Hey everyone! I just realized I haven’t had a blog post in awhile so I thought I would give a quick update on the things I have been doing. I have so much time on my hands because of the Covid-19 quarantine.
Current Books I’m Reading:
– The Web Application Hacker’s Handbook 2nd Ed by Dafydd and Stuttard and Marcus Pinto
– Learning Malware Analysis by Monnappa K A
– Permanent Record by Edward Snowden
Web App hacking and Malware are two areas I am exploring. I always like reading technical books, probably because they are always filled with screen shots and code snippets. It is incredible what people are doing. Permanent Record is the most interesting/controversial book I’ve read in awhile. I like the book but I am conflicted on how I feel about different parts of the information. I also have A LOT of questions.
Current Projects:
– The Harvester: This is a tool on the Kali Linux platform that I have recently become interested in. I have a really cool feature idea for it that I thought of during an OSINT CTF that I was doing. I really need to sit down, fork the code, and get working. I also need to brush up on my Python for this.
– US Cyber Challenge: This challenge is an online competition for those looking to increase their cyber skills. The top challengers get invited to a week long cyber camp at different locations in the United States! I did it last year and had an absolute blast. I’m definitely doing it again this year. More information can be found here.
– Home Lab: I’ve decided to build an actual home lab because it looks fun and it will improve my cyber security/IT skills. I’m currently collecting hardware and ideas for it. So far I have a server, firewall, and a few computers harvested from friends and work. I’m still deciding on what exactly what I want to do, but I’m seriously contemplating the idea of just building a mock corporate LAN where I am the Network/Sys Admin and Cyber defender. This would help me improve on vulnerability management, AD, and writing policies like DRP, Acceptable Usage, etc. If you have any ideas, please contact me.
Current Toys:
– Proxmark Pro by Rysc Corp: One of these things fell into my lap and it’s been so cool! It’s a device used to identify and exploit RFID and NFC systems. I’ve been tasked with playing with it, get it up and running, and create a user’s guide for it. It’s incredible!
– DSTIKE Deauther Watch: I’ve been researching one of these lately and it looks pretty cool. I’m tempted to order one. I recently discovered websites which are essentially maps of wireless networks around the world so these two things could pair nicely. I’m starting to form an idea on a program which could utilize these things. I think it could be a nice red team tool.
What I am Studying:
I’m still studying for the (ISC)2 CISSP exam and I am still on schedule to take it sometime late this year. I just hope the testing centers will be open again by then. It can be hard to find time for this so I started the habit of waking up at 5AM and studying from 5-7 every morning. I think it has been really effective: It’s so quiet and nobody/nothing is awake to bother me.
And that’s it! This is what I have been doing lately! Hopefully it won’t be so long until I post again!
-Pete C.