WSR: #3: December 27th 2021 - January 2nd 2022

This year was a pretty eventful year.

Published: January 2, 2022

| Reading Time: 4 minutes

This Week’s Recap

As per usual, a lot of this week was spent reflecting on what went well this year and what I would like to do for 2022. This year was a pretty eventful year. I graduated with a bachelors in cyber security, landed a pentesting job, got eCPPT, released practical phishing assessments, met some really smart people, and took my first SANS class all while spending entirely too much time on infosec twitter.

12/27/2021

  • Wrote nearly 3000 words of my multi-part blog post. Currently only part 1 is out.
    • Detailed exactly how I host this site using Hugo, AWS S3, Obsidian, and bash. Part 2 available soon.
    • Subsequently learned how to enable virtualization in a VM which was… interesting.
  • Spun up a windows machine on my home lab to allow me to RDP into a windows machine if I need to. Very very useful and highly recommend if you’re running Linux as a host OS. Simply pressing super+0 switches into a fullscreen windows VM.

12/28/2021

  • Listened to episode #224 of the Privacy Security and OSINT show
  • Decided to split Creating An Infosec/IT blog into two parts
    • Mostly finished part one
  • Ordered some networking equipment for my homelab including 50 feet of Cat7 cable, tools to create smaller cat cables, and a PCIe NIC for my home lab.
    • Most of this is to set up a a pfSense firewall in my homelab. Currently need to do some rearranging in order to get that up and running. The goal right now is to move my router off my desk and just run one long ethernet cable from the end of my office into my PC. Then make a bunch of short ethernet cables from my router to my server. Next purchase will probably be a switch.
  • Set up Linkding bookmark manager to save all those random links I am constantly searching obsidian or past discord conversations for.
    • This has already proved very useful…

12/29/2021

  • Studied GSEC
  • Found some cool info on creating your own NAS for fairly cheap. (Thanks @rybaz)

12/30/2021

  • Listened to Troy Hunt’s weekly security update
  • Installed docspell to test it out as a document management system.
    • This might be a lot more than I require…
  • Began working on a script to download all the snapchat data I care about, snapchat absolutely makes it as hard as possible to all your data downloaded. Haven’t had time to finish it yet but have been made some progress. Here is my current code.
    • The issue is snapchat wants to make it difficult for you to download this data. Each memory you wish to download requires you clicking a different link and downloading the data from there.
 1#! /bin/python3
 2
 3import requests
 4import time
 5from selenium import webdriver
 6from selenium.webdriver.firefox.options import Options as FirefoxOptions
 7from selenium.webdriver.chrome import options
 8from selenium.webdriver.common.by import By
 9from colorama import init, Fore, Style
10
11
12options = FirefoxOptions()
13driver = webdriver.Firefox(options=options)
14driver.get("file:/scripts/data_snapchat/index.html")
15# Click Memories 
16driver.find_element(By.XPATH, "/html/body/div[1]/ul/li[27]/a").click()
17# Click Download
18select = ".rightpanel > table:nth-child(6) > tbody:nth-child(1) > tr:nth-child(5) > td:nth-child(3) > a:nth-child(1)"
19memories = driver.find_element(By.CSS_SELECTOR, select ).click()
20time.sleep(2)
21
22# Get URL and Download
23download = driver.current_url
24print(download)
25r = requests.get(download)
26open("./memory", "wb").write(r.content)
27driver.back()

12/31/2021 (Happy new years!)

  • I decided to take an inventory of all the security related goals I have for 2022. These are the big ones I want to accomplish. It will certainly be a busy year for me. I would be happy with just half of these certifications but I would like to learn as much as possible.
  • PNPT Practical Network Penetration Tester
  • OSCP Offensive Security Certified Professional
  • First two blocks of masters degree
    • First block:
      • GSEC Enterprise security expert
      • GCIH Certified information security incident handler
      • GSTRT IT Security leadership Competencies
    • Second block:
      • GDSA Defensible security architecture and engineering
      • SSAP Managing Human Risk
      • GCIA Advanced network intrusion detection and analysis
      • Core comprehensive exam
  • 12 Blog posts

1/1/2022

1/2/2022

  • Went through some PNPT Active Directory training for PEH.
  • Wrote this blog
  • Went over GSEC notes (My exam is next weekend!)

Have any questions

Happy new year! Do you have any questions? Feel free to reach out to me on twitter. See you next Sunday. :)