WSR: #6: January 23rd-30th 2022

Reading/Writing but not executing (rw-)

Published: January 30, 2022

| Reading Time: 3 minutes

This Week’s Recap

This week was relatively light on research. A lot of my time was spent on developing other skills that will apply to other research down the road. One thing I have really been enjoying is going through various textbooks and taking notes on them. In college I could never get through their old out-dated material but going through SANS, nostarchpress, or other various textbooks can be very fun and rewarding if you’re reading about material you actually enjoy.

1/24/2022

Decided to pick up Hacking APIs by @hAPI_hacker because this area of pentesting is super interesting to me and seems to fly under the radar sometimes.
- Read the introduction to Hacking APIs
- Read chapter 0
- Read chapter 1
- Read chapter 2
- Fully did not expect to read this much but so far this book has been spot on.

1/25/2022

Read chapter 3 of Hacking APIs

1/26/2022

Read chapter 4 of API hacking
Worked on a blog post that I’ll probably title Spoofing youtube for fun and profit: An examination of punycode for phishing. It’s shaping up to be a combination of a lot of research I’ve done over the past year or so about phishing.
Finding it hard to concisely document all of this information since a lot of it assumes you know very niche concepts such as punycode, DNS limitations, etc.

1/27/2022

Found out about mr.d0x’s fantastic blog and went down a rabbithole reading a ton of their blogs

1/29/2022

Listened to Darknet Diaries EP 109
Did literally nothing for the rest of the day.

1/28/2022

Wrote nearly 2000 words for Spoofing youtube for fun and profit: An examination of punycode for phishing.
- Trying to figure out the right balance of technical/non-technical writing for a blog post like this.
- I have noticed that it is much easier to write blog posts if you just past a bunch of screenshots, but its not nearly as fun to read.
- I’ve also noticed with a topic like this I tend to get off topic really quickly which makes the pacing difficult.
Not totally security related but I’ve recently began to take #wehackhealth (formally known as #redteamfit) more seriously. (I even made it into a @hackingdave tweet).
- Invested in some of these bad boys.. Thanks for the motivation @hackingdave

1/30/2022

Wrote this roundup
Planning on phishing up Spoofing youtube for fun and profit: An examination of punycode for phishing.
Preparing to start my SANS masters on Tuesday. Might need to invest in another bookshelf for all the textbooks 👀

Have any questions

Do you have any questions? Feel free to reach out to me on twitter. See you next Sunday. :)