CW47 Weekly Digest

Table of Contents
So it seems we have
before the New Year 2024!

Profile update and Goals

And I’ve updated my Profile repo with Skills which I want to be proficient with as a Software Developer. Or maybe I even want to switch into some analytical position, because I’m not really into writing code and creating a different designs or architetures for the apps.

I don’t have a lot expectations for the last month before Christmas (I’m not sure that I’m ready to study before the NY). But I do want to test scheduling for me.

What I want to investigate:

  1. Am I capable to study course, do CTFs and python project within one week?
  2. Maybe I need to have wider timestamp to handle all activities?
  3. What if I finish one course and then I’ll just keep up with practical things?
  4. How to plan and evaluate my progress?

Goals

What I want to study are:

  1. CTFs (create writeups for Sunshine and Huntress) or that New Year event from SANS
  2. Arch1001 with Reverse Engineering x86-64 - finish it
  3. Python shuffler
  4. English
  5. Weightlifting

And a schedule would be as in this video (Rus)

English

I participated in Speaking Club. And I felt that my English become more confident. So I decided to start over Grammar again. Here’s resources for

American English File teacher resources
American English File progress tests

Security

Course for ReverseEngineering form HoppersRoppers

Writeups

HuntressCTF writeups

Tools

Tool to analyze data: CyberChef

Penetration testing

Here’s certifcations which I’ve found in Penetration testing positions (from Dou)

Understanding of security testing frameworks: Information Systems Security Assessment Framework (ISSAF), Open-Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), OWASP Mobile Application Security (MAS), Penetration Testing Execution Standard (PTES), NIST 800-115.

Relevant certifications, such as OSCP, OSWE, CEH.

RedTeam Career

https://tisiphone.net/2015/10/12/starting-an-infosec-career-the-megamix-chapters-1-3/ https://danielmiessler.com/p/build-successful-infosec-career/

Books

The Hacker Playbook – All the Hacker Playbook series (3 books) are great, really detailed and interesting way of explaining about issues and solving them in a methodical way. The third book in the series focuses on Red team operation on goes from A to Z on how to conduct one, including what tools to use and how to interpret the results. 
How to Hack Like a Pornstar – You won’t be able to put down the book - Sparc Flow explains really well and in an interesting way about procedures and ways to conduct operations. 
Red team Development and Operations: A practical guide Paperback – Written by Joe Vest the Technical Director for Cobalt Strike. This book looks at all the Red team process from a management perspective, everything you need to know from A-Z about how to run a successful Red team, including terms, reporting, best approach, maximizing impact and more. Highly recommended.

FPV

I get a Liftoff simulator to play with and a joystick Taranis.
Just leave here a youtube channel how to setup and use Taranis joystick.