WSR: #6: January 23rd-30th 2022
Reading/Writing but not executing (rw-)
Published: January 30, 2022
Reading Time: 3 minutes
This Week’s Recap
This week was relatively light on research. A lot of my time was spent on developing other skills that will apply to other research down the road. One thing I have really been enjoying is going through various textbooks and taking notes on them. In college I could never get through their old out-dated material but going through SANS, nostarchpress, or other various textbooks can be very fun and rewarding if you’re reading about material you actually enjoy.
1/24/2022
- Decided to pick up Hacking APIs by @hAPI_hacker because this area of pentesting is super interesting to me and seems to fly under the radar sometimes.
- Read the introduction to Hacking APIs
- Read chapter 0
- Read chapter 1
- Read chapter 2
- Fully did not expect to read this much but so far this book has been spot on.
1/25/2022
- Read chapter 3 of Hacking APIs
1/26/2022
- Read chapter 4 of API hacking
- Worked on a blog post that I’ll probably title
Spoofing youtube for fun and profit: An examination of punycode for phishing.
It’s shaping up to be a combination of a lot of research I’ve done over the past year or so about phishing. - Finding it hard to concisely document all of this information since a lot of it assumes you know very niche concepts such as punycode, DNS limitations, etc.
1/27/2022
- Found out about mr.d0x’s fantastic blog and went down a rabbithole reading a ton of their blogs
1/29/2022
- Listened to Darknet Diaries EP 109
- Did literally nothing for the rest of the day.
1/28/2022
- Wrote nearly 2000 words for
Spoofing youtube for fun and profit: An examination of punycode for phishing.
- Trying to figure out the right balance of technical/non-technical writing for a blog post like this.
- I have noticed that it is much easier to write blog posts if you just past a bunch of screenshots, but its not nearly as fun to read.
- I’ve also noticed with a topic like this I tend to get off topic really quickly which makes the pacing difficult.
- Not totally security related but I’ve recently began to take #wehackhealth (formally known as #redteamfit) more seriously. (I even made it into a @hackingdave tweet).
- Invested in some of these bad boys.. Thanks for the motivation @hackingdave
1/30/2022
- Wrote this roundup
- Planning on phishing up
Spoofing youtube for fun and profit: An examination of punycode for phishing.
- Preparing to start my SANS masters on Tuesday. Might need to invest in another bookshelf for all the textbooks 👀
Have any questions
Do you have any questions? Feel free to reach out to me on twitter. See you next Sunday. :)