Answering a noob's questions
- Tadi
- Newsletter
- February 6, 2025
Table of Contents
Yoo Welcome to Issue #20 of Navigating Security.
šQuote of the week:
Iām too lazy to lookup quotes.
Ā Tadi
What To Expect š«”
- Answering questions from the previous issue by Byron, the ānoobā š
- A new series coming out soon as well? š¤
This Weekās YouTube Video:
What I learned from 300+ days of being a hacker (so far)
ā ļø The newsletter is currently not sponsored
Answering questions from the last post š
As you may have seen, I have a friend helping me out with the newsletter now because I canāt do anything consistently. If you havenāt read the previous newsletter issue, I suggest you do so, but you can probably get away with just following along.
[How a Noob follows the ultimate hacker roadmap.
Take small steps towards your goals.
āHow do you build muscle memory when it comes to OWASP-related vulnerabilities, even when youāre expecting SQL injection itās almost like each time youāre doing something completely different.
Ā Byron
š °ļø Muscle memory is built with practice, just like everything else. The more you do it, the more youāll know how to approach different situations because in reality no situation is the same. The principal concept is what matters.
āHow do you maintain patience and precision when using time-based blind SQL injections?
Ā Byron
š °ļø Youāre literally shooting in the dark. Patience is a virtue.
āCan you explain why the classic payload ' OR '1'='1 works, and in what scenarios it might fail?
Ā Byron
š °ļø What I can tell you is it doesnāt work anymore in modern applications, especially considering that most developers know how to write āsafeā code against those types of attacks. SQLi still exists, itās just a little more complicated than before. The following articles might be helpful:
- https://pentesterlab.com/blog/or-1=1-is-dying
- https://www.reddit.com/r/programming/comments/1h4wm6a/sql_injection_in_2024_the_vulnerability_that_wont/
āDoes experience with app development help with web app hacking?
Ā Byron
š °ļø Yes. As a beginner, probably not, but when you reach a point where youāve progressed past being a scriptkiddie itāll be harder to hack without some knowledge of how applications are built.
āWhatās the best approach to mastering OWASP-related vulnerabilities, since they seem to be a common requirement on job postings?
Ā Byron
š °ļø Practice, practice, practice. Do CTFs, do labs, read disclosure reports. Pick a few things you are most interested in and go as deep as possible.
New Year, New Series š¤
https://imgflip.com/tag/new+year+new+me
I might just be back from my many frequent hiatuses.
When I started creating content, I never intended to come across as a teacher in any way. I didnāt know much, so I wanted it to feel more like, “Hereās what Iām learningācome learn with me.”
Iād like to return to that approach and show you how Iām now growing into a more mid-level professionalānot necessarily a noob anymore.
The series will be called How Iām Learning to Be a Better Pentester. Iāll primarily be highlighting what Iām learning, how Iām being intentional about my growth, and how you can be too. The first post should be on LinkedIn soon, if itās not alreadyāso catch me there as well!
As always, if you have any questions or suggestions, feel free to hit me up on LinkedIn or Discord. Cheers!
ā±ļøIncase you missed the previous issue, here you go:
[How a Noob follows the ultimate hacker roadmap.
Take small steps towards your goals.
Suggestions
Hit me up on Discord or LinkedIn if you have anything you feel would be cool to include. Thanks, Cheers.
