Today's blog is all about last month. Join me as I tell you about what has been happening on the blog and in my life.
Blog Series Conclusion
So yeah, November was a blast. I finished the “Getting Into InfoSec series” with blogs that covered what I think are the most important parts of landing the first cyber security role. Resumes, interviews, job listings, and online course options were just a few things covered.
I wanted to start my big content push with something that newcomers in the cyber security industry struggle with. Hopefully, the series helped a few of you get a new gig! If you can land your first job, things in the job market get easier.
If you have any other requests, please let me know in a comment below. I want to make sure everyone gets what they need to be successful.
Back On YouTube
After a long hiatus, I got my first video on YouTube last month. In it, I spoke on tips for during an interview. Hopefully, the video gave you some ideas and shined a light on what is going through the interviewer's mind. It is essential to look at the hiring process through the eyes of those interviewing you. If you can figure out what they are worried about and do an excellent job of alleviating their fears, you get hired.
Hint, their fear is that you will be hard to train and a time sink. Show them you have already put the leg work in, and you are willing to put in even more effort to master the skills required to be successful.
Look for the next one on December 13. I’m not sure what I will cover, but the topic will be SOC-focused.
Finished Reading The Art of Computer Virus Research and Defense
I finished reading this awesomely timeless book on malware. If you are interested in becoming a malware analyst, make sure to add this to your bookshelf. The content is a little dry like most technical books but highly worth your time.
I recommend reading 10 to 20 pages a day to keep from falling asleep. You should get through the book at that pace in under a month.
If you are looking to get into malware analysis, I definitely recommend getting a separate system set up for examination. VM’s are the easiest and cheapest way to accomplish this, but an isolated, separate device is even better.
For samples, check out vx-underground.org. As always, be safe when handling explosives.
This month we are in the SOC. It is the place that many of you will start, but you might not have the clearest mental models for the role. In December’s blogs, you will better understand the role, why I always recommend starting in the SOC, and how to become a better practitioner after you land your first gig.
My goal is to put together a couple of free game plans for SOC Analysts. One to use as a guide to additional course work while looking for your first job and the other to help you grow after you land the gig.
Keep an eye out for these. I’m not sure what form the courses will take yet.
My Current Research
Currently, I am working on reverse engineering and web application security. My goal was to gain enough skills to answer more CTF RE questions. So, last month, I spent some time learning to patch programs and work my way through some of the HTB RE challenges. Check them out yourself if you are curious about the RE skillset. They are pretty close to what you will see in CTF’s and best of all, there are walkthroughs to help you learn.
One bit of advice is that I would look at multiple walkthroughs. Everyone has their favorite tools and methods. Learn various ways until you find what works for you.
For instance, some people use IDA and GDB. I find myself preferring Ghidra for analysis and Radare2 for debugging/patching.
On the topic of web security, I am using Port Swigger’s Academy, various bug bounty folks, and Team Tree House’s coding courses. It has been a while since I have done anything heavy in web and my skills have atrophied. I figured I would start from the ground up before diving into looking for bounties myself.
If you haven’t been to Port Swigger’s Academy, check it out. The training is free, the labs are good, and the explanations are fantastic. Definitely a great place to start your web app journey.
If you haven’t heard yet, I will be taking a sabbatical to hike the Appalachian Trail in 2022. It will be one of the craziest adventures I have been on. Four months of walking from Springer Mountain, Georgia, to Mount Katahdin, Maine is no small feat. It takes a ton of preparation.
One of the things I am working on is how to stay in touch with everyone. More than likely, Instagram will be the primary communication method. I’ll be able to share pictures of the journey and fun messages while we hike. Which will be fun for family and friends alike. I figure, who doesn’t want to see awesome pictures of nature.
One can’t just go and hike. You have to buy gear. Since last year, I have been purchasing items, and I am just about done.
During Black Friday, I was able to nab a personal locator beacon at a nice discount. These devices can be used to send an SOS to responders and send your family regular location updates. With that, all my major purchases are out of the way, and my loved ones will be able to sleep peacefully.
What a relief that my purchases are almost complete. Thru-hiking can be pretty expensive. I am aiming to finish in four months. For speed, I went with lighter gear that tends to be costly. But it will be worth it once I summit Mount Katahdin.
Thanks for catching up with my happenings, and I will see you around TheCyberUnion.com.