This Week’s Recap

This week was relatively light on research. A lot of my time was spent on developing other skills that will apply to other research down the road. One thing I have really been enjoying is going through various textbooks and taking notes on them. In college I could never get through their old out-dated material but going through SANS, nostarchpress, or other various textbooks can be very fun and rewarding if you’re reading about material you actually enjoy.

1/24/2022

• Decided to pick up Hacking APIs by @hAPI_hacker because this area of pentesting is super interesting to me and seems to fly under the radar sometimes.
  • Read the introduction to Hacking APIs
  • Read chapter 0
  • Read chapter 1
  • Read chapter 2
  • Fully did not expect to read this much but so far this book has been spot on.

1/25/2022

• Read chapter 3 of Hacking APIs

1/26/2022

• Read chapter 4 of API hacking
• Worked on a blog post that I’ll probably title Spoofing youtube for fun and profit: An examination of punycode for phishing. It’s shaping up to be a combination of a lot of research I’ve done over the past year or so about phishing.
• Finding it hard to concisely document all of this information since a lot of it assumes you know very niche concepts such as punycode, DNS limitations, etc.

1/27/2022

• Found out about mr.d0x’s fantastic blog and went down a rabbithole reading a ton of their blogs

1/29/2022

• Listened to Darknet Diaries EP 109
• Did literally nothing for the rest of the day.

1/28/2022

• Wrote nearly 2000 words for Spoofing youtube for fun and profit: An examination of punycode for phishing.
  • Trying to figure out the right balance of technical/non-technical writing for a blog post like this.
  • I have noticed that it is much easier to write blog posts if you just past a bunch of screenshots, but its not nearly as fun to read.
  • I’ve also noticed with a topic like this I tend to get off topic really quickly which makes the pacing difficult.
• Not totally security related but I’ve recently began to take #wehackhealth (formally known as #redteamfit) more seriously. (I even made it into a @hackingdave tweet).
  • Invested in some of these bad boys.. Thanks for the motivation @hackingdave

1/30/2022

• Wrote this roundup
• Planning on phishing up Spoofing youtube for fun and profit: An examination of punycode for phishing.
• Preparing to start my SANS masters on Tuesday. Might need to invest in another bookshelf for all the textbooks 👀

Have any questions

Do you have any questions? Feel free to reach out to me on twitter. See you next Sunday. :)