We came across Chuck Woolson a few months ago on LinkedIn when he talked about his journey into InfoSec. Chuck was a United States Marine, a construction worker, and a professional driver over the span of 20 (ish) years and didn't have a large background in tech. Due to medical reasons, he was given the choice to either live on Medical Disability or find a new career. That’s when the Marine inside kicked into high gear and he decided to learn the dark arts of cybersecurity and become a hacker. He is now amongst the Red Team Operators for Synack Red Team (SRT).  

---

What type of work did you do as a "Jarhead" for the United States Marine Corps?

Before I answer, I’d like to say thank you for this opportunity. It’s an honor to share my experiences with ‘The GodFather of Hacking’!

I have done a lot of things in my life over the years, but being a United States Marine was the thing that shaped my life into what it is today. My MOS was 5811. (Military Police) Which in the Marines, that meant that I was a grunt with a badge. My unit handled the law enforcement responsibilities in the field while on deployment. Normal MP’s ride around the base with their little lights and sirens while blasting the theme song to “Cops” on their radios. My unit, however, were the armed personnel that rode around outside of the base in armored HUM-V’s ensuring that our convoys got from point A to point B safely.

What skill sets do you think you picked up from that past life that helped you become a Red Team Operator?

I was active duty for approximately 4 years, and in that time, I developed what I call a ‘Security Mindset’. I’ve always had a ‘Protector’ mentality. When I used to go out on patrols, I quickly learned how to ‘Keep my head on a swivel’. If something doesn’t look right, investigate it (or poke it with your K-Bar). Being the ‘Protector’ isn't always fun, there is a lot of sitting around and grunt work. The majority of the time you investigate something, it turns out to be nothing but you have to keep your head up and keep doing your best knowing it is all about finding that one time when it isn’t nothing. This is very much like hacking for every success I have, there were countless failures (or checks that did not pan out).

You mentioned you had zero experience prior to Hack The Box – How did you pick up foundational skills like how to use Linux/Script/etc?

I had an older Lenovo G780 with Windows 10. I put in a new hard drive and installed Kali Linux. I knew that I wanted to be a hacker. I also knew that the best way to learn was to get my hands dirty. Being a pentester is mostly a hands-on job, so yeah, learn by doing.

You mentioned you started off hacking HTB Machines alongside the videos, were there any favorite resources you used besides "google" to understand what you were seeing in the videos?

I really did jump into the deep end, watching hacking videos and researching everything I did not know. This has accumulated quite a few bookmarks over the past 2 ½ years or so, but my all time favorite go-to resources would have to be:

• https://book.hacktricks.xyz/
• https://github.com/swisskyrepo/PayloadsAllTheThings
• https://ippsec.rocks/?#

 

How did you choose what boxes to do when starting out on Hack The Box? 

I’ve never really been a super-organized person. So, when I started Hack The Box, I was flying by the seat of my pants. I started with the easiest ones. I think the first one was Traceback. I just kind of worked my way through the easy boxes in the retired machines. Since I didn’t know much, I stuck with the retired boxes so I could watch your video walkthroughs to learn.

What about now? How do you stay on top of the latest vulnerabilities?

Honestly, Twitter. I follow a lot of people in the bug bounty scene, I started out with just a few people, then looked at who they follow or interact with to get a much larger list. If I had to pick five people off the top of my head, the first that come to mind are:

• @TheHackersNews
• @Stokfredrik
• @NahamSec
• @ippsec
• @PortSwigger

When it came to taking the OSCP, did your methodology change after each exam attempt? 

I took the OSCP exam three times.

My first exam attempt, I was a bit cocky and thought I was Mr. Robot. My ego got the better of me and I only got a single user flag on the 20 point box. I was devastated after that and didn’t even bother writing a report, so my total score was 0. Having already finished the PWK Course, I was at a loss for what to do next, I thought for sure I was better than this. In reality, I just wasn’t at the point yet where I could identify what I don’t know, which meant I thought I knew everything… Just like on TV with Mr. Robot.

The next year I spent almost entirely doing Hack The Box machines, I even purchased Dante Pro Lab. I got really good and then I got an email from Offsec. They retired five exam machines and put them in the PWK Labs. I knew that I had to conquer them. They were quite a bit more difficult than I expected but I completed all five machines and felt that I was more ready than ever to give OSCP another go. 

I scheduled another attempt and after a couple hours I had already surpassed my previous record of just a single user flag.  I was feeling good and a part of me thought I was going to pass but I hit a wall. At the end of the exam I had totaled 65 points, just 5 points shy from passing. Unlike my first attempt, I was invigorated, I saw improvement and got incredibly close to passing. I remember thinking to myself “No Biggie, I’ll get it next time” and immediately scheduled the retake in 30 days.

The next 30 days were primarily spent finishing Dante and taking notes while I watched ippsec videos. I was having a lot of fun learning, the thirty days felt like a week and it was time for my 3rd attempt. Unlike before I felt calm and confident but not cocky. I knew there could always be a new curve ball that sends me back to the labs. However I have become so engulfed in solving these security puzzles, even if I passed, I would probably return to the labs shortly after. I remember getting the required 70 points to pass with plenty of time to spare, but I knew I’d never see these puzzles again so I stuck with it for another few hours.  Twenty three hours into the exam, I decided I was done because I had compromised every machine and achieved a perfect score 100/100.

Between the second and third attempt, I don’t think my methodology changed. Instead, my foundations just got stronger, which allowed the methodology I learned from Hack The Box to shine. By this I mean I had a better intuition at what the application was doing on the backend, which helped guide me at the tools to use. I finally understood this isn’t just a flowchart of “run this tool”, “see this” and “do that”. There’s a weird piece between “see this” and “do that”, where you have to read between the lines to get a feel of what to do next.

How did you find out about the Synack Red Team?

I started Dante Pro Lab shortly after my first OSCP attempt. It took me a while to work through it. When I finally finished it, I saw that I was eligible to be Fast-tracked onto SRT. I had no earthly idea what SRT even was. I mean, when I was in the Corps, I had SRT (Special Reaction Team) training, but this was different. The name SRT really piqued my interest.

What is your favorite thing about the Synack Red Team?

There’s so many great things about Synack, it’s hard to pick just one thing. At first, I felt I was tossed into the deep end of the pool with no floaties. I imagine if I went down the traditional bug bounty path I would have been fighting to stay afloat for some time. However, SRT has a great slack that has a lot of amazingly talented people in it. It made me feel like I was on a team again, doing something that matters. It almost felt like I was on Active Duty again, just virtual and cyber instead of physical. Seriously, their leadership is great and they go out of their way to reward mentorship and teamwork which makes it an amazing work environment. I feel like I learn new things every day, which means I have a job that pays me to learn. What’s not to like about that?

Is SRT your main source of income? Or do you do bug bounties/side work as well?

SRT is a side income for me at the moment. I’m currently collecting Social Security Disability, which doesn’t pay very much at all, so the income I make with SRT really helps. 

I have been blessed with a supportive family. When I became ill and got put on disability, they stuck by me during my training for a new career. I’ve since recovered, and being able to work in CyberSec full time has been the end goal. I do presently have a job offer for a decent-sized company in a Red Team role, but I’m not saying too much until the details are ironed out. (I don’t want to jinx myself.)

Any advice for people getting started?

Don’t be afraid to ask questions. There is literally no such thing as a stupid question. Be a sponge and soak in everything that you can. I was asked recently if I ever wanted to quit. Yes, I have. I quit many times a day, like every 30 minutes. But then I take a breath and relax, then that feeling goes away. Also, never be afraid to put yourself out there. I'm continually surprised by all the positive feedback I get from my LinkedIn post sharing my journey into infosec.

 

---

Thank you for reading along! We love listening to your stories, if you have a cool success story be sure to email us at [email protected]. If you want to become a member of the Synack Red Team, we highly recommend completing everything in the SRT Track. Lastly, if you just want to chat with other HackTheBox'rs consider joining our Discord Community where we provide guidance, technical help, host private contests, etc.