ByteWatch #003

Hey Friends,

Thanks for stopping by, I hope you all had a great week! Feels good to get back on the grind and work on stuff that I am passionate about. Had lots of ideas and thoughts this week, so let's jump right in:

Time Spent/Challenges

First, here are the stats for this week. I've changed the way this table looks to just the individual work on each project I'm working on. I think it paints a better picture of where time was spent this week:

Task

Time

OSCP/CPTS Studies 📖

11h 13m 10s

Journal 📝

1h 39m 57s

Performance-wise, the overall times are consistent as last week, but not consistent regarding day-to-day time spent. That'll be something to improve on for next week, but I'll take it.

Bar chart showing the number of hours spent on specific tasks/projects

Table showing the monthly number of hours spent on specific tasks/projects

Certification studies take up A TON of time. I hope to do a lot of this now so that I can work on tool programming in Go, bug bounty, and other side projects after taking exams. The grind is real.

Weekly Ideas/Thoughts

Document Your Journey - An idea that is shared by many, but is powerful in building awareness, trust, and reputation within InfoSec. I don't know everything and I'm fine with that. Sharing what I am doing (and having the structure, method, and workflow to do it) helps bring up others on the same path as me. You do have something worth sharing, you just need to write it down and think through it in detail.

I just finished reworking my main website using Hugo, customizing one of the themes I am using, and making sure the structure of the site is good. I'd recommend this to anyone starting from the same place I am. Here are some of the benefits:

  • You own your SEO (Medium doesn't, dev.to doesn't, you do. That's important)

  • Freedom of unlimited customization

  • Large sites build in seconds

  • Fast, responsive, and lightweight

Leverage Foundational Knowledge - Even though I know how to use tools like CrackMapExec or fuff, or even know the basics of DNS, subdomain enumeration, SMB, SMTP, etc. - if you don't have a firm grip on foundational knowledge and are actively working on filling those gaps, you won't get to the top. Going through this myself with the HTB Academy content makes this clear as day. I'm starting to realize the holes in my knowledge that I didn't know were there and making new connections between ideas and previous knowledge. This is so powerful and interesting at the same time. I'm only halfway through and it's a lot of content, but it will be worth it in the end.

If you aren't digging deep, you won't find those P1s or critical vulnerabilities on Pentests. I think Justin from Critical Thinking famously says,

"You need to get intimate with the application..."

Embrace Ultralearning Strategies - Along the same lines as the other topics, understanding that revisiting known material can uncover previously unseen gaps in knowledge is a hallmark of a strategic learner. The transition from 'black box' to 'white box' learning, as inspired by Colin Galen's insights, is not merely a strategy—it's a paradigm shift in how you approach problem-solving and skill acquisition.

Check out the book Ultralearning by Scott H. Young as well. This gave me an initial methodology and a good approach to learning new and complex topics. 10/10.

Another fantastic resource from Colin Galen is his video How to Awaken & Enhance Your Analytical Problem-Solving Mind which has helped in a massive way on how to approach problem-solving in the context of CTF machines, offensive engagements, and bug bounty.

Harness AI to Augment Skills - The post-AGI environment offers an unprecedented opportunity to leverage AI as an accelerator for your learning and development. Focusing on areas like API hacking and integrating AI into your workflow, you'll stay ahead of the curve and redefine the cybersecurity professional you'll become. Embrace AI not as a tool, but as a partner in your creative endeavors.

Optimizing Screenshots for Web Performance - This is a random one, but using .webp images for walkthroughs, writeups, and other content is the way to go 🔥 I have seen a 60% reduction in file size compared to using .png, still keeping the same resolution and quality. Will be using this going forward for all of my writeups and online content. Plus, all modern web browsers support this, so it is a no-brainer here.

If you have questions, feel free to shoot me a DM on Discord or Twitter/X since I check those the most. If you want me to dive deeper into a specific topic, I'd be more than glad to do that in a blog post or YouTube video.

Resources

https://danaepp.com/beginners-guide-to-api-hacking - Probably the best API hacking blog out there by Dana Epp (SilverStr)

https://notateamserver.xyz/cpts-review/ - an00b gives a great overview and review of his CPTS exam experience. Check out his other blog posts as well.

-- Erik

Join the conversation

or to participate.