I'm a cyber security analyst, and focusing on below areas of studies actively:
- Cyber Threat Intelligence (nowadays working on automation of rule generation based on IOC data)
- Web Security (mostly SSRF and API pentesting)
- Malware Analysis (establishing concrete background on C and Assembly, preparing for GIAC GREM)
- OSINT/SOCMINT (continuously exercising new tools)
- Digital Forensics and Incident Response
My work experience cover:
- Mobile and Web application security (Burp Suite, MITM Proxy, Wireshark, MobSF, Frida, etc.)
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Network Analysis (Wireshark, Tshark)
- Corporate Security Design and Blue Teaming (Velociraptor-Suricata-Elasticsearch triangle)
- Web Scraping and SOCMINT (Golang and Bash scripts, some tools etc.)
My reading journey and the progress: (priority goes to CTI books...)
- "Operationalizing Threat Intelligence", Kyle Wilhoit, Joseph Opacki ββββββββββββββββββββ 0%
- "Cyber Threat Intelligence", Martin Lee ββββββββββββββββββββ 30%
- "Practical C", Steve Oualline ββββββββββββββββββββ 30%
- "Practical Reverse Engineering", Bruce Dang, ββββββββββββββββββββ 0%
- "Bug Bounty Bootcamp", Vickie Li, ββββββββββββββββββββ 40%
- "Black Hat GraphQL", Nick Aleks and Dolev Farhi, ββββββββββββββββββββ 0%
- "Hacking APIs", Corey Ball, ββββββββββββββββββββ 100%
- "Digital Forensics and Incident Response", Gerard Johansen,ββββββββββββββββββββ 0%
- "Learning Malware Analysis", Monnappa K.A., ββββββββββββββββββββ 0%
- "Practical Malware Analysis", Michael Sikorski and Andrew Honig, ββββββββββββββββββββ 5%