Lately (outside of work), I have been doing two formal training programs weekly.
- HackTheBox Bug Bounty Hunter – 45% Complete
- API Security Fundamentals – 90% Complete
Both of these have been really intriguing and I am learning alot to apply to different areas of cybersecurity.
The Bug Bounty Hunter is helping me redefine my bug bounty strategy and my automation framework. Currently I’m using a bunch of bash scripts on my VPS with cron jobs. I have created some scripts using python, but I need to spend more time to practice basic programming. The scripts I use will call other tools installed on the server and orchestrate the execution of the workflows in a seamless manor. It works for what I need it for, but there are many areas that can be optimized.
API Security Fundamentals by APISec University is something I needed to focus on for work. I have exploited APIs in the past, but I am looking for a more formal understanding of API Security from both an offensive and defensive lens.
I will continue to write about techniques and how I incorporate the learning into my life.