Preamble
This month there is a variety of interesting subjects that caught my eye:
1. AWS Cloud Practitioner
I passed my first Amazon Web Services (AWS) certification exam this month. When I got started with looking into AWS, I was excited because I saw it as an avenue for potentially broadening my career horizons; there are a great number of platforms and services migrating to the cloud and AWS are one of the largest cloud providers (alongside Google and MS Azure). I will admit, the first exam was peanuts to prep for following the OSCP (and felt very reminiscent of studying/preparing for the CompTIA Network/Security + exams). I think it would be more worth my while to do some hands-on practical application exercises rather than go for additional certifications at this point. I will say, AWS offers an excellent preparation course for the certification (and it’s FREE) which I was pleased about.
Inter-Process Communications (IPC) shared memory
I know I keep highlighting my Graduate School month-by-month, but since this post is meant to highlight what has kept me interested and engaged, I’d be lying if I didn’t say that the course was interesting - It certainly takes up a fair share of my time. As of today, I just wrapped up my 2nd project in my Graduate Introduction to Operating Systems (GIOS) course (which - unusually - is referred to as “project 3” in the class). The project builds upon the previous project (where students developed companion client/server programs that communicated over a unique protocol) and incorporates IPC shared memory. There was quite a bit of learning to be had here; I spent a fair amount of time just tracing through/outlining my code’s execution (at one point, I determined that my code was too messy to correct for and rebuilt it from ground zero). I grew particularly frustrated at one point trying to decipher why my code seemed to arbitrarily fail (as it turns out, this became a lesson in thread safe library functions; bottom line: strtok() can result in unpredictable behavior in a multi-threaded program). I also scored just above the mean in my class’ midterm grades, so I’m feeling pretty comfortable going into the latter half of the class.Hack the Box
I have mixed feelings about Hack the Box. On the one hand, it provides an excellent platform to engage with some truly challenging and interesting hacks; it adopts a target-oriented model, much like the labs offered by Offensive Security’s PWK and Virtual Hacking Labs. On the other hand, there isn’t really any tangible value added in working through the challenges time-consuming challenges (emphasis on time-consuming). That said, I can’t help but really want to dive into the platform’s resources, climb their hacking leaderboard, and really chew over their materiel. I’m thinking of spending some time to hone my craft in engaging this platform. Look forward to hearing more on this later.New Job
Somewhat burying the lead here, but I started my new job this week as a penetration tester! I’m very excited to make this direct pivot in my career into a more technical role away from the policy-oriented cybersecurity work. I’m particularly pleased at how this move helps to bridge the gap between what I’ve been studying and what I’m doing professionally. It will be a little bit before I actually get my work underway, but I’m looking forward to the new challenges and opportunities this move presents.Cyber Podcast
Finally, I wanted to highlight a podcast that has introduced a really nice segment. Motherboard’s CYBER podcast started a “My First Hack” bit which has professional (and perhaps criminal) hackers and security researchers come on and speak to their careers and how they got there. Presented by Lorenzo Franceschi-Biccierai (who I personally find more enjoyable to listen to than the show’s usual host), the podcast looks to be what I wanted the “Tribe of Hackers” podcast to be: where the latter ended up interviewing hacker-adjacent personalities (such as conference organizers), the “My First Hack” segment remains fixed on the topic at hand: hacking.