As much as I aspire to have this blog be a centralized space where people in the Infosec community can reference my work and learn from it, I also want to be transparent and document my struggles and the topics I find challenging to learn.
To date, I have successfully managed to teach myself the core fundamentals of Cybersecurity and how to be proficient in the different skill-sets required to be a cybersecurity professional, both with the knowledge of defensive and offensive techniques to incorporate within the real world. Overtime, my aspirations have broadened and deepened as I've come to see more advanced subjects within. At the core, I've always wanted to be able to find 0-day vulnerabilities within commonly used technologies as well as create programs that can be utilized within the Infosec community. However, I'd be lying when I say that the journey has been easy. In as much as I have created this blog for public and personal documentation, I study Cyber-security and Software Development professionally, so the struggles with coming to grasp with the topics literally follow me everywhere. But knowing me, I hardly give up. From the time I decided to learn hacking, I decided that I would be diving in uncharted territory, embracing the uncomfortability of the process. Sometimes, However, I ask myself why the hell I chose such a profession. But I find myself answering myself with the answer: PASSION. Its simply passion and vision that drives me to continue forward. One thing I can definitely iterate is: Hacking is definitely not the way it looks on the Hollywood screens. It takes alot of time and brain power. Its one of those professions that require creativity because that has been the very element that has been the driving force in the progression of Information Security. Seeing professionals thrive in this profession is definitely eye candy, seems cool and all, but once you see the process of what it takes to get there LOLLL. Crazy. I spend weeks and weeks trying to solve a particular problem, with dozens of files an books and notes I've taken overtime. The knowledge sometimes doesn't seem to stick. It gets real frustrating. Headaches on Headaches on Headaches.
The topics I'm currently struggling with are:
1. The intermediate and advanced analysis of assembly language for Reverse Engineering and Exploit Development.
2. Analyzing intermediate level assembly code on the stack & C code and finding vulnerabilities like format string vulns etc. (especially within CTFs)
3. Understanding socket programming both in C & Python
4. Understanding kernel level security.
5. OWASP top 10 client and server side vulnerabilities (especially SSTI's, CSRF's and all...)
6. Understanding Cryptography & Reverse Engineering Cryptographic Algorithms (like RSA, Xor .etc)
Whats with the rant bruv?
As this blog is meant for documentation of my progress with CTF's, it is also meant to educate myself in the long-run, a means of reinforcing the knowledge acquired, drilling it into my brain so i don't forget lol. I intend on being transparent with the process of learning the craft I've dedicated myself to learn. Alot of security focused blogs out there are fantastic to learn from. Many of them actually inspired me to create my blog and share my work with the world. However, it helps to have rants like these because most of the time, the content focuses on the end result, which is in this instance, the demonstration of the knowledge acquired. Sometimes, It helps to see the struggles you face within a certain topic being faced by someone else. It confirms that you necessarily aren't the only one who struggles with learning that topic. So in my defense, the rant was necessary to load off all the frustration trapped within. Also to show the people that read this that... yeah... Hacking is not for the faint hearted. WILL an purpose MUST BE YOUR FRIENDS otherwise you'll hardly get through it all. Below is an episode of Pwny-racing, a hacker race whereby 4 challengers are given a problem, which in these terms either code or binaries which have hidden vulnerabilities. These vulnerabilities are to be found and exploited. Keep in mind that these are gamified to a certain degree. But a professional hacker or security analyst typically go exactly the same route in real life. Its content like these really keeps me on my toes and shows me just how security is a myth. Everything in software or hardware has a flaw. One just needs to have the knowledge to find it.
With the little knowledge I've acquired, I'm definitely grateful to myself for pushing through and having a higher view of what I want to achieve within the Cybersecurity Industry. Secondly, many people within the Infosec industry who continue to release infosec content and writeups that help script kiddies like me to learn as easily as possible. Below are Youtubers that I appreciate and have helped me aside from practice and crazy amounts of reading.
I didnt wanna go all out. I just want this to serve as a reminder that one must pass in the fire to get to the fountain. Often we get discouraged in learning blocks but we have to persevere and be more resilient. If you're in Information Security, be sure to keep moving forward and work towards your goals.
No comments:
Post a Comment