistence, and repeat. Then, I took on the much more challenging OSCP. From failing the exam once and then succeeding several months later, I learned about Offsec's try harder philosophy for pentesting. It's about keep trying when you can't find a vulnerability, or when the exploit wouldn't work. This is when grit is needed to push through the difficult part.
With an education from a world-class university and several industry-recognized certifications under my belt, my future plan would be to develop more personal projects and rekindle that curiousity that I had when I first step foot on the path of cybersecurity. This website will be the platform that I show off my latest progress, so expect interesting stuff coming down the pipeline soon!