See you in 2023

I won’t publish new posts in December 2022 on this blog (hum, maybe except this one 🤔).

Why?

I’ll be busy elsewhere, but I have some ideas for 2023 \o/

What to expect in 2023

Deeper analysis, but still with simple words 🙏🏻.

Learned in 2022

• CTFs (more than 70 days of practice, “g°od” level unlocked on popular platforms)
• Kernel exploits on Linux
• LD exploits on Linux
• Bash deeply
• The OSI model and packet sniffing
• Volatility and memory analysis
• Advanced forensics and malware analysis

Personal thoughts on hacking

I tend to prefer the Blue team, as it seems a bit more challenging for me, but you can’t skip attacking techniques if you want to catch your adversaries.

In 2022, I’ve experimented “real-world” assignments, solved various CTFs, made some contributions, and wrote some blog posts. It’s also pretty cool to be a software developer, as you can see the same problem from multiple angles:

• how anyone can be hacked despite what I would call “a decent level of awareness and even practical skills,” which keeps you humble regardless of your efforts
• how developers fail to secure the code, but also how to fix critical vulnerabilities
• how to conduct basic forensics (Linux, Windows) and malware analysis
• how attackers divert native functionalities and exploit known flaws in popular operating systems
• how hard it can be for organizations to keep pace with security patches, especially against the less sophisticated but still devastating exploits
• how hard it is to be accurate while trying to tackle security topics with simple words
• how cool ethical hacking is and helps you understand what’s possible and what’s probably not (until someone manages to achieve it 😂)

However, I’m quite disappointed that some critical aspects are still underestimated by organizations, like having a security culture and regular pen-tests.

Many systems shift the responsibility to the end-users (e.g., employees). While a good security hygiene is necessary, it’s not always enough. Even the “extreme mode” cannot save you sometimes, so you’d better prepare for post-exploitation and breaches instead of blaming on the tools or someone else.

Cheers

See you in 2023.