Monthly reviews are a collection of posts where I try to review the previous month and set the expectations for the upcoming month. Not only it helps me keep track of what I have on my plate, but also works a public record of things I have done and achieved, both on a personal level and in my profession.
During this month, started some research projects which took most of my time. Unfortunately, I am unauthorized to disclose details about those projects, but it was definitely a productive month.
On the other hand, got inspired to start working on side projects again as I have come to realize that’s the only way we have to put our skills into practice. LeetCode and Exercism are great to get familiar with a piece of technology, not to practice problem solving.
That said, I’m prematurely announcing a side-project I started to work on called NodeAudit. For some times, I wanted to
search for vulnerabilities for a node package. Snyk database but it’s not made in a way
that lets users do fine-grained searches. Furthermore, it’s always a risk to run
npm install <package>@<version> on
your own machine and spinning a new VM each time is a pine. That said, the goal of this project is to run a secure,
sandboxed environment where users can specify a package (and its version) to then install and run the
from NPM. Additionally, it would be great if it could demonstrate the findings in a friendly, pretty format with
clear actions on how to mitigate the known vulnerabilities.
- Quarter CTF is done - Played on the HackTheBox Cyber Apocalypse with the team. Unfortunately, I could not dedicate as much time as I wanted. On the upside, I focused heavily on the web challenges and learned some things. I intent to write a post on those soon, although there are already a considerable amount of write-ups.
- Started doing Security research for the first time. At this point in time, I am not allowed to disclose much but I’m really excited by this opportunity. I have season and experienced professionals to discuss ideas, approaches and security overall.
- I can share I am changing jobs soon, going back to my previous position. Unfortunately on one hand, things didn’t work out here. Company and team culture is very important to me, and I learned the hard way some things we should not take for granted.
Plans and Next Focuses
- Work on NodeAudit project - Essentially, an online sandboxed environment for a user to run
npm auditon a provided NPM package. The idea is to avoid having to install it locally and perform the audit yourself. Plus, it would be nice if it returned the findings in a pretty format. More should be coming out about this project, but it’s a nice side project for me to get back into web development and front-end development.
- Work on some HTB boxes, if possible. Try to keep 1 per week and write something about them.
- Continue engaged in security research, as well as do my best to have a smooth transition into my old job.