Joshua.Hu | Joshua Rogers' Scribbles

About Me

Joshua Rogers, hacker and security expert, bartender, master troll, from Melbourne Australia, living in Krakow, Poland

I’m Joshua Rogers. Originally from Melbourne, Australia. These days I live in Poland.

My CV can be found here: joshua-rogers-security-engineer.pdf.

I have 12+ years of security experience and have years of sysadmin experience (linux and freebsd). I have a BSc in Applied Mathematics and a BA in Cinema/Film studies.

I’m driven by the unfamiliar and unexplored. I’m motivated by the unknown and chaotic, and this is a driving force of my problem-solver attitude, which has allowed me to solve problems that others overlook. I try to make a real difference in everything that I do, and not be replaceable.

If you’re interested in chatting (and I always am), you should contact me.

Some call me an all-rounder due to my ability to jump into nearly any situation and get the ball rolling immediately. I get things done when others don’t. Some people see one part of a problem, I see the whole picture. Putting things into perspective of the whole world is paramount, and both the significance and insignificance of ourselves and surroundings is crucial to driving meaningful change.

The following is a summary of an in-depth look into who I am, my values, my interests, my history, my motivations, and what I’m looking for from others. Looking for the best cyber security expert in the world? Well, look elsewhere! But, well.. I may not be able to solve leetcode problems, nor do I take part in bug bounties, but if you’re looking for a detail-oriented, dedicated, and passionate person that enjoys solving problems, never gives up, and will learn the how to do anything that hasn’t been learnt before, then I might just be the person you’re looking for. A longer introduction of how I got into security can be found on this blog post.

From a young age, I’ve been drawn to the unknown and new, somehow getting caught up in the trendy things before they become popular. My curiosity has led me into many different worlds including computers, programming, systems administration, cyber security, bartending and hospitality, sports, and travel. I like breaking things down to see how they work, and then rebuilding them better.

In 2007, I got interested in video game glitching and bug-abuse in the MMORPG RuneScape, and a few other games. This interest centered on logic-based vulnerabilities in games - like the abuse of ingame mechanics - and could be just for fun where some graphics were broken, all the way up to game breaking bugs where games had to be rolled-back or completely restarted. I enjoyed seeing what made the games tick, and how certain effects and procedures could be combined to create outcomes that were unintentional by the developers. The forums I used were Ezud, Tainted-Ones, and h4cky0u.

In 2009, I became involved in online communities dedicated to hacking and social engineering, and learnt about the techniques people used to take over systems, steal data, and perform cyber attacks (think: Havij). I got interested in the warez scene on a forum called g4hq, as well as keygens, and completely unrelated, films. One of the administrator’s of the forum (h0ly) would constantly stream movies and anime on justin.tv, and cinema/film became a lifelong interest after this.

In 2010, I got involved in the open-source community surrounding the computer game “Teeworlds”. I learnt C and some C++, and worked with git, svn, bash, and Linux servers, and started joining IRC networks. I built my own modified Teeworlds server, contributed code to the official Teeworlds repository, and ran multiple Linux-based Teeworlds servers. I also created bots, and dealt with security issues related to running online gaming servers as well.

In 2011, I became the head administrator and system administrator for a forum dedicated to the discussion of bug abuse, glitching, and hacking for the RuneScape MMORPG. Here, I header a team of two other administrators and five moderators to run the forum. I continued to learn more about web exploitation, but this time from the defensive side, and learnt about system hardening. I wrote custom PHP code, found vulnerabilities in addons for the vBulletin software as well as the vBulletin software itself, and worked with software publishers to fix their code. I managed a mail server (dovecot), an NS server (bind), caching servers (nginx), MySQL, apache, PHP-FPM, KVM, all on Ubuntu. I learnt about hash cracking, and created one of the first public “database search engines”. I worked on various web application firewalls, and detection methods for identifying breaches. This period of time was a crash course in everything security: from botnets, to the darkweb, to doxing, to chain supply attacks, to DDoS attacks, to web exploitation. I quickly learnt how to adapt and improve in an environment that was constantly changing, filled with 0days and malicious actors. Most of the major members of the forum landed in prison; somehow I got out scot-free.

In 2015 I moved on to other things: university and sports. I kept up with some security trends during this time, but other than using FreeBSD on my laptop and making some scripts to make certain things in my life easier, had minimal involvement in cybersecurity. During this time, I started focusing on an interest of mine: retro video game history. I entered a niche group of video game collectors within Australia, and quickly became an important member of the community, researching history and collecting “local knowledge” to disperse publicly. I discovered previously undocumented historical artefacts. Using the skills that I had previously acquired in doxing, I was able to track down people from the 80s and 90s that could (try to) answer questions about the operations of the companies they worked for (or ran themselves), and conducted many interviews, to better understand the context of video games at the time. I was introduced to researchers at the Australian-Government-funded ACMI(Australian Centre for the Moving Image), which is a research and museum institute focused on Australian media. I collaborated with a few senior members of the institute, and eventually presented at two conferences with them.

In late 2017, I decided to go to North Korea, on a week-long tour for New Year’s Eve. The reason was simply: “that sounds extremely interesting, unique, and somewhat outrageous.” After that, I continued to Europe, and my spontaneous travels led me to Poland. The manager at the hostel I was staying at suggested I should work there for a few months. I ended up accepting and started to work as a bartender, and receptionist. I ended up staying longer than expected, and quickly integrated into the local gastronomy community. During this time, I balanced studies which continued in Australia (unofficially remotely), work, and continued travel throughout Europe (with Poland as base), and found ways to “hack the system” to continue my education while away from Australia. I also hacked the system to stay in Europe beyond what the Schengen agreement would normally allow an Australian. I learnt Polish, and worked in various roles in gastronomy: barbacking, cleaning, marketing, customer service, bartending, supervisory, management, and yes, sometimes tech support (fixing things but also especially: “see something and make them better with management collaboration”). I also took part in a paid mathematics scholarship, remotely representing my university at the Australian Mathematical Sciences Institute.

In late 2020, I began working in the security team at Opera Software, working remotely while travelling throughout Europe. I very quickly made a name for myself in the company, and focused on making real improvements to the security of the technological assets and operations of the company, ensuring that the company was better prepared and better protected at scale in the fact of any cyber incident.I took on projects that others had struggled with previously, developed custom tools, discovered critical vulnerabilities, and engaged directly with teams across the company to improve security standards with tangible benefits. My work was not just about finding bugs – it was also about making meaningful changes that had a lasting impact. In addition to this, I managed the company’s bug bounty program, represented Opera at conferences, and collaborated on complex governance and privacy issues, as well as PR. I created tools that the security team didn’t know they were missing, discovered vulnerabilities in systems that they didn’t know existed, and hacked things that were claimed unhackable. I worked on both offensive and defensive security, and continuously worked with IT teams on architecture and re-architecture of systems, ensuring a secure environment. I worked on finding vulnerabilities in opensource software and proprietary software, and gave presentations, workshops, and talks in internal conferences for the company. I was also considered a domain expert in performing actions securely and building systems security: mostly due to my ability to sit down, understand what “the problem to be solved” was, and approach the challenge from an attacker perspective. My suspicion is that when I was hired, it was expected I would just run the latest version of whatever tool had been marketed well enough to the company, and read results as they came in. However, with nearly a decade of hacking and “wanting to know how things work” experience as well as my own first-hand experience with many of the technologies at hand (not just hacking but), I was able to offer much more. I also managed small hacking projects with new employees and interns in the security team, and created a roadmap for the security team. During this time, Ialso continued to travel throughout Europe (and occasionally back to Australia and a bit of Asia on the way). When I travel, I try to hang out with locals by meeting them through places like Couchsurfing; or friends of friends; or people that I had met in my previous job. Or, sometimes, just meeting strangers, workers of the hostels I stayed at, or other guests.

In the beginning of 2024, I came to the realisation that I had offered everything I could to Opera and they had offered everything they could to me. My continued employment would be nothing but an activity to relax, receive a pay check, and continue working on problems which had already been solved. So, I decided to take a sabbatical, and learn new things, work on new projects, work with new technologies, and read new books.

I’m still currently doing that.

I’ve been fortunate enough to be able to live off my passions; basically everything I’ve described here has been my job in one way or another. But it’s hard to really see it as a job since it’s exactly what I want to do: it’s fun, it’s weird, it’s difficult, and it’s exciting. It’s hard to see it as work when you have a vision and idea for something, and you are able to put that into existence - and even being paid for it!

My hobbies, interests, and general topics that I’m passionate about include:

  • Architecture
  • Cybersecurity
  • Film History
  • Human Rights
  • Mathematics
  • Music (Melodic House, Melodic Techno, House, Rap, Hip Hop) (My Liked Songs, My Morning Playlist, and My Bar Music)
  • Sport (Bicycle Riding, Weight Lifting, Rock Climbing, Rowing)
  • Video Game History
  • Sociology

On the subject of music, since it seems to interest some people, I reguarly currently listen to artists like (in no particular order): Monoplay, Alexey Union, Nicholas Jaar, Keinemusik (their old stuff), Oliver Koletzki (his old stuff), Acid Arab, Adam Ten, Miss Monique (old sets), ARTBAT (their old stuff), Space Motion (his old stuff), TENDER, Zola Blood, UNKLE (old stuff), Hunter/Game, Kid Cudi, RYSY, Kavinsky, Daft Punk, Kanye West, Woo York, Goom Gum, Natasha Wax & Sony Vibe, Eminem, Anyma (old stuff), Jay-Z, ZHU (old stuff), Spada, The Chemical Brothers, Travis Scott, PARTYNEXTDOOR (old stuff), Kinky Sound, Sasha, Fatboy Slim, Stereoporno, Acid Pauli, XXYYXX, Kimanne Foxman, Para Noir, Lorn, Dolor, gleb filipchenkow, Dino Lenny, Manuel Tur, Lost.Act, Moby (old stuff), Tycho, Bonobo, DARKSIDE, ALAMPA, Klangstof, Pluto Mars (old stuff), BONES, Rone, Cubicolor, Night Lovell, Iron Maiden, and some other artists that I’ve forgotten at the moment. I like jazz, too, as well as some video game music.

From that list, my all-time favorites (which never seem to fade away) are Monoplay, Nicholas Jaar, TENDER, Hunter/Game, Kid Cudi, Daft Punk, Kanye West, Woo York, The Chemical Brothers, Travis Scott, PARTYNEXTDOOR, Fatboy Slim, Acid Pauli, Lorn, Dolor, Manuel Tur, Lost.Act, and DARKSIDE. Since discovering Monoplay (also known as Raha) on VK in 2015 (back when VK music was at the forefront of good music for free), I haven’t been able to say any other name for my favorite artist. LORN is a close second.

I don’t use Spotify a whole lot these days. I’ve had Youtube Premium since 2015 (when it was called Youtube Red), and mostly listen to sets. At the moment, some of my downloaded sets are Natasha Wax/Sony Vibe, Stereoporno, Para Noir, Alexey Union, Kinky Sound, Adam Ten, Jenia Vice, Monoplay, and Darkside.

The majority of the artists above are from CIS countries. Why? I’m not sure; I think it’s because they are so different from artists that I hear everywhere else, the unique mixed tracks (and original productions) are a breath of fresh air. I mean, who else would listen to a mixed version of Zemfira’s Progulka, by Belarussian Para Noir, or Kino’s Kukushka, mixed by Andrew DRUM? Clearly, these transcend culture and language.