This Week’s Recap

This week was relatively light on research. A lot of my time was spent on developing other skills that will apply to other research down the road. One thing I have really been enjoying is going through various textbooks and taking notes on them. In college I could never get through their old out-dated material but going through SANS, nostarchpress, or other various textbooks can be very fun and rewarding if you’re reading about material you actually enjoy.

1/24/2022

  • Decided to pick up Hacking APIs by @hAPI_hacker because this area of pentesting is super interesting to me and seems to fly under the radar sometimes.
    • Read the introduction to Hacking APIs
    • Read chapter 0
    • Read chapter 1
    • Read chapter 2
    • Fully did not expect to read this much but so far this book has been spot on.

1/25/2022

1/26/2022

  • Read chapter 4 of API hacking
  • Worked on a blog post that I’ll probably title Spoofing youtube for fun and profit: An examination of punycode for phishing. It’s shaping up to be a combination of a lot of research I’ve done over the past year or so about phishing.
  • Finding it hard to concisely document all of this information since a lot of it assumes you know very niche concepts such as punycode, DNS limitations, etc.

1/27/2022

1/29/2022

1/28/2022

  • Wrote nearly 2000 words for Spoofing youtube for fun and profit: An examination of punycode for phishing.
    • Trying to figure out the right balance of technical/non-technical writing for a blog post like this.
    • I have noticed that it is much easier to write blog posts if you just past a bunch of screenshots, but its not nearly as fun to read.
    • I’ve also noticed with a topic like this I tend to get off topic really quickly which makes the pacing difficult.
  • Not totally security related but I’ve recently began to take #wehackhealth (formally known as #redteamfit) more seriously. (I even made it into a @hackingdave tweet).

1/30/2022

  • Wrote this roundup
  • Planning on phishing up Spoofing youtube for fun and profit: An examination of punycode for phishing.
  • Preparing to start my SANS masters on Tuesday. Might need to invest in another bookshelf for all the textbooks 👀

Have any questions

Do you have any questions? Feel free to reach out to me on twitter. See you next Sunday. :)