Yoo Welcome to Issue #16 of Navigating Security.

🍃Quote of the week:

What To Expect 🫡

• Building useful tooling is hard 💻

• You vs You 🏋🏾‍♂️

• Technical content coming up ⌛

This Week’s YouTube Video:

⚠️ The newsletter is currently not sponsored

Building useful tooling is hard 💻

As I dabble with building random things and writing more code to get better at breaking things, I realized how difficult it is to build tooling that other people will use.

There is a specific problem my team and I seem to always run into when doing cloud audits in large environments. So, I took it upon myself to build a “tool” that will decrease the time it takes us to go through results and remove the false positives. I put “tool” in quotes because it’s really just a couple of janky scripts. Writing scripts for yourself is simple and straightforward, all you need is for it to work. If it works, don’t fix it type vibes; but now that I know I will not be the only one using this tool, there are more things to consider and most of them are concerning the efficiency of my code.

I would have loved to use bash which is more efficient for my use case, but I realized not everyone uses Linux - meaning I have to use a language that is cross-platform. I have to consider threading to reduce the time the code takes to run, CPU usage, and code modularity, among other things. Having an idea is cool until you have to start writing the code. My brain hurts, but it’s a fun experience.

When I finally complete this tiny ass tool, I’ll probably have it up on GitHub for y’all to check out. Feel free to roast and correct my code by submitting pull requests. Hats off to all the devs out there though - cause wtf.

Moral of the story - learn how to code cause wtf x2.

You vs You 🏋🏾‍♂️

We all have goals we want to reach. That’s probably why you are reading this newsletter. You hope to gain something that might be useful in your cybersecurity journey, which I hope you do, I have the best tips and memes around - kidding.

One thing that might be holding you back is you. You aren’t consistent. You aren’t hard-working, you like taking shortcuts. You can’t concentrate. You can’t tell the difference between a private and public IP address. You can’t read. You prefer scrolling on TikTok rather than reading my newsletter. Something!

The battle you have to win is against the person staring back at you in the mirror. Fight against the desires that hold you back. That voice telling you to not write your newsletter this week because no one actually reads it, fight it. It’s holding you back from becoming Hackerone’s MVH or presenting the next keynote at Defcon.

I’m only saying this because this is what I tell myself when I am slacking. Does it work? Clearly not - considering the lack of content from my end. JK?

Technical Stuff ⌛

I don’t want to promise, but hopefully, the next newsletter issue will be a technical one. I’d like to do a bit of a deep dive on GCP privilege escalation stuff and maybe some Android stuff too.

Let me know if you have any questions you’d like answered or topics you’d like explored. Danko.

⏱️Incase you missed the previous issue, here you go:

Suggestions

Hit me up on Discord or LinkedIn if you have anything you feel would be cool to include. Thanks, Cheers.