2022 May review

2 minute read

Monthly reviews are a collection of posts where I try to review the previous month and set the expectations for the upcoming month. Not only it helps me keep track of what I have on my plate, but also works a public record of things I have done and achieved, both on a personal level and in my profession.

During this month, started some research projects which took most of my time. Unfortunately, I am unauthorized to disclose details about those projects, but it was definitely a productive month.

On the other hand, got inspired to start working on side projects again as I have come to realize that’s the only way we have to put our skills into practice. LeetCode and Exercism are great to get familiar with a piece of technology, not to practice problem solving.

That said, I’m prematurely announcing a side-project I started to work on called NodeAudit. For some times, I wanted to search for vulnerabilities for a node package. Snyk database but it’s not made in a way that lets users do fine-grained searches. Furthermore, it’s always a risk to run npm install <package>@<version> on your own machine and spinning a new VM each time is a pine. That said, the goal of this project is to run a secure, sandboxed environment where users can specify a package (and its version) to then install and run the audit command from NPM. Additionally, it would be great if it could demonstrate the findings in a friendly, pretty format with clear actions on how to mitigate the known vulnerabilities.

Achievements

  • Quarter CTF is done - Played on the HackTheBox Cyber Apocalypse with the team. Unfortunately, I could not dedicate as much time as I wanted. On the upside, I focused heavily on the web challenges and learned some things. I intent to write a post on those soon, although there are already a considerable amount of write-ups.
  • Started doing Security research for the first time. At this point in time, I am not allowed to disclose much but I’m really excited by this opportunity. I have season and experienced professionals to discuss ideas, approaches and security overall.
  • I can share I am changing jobs soon, going back to my previous position. Unfortunately on one hand, things didn’t work out here. Company and team culture is very important to me, and I learned the hard way some things we should not take for granted.

Plans and Next Focuses

  • Work on NodeAudit project - Essentially, an online sandboxed environment for a user to run npm audit on a provided NPM package. The idea is to avoid having to install it locally and perform the audit yourself. Plus, it would be nice if it returned the findings in a pretty format. More should be coming out about this project, but it’s a nice side project for me to get back into web development and front-end development.
  • Work on some HTB boxes, if possible. Try to keep 1 per week and write something about them.
  • Continue engaged in security research, as well as do my best to have a smooth transition into my old job.
comments powered by Disqus