WSR: #3: December 27th 2021 - January 2nd 2022
This year was a pretty eventful year.
Published: January 2, 2022
Reading Time: 4 minutes
This Week’s Recap
As per usual, a lot of this week was spent reflecting on what went well this year and what I would like to do for 2022. This year was a pretty eventful year. I graduated with a bachelors in cyber security, landed a pentesting job, got eCPPT, released practical phishing assessments, met some really smart people, and took my first SANS class all while spending entirely too much time on infosec twitter.
- Wrote nearly 3000 words of my multi-part blog post. Currently only part 1 is out.
- Detailed exactly how I host this site using Hugo, AWS S3, Obsidian, and bash. Part 2 available soon.
- Subsequently learned how to enable virtualization in a VM which was… interesting.
- Spun up a windows machine on my home lab to allow me to RDP into a windows machine if I need to. Very very useful and highly recommend if you’re running Linux as a host OS. Simply pressing
super+0switches into a fullscreen windows VM.
- Listened to episode #224 of the Privacy Security and OSINT show
- Decided to split Creating An Infosec/IT blog into two parts
- Mostly finished part one
- Ordered some networking equipment for my homelab including 50 feet of Cat7 cable, tools to create smaller cat cables, and a PCIe NIC for my home lab.
- Most of this is to set up a a pfSense firewall in my homelab. Currently need to do some rearranging in order to get that up and running. The goal right now is to move my router off my desk and just run one long ethernet cable from the end of my office into my PC. Then make a bunch of short ethernet cables from my router to my server. Next purchase will probably be a switch.
- Set up Linkding bookmark manager to save all those random links I am constantly searching obsidian or past discord conversations for.
- This has already proved very useful…
- Listened to Troy Hunt’s weekly security update
- Installed docspell to test it out as a document management system.
- This might be a lot more than I require…
- Began working on a script to download all the snapchat data I care about, snapchat absolutely makes it as hard as possible to all your data downloaded. Haven’t had time to finish it yet but have been made some progress. Here is my current code.
- The issue is snapchat wants to make it difficult for you to download this data. Each memory you wish to download requires you clicking a different link and downloading the data from there.
1#! /bin/python3 2 3import requests 4import time 5from selenium import webdriver 6from selenium.webdriver.firefox.options import Options as FirefoxOptions 7from selenium.webdriver.chrome import options 8from selenium.webdriver.common.by import By 9from colorama import init, Fore, Style 10 11 12options = FirefoxOptions() 13driver = webdriver.Firefox(options=options) 14driver.get("file:/scripts/data_snapchat/index.html") 15# Click Memories 16driver.find_element(By.XPATH, "/html/body/div/ul/li/a").click() 17# Click Download 18select = ".rightpanel > table:nth-child(6) > tbody:nth-child(1) > tr:nth-child(5) > td:nth-child(3) > a:nth-child(1)" 19memories = driver.find_element(By.CSS_SELECTOR, select ).click() 20time.sleep(2) 21 22# Get URL and Download 23download = driver.current_url 24print(download) 25r = requests.get(download) 26open("./memory", "wb").write(r.content) 27driver.back()
- Watched Marcus Hutchins’ video on why we haven’t seen a log4j worm Highly recommend.
12/31/2021 (Happy new years!)
- I decided to take an inventory of all the security related goals I have for 2022. These are the big ones I want to accomplish. It will certainly be a busy year for me. I would be happy with just half of these certifications but I would like to learn as much as possible.
- PNPT Practical Network Penetration Tester
- OSCP Offensive Security Certified Professional
- First two blocks of masters degree
- First block:
- GSEC Enterprise security expert
- GCIH Certified information security incident handler
- GSTRT IT Security leadership Competencies
- Second block:
- GDSA Defensible security architecture and engineering
- SSAP Managing Human Risk
- GCIA Advanced network intrusion detection and analysis
- Core comprehensive exam
- First block:
- 12 Blog posts
- Finished writing part 1 of Creating An Infosec/IT Bog and uploaded it.
- Recorded and uploaded a video on How I Study For Security Certifications.
- Planned out some time to work on my goals for this year. I would like to work on PNPT and OSCP sometime in Q3 of this year.
- Went through some PNPT Active Directory training for PEH.
- Wrote this blog
- Went over GSEC notes (My exam is next weekend!)
Have any questions
Happy new year! Do you have any questions? Feel free to reach out to me on twitter. See you next Sunday. :)