Walking the path: february 2022
As anyone might notice, this series has —sadly— lost its streak since the last update. The past months have been complicated to say the least, but I'm getting up to speed again and will do my best to post here more often.
Next updates however won't be about "walking the path" anymore, for the following reasons:
- Any kind of series requiring a monthly streak is bound to hide other posts and add unnecessary noise.
- It's okay sometimes to not be as productive as you intended to! having to update a series based on that might twist the knife and add unnecessary guilt.
- I want to give myself the freedom of making shorter posts if the need arises.
Any sort of status update will simply be added to the chronolog from now on, which is the perfect place for it.
Since my last post, I:
- Completed the Linux Upskill Challenge: it was fun! Although this is a sysadmin-oriented course, I'd recommend it to anyone curious about Linux.
- Made a fork of clairvoyance, called premonition: just like the original project, this Python script allows you to bruteforce GraphQL APIs to deduce their schema when introspection is disabled. This fork however is leveraging the extensions object from the responses rather than parsing error messages.
- Updated my private repository of scripts and utilities for recon & bug bounties: I will make it publicly available when documentation is finished. While this repo doesn't have anything fancy or groundbreaking, some of the scripts really made my work easier during bug bounties.
- Found 2-3 low to medium impact bugs on the private program I'm currently working on: sadly, they were either obvious duplicates or out-of-scope, so I didn't bother reporting them. I did however learn a ton during the entire process!
- Made a bunch of userscripts for qutebrowser, which I turned into my main browser to work with Burp: the setup is surprisingly simple and the performance has been stunning compared to Chrome or Firefox.
- Made some marginal progress on TryHackMe: I intend on putting it higher in my priority list to get the Jr. Penetration Tester certificate in the following weeks / months.
- Set up IRC and bitlbee as some fun weekend project: all my socials are now bridged to my irssi client and interacting with anything and anyone from the command line has been great.
While this is not nothing per se, I deviated from my original goals here and there and will pick up where I left off, starting with TryHackMe and bug bounty work.
This may be the last post of this series, but other articles are coming up! Stay tuned.
~ Want to leave a comment about this post? You can send me a message on CuriousCat without an account, or reply on Twitter or Mastodon if you like!