A Peak Into the Past

I am not working for next 8 days. This is the transition period between Appsecco and the next company that I am joining. I think I have decided my priorities during this COVID-vacation period

1. Read random books. Physical ones get priority over Kindle
2. Write random stuff, like I am doing here
3. Play with her

This is a feel good post about reflecting in the past, about things that I have worked on and particularly proud of, in no particular order

• Developing Swachalit which powers https://null.co.in and finally able to run it as a fully open source project
• Getting to meet w3bd3vil IRL and running our successful Advanced Infrastructure Security Assessment Training year on year at Nullcon
• Contributing Exploitation/Pwn Challenges for Nullcon’s HackIM CTF
• Contributing to open source software like Gitlab, MatterMost, HackSys Extreme Vulnerable Driver for Linux
• Exploiting Prototype Pollution in some NodeJS framework using common sense before it became a vulnerability class :-O
• Learning to distinguish between product, benefits, features, value. Thanks to Akash & Uppekkha
• Switching back to (GNU?/)Linux with i3wm after my MBP died. Oh yes, so much better it is. I am not moving away from tiling window manager.
• Writing a generic tool for extracting in-memory injected code for analysis

Update - What I did during the week

• Learnt about Hedgehog Concept and added the book in my reading list
• Learnt about AWS Organizations and multi-account governance
• Learnt about MLS Models and evolution of systems that use BLP
• Wrote a long pending post on security engineering use-case for variant analysis
• Merged PR for issue 42 for Swachalit that implement community engagement with sessions