PEAKS Newsletter No. 2

Hey there!

I hope this message finds you well. I wanted to share some exciting news with you this month regarding my cybersecurity journey. Back in 2020, I successfully completed my master's degree in security, and it was a challenging yet rewarding experience that provided me with a wealth of knowledge in the field.

Since then, my daily job has involved security-related tasks, but I find myself missing the hands-on aspect of cybersecurity that I once enjoyed so much. Therefore, I have decided to take the initiative and dedicate my free time to further developing my cybersecurity skills. I am particularly interested in areas such as penetration testing and bug bounty programs.

To kickstart this new adventure, I have been actively seeking useful resources to enhance my knowledge in these domains and I will share them with you in this newsletter issue.

I am genuinely excited about this journey, and I promise to keep you updated on my progress. If you have any advice or insights to share along the way, I would greatly appreciate your input. 😊

🛡️Security

News

• Apple's Security Patches: Apple has released a set of critical patches to address zero-day vulnerabilities affecting a wide range of their devices. The targeted vulnerabilities are identified as CVE-2023-32434 and CVE-2023-32435. We recommend applying these patches promptly to safeguard our systems. For more detailed information, you can refer to the news article here.
• TSMC Data Breach: TSMC has reported a data breach incident involving the LockBit ransomware. Additional details can be found in this article.
• Google Privacy Policy Update: Google has made changes to its Privacy Policy, allowing the use of public online information, such as blog posts and photos, to train their AI models. Further information is available in this article.
• AMD Zen 2 Vulnerability: A speculative execution bug affecting AMD Zen 2 class processors has been discovered by Tavis Ormandy. This vulnerability could potentially leak data from functions like strlen and strcmp without requiring any privileges. I strongly advise to review the details provided here for a better understanding. AMD has released a microcode update, which can be accessed here.
• If you are an electrical engineer, be aware that some oscilloscopes with network connection are vulnerable to remote code execution, like the Rigol from this example. More technical details here.

Great resources to start in cybersecurity

For those embarking on a cybersecurity career, I would like to share some valuable resources to help you get started on the right path. One question that often arises is whether certifications are necessary. The answer depends on your background and goals. Certifications can be beneficial, particularly if you come from a different field or plan to work independently as a freelancer.

To provide a clear roadmap, I recommend watching this informative video that outlines essential cybersecurity certificates, including:

• CompTIA Security+
• CompTIA PenTest+
• OSCP

Furthermore, you can enhance your knowledge by delving into networking (CISCO CCNA) and Linux (CompTIA Linux+). Regarding programming languages, Python is an excellent choice, Go can be advantageous, and mastering C is essential for in-depth exploration.

To hone your skills, practice is vital. During the learning phase, engaging in Capture The Flag (CTF) challenges is highly recommended, as they offer practical hands-on experience.

For those seeking real-world examples on how to secure a cybersecurity job, I encourage you to read this insightful article by Graham Helton. He shares invaluable insights from his journey to Google's Red Team.

Additionally, I came across a valuable repository containing multiple study plans for various cybersecurity roles. It is certainly worth exploring.

Lastly, for those already immersed in cybersecurity and seeking research topics, I recommend reading this article that offers guidance on selecting a research topic within the domain.

🛠️ Tools

• vim is my main text editor. I use it for years and I configure it for years 😆. However, things have changed since LazyVim entered the scene
• https://github.com/Byron/gitoxide → git implementation in Rust and it’s 2.7x faster than git when cloning the linux kernel repo. More

📐 Misc

• Hugo Duminil-Copin - inspiring, next-level math and Hagoromo chalk

📩 Please feel free to share this article with colleagues and friends who will find it valuable.

Thanks for reading!

Have a great day!
Bogdan