There will no post in December 2022 on this blog (hum, maybe except this one 🤔).
Why?
I’ll be busy elsewhere, but I have some ideas for 2023 o/
What to expect in 2023
Deeper analysis, but still with simple words 🙏🏻.
Learned in 2022
- CTFs (more than 70 days of practice, “g°od” level unlocked on popular platforms)
- Kernel exploits on Linux
- LD exploits on Linux
- Bash deeply
- The OSI model and packet sniffing
- Volatility and memory analysis
- Advanced forensics and malware analysis
Personal thoughts on hacking and cyber
I tend to prefer the Blue team, as it seems a bit more challenging for me, but you can’t skip attacking techniques if you want to catch your adversaries.
In 2022, I’ve experimented “real-world” assignments, solved various CTFs, made some contributions, and wrote some blog posts. It’s also pretty cool to be a software developer, as you can see the same problem from multiple angles:
- how anyone can be hacked despite what I would call “a decent level of awareness and even practical skills,” which keep you humble regardless of your efforts
- how developers fail to secure the code, but also how to fix critical vulnerabilities
- how to conduct basic forensics (Linux, Windows) and malware analysis
- how attackers divert native functionalities and exploit known flaws in popular operating systems
- how hard it can be for organizations to keep pace with security patches, especially against the less sophisticated but still devastating exploits
- how hard it is to be accurate while trying to tackle security topics with simple words
- how cool ethical hacking is and helps you understand what’s possible and what’s probably not (until someone manages to achieve it 😂)
However, I’m quite disappointed that some critical aspects are still underestimated by organizations, like having a security culture and regular pen-tests.
Many systems shift the responsibility to the end-users (e.g., employees). While a good security hygiene is necessary, it’s not always enough. Even the “extreme mode” cannot save you sometimes, so you’d better prepare for post-exploitation and breaches instead of blaming on the tools or someone else.
Cheers
See you in 2023.
