Tinker Profile picture
30 Apr, 36 tweets, 7 min read
So I finally sorted out what happened to my brain.

I, quite literally, hacked so much, for so long, and without enough breaks...

...that I burned all the glucose out of my brain & gave myself seizures.

___
⬇️ A thread on a very real & physical occupational hazard for infosec.
In an effort to pay off debts & get ahold of my financial situation, I took every gig & side gig that I could.

I didn't have much choice. I had a family to take care of & a house I could no longer afford as my previous partner had left.

I worked every day, night, & weekend.
This non-stop work culminated in late 2019* and early 2020.

The Q4 consultant rush didn't end in January as it normally did. It kept going. So I kept going.

I didn't get a break. I kept pushing.
___
* I recorded my working during Christmas here: darknetdiaries.com/episode/55/
In February of 2020, one evening, I felt a "pop" in the middle of my head. Like a bass guitar string being strummed.

A migraine ensued. I lost my vocabulary. When I tried to speak, it came out as heavy stutters.

I couldn't look loved ones in the eye, it was too much stimulus.
As the asshole that I am, and fearing a stroke, I tried to "sleep it off".
I felt a little better the next day, but my brain felt... iffy.

Almost like how your back feels after you've thrown it out and it's begun to heal... like if you push it too hard it would happen again.
Sure enough, when I started work, started hacking, it would happen again.

The more creative work I did, the more my brain would almost "cramp" up, until finally all thought would cease and I couldn't do anything else.

I sit there, staring at my computer, & nothing would happen.
I tried going to see the doctor.

My GP didn't know what to do, but recommended I see a neurologist and a psychiatrist.

This was the beginning of COVID, so it was hard to book anyone.
The psychiatrist said I was stressed and put me on anti-depressants and anti-anxiety...

Well, yay.

While it curbed the symptoms of freaking out because of my brain... it didn't fix anything.
When I finally got to a neurologist, an MRI and a standard EEG (testing for epilepsy, etc.) didn't show anything.

This was good.

It meant I didn't have any permanent structural damage.

But it didn't identify what had happened.
As I was seeking out specialists (this took months as none of my general doctors or psychiatrist knew what to do)...

...I continued working.

My ability to work slowly went away. I'd work for 30 minutes, seize, sleep for 2 hours, then work, then seize, then sleep, ad nauseum.
Finally in November of 2020,I sat down to write a pentest report.

I hadn't put much into the pentest. Nothing new. Nothing creative. Nothing spectacular.

I just went through my runbook, did the normal, gained Domain Admin,& wrote it up.

But mid-report, everything just stopped.
I literally tried to type.

Nothing would happen.

My thoughts were empty. I couldn't think of words.

My fingers wouldn't move.
Emotionally I was "fine."

I wasn't having a panic attack. My heartbeat was normal. I wasn't feeling depressed.

Just a calm.... nothing.

My brain just gave up.
I told my firm. They put me "on the bench" for a couple of weeks.

After a couple of weeks, they told me they couldn't pay me anymore.

I wasn't bringing in money at that point.

Mind you, I brought in millions of dollars leading up to that point.

But I wasn't producing...
So in Q4 of 2021, I stopped working.

I took "unpaid time off"...

Filed for Short Term Disability (that has sense been decline due to "the doctors not filling out the right paperwork and not having a diagnosis for why you can't work")
I have a good family and good friends.

They care about me.

We kept trying to sort it out.

Even if the American healthcare industry is shit... we kept doing it ourselves.

I finally found a *neuro-psychologist* and scheduled an appointment.

It took three months to see them.
This last January, I went in for an all-day exam with the neuro-psychologist.

They put me through a battery of tests and sent me about my way.

After a couple of weeks of analysis, I finally had my answer.

I finally figured out what was causing the seizures.
I had engaged in work that was high in creative thought for so long, and so hard, that I caused a "cognitive overload."

I "depleted my brain of dopamine and glucose" causing "Functional Neurological Disorder" (FND - DSM-5 code 300.11)

In short, I hacked too much.
Not only did I deplete my brain of glucose, but I kept going.

Kinda like running a car engine without oil (or fuel in this case) and having the engine seize.

My brain just finally stopped.

I couldn't "push through" anymore... couldn't will myself to physically keep working.
A couple other things happened besides seizures.

I lost vocabulary.

I could think of the idea, but there was no word for it. Not even a "tip of my tongue" - it was just gone. Deleted.

Stupid words, too... like "fork" or "keyboard."
When I heard the word again, it would come back, and permanently.

I didn't have to "relearn" English... I just had to reread or re-hear the word and it would be put back into its cell.

But it was like someone had just erased a chunk of data from my mind.
Lastly, and this was heavy...

Even after I "fixed" the FND. Meaning, I slept for two weeks straight, got good exercise, and good nutrition (need that glucose to the brain!)...

...and took three to four months off away from hacking.

When I tried to hack again, I couldn't.
My brain treated the seizures induced by hacking as such traumatic event, that I was literally suffering from Post Traumatic Stress Disorder (PTSD).

So when I went to hack again... my brain recoiled.

It knew this activity had damaged it before, so it shut down, out of defense.
I ended up figuring out how to hack again, as I knew why my brain was still shutting down even after rest and pushing glucose to my brain.

So I went back to work.

And after a week, I was told that my team was downsizing. So they offered a severance, and I was let go.
That was probably for the best.

Consulting was driving me too hard.

Hacking into one company one week, while writing the report for the previous hack from the previous week, and scoping out the next hack for the next week.
I took a new job.

I'm now building out the internal OT/ICS Red Team for a large company.

The pace is more sustainable. More paced. More thorough.

I'm also working with Industrial Control Systems, a passion of mine.

I think I can maintain this.

We'll see.
So... this wasn't burnout in the traditional emotional sense, though I'm certain I was dealing with that as well.

Stress, etc., didn't help. But that wasn't this.

No amount of talking out my feelings solved this.
It was a *physical* issue.

My physical brain ran out of physical fuel.

I was in a personal situation and with a professional company, that didn't allow rest.

I pushed myself hard, my fault.

But when I tried to slow down, my firm gave me a couple of weeks, and then let me go.
Concerning healthcare...

My initial General Practitioner did not want to fill out Short Term Disability paperwork.

My initial psychiatrist asked "Well if you're not in the hospital, why aren't you working? I won't fill out STD paperwork for you."
The healthcare system in the US is a failure.

You have to do it yourself. You have to research things yourself. You have to hunt for doctors & specialists yourself.

I don't know how I would have done it without my family.

My brain didn't work.

I couldn't have done it myself.
Talking to other hackers & infosec folk, they have said they've felt similar symptoms. The brain fog after working too hard & too long.

But no one has put a name to it.

For me, it was FND. Functional Neurological Disorder.

Brought about by burning all the glucose in the brain.
Anyhow...

That's that.

I'm in a better spot, now. A better pace.

I'm going to start trying to write again and I want to put together an online video course.

But these are measured paces.

I certainly sleep a lot more now. Take a lot of naps.

:)
I don't feel the same.

I don't know how to express that part of it in words though, so I'm sorry.

And to be clear, as folks are asking...

I'm not "better" per se.

I'm not back to where I was before this started.

I am at a place where I can work again, meaningfully. But I'm not certain I'll be back to where I was...

As Marines say, I'm "serviceable."
More info on Functional Neurological Disorder.

Note: It's not a "rare" disease... that's just the name of the website.

Also also wik: FND can be caused by many things. In my case it was glucose/dopamine exhaustion due to extended cognitive overload.

rarediseases.org/rare-diseases/…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Tinker

Tinker Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @TinkerSec

1 May
Alright, well that thread has gone proper viral and it's bringing out a lot of trash at this point.

Big thing I've noticed, though, is the sheer number of people who can relate.

The sheer number of people who think that they were alone in this.

You aren't alone.
I'm going to be muting the thread soon, but there are a lot of great information and discourse in the replies and quote tweets.

Folks sorting this out and bringing their own experiences & support to bear.

Block the ones that just dismiss it & offer no meaningful solutions.
Big thing is, my thread was about my specific situation.

I did, finally, manage to get a detailed diagnosis on the basis of a battery of scientific testing from a highly experienced and credential neuropsychologist with a PhD, et al.

But my issue was valid even before that.
Read 4 tweets
27 Apr
Politeness is the lubrication that oils society.

Especially in a heterogeneous society with people from disparate backgrounds, it's essential to be quick to forgive and seek out every opportunity to understand each other.

1/2
If people are unintentionally disrespectful, be kind in your correction. Give them ample opportunity to save face.

If people are willfully hateful, it's important to politely, but firmly, check them and let them know the behavior is not tolerated in your circle.

2/2
Lastly, if people are willfully harmful or willfully call for others to be harmed, stand against them, using measured and proportionate force as is appropriate.

3/2
Read 4 tweets
22 Mar
I've become obsessed with "Zoom Court" - public court hearings open to the internet...

- Judges demanding defendants and victims give out their home addresses
- Federal Informants publicly announcing their snitching
- Sensitive health information just laid out
There's even a subreddit and a discord for it now.

Folks coordinating to find their local court feeds.

reddit.com/r/zoomcourt
Court proceedings need to be public, sure.

But there's a difference in a public that needs to drive down to the local court, and the sheer scale that posting a zoom meeting to youtube exposes.

We're in one of those technology gaps that destroy liberty.
Read 6 tweets
5 Mar
Well... found myself in someone else's computer network again...

I'm looking at a handful of network connected IP Security Cameras.

Gonna see if I can hack into them.

Might be useful for turning them off if I decide to break into the place.
Ran an nmap scan overnight, just a simple scan looking for internal web pages. Can find admin web consoles for many devices this way.

Printers, badge access card readers, smart coffee makers.

And, in this case, security cameras.

~# nmap -sSVC -p 80,443,8080,8443 <target range>
Grepped the output for "http-title" and had a looksee at what devices are here...

Found some Axis security cameras.

I see a lot of Axis security cameras. If set up properly, they're tough nuts to crack.

If they're set up properly.
Read 49 tweets
16 May 20
Used a random employee account to dump Active Directory. (Turns out ever user account can read AD... neat.)

Read through each "description" field and guess what I found?

An admin's password written in clear text.

Active Directory is the digital Post-it Note under the keyboard.
I wrote a script to make dumping and searching through Active Directory a lot easier. (linked)

Run the script with any employee / domain-connected user account (even your own!!! ...don't get caught... err... break any rules. Something).

github.com/tinkersec/scra…
The script adds an object number in front of each line that iterates when a new AD object is presented.

1) grep "description" & output to a file.
2) read through each description.
3) when you see a password, note the object number.
4) grep the object number & get the username!
Read 5 tweets
18 Mar 20
In light of new studies (Imperial College COVID-19, linked, PDF) suggesting that social distancing/isolation may last longer than a couple of weeks...

...I'd like to *discuss* a way to open groups up safely.

It's rooted in Polyamory's "Fluid Bonds".

imperial.ac.uk/media/imperial…
To begin with, an important disclaimer:

I am not a medical doctor.
This is NOT advice.

I am a computer hacker, a burglar, and a thief.

I also practice methodical safe sex with a small handful of partners using a concept called "Fluid Bonds".

This is for consideration only.
Background Summarized (please research more fully on your own):

Fluid Bonds are when sexual partners do not use barrier protection (eg condoms) during sex. They can be between a monogamous married couple or with multiple consenting/knowledgeable/safe sexual partners...
Read 17 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(