
And… Action!
Hello, and welcome to Saturday night’s most viewed blog (even though it’s Tuesday and not the most viewed blog).
So yeah, it’s been a few days since I did my part 1.
So I’ll go straight into a brief overview of the days.
Day 2:
Hours: 1.
- I continued reading up on CT logs.
- Did some more manual recon on the target.
Day 3:
Hours: 3.
- New target was introduced.
- Collab meeting.
- Hands on the target, checking through requests and responses.
- Found possible issue with objects in a JSON file but due to it being a test server it was full of spam so I found it hard to distinguish what it was.
Day 4:
Hours: 1.
- I revisited the problem from the previous day.
- I was pretty tired this day so there was very little productivity.
Day 5:
Hours: 2.
- I felt there was a need to be more systematic.
- Reorganized the way I take notes, mindmap and checklist.
- Despite it not being hands on, I felt this still classified as part of the challenge as the more organised I can be whilst learning and hunting, the more smoothly I can do things.
Day 6:
Hours: 3.5
- Went back to the target from day 1 & 2.
- Rechecked the recon I done with the new checklist which proved to be the right call as more information was found.
Okay, that was a rough guide of my days.
I still have a dilemma and one I should really improve on. I seem to be the guy who loves finding the information but I’m also the guy who loves to document everything before I even look at exploiting. My thought process is either continue on that path, or focus on findings then try and exploit as I find. I think this will come with time, when I get more experienced and skilled as of right now, I’m just trying to learn how to crawl.
This is proving already to be a challenge but I know I can spend more time in the evening on this despite the fact I may be tired so I’m hoping to improve my time allocated to the challenge daily.
What can I do better?
- I could be faster, I tend to take too many 5 minute breaks.
- Don’t be scared to ask for help.
- Know when to start investigating rather than just documenting.
- Stay with 1 target as planned.
Things that went well?
- The systematic approach works well for me.
- I’m diving into topics to get a better understanding of the subject.
Total Hours spent: 15.
That’s all from me, I did say things will be more in brief but trying to balance the time is something I have to get used to, so I do apologise for that. Let’s get the hours in, and learn like crazy.
“Until next time” - A wise noob.