It's Q3, how was Q2?
- Tadi
- Newsletter , Blog
- June 7, 2024
Table of Contents
đQuote of the week:
One of the biggest dangers when you’re a beginner is that if you do everything through AI, you’re not really learning. You may solve problems, but you’re not getting better. It’s critical to build strong foundations through hands-on experience rather than relying solely on AI to provide solutions
 Louis Nyffenegger
What To Expect đ«Ą
- âłMore goal setting lol
- đGetting better at hacking: a journey to mastery
Itâs been half a year alreadyâŠ
Writing that title kinda hit hard. At one point, time seems like itâs moving very slow, next thing youâre six months into the year 2024.
Itâs only recently that I started writing down my goals and keeping track of them and the system I have adopted has been absolutely amazing for me. Splitting my goals into quarters means I get to finish the year with 4 major goals achieved and a lot of milestones tackled along the way. Deviation is acceptable to a certain extent as long as the main goal for that quarter is still in mind.
For example, my goal for Q2 was revisiting active directory and learning how to abuse (mis)configurations from a windows machine by doing the CRTP. The goal was achieved for the most part, except I failed the exam because of a stupid option I could not find (for the life of me đ) for one of the commands I was trying to run.
Imagine forgetting the smb option when running nxc smb 192.3.4.5/24 âM spiderplus and then totally forgetting how to actually spell smb and spending hours scouring the internet only to find someone else use the command and realizing how dumb you are 30 minutes before your exam ends.
Bad example, but I hope you get the point. This just means I have one item to carry over to the next quarter, but I still get to focus on my current goal - building.
I am currently building the silliest burpsuite extension just for fun, then Iâll move on to creating a guided lab for pwnedlabs then maybe something for HTB. I want to get better at building with the intention of getting better breaking in the process. My goal for Q4 will probably be code review so this will prime me for that as well.
How well are you doing with setting goals and keeping up with them?
âDid you get that certification youâve been studying for?
âDid you start prepping for the interview you have coming up? Reaching out to people who work at the company you want to work?
â Are you waking up on time? Hitting the gym?
âAre you spending enough time on your bug bounty targets?
âDid you write the outline for that YouTube video you want to shoot?
Assess yourself and keep yourself accountable đ«Ą
Getting better at hacking đ
Iâve been digesting a lot of content by Louis, CEO of pentesterlab, and one thing he always emphasizes is sticking to one thing and becoming an expert at it. I had a conversation with him and he mentioned that finding that one thing you love enough to stick to it is usually the classic conundrum that most people find themselves in because there are so many interesting aspects of security.
Thatâs kind of where I am at. I donât know what I like well enough to become an expert at, but thereâs another thing to consider - comfort zone. Based on my anecdotal evidence, it seems to me that people who become experts at a certain subject never really start out liking the subject in question.
I hate GCP and I think itâs a dumpster fire. The UI is bad, the flows are weird, and inheritance is even weirder. But because I had two GCP pentests I had to do this past quarter, I dug into the inner workings of it and gained enough knowledge to confidently take on any GCP environment handed to me. Iâm not saying I am now a GCP expert, but itâs an area I was uncomfortable with and now is on the list of items I could potentially specialize in when I finally make that decision.
Here is one of my favorite talks by Louis:
Keynote Session: “A Journey to Mastery” - Louis Nyffenegger, BSides Canberra 2023
