Yoo Welcome to Issue #14 of Navigating Security.

🍃Quote of the week:

What To Expect 🫡

• ⏳More goal setting lol

• 📈Getting better at hacking: a journey to mastery

This Week’s YouTube Video:

⚠️ The newsletter is currently not sponsored

It’s been half a year already…

Writing that title kinda hit hard. At one point, time seems like it’s moving very slow, next thing you’re six months into the year 2024.

It’s only recently that I started writing down my goals and keeping track of them and the system I have adopted has been absolutely amazing for me. Splitting my goals into quarters means I get to finish the year with 4 major goals achieved and a lot of milestones tackled along the way. Deviation is acceptable to a certain extent as long as the main goal for that quarter is still in mind.

For example, my goal for Q2 was revisiting active directory and learning how to abuse (mis)configurations from a windows machine by doing the CRTP. The goal was achieved for the most part, except I failed the exam because of a stupid option I could not find (for the life of me 😭) for one of the commands I was trying to run.

Imagine forgetting the smb option when running nxc smb 192.3.4.5/24 —M spiderplus and then totally forgetting how to actually spell smb and spending hours scouring the internet only to find someone else use the command and realizing how dumb you are 30 minutes before your exam ends.

Bad example, but I hope you get the point. This just means I have one item to carry over to the next quarter, but I still get to focus on my current goal - building.

I am currently building the silliest burpsuite extension just for fun, then I’ll move on to creating a guided lab for pwnedlabs then maybe something for HTB. I want to get better at building with the intention of getting better breaking in the process. My goal for Q4 will probably be code review so this will prime me for that as well.

How well are you doing with setting goals and keeping up with them?

❓Did you get that certification you’ve been studying for?

❓Did you start prepping for the interview you have coming up? Reaching out to people who work at the company you want to work?

❓ Are you waking up on time? Hitting the gym?

❓Are you spending enough time on your bug bounty targets?

❓Did you write the outline for that YouTube video you want to shoot?

Assess yourself and keep yourself accountable 🫡

Getting better at hacking 📈

I’ve been digesting a lot of content by Louis, CEO of pentesterlab, and one thing he always emphasizes is sticking to one thing and becoming an expert at it. I had a conversation with him and he mentioned that finding that one thing you love enough to stick to it is usually the classic conundrum that most people find themselves in because there are so many interesting aspects of security.

That’s kind of where I am at. I don’t know what I like well enough to become an expert at, but there’s another thing to consider - comfort zone. Based on my anecdotal evidence, it seems to me that people who become experts at a certain subject never really start out liking the subject in question.

I hate GCP and I think it’s a dumpster fire. The UI is bad, the flows are weird, and inheritance is even weirder. But because I had two GCP pentests I had to do this past quarter, I dug into the inner workings of it and gained enough knowledge to confidently take on any GCP environment handed to me. I’m not saying I am now a GCP expert, but it’s an area I was uncomfortable with and now is on the list of items I could potentially specialize in when I finally make that decision.

Here is one of my favorite talks by Louis:

⏱️Incase you missed the previous issue, here you go:

Suggestions

Hit me up on Discord or LinkedIn if you have anything you feel would be cool to include. Thanks, Cheers.