Week of Infosec

The 5th edition of the Newsletter

Author

Alex
January 07, 2023

Hi everyone,

and welcome to the 1st edition of my newsletter in 2023 😊

Today it will be compilations of the week's achievements and findings

This week was productive:

I prepared 3 threads on Twitter about cybersecurity basics:

The first one is about the comparison of 3 ways to transform/encode data that are used regularly in Cybersecurity and Software Engineering: Encryption, Hashing, and Encoding.

Each one has its own role and should not be mixed up

The second one was about one of the critical types of vulnerabilities a potential attacker may exploit in the product: Remote Code Execution

and the third one continues the previous and extends with more details on how the attacker can operate the exploited system from his remote machine, with a basic example:

BTW here is a great cheat sheet of reverse shells examples in different languages:

Reverse Shell Cheat Sheet | pentestmonkey

https://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

and I passed the "Design the CPU" course :

Design a CPU: Learn Computer Architecture by Building Your Own

Computer Architecture and Design

https://www.udemy.com/course/design-a-cpu

I started it right after I finished reading "But How Do It Know? - The Basic Principles of Computers for Everyone", the course is based on this book, so you can implement everything from the book yourself with logisim tool. If you want to know how a computer works this course is a good choice.

also the other day I came across excellent courses about binary exploitation and would like to share them with you:

OFFENSIVE SECURITY & REVERSE ENGINEERING (OSRE) Course

Offensive Software Exploitation Course

https://exploitation.ashemery.com/

and some additional about heap exploitation:

The toddler’s introduction to Heap exploitation (Part 1)

In my introductory post I talked about dynamic memory allocation and I referenced various implementations that are used to tackle this…

https://valsamaras.medium.com/the-toddlers-introduction-to-heap-exploitation-part-1-515b3621e0e8

The toddler’s introduction to Heap exploitation (Part 2)

In my last post I talked about how the Heap is organised in the context of the ptmalloc allocator. I went through some basic concepts, like…

https://valsamaras.medium.com/the-toddlers-introduction-to-heap-exploitation-part-2-d1f325b74286

The toddler’s introduction to Heap exploitation — Overflows(Part 3)

In the previous parts (1, 2) we discussed about the heap structure and we tried to simplify these concepts using a real life example. You…

https://valsamaras.medium.com/the-toddlers-introduction-to-heap-exploitation-overflows-part-3-d3d1aa042d1e

The toddler’s introduction to Heap exploitation, Use After Free & Double free (Part 4)

This post is part of a series of articles related to x64 Linux Binary Exploitation techniques. Following up from my previous posts, we’ve…

https://valsamaras.medium.com/use-after-free-13544be5a921

during my pentesting projects, I've never faced binary exploitation but anyway these topics might be handy and it's better to be prepared

Great post by Ankur, made me think about it ...

Writing a Blog for developers opens new opportunities besides additional side income you can possibly enhance your networks with other great people

BTW some tech companies pay for tech posts 👇

GitHub - tyaga001/Awesome-Companies-Who-Pays-Technical-Writers: Awesome-Companies-Who-Pays-Technical-Writers

Awesome-Companies-Who-Pays-Technical-Writers. Contribute to tyaga001/Awesome-Companies-Who-Pays-Technical-Writers development by creating an account on GitHub.

https://github.com/tyaga001/Awesome-Companies-Who-Pays-Technical-Writers

If you are new to cybersecurity take a look at the video below, it gives some base on how to implement your own learning plan to get into security:

a bit about one of the greatest discoveries of humanity:

That is all for today, thank you for your attention,

Alex