Monthly reviews are a collection of posts where I try to review the previous month and set the expectations for the upcoming month. Not only it helps me keep track of what I have on my plate, but also works a public record of things I have done and achieved, both on a personal level and in my profession.
October was a good month. Had a few setbacks occasionally, but, in hindsight, it feels like it was a productive one. Lots of good things came with this fall, another Hacktoberfest and some PRs from my side, and things are going pretty interesting on the professional level as well.
Submitted my first report on a bug bounty program, which is nice. At the time of writing, it was not yet triaged and I am immensely convinced it is coming back as N/A.
- Released pmz as open source software - there’s an article about it too. I keep using it and have some more ideas to work on it too.
- Participated in Hacktoberfest, although most of my contributions where to my own project.
- Professionally, there are a bunch of projects kicking off, so lots of good stuff coming. Plus, had the chance to finally play with Terraform.
- Participated in 2 CTFs, although in both I was not fully committed. There was the Snyk CTF early in the month and the second round of the MetaRed series. It would be nice if they posted the general rankings.
- Kicking off some more frequent blogging, including this monthly review.
Plans and Next Focuses
- At work, we will start working on implementing improvements into our security tooling. The approach is entirely new in comparison to what I had experienced with before, but I am excited. I’m an automation-first person, thus I see lots of things we can automate in our processes, which is a good thing.
- Restarting some more hacking activities is a must for me, either through machines or bug bounty programmes. Bug bounties are more exotic and appealing, specially because there is a monetary reward for the effort, but, precisely for that reason, the entry barrier is higher. I also want to start looking into an OSCP preparation, so machines might be more adequate to do so.
- Continue working and using
pmz. I really like the output so far. Very simple, just like I wanted it to be.
- Put some more time in PentesterLab’s materials until the end of the pro license. Since web is the area I want to become better at, PTL is the platform to have to develop the web skills needed in the security world.
- In November, there will be two MetaRed CTFs, part of the 5 stages. Can’t wait to play again in these CTFs, hopefully doing better than usual.