I'm a cyber security analyst, and focusing on below areas of studies actively:
- Cyber Threat Intelligence (nowadays working on automation of rule generation based on IOC data)
- Web Security (mostly SSRF and API pentesting)
- Malware Analysis (establishing concrete background on C and Assembly, preparing for GIAC GREM)
- OSINT/SOCMINT (continuously exercising new tools)
- Digital Forensics and Incident Response
My work experience cover:
- Mobile and Web application security (Burp Suite, MITM Proxy, MobSF, Frida, etc.)
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Network Analysis (Wireshark, Tshark)
- Corporate Security Design and Blue Teaming (Velociraptor-Suricata-Elasticsearch triangle)
- Web Scraping and SOCMINT (Golang and Bash scripts, some tools etc.)
My reading journey and the progress: (priority goes to CTI books...)
- "Operationalizing Threat Intelligence", Kyle Wilhoit, Joseph Opacki
ββββββββββββββββββββ0% - "Cyber Threat Intelligence", Martin Lee
ββββββββββββββββββββ20% - "Practical C", Steve Oualline
ββββββββββββββββββββ30% - "Practical Reverse Engineering", Bruce Dang,
ββββββββββββββββββββ0% - "Bug Bounty Bootcamp", Vickie Li,
ββββββββββββββββββββ40% - "Black Hat GraphQL", Nick Aleks and Dolev Farhi,
ββββββββββββββββββββ0% - "Hacking APIs", Corey Ball,
ββββββββββββββββββββ100% - "Digital Forensics and Incident Response", Gerard Johansen,
ββββββββββββββββββββ0% - "Learning Malware Analysis", Monnappa K.A.,
ββββββββββββββββββββ0% - "Practical Malware Analysis", Michael Sikorski and Andrew Honig,
ββββββββββββββββββββ5%