Preamble
1. Cryptography
I recently picked up an interest in learning some more about cryptography; that is to say, examining the study of codes (cryptology) and the art of breaking them (cryptanalysis). I know at a high level of abstraction that cryptographers leverage their understanding of mathematics in order to generate algorithms for protecting information confidentiality. These algorithms include such examples as MD5, SHA1, TwoFish, and others. I’ve encountered some cryptography challenges in Capture-the-Flag (CTF) events, but they generally have mystified me (aside from the truly basic schemes, such as base64).
I know that if I really want to delve into cryptograph that I need to engage more with the underlying math; this isn’t an exciting prospect, but I know it’ll make me more competent. I began this month by opening up a copy of Bruce Schneier & Niels Ferguson’s Practical Cryptography. This immediately struck me as a very detailed resource but I quickly became overwhelmed by the subject matter. I then took a step back and engaged LinkedIn’s Symmetric Cryptography Essential Training. This proved to be a very high-level overview of cryptography and intentionally - by the author’s own admission - avoids directly engaging the underlying math.
At this point, I haven’t found the method of education/training that I can best engage with; I’ve seen an option in my graduate class that offers a course in Cryptography, but - given my options available - I’m not certain I’d want to take a course on the subject over others. I’ll continue to keep an eye out for other resources in the future.
2. First Penetration Test
This month marked my first professional penetration testing work. In the interest of observing confidentiality agreements, I won’t name who was the subject of the test or the system-under-test. However, I will note that this was a fairly narrow, simple engagement.
Like every venture, this experience provided some added value to me by exposing me to new challenges. In particular, I had to explore more embedded / hardware hacking - neither of which I was very familiar with. I’m grateful for the opportunity and am still excited to document my findings.
3. Local Library
Mercifully, the county I live in lifted COVID restrictions on my local library, which let me go check-out some new reading.
Now, as anyone in tech will know, the minute you publish any work it immediately becomes outdated; such is the rate of progress (both in new technologies and the security surrounding it). However, at a fundamental level there is still some great lessons to be learned. I’ve written some posts reviewing some of the books I’ve read this last month.
I currently have Daniel Regalado’s Gray Hat Hacking and David Le Blanc’s 19 Deadly Sins of Software Security checked out and am very much looking forward to working my way through them. I’ve found that reading these hard copy books is a lot easier than the digital versions of texts I own (for example, I’ve been really wanting to ingest the Web Application Hacker’s Handbook, but I’ve been struggling with finishing it for the aforementioned reason).
4. Dante
I have ongoing efforts with making my way through the HackTheBox Pro Lab, Dante. This has been something I’ve been dabbling with in the off hours - between work, school, and family. I’m pretty pleased with how the lab is constructed. In particular, I’ve really enjoyed developing a new skill: pivoting.
Moreover, there are just an array of fundamental network exploitation technologies at play that are really nice to work through, such as winRM, SMB, and web apps.
5. Computer Networks
I’ve begun my Summer session coursework in my graduate school program. This semester, I’m working through a Computer Networks class, which should address some of the fundamentals of computer networking. Based on reviews of the course, I’m expecting this class to be a bit of a break from some of the other courses I’ve taken thus far.
This course satisfies a number of program requirements for me and provides me some time to get my other non-academic affairs in order. One week in, and I’ve already gone ahead and completed the first programming project, 1 quiz, and have moved quickly through to the second week’s content.