Interview with Ryan, aka Totally_Not_A_Haxxer: The 17-Year-Old Cybersecurity Whiz
At MyHackerTech, we’re always on the lookout for rising talent in the world of cybersecurity, and today we’re thrilled to introduce Ryan, better known by his handle, Totally_Not_A_Haxxer. At just 17, Ryan has already carved out a niche for himself as a cybersecurity researcher, specializing in reverse engineering, quantum theory, and development.
In this interview, Ryan steps away from his usual deep dives into innovative projects and takes some time to share his journey with us. With experience spanning everything from developing his own programming language and custom-made ciphers to implementing hybrid cryptography and creating automation frameworks, he’s made a significant mark on the field. Not to mention, he’s also built exploits for gaming applications and has a passion for reverse engineering.
Today, we’re going beyond the tech to get to know the mind behind the code. Let’s dive into Ryan’s world and see what drives this young cybersecurity expert!
Hello there! My name is Totally_Not_A_Haxxer, but you can call me Ryan as that is my real name. I am a16-year-old cyber security researcher who has dedicated his time specifically to reverse engineering and other various fields like quantum theory, development, and more. Today, this is going to be a different article. Instead of telling you about some crazy schizo project I have planned, talking about some weird design, flaw, theory, or something insane, I want to talk a little bit about who I am!
For those who may not know where my experience lies ( primarily get into that in a second ). I have developed and worked on multiple security research and development projects such as my programming language, custom-made ciphers and even hybrid cryptography implementations, and automation frameworks to automate security research, and I have even had a heavy past of experience within reverse engineering and building exploits for applications like games! Before we flood all of this out let's get into answering those questions (^_^).
How did you get started in cyber-security? When did you first become interested in hacking?
When I was about 13 years old and in middle school, I kinda felt that the world around me was not explained enough, and given I was having trouble making friends I eventually had to do something to satisfy the time and annoyance I was suffering through at school. At that same school, I was seriously considered an “outcast” of some sort, the kid that everyone picked on for no reason and the kid that had no brains or no money.
One day I had someone come up to me who long story short was a game cheat and exploit tester. He would get paid to test game exploits on the current popular games played by people the most. He then told me that I and he could work together and make an insane amount of money weekly if we continued to test applications for those people and then, later on, get access to source code and later build our brand and make triple.
For context, this person was also considered to be an outcast and despite knowing some kids mostly kept to himself. As I and I start talking we keep talking every night on voice calls or sessions for hours and sometimes legitimately day on breaks the school gave to people. From here we continued to test game cheats and then continued to work for those same people.
One day, the people on that same team and organization ended up having all of their information leaked. This happened because a more prominent organization that has been developing cheats for quite a long time figured out that the developers me and my friend at the time worked with were stealing source code, changing very few things, and then just re-selling it for an insane amount of money depending on the game. Those same people when they got doxxed also ended up getting swatted. After that, I logged off, for good and was sure I was not going to get back online.
However, despite me being left with this insane amount of paranoia that made me feel like I could not even walk outside ( worried I was going to get arrested, swatted, or even caught by something ) due to the result I eventually got back online and started kicking everything back up again. I found out that I had a deep passion for the cyber security field and caught this wild obsession of trying to understand applications. I got my first computer and built it in 2020 and realized I finally had the potential to do something great. I downloaded the first Linux machine I have ever installed or tried out which was ParrotOS.
From there I started listening to and watching videos from NullByte and AlexLynd which gave me a good interest in the program and a better understanding of applications. Eventually, and again, long story short; I fell in love with cyber security through the world of game hacking, then went deeper into applications which led me to reverse engineering and building exploit code for games like CSGO, Assault Cube, Fortnite and even R6 ( Rainbow Six Siege ).
I might not have been good at reversing the applications and especially when I started I would just copy and paste code, but eventually after recapping what happened to those experiences I had in the very beginning that I made this weird promise to myself that I would never copy and paste code and never just paste some random command into my terminal without knowing exactly what it does. From there I did not do much until I did turn about 15.
The game hacking got me into the world of cyber security and gave me a sense of understanding and wonder as to how you can take an application that you could barely read or translate and then continue to manipulate it in a million different ways. Then when I was 15 I started taking things fully seriously, studying topics like web security, binary exploitation, RE, malware analysis, development, and so on from there almost every single day I could and every hour I could.
What is it you like about hacking/security compared to other areas of IT?
I specialize in the field of RE otherwise known as Reverse Engineering. I felt that this field stuck out to me as a developer already since I knew how applications worked based on development experience and would then go be able to dissect the internals of them. If I look at other areas like tech support and other fields that are your more popular fields, I always felt that I would not get directly what I wanted out of them.
Reverse Engineering teaches you important aspects of applications, how they truly work on a lower level and it can even give you knowledge logically of how specific applications operate with other environments. For example, you may see a game such as Fortnite and only think that there is very minimal activity happening on the operating system other than networking and graphics. When you disassemble the application and learn all the ins and outs of it you seriously get this slap to the face that tells you how much goes into applications.
Not to mention RE also gave me an amazing base for other fields such as web security. Since RE is one of the lower fields in technology similar to hardware hacking, it can put this system in your head that allows you to better analyze other fields and learn much quicker. I sometimes like to even tell learners who are starting RE that it can be like driving a truck. If you can manage to drive this huge truck and learn all of the mechanics, despite it taking some extra learning you may be able to drive a smaller car much easier and learn the mechanics since you are already used to more complex mechanics.
Reverse engineering is just one field out of thousands of fields of hacking, and hacking just alone teaches you so much about how computers work internally, what goes into them, how much it takes to program them, how much it takes to discover complex modern-day vulnerabilities and just how specific systems work such as networks, protocols, authentication systems and even protection systems that do their best ( in some cases ) to protect the end user.
What skills do you think are important to be successful in cybersecurity?
This question I always find can be very fluid, as technically speaking success can mean many different things to different people. However, when we mean genuine success and we talk about having a good job and still managing to make a difference in the cyber security world; I would say the most important base and skill set that anyone should have is an intermediate skill set about computers, applications, web applications and of course networking.
Even when it comes down to the skill-set directly it may depend on what your field is, cyber security is such a vast field filled with so many different groups, jobs, tasks, and even goals so it truly is hard to say without directly pinpointing a job. I will say though, again, everyone in the cyber security realm should at least have fundamentals down of computers, the technology around them in the field they are studying, and have constant awareness about the environment or technology around them.
This is because tech constantly grows, one minute you can have a book talking about Ghidra and good methods for reversing malware- the next minute that book becomes outdated and immediately tossed to the side by another one. I should also mention that because cyber security is such a big field of technology with many “umbrella” fields, it is important to stay curious and keep your head on a swivel. If you sit and just stay static in one field, that is amazing but you will lack skill in a TON of other areas and may even fall flat when changing jobs and heck some jobs you might not even be able to do without experience in other fields.
What types of resources have you found most useful for learning security? (Videos, courses, blogs, qualifications)
When I started in cyber security and even current to this day resources are hard. I discussed this with many different course developers, current programmers, and even experts in the cybersecurity field and they all noted one thing. Much of the information you see might be considered to be cookie-cutter.
However, for me, I just had to use Google to find articles or blogs to expand my knowledge. The type of resource will also change per person, for example; during my reverse engineering classes I teach and private sessions for educating on various topics such as digital forensics, some people mention that articles or books may not work out for them since they can not sit there and just read but would rather have visuals.
Following that, if you are a visual learner I highly suggest live courses, joining live streams, and even communities such as the Martian defense server that do events frequently showcasing specific skill sets or even attacking specific CTFs and showing you how they are done. People like me that are more readers and do not always like videos, books, and articles, and some type-based courses were amazing for me and helped me go a long way.
I always felt that books carried much more technical knowledge than videos ( sometimes ) because they may be able to go into more depth on what is happening and section it into chapters rather than some long video that just demonstrates one form of attack. There were not many resources that I could pinpoint directly to, pwncollege seems good for people who may not know anything about security, and HTB as well as THM all have their learning paths you can take for learning cyber security.
I should also mention and go back to the communities: When it comes to learning cyber security, I have found it quite interesting but fun to go out and surround yourself with smarter people. Now of course, the way I learned is different from the way everyone reading this or hearing this will learn. However, what helped me was to surround myself and connect myself with masters in the field, people that have been around for ages in the cyber security world in specific fields.
I became good at RE simply because I surrounded myself with one of the best reverse engineers I knew, someone who has written books on books ON BOOKS for reverse engineering and someone who has been doing it for 20 years of their life. It was also surrounding myself with people who are not afraid to correct me even if I do something great.
One of my earliest mentors for some reason made me study Fortran95 ( FORmula TRANslation language; a programming language developed in the ’50s) and every time I would get some algorithmic implementation wrong, some data type wrong he would tell me what was wrong and walk me through it. When given specific challenges like building an HTTP framework using CURL in Fortran, if I did something right he would still find ways to improve my code.
The same went for RE, I had people that told me directly; “ Sure you can open a debugger on this application because it has no security, but imagine if this application did have security against debuggers, how would you bypass it”. Having people who knew more, who were smarter, and were able to “eat” my work up alive and tell me what was wrong with it gave me the motivation to go back and try again until it was a decent standard.
This is not telling you to hang around people who are just going to tell you that your work is trash and not help you but rather hang around people that will not only tell you something is wrong but walk you through how to fix it in your own way and what you can do to improve your work ethic.
Sparking Motivation!
One of the other things I like to mention is that sometimes, no matter your age, who you are as a person, where you live, or what situation you are in you can still make it to where you want to be. I have met people who are near street poor yet still taking care of their families and making room for the things they want to do in life; I have also been through my fair share of ends that have caused me to fall flat many times but I always tried my best to get where I am and I certainly hope you do too.
Since we are finishing this interview I wanted to mention that if you ever feel interested to dive deep into something like game hacking, reverse engineering, or other various topics I write articles on Medium, hakin9, and other various pages! I have placed the links below :D
● Medium/Article posts https://medium.com/@Totally_Not_A_Haxxer
● Hakin9Research ( Most Recent ) https://hakin9.org/external-understanding-dissecting-apis-inside-of-iot-devices-part2/
Leave a comment