Cybersecurity has interested me for a long time. I wanted to be a Penetration Tester as soon as I heard about the job; over time, my interests have evolved to include secure networking and cloud infrastructure, web application testing, online anonymity technology, information flow security, applying AI to Cybersecurity, and Cryptography
I also enjoy Cybersecurity Training and Education. I deliver regular lectures on a range of Cybersecurity topics as part of my role with Sheffield Ethical Student Hackers society (SESH), and have delivered technical training on Computer Networking to my colleagues as part of my Year in Industry. I also enjoy spending time on Cybersecurity training platforms such as Hack the Box and TryHackMe, and have taken inspiration from these platforms when developing my own challenges, worksheets, and CTFs for SESH. Wherever I end up, I hope to be able to help educate and upskill people in Cyber
Projects
Cybersecurity Notes
I have built a repository containing all of my Cybersecurity Notes. It is constantly expanding with new writeups and cheatsheets. Find it here
CTF Tools
I have built a number of custom scripts, collected in one repository. It contains a password cracker, a HTTP request repeater, and a number of scripts that I have used in CTFs and Hack the Box boxes
Deserialisation Demo
This code demonstrates a simple PHP Deserialisation vulnerability, which I used during a Web Application Hacking session for SESH
Year in Industry
On my Year in Industry I have had the chance to work with web scraping technologies such as Beautiful Soup, do basic analysis of APK files in Ghidra, and build secure infrastructure in AWS. I have gained a number of skills assessing applications for potential vulnerabilities, and have learned a lot about secure development and networking on Unix based platforms, from proxies and SSL stripping tools to analysis with Burp Suite and Wireshark. I have assessed my own software for vulnerabilities, and helped with initial assessments for a number of other platforms
How I Practice
I am extremely interested in the Hack the Box platform, and have solved a number of boxes on the platform
See my profile here
Skills I have gained from the platform include:
- Enumeration & Web Application testing tools such as Nmap, Gobuster, Wfuzz amd SQLMap; manual exploitation of common web application vulnerabilities such as XSS and SQLI
- Searching for and exploiting CVEs on websites using Searchsploit, Metasploit, and custom exploits
- Enumerating filesystems with Linpeas and Pspy, and exploiting custom code & Unix security misconfigurations
- Enumerating exposed Git repositories with tools such as Git Dumper, and finding exposed secrets in code bases, on boxes such as Laboratory and Academy
- Deserialisation Vulnerabilities - on Cereal, Academy, Tenet, and Time
- AWS Testing and Exploitation - on Bucket
- Server-Side Template Injection - on Doctor
- Advanced Cross-Site Scripting on Cereal
I also enjoy practicing by making CTFs and experimenting with new CVEs that I hear about. I'm hoping to build some HacktheBox boxes in future, so stay tuned.
Of course, the best way to learn is to teach others, which is why my role on the SESH committee has been so valuable. I'm proud of the sessions I've helped to run, and researching them has taught me a lot about all sorts of topics. These skills include:
- Fundamentals of web application hacking, including SQLI, XSS, Authentication Bypass Methods, and general methods of site enumeration
- Advanced web application hacking topics, including deserialisation, type juggling, SSTI, and blind XSS
- Windows and Linux Enumeration tools and techniques; common network and active directory enumeration and exploitation tools
- Automation skills in Python, both for scripting and productivity tools
- Fast web development when building CTF challenges in a variety of frameworks - using PHP, Flask, AWS, and Docker to deploy vulnerable sites
- The art of producing content - not a cyber-specific skill, but one that I've loved to learn. Creating quality slides and learning how to present them has been a challenge, but extremely rewarding
I hope to continue to provide quality content, learning resources, and challenges for the society members until I leave uni. Our next goal is to produce a Fundamental Skills series of lectures which should help all members get their skills up to scratch in advance of sessions, and I'm excited to contribute some content.