About 10 years ago a friend of mine showed me an exploit. It was written in C and it tried to spawn a shell at a remote host. It seemed pretty cool. I did not understand the code but the mere idea that almost anybody equipped with a script like that could deface a webpage seemed scary.

Today I spent many hours grepping logs, checking the filesystem for new/changed files to figure out how an old Wordpress instance was hacked and what had the hacker done there.